Personal data processing for customers pursuant to GDPR
The aim of these Principles of personal data processing for customers pursuant to GDPR (hereinafter referred to as the “Principles”) issued by TOPSET s.r.o., with the registered office at K Mlýnům 80, 595 01 Velká Bíteš, comp. ID No : 257 48 050, incorporated in the Commercial Register kept by Municipal court in Brno under ref. C 40678 (hereinafter also referred to as “TOPSET ”) is to provide information about what personal data (hereinafter also referred to as the “data”) TOPSET as the controller processes about natural persons during their visits on the websites operated by TOPSET and in contacts with potential customers. The Principles also stipulate the purpose for which ČNP processes this data and the time of its storage in compliance with the valid legal regulations, to whom and for which reasons it can be transferred and the information about the rights that natural persons have in connection with processing of their personal data.
These Principles come into force on 25 May 2018 and they are issued in compliance with the regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (hereinafter referred to as the “regulation” or “GDPR”) for purpose of performance of the information obligation of ČNP as the personal data controller pursuant to article 13 of GDPR.
These Principles concern personal data processing for customers of shortened company name, user of services of shortened company name, persons interested in the goods of TOPSET and visitors of the websites operated by shortened company name, always in the extent of the personal data protection pursuant to GDPR corresponding to their position towards shortened company name.
Below you can find an outline of the main principles of protection of personal data and other processed data. More information can be found on our website www.TOPSET.cz in the section concerning personal data protection.
• Who processes your data?
Personal data is processed by TOPSET s.r.o., with the registered office at K Mlýnům 80, 595 01 Velká Bíteš, company ID No: 257 48 050, as the personal data controller pursuant to GDPR. Your data will be processed under the below specified conditions.
• What is personal data?
Personal data means any information relating to an identified or identifiable natural person. A person is identified or identifiable if the natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a number, code or one or more elements specific to the physical, physiological, physiological, economic, cultural or social identity of that natural person. Regarding the right for privacy, handling of such data may be restricted, and personal data protection is stipulated by GDPR.
• What your personal data is processed?
We only process personal data provided by you in connection with your interest in our products and their purchase (e.g. during registration and order or by granting your consent with personal data protection and granting your consent with sending information about new introductions and special offers etc.) or with conclusion of a contract on purchase of goods.
It usually includes the data you provide to us during registration and/or purchase of goods:
• Basic personal identification data and address data
This data is necessary for contract conclusion and fulfilment. It includes mainly the following:
- ◦ Name and surname
- ◦ Telephone
- ◦ Contact and/or mailing address
- ◦ Payment information (payment card number) which we do not store / store with your account (only if you use payment services, such as purchase in our e-shop etc.)
- ◦ Other data you fill in voluntarily in the remark when you complete your order.
• Other data processed based on your consent which we receive from you when you use our services
- ◦ IP address
- ◦ Cookies (in case of online services)
- ◦ Records of behaviour on websites operated by TOPSET received from cookies if cookies are allowed in the web browser. The records are processed for improved operation of the website operated by TOPSET and internet advertising
- ◦ Possible another online identifier.
• Data about the goods purchased and payment morale
- ◦ In the e-shop of TOPSET you will find a list of your orders and your favourite products.
• Why is your personal data processed?
- • Fulfilment of legal tax obligations (fulfilment of legal obligations)
- • Operation of CCTV systems in brand stores of TOPSET and in the premises of TOPSET for purpose of damage prevention and ensuring safety of customers of TOPSET and protection of the interests and assets of TOPSET (the legitimate interest of shortened company name)
- • Recording and monitoring calls with the customer line (contract fulfilment)
- • Collection of receivables from customers as buyers and other customer disputes (legitimate interest of shortened company name)
- • Register of debtors (legitimate interest of shortened company name)
- • Marketing purposes (consent from customers)
• Provision of personal data
Provision of personal data necessary for fulfilment of the contract and legal obligations of TOPSET and protection of legitimate interests of TOPSET is obligatory. Without provision of personal data for these purposes it is not possible to ensure fulfilment of the obligations of TOPSET towards customers. No consent is required for personal data processing for these purposes. Here the personal data processing is based on the legal grounds arising from the contract.
