The company Gessen Group s.r.o., with the registered office at Prague 1, Vodičkova 710/31, Nové Město, postal code 110 00, ID No.: 24283673, registered in the Commercial Register administered by the Municipal Court in Prague, Section C, file no. 192951 (the “Data Controller”), operator of the online store CaptainCandy–www.captaincandy.cz (the “Online Store”), is obliged, as the controller of personal data, to protect the processed personal data and to fulfil its obligations stipulated by applicable legal regulations relating to personal data protection.
In this context, the Data Controller provides its customers information on the processing of their personal data performed in connection with the Online Store operation in particular how the Data Controller uses the personal data, for what purposes, to whom it provides the personal data and what individual rights belong to the data subjects, i.e. persons whose personal data are being processed.
In the course of operating the Online Store, the Data Controller obtains personal data directly from the customers either upon their registration in the Online Store and/or upon sending of their orders in the Online Store. The Data Controller processes personal data of registered customers within the scope of their name, surname, date of birth, address of residence and mailing address, e-mail address, telephone number, bank account number (if payments for the goods are made via wire transfer) and information relating to my shopping behaviour of customers in the Online Store. In the case of non-registered customers, the Data Controller processes personal data within the scope of their name, surname, address of residence and mailing address, e-mail address, telephone number, bank account number (if payments for the goods are made via wire transfer).For the purpose of sending commercial communication via e-mail, the customer’s data within the scope of their IP address, version of operating system, location data at the state level, version of web browser and type of display device are further being processed. In the case of granting consent with personal data processing, the Data Controller may also process further categories pf the customers’ personal data, within the scope specified in each individual consent.
The Data Controller is entitled to process the customers’ data even without their consent for the following reasons:
i. performance of rights and fulfilment of obligations arising from purchase contracts (orders) concluded through the Online Store, both with respect to registered and non-registered customers;
ii. ensuring proper functioning of the Online Store and user accounts of registered customers;
iii. legitimate interests of the Data Controller (such as personal data processing for statistical purposes or informing customers of the Data Controller’s activities); and
iv. fulfilment of obligations imposed on the Data Controller by applicable legal regulations (in particular tax and accounting obligations);
all the above at least for the period of the customer’s registration in the Online Store or, in the case of non-registered customers, at least for the period of existence of the rights and obligations arising from the purchase contract, in both the aforementioned cases for at least 3 years.
If a customer does not provide the Data Controller with their personal data necessary for the conclusion and performance of the purchase contract (order), the customer’s order shall not be sent and the purchase contract between the customer and the Data Controller shall not be concluded.
The Data Controller is further entitled to process personal data of the Online Store customers based on their granted consents with personal data processing. In such a case, the Data Controller processes personal data of customers for the purposes and for the time specified individually in each particular consent. Customers are not obliged to grant consent with personal data processing.
The Data Controller may transfer personal data to third parties (personal data recipients):
i. subject to the conditions stipulated by applicable legal regulations;
ii. if such transfer is necessary for ensuring proper functioning on the Online Store;
iii. and possibly to other persons under the conditions specified in the granted consent with personal data processing.
The Data Controller may appoint a third party as a processor of the personal data, but only within the scope necessary for the purposes of the processing thereof. Upon the Data Controller’s authorization, personal data may be processed by personal data processors either in the Czech Republic or abroad. The personal data may be transferred, within the scope necessary, to third parties, in particular to providers of IT services or logistic services, to marketing agencies, companies carrying out customer satisfaction surveys, operators of call centres, tax and accounting advisors and providers of postal and delivery services.
For the purpose of individual customization and optimization of the Online Store, the Data Controller uses so called cookies. Cookies contain for example information on the hitherto visits of the Online Store or on the offers viewed by the given customer in the past. The main purpose of cookies is to prepare an offer reflecting the customer’s needs and to ensure that the use of the offered services be as convenient as possible.
The Data Controller uses only session cookies that are not stored on the user’s hard disc and are deleted upon closing the web browser. These session cookies are used for the verification of login data and for equalization of the workload of the Online Store.
Each customer of the Online Store whose personal data are being processed by the Data Controller has the following rights:
Moreover, each customer of the Online Store whose personal data are being processed by the Data Controller has the right to raise an objection against processing of their personal data.
The rights specified above may be exercised by the customers
The subscription to electronic commercial communication can be cancelled through the link contained in each individual commercial message.
The public supervisory authority in the field of personal data protection in the Czech Republic is the Office for Personal Data Protection, with the registered office at Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz, to which a complaint may be filed if the customer believes that the Data Controller has breached applicable legal regulations governing personal data processing and protection.