Terms of personal data protection

I. Basic Provisions

1. Pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the GDPR), the Data Controller is CityZen s.r.o., Company ID Number: 07420366 with its registered office at Palackého třída 805, 537 01 Chrudim (hereinafter referred to as the Data Controller).

All of your personal data may only be used in compliance with this Personal Data Protection Regulation. By providing us with your personal data, you consent to the processing and management of the data provided for the purposes and under the conditions set out below. All of your personal data that we acquire will be collected, stored and used in accordance with the applicable legal regulations, primarily Regulation (EC) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter the Regulation) and Act No. 110/2019 Coll., on personal data protection, as amended (hereinafter the Act).

2. Data Controller’s contact details:

Address: CityZen s.r.o., Palackého třída 805, 537 01 Chrudim

E-mail: b2bsupport@cityzenwear.cz

Phone: +420 602 185 602

3. Personal data shall mean any information relating to an identified or identifiable natural person; an identifiable natural person is any natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

4. The Data Controller did not appoint a representative for personal data protection.

II. Sources and Categories of the Processed Personal Data

1. The Data Controller processes the personal data entrusted by the person in question in regard to your order.

2. The Data Controller processes your identification data (i.e. name, surname, date of birth, title, gender), contact data (i.e. correspondence/billing address, email, telephone number) and data necessary for the performance of the contract (e.g. transaction and payment data in connection with the payment of the order) and technical data (cookies).

3. Cookies

  • These cookies are essential for the functioning of our website and cannot be deactivated. These files also contribute to the safe and proper use of our services.

 

Partner

Purpose

Data protection

Facebook

Facebook is a social network that provides a communication channel between users, keeps people in touch and serves as entertainment. It allows you to share products and other pages. Logging in through this network allows you to log in to your account.

http://www.facebook.com/about/privacy/

Facebook Ads

Platform for Facebook advertising, retargeting, conversion measurement.

http://www.facebook.com/about/privacy/

Google Ads

Platform for search advertising, banner advertising, YouTube advertising, retargeting, conversion measurement.

https://policies.google.com/privacys

Google Analytics

Analytical and marketing tool for detecting user behaviour on the page in order to design better layouts, functionalities and further improve the pages, user profiling and targeting of personalised advertising.

https://policies.google.com/privacy

Google Display & Video 360

Platform for banner advertising, retargeting, conversion measurement.

https://policies.google.com/privacy

Google Optimize

Tool for AB testing of website design.

https://policies.google.com/privacy

Hotjar

Analytical tool for detecting user behaviour on the page in order to design a better layout, functionalities and further improve the pages.

https://www.hotjar.com/legal/policies/privacy/

RTB House

Platform for banner advertising, retargeting, conversion measurement.

https://www.rtbhouse.com/rtbhouse-paperflite-privacy-policy/

Seznam.cz Sklik

Platform for search advertising, banner advertising, retargeting, conversion measurement.

https://o.seznam.cz/ochrana-udaju/

Glami

Enables the targeting and evaluation of advertising messages based on user website behaviour.

https://www.glami.cz/info/privacy/

Heureka

Cookie used to collect information about visitor behaviour, which is used to optimise the suitability of advertisements.

https://www.heurekashopping.cz/pro-zakazniky/podminky-pouzivani-pro-zakazniky/ochrana-soukromi

 

 III. Legal Grounds and Purpose of Personal Data Processing

1. The legal grounds for processing personal data are as follows:

  • the performance of a contract between you and the Data Controller pursuant to Article 6(1)(b) of the GDPR,
  • fulfilling the legal obligations of the Data Controller under Article 6(1)(c) of the GDPR, e.g. accounting or tax obligations,
  • a legitimate interest of the Data Controller for direct marketing purposes (especially sending commercial communications and newsletters) pursuant to Article 6(1)(f) of the GDPR,
  • your consent to processing for the purpose of providing direct marketing services (particularly sending commercial messages and newsletters) pursuant to Article 6(1)(a) of the GDPR in conjunction with Article 7(2) of Act No. 480/2004 Coll., on certain services provided by an information society, if no order for goods or services has been made.