Personal data for these activities are processed in the extent necessary for fulfilment of these activities and for the time required for their fulfilment or for the time stipulated directly by legal regulations.
• Processing personal data for marketing purposes
For entities that granted their consent with marketing communication by means of electronic contacts, TOPSET processes, with the consent of those entities and for the time specified in the consent, the data provided by the entities for purposes of marketing communication and sending information about products, new introductions and special offers of shortened company name. If this consent is granted by means of the websites operated by shortened company name, these contacts are processed together with the data from cookies of TOPSET situated on the websites from which the consent is granted, only in case the entity has allowed cookies in its web browser. It is possible to unsubscribe from receiving of the information about new introductions and special offers in the settings of the service in which the user subscribed to receiving these communications, or by e-mail at firstname.lastname@example.org.
• Processing cookies from websites operated by shortened company name
If the entity has allowed cookies in its web browser, we process records of their behaviour from the cookies situated on the websites operated by TOPSET for the purpose of ensuring better operation of the websites of shortened company, analyses and measuring with the aim to find out how our services are used and for purposes of internet advertising of shortened company name.
• What are cookies and what kind of cookies do we use?
Cookies are small data files which enable the visited websites to remember the actions and settings of the individual users which were performed there and therefore this data does not have to be entered repeatedly. Cookies are saved in the individual computers by means of the web browsers. Cookies are not dangerous, they are not used to gain any sensitive personal data, but they are important for privacy protection. Cookies are not used to find out the identity of the website users or to misuse their login details.
Cookies enable us to recognise a user as a current user (e.g. when logging in the e-mail account, when authorising a payment etc.) or adjust the website to the user preferences. Cookies are also used to display behaviourally targeted online advertising on the website of TOPSET and outside this website, i.e. to display only such advertisements which are relevant for particular users without bothering the users with advertisements they are not interested in.
Another group is third-party cookies (e.g. Google Analytics for analysing visits of a concrete website or a certain service or cookies from advertising system operators run on our website).
If you do not want to save these cookies, their use can be blocked.
More information about the types of cookies and their use in our services can be found here enter the web link.
7. Who will have access to your personal data?
TOPSET uses professional and specialised services from other entities when fulfilling its liabilities and obligations arising from contracts. If these suppliers process personal data received from shortened company name, they are in the position of personal data processors and they process personal data only within the scope of the instruction from TOPSET and they cannot use it otherwise.
We carefully select our partners to whom we entrust your data and who can provide such technical and organisation security for your data to prevent any unauthorised or accidental access to your data or any other misuse. Protection of your data is our priority. All our partners are bound by confidentiality obligation and they are not allowed to use the provided data for any other purposes than those for which they received the data.
Third parties who may access your personal data are:
- • Entities to which we provide the data for purpose of an analysis of visits on our websites;
- • Entities which provide technical operation of a certain service or operators of technologies used for our services;
- • Entities which deliver the purchase goods, printed promotion materials or gifts in marketing campaigns to you;
- • Entities which ensure additional security and integrity of our services and websites and test this security regularly;
- • Payment gateway providers (payment card providers);
- • Business partners or sponsors who participate in organisation of our events;
- • Collection agencies for purpose of collection or recovery of receivables of shortened company name;
- • Operators of advertising systems in connection with targeted advertising;
- • Operators of technical solutions thanks to which we can display only the content and advertisements relevant for you;
- • CCTV system operators in brand stores of TOPSET and in the premises of shortened company name.
Under certain exactly defined conditions we are obliged transfer some of your personal data based on the applicable legal regulations, e.g. to the Police of the Czech Republic or other bodies participating in prosecution, including specialised divisions (ÚOOZ police unit for combating organised crime, Customs Administration etc.) and other public administration bodies.
