Privacy Policy

I. Basic Provisions

  1. The data controller according to Article 4 point 7 of the Regulation of the European Parliament and Council (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") is NOVPLASTA CZ, s.r.o., T. G. Masaryka 854, 53821 Slatiňany, ID: 25946404 (hereinafter referred to as the “controller”).

  2. The controller's contact information is:

  3. Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, online identifier, or to one or more specific factors related to physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

  4. The controller has not appointed a data protection officer.

II. Legal Basis for Processing Personal Data

  1. The legal basis for processing personal data is the performance of a contract between you and the controller according to Article 6(1)(b) GDPR (hereinafter referred to as “Performance of the contract”) - processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into a contract.

  2. The controller does not engage in automatic individual decision-making within the meaning of Article 22 GDPR.

III. Purpose of Processing, Categories, and Sources of Personal Data

Legal Basis Purpose Data Data Source
Performance of the contract Processing orders or responding to inquiries submitted via the contact form Personal data of clients (contact information) Contact form, order

IV. Retention Period of Personal Data

  1. The controller retains personal data:

    • In the case of an inquiry, personal data contained in the form is managed only for the purpose of responding to or processing your inquiry/request /only during the negotiation period for concluding the contract/ for no longer than 1 year from your inquiry unless you give consent for further processing.

    • In the case of an order, for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller and for asserting claims from these contractual relationships (for 15 years from the termination of the contractual relationship).

  2. After the retention period expires, the controller deletes the personal data.

V. Recipients of Personal Data (Subcontractors of the Controller)

  1. Recipients of personal data are persons:

    • Providing services for the operation of the website/e-shop (Alexandr Zlesák, DiS. - AZ Computers, ID 70163278) and other services related to the operation of the website/e-shop.

    • Personal data of the data subject may be provided to delivery service providers for the proper fulfillment of the contract and to persons who provide legal, accounting, and IT services to the controller to ensure proper fulfillment of obligations imposed by generally binding legal regulations. The controller does not intend to transfer personal data of the data subject to a third country, international organization, or other third parties not mentioned above.

VI. Your Rights

  1. Under the conditions set forth in GDPR, you have:

    • The right to access your personal data under Article 15 GDPR,

    • The right to rectify personal data under Article 16 GDPR or restrict processing under Article 18 GDPR,

    • The right to erasure of personal data under Article 17 GDPR,

    • The right to object to processing under Article 21 GDPR, and

    • The right to data portability under Article 20 GDPR.

  2. You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.

VII. Conditions for Securing Personal Data

  1. The controller declares that it has taken all appropriate technical and organizational measures to secure personal data.

  2. The controller has taken technical measures to secure data storage and personal data storage in paper form, especially passwords, antivirus programs, backups, and locking.

  3. The controller declares that personal data is accessible only to authorized persons.

VIII. Final Provisions

  1. By submitting an order via the online order form or an inquiry via the online inquiry form, you confirm that you have read the privacy policy and that you accept it in its entirety.

  2. The controller is entitled to change these conditions. The new version of the privacy policy will be published on its website.

These conditions take effect on January 1, 2024.