2. The purpose for processing personal data is:

  • the processing of your order and the performance of rights and obligations arising from the contractual relationship between you and the Data Controller; when placing an order the personal data that is necessary for the successful processing of the order (name and address, contact), the provision of which is a necessary requirement for the conclusion and performance of the contract, without the provision of which it is not possible to conclude the contract or perform it on the part of the Data Controller,
  • ensuring the fulfilment of the Data Controller's legal obligations,
  • sending commercial messages and carrying out other marketing activities

3. The Data Controller does not engage in any automatic individual decision-making within the meaning of Article 22 of the GDPR.

IV. Duration of Data Storage

1. The Data Controller shall store personal data:

  • for as long as necessary to exercise the rights and obligations arising from the contractual relationship between you and the Data Controller and to assert claims under those contractual relationships (i.e. for the duration of the specific contractual relationship and subsequently for the duration of the statutory limitation periods, but no longer than 5 years after the end of the specific contractual relationship),
  • for the period until consent to personal data processing for marketing purposes is withdrawn, provided that the personal data is processed on the basis of your consent,
  • for the duration of the statutory periods established for the given purpose, especially in the case of fulfilling legal obligations (i.e. for example accounting and tax obligations).

2. After the personal data retention period has expired, the Data Controller deletes the personal data.

V. Recipients of Personal Data (Data Controller's Subcontractors)

1. Recipients of personal data

  • are parties contributing to the delivery of goods/services or payments on the basis of the contract,
  • provide e-shop operation services (Shoptet) and other services in connection with the operation of the e-shop,
  • provide marketing services.

The Data Controller maintains an up-to-date list of personal data processors, which you can request by contacting the Data Controller at the following email address: b2bsupport@cityzenwear.cz

2. The Data Controller does not intend to forward the personal data to third countries (outside of the EU) or to international organisations.

VI. Your Rights

1. Subject to the GDPR, you have:

  • the right to access your personal data pursuant to Article 15 of the GDPR,
  • the right to have your data corrected as per Article 16 of the GDPR or limit the processing as per Article 18 of the GDPR,
  • the right to have your data deleted as per Article 17 of the GDPR,
  • the right to object to processing pursuant to Article 21 of the GDPR,
  • the right to portability of your personal data pursuant to Article 20 of the GDPR,
  • the right to withdraw your consent to processing by post or by e-mail sent to the postal address or e-mail address of the Data Controller provided in Article III of this policy. The withdrawal of consent shall not affect the lawfulness of processing carried out before the withdrawal.

2. If you believe that the Data Controller is processing your personal data in violation of this policy or in violation of applicable law, you have the right to object to the processing of your personal data. You can make this objection either in writing to the address of the Data Controller or electronically by e-mail: pavel.hrstka@cityzenwear.cz

3. In such case you shall have the right to lodge a complaint with the Office for Personal Data Protection, Pplk. Sochora 27, 170 00, Prague 7, www.uoou.cz, if you believe that your right to protection of personal data has been violated.

 VII. Personal Data Security

1. The Data Controller declares that it has taken all appropriate technical and organisational measures to ensure the security of personal data.

2. Personal data is stored on secure servers in IT systems. In the event of a transfer of personal data outside the European Union, the Data Controller undertakes to accept appropriate safeguards from the processor and, at the same time, that the contractual clauses relating to such transfer and processing of personal data will be standard. We secure our websites and other systems with technical and organisational measures that prevent the loss and destruction of, unauthorised access to, and any alteration or dissemination of your personal data.

3. The Data Controller declares that only persons authorised by the Data Controller shall have access to personal data.

VIII. Final provisions

1. You consent to this Policy by ticking the consent box in the online form. By ticking the consent box you confirm you are familiar with and consent to the Personal Data Protection Policy in its entirety.

2. The Data Controller is entitled to amend the Policy. The Data Controller will publish amended versions of the Personal Data Protection Policy on its website and, at the same time, will send you the amended version to the e-mail address you have provided to the Data Controller.

 

This Policy takes effect on 1 May 2023.