Personal Data Processing Statement

The company Gessen Group s.r.o., with the registered office at Prague 1, Vodičkova 710/31, Nové Město, postal code 110 00, ID No.: 24283673, registered in the Commercial Register administered by the Municipal Court in Prague, Section C, file no. 192951 (the “Data Controller”), operator of the online store CaptainCandy–www.captaincandy.cz (the “Online Store”), is obliged, as the controller of personal data, to protect the processed personal data and to fulfil its obligations stipulated by applicable legal regulations relating to personal data protection.

In this context, the Data Controller provides its customers information on the processing of their personal data performed in connection with the Online Store operation in particular how the Data Controller uses the personal data, for what purposes, to whom it provides the personal data and what individual rights belong to the data subjects, i.e. persons whose personal data are being processed.

Entitlement of Data Controller for Processing of Personal Data

In the course of operating the Online Store, the Data Controller obtains personal data directly from the customers either upon their registration in the Online Store and/or upon sending of their orders in the Online Store. The Data Controller processes personal data of registered customers within the scope of their name, surname, date of birth, address of residence and mailing address, e-mail address, telephone number, bank account number (if payments for the goods are made via wire transfer) and information relating to my shopping behaviour of customers in the Online Store. In the case of non-registered customers, the Data Controller processes personal data within the scope of their name, surname, address of residence and mailing address, e-mail address, telephone number, bank account number (if payments for the goods are made via wire transfer).For the purpose of sending commercial communication via e-mail, the customer’s data within the scope of their IP address, version of operating system, location data at the state level, version of web browser and type of display device are further being processed. In the case of granting consent with personal data processing, the Data Controller may also process further categories pf the customers’ personal data, within the scope specified in each individual consent.

The Data Controller is entitled to process the customers’ data even without their consent for the following reasons:

i. performance of rights and fulfilment of obligations arising from purchase contracts (orders) concluded through the Online Store, both with respect to registered and non-registered customers;
ii. ensuring proper functioning of the Online Store and user accounts of registered customers;
iii. legitimate interests of the Data Controller (such as personal data processing for statistical purposes or informing customers of the Data Controller’s activities); and
iv. fulfilment of obligations imposed on the Data Controller by applicable legal regulations (in particular tax and accounting obligations);

all the above at least for the period of the customer’s registration in the Online Store or, in the case of non-registered customers, at least for the period of existence of the rights and obligations arising from the purchase contract, in both the aforementioned cases for at least 3 years.

If a customer does not provide the Data Controller with their personal data necessary for the conclusion and performance of the purchase contract (order), the customer’s order shall not be sent and the purchase contract between the customer and the Data Controller shall not be concluded.

The Data Controller is further entitled to process personal data of the Online Store customers based on their granted consents with personal data processing. In such a case, the Data Controller processes personal data of customers for the purposes and for the time specified individually in each particular consent. Customers are not obliged to grant consent with personal data processing.

Personal Data Transfers

The Data Controller may transfer personal data to third parties (personal data recipients):

i. subject to the conditions stipulated by applicable legal regulations;
ii. if such transfer is necessary for ensuring proper functioning on the Online Store;
iii. and possibly to other persons under the conditions specified in the granted consent with personal data processing.

The Data Controller may appoint a third party as a processor of the personal data, but only within the scope necessary for the purposes of the processing thereof. Upon the Data Controller’s authorization, personal data may be processed by personal data processors either in the Czech Republic or abroad. The personal data may be transferred, within the scope necessary, to third parties, in particular to providers of IT services or logistic services, to marketing agencies, companies carrying out customer satisfaction surveys, operators of call centres, tax and accounting advisors and providers of postal and delivery services.

Cookies

For the purpose of individual customization and optimization of the Online Store, the Data Controller uses so called cookies. Cookies contain for example information on the hitherto visits of the Online Store or on the offers viewed by the given customer in the past. The main purpose of cookies is to prepare an offer reflecting the customer’s needs and to ensure that the use of the offered services be as convenient as possible.

The Data Controller uses only session cookies that are not stored on the user’s hard disc and are deleted upon closing the web browser. These session cookies are used for the verification of login data and for equalization of the workload of the Online Store.

In addition, the Data Controller uses cookies necessary for basic purposes and functions of the websites, cookies for improving the websites, analytic cookies and technologies _fid, s_dl, s_cpm, s_vnum, s_lv, s_vi, advertising cookies and technologies, content sharing cookies and technologies, cookies and technologies ensuring functionality of the websites and security cookies.

The use of cookies may be disabled at any time. This can typically be done by means of selecting the relevant option in the browser settings or by means of using certain other programs. Disabling cookies may reduce the scope of the offered services and have certain negative impacts on the use of the Online Store.

Rights of Customers with Regard to Processing of Their Personal Data

Each customer of the Online Store whose personal data are being processed by the Data Controller has the following rights:

  • right of access to their personal data - upon exercising the right of access to personal data, the Data Controller shall provide information on the purposes of personal data processing, on the categories of the personal data processed and on their recipients, on the planned time of storing the personal data and on any other rights that the customer may exercise in connection with the processing of their personal data;
  • right to request correction of their personal data - upon exercising the right to request correction, the Data Controller shall without undue delay correct any inaccurate personal data;
  • right to deletion of personal data - upon exercising the right to personal data deletion, the Data Controller shall delete the specified personal data; however, the Data Controller shall not delete personal data if their processing is based on valid legal grounds, in particular if it is necessary for the determination, exercise or defense of the Data Controller’s legal claims;
  • right to the restriction of personal data processing - upon exercising the right to the restriction of personal data processing, the Data Controller shall possibly restrict the personal data processing; during the time of the personal data processing restriction, the Data Controller is entitled to process the relevant personal data only subject to the customer’s consent, for the purpose of the determination, exercise or defense of the Data Controller’s legal claims or for the purpose of protecting the interests of another person;
  • right to transfer personal data to another data controller, if technically feasible;
  • right to withdraw their consent with the personal data processing at any time, including the right to request that personal data be deleted or anonymized without undue delay, unless there is any other legal reason for their processing - after the withdrawal of the consent with the personal data processing, the Data Controller shall not be entitled to use the personal data for the purposes specified in the withdrawn consent.

Moreover, each customer of the Online Store whose personal data are being processed by the Data Controller has the right to raise an objection against processing of their personal data.

The rights specified above may be exercised by the customers

  • via e-mail at: zakaznik@captaincandy.cz

The subscription to electronic commercial communication can be cancelled through the link contained in each individual commercial message.

The public supervisory authority in the field of personal data protection in the Czech Republic is the Office for Personal Data Protection, with the registered office at Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz, to which a complaint may be filed if the customer believes that the Data Controller has breached applicable legal regulations governing personal data processing and protection.