• How long is your personal data stored?
Your data will be stored for the whole time when our services are used (e.g. for the duration of the contractual relationship between us) and subsequently based on the consent granted by you for the period of additional 24 months unless you do not withdraw your consent with this personal data processing.
However, we would like to point out that the personal data which are necessary for due provision of the products you ordered from us, or for fulfilment of all our obligations, whether they arise from the contract concluded by and between us or form generally binding legal regulations, must be processed by us regardless the consent granted by you for the time determined by the relevant legal regulations or in compliance with them even after your consent is withdrawn.
CCTV recordings from brand stores and from the premises of TOPSET and surroundings of the buildings or premises of TOPSET are stored for maximum eight days from the day on which the CCTV recording is made.
• Can we process your personal data without your consent?
Yes, your personal data can be processed without your consent but only for the following purposes:
- • Provision of a product (fulfilment of a contract concluded between you and shortened company name);
- • Fulfilment of legal obligations arising to us from the generally binding legal regulations;
- • Processing which is necessary for purpose of our legitimate interests (e.g. direct marketing and ensuring security of our website).
Possibility and lawfulness of such processing arises directly from the valid legislation and your consent with this processing is not required.
• Based on which can your personal data be processed?
As we have already mentioned, your personal data can be processed based on the consent granted by you but also for example based on our legitimate interest (mainly processing for purpose of direct marketing) or for fulfilment of a contract concluded by and between us, in the extent of personal data required for this fulfilment. Another reason entitling us to process your personal data, even without your consent, is fulfilment of obligations arising for us from law. The concrete purposes for which the individual processing of your personal data is performed are specified above.
• How is my personal data secured?
All the personal data provided by you are secured using standard procedures and technologies. However, it is not possible to guarantee fully the security of your personal data. Therefore, it is also not possible to provide 100 % guarantee that the provided personal data cannot be accessed by a third party, cannot be copied, published, altered or destroyed if our security measures are broken through.
Nevertheless, in this connection we would like to assure you that we check regularly if the system does not have any weak points or was not subject to an attack and we use such security measures that prevent any unauthorised access to your personal data, if possible, and that provide sufficient security with respect to the current state of technologies. The security measures taken are upgraded regularly.
For better security of your personal data, access to this data is protected with a password and sensitive data are encoded when transferred between your browser and our website.
However, without your help and responsible behaviour we are not able to ensure full security of your data. Therefore, we ask you to help to ensure security of your data by keeping your unique passwords and access data secret and by observing basic security principles. Please be aware that e-mails do not have to be encoded. Therefore, we strongly recommend not using these forms of communication when providing confidential information.
• How and when can you withdraw your consent with personal data processing?
Your voluntary consent with personal data processing can be withdrawn anytime free of charge by means of sending an e-mail message to the address: email@example.com. Withdrawal of your consent does not affect the possibility of further processing of your personal data based on your consent given before its withdrawal. Withdrawal of your consent does not affect personal data processing performed on different legal grounds than your consent (i.e. mainly if it is necessary for fulfilment of the contract, legal obligations or due to other reasons specified in the applicable legal regulations).
• Am I obliged to provide my personal data? What will happen if I do not provide my personal data?
You provide your personal data voluntarily (however, for some services, to make the service available, some personal data are required, i.e. if you do not provide it, you will not be able to use the service).
Processing your personal data, often only in anonymised form without being able to identify you as a concrete user, enables us to provide our products and improve them and develop new ones. If you do not provide your consent or withdraw it subsequently, it may happen that we will not be able to provide some of our products in full extent. Nevertheless, you are not obliged to use our free of charge services.
• What are your rights connected with your personal data protection?
As regards your personal data, you have mainly the following rights:
- • Right for data;
- • Right of access to personal data;
- • Right to rectification of incorrect personal data;
- • Right to erasure (right to be “forgotten”) in certain cases;
- • Right to restriction of processing
- • Right to be informed about rectification, erasure or restriction of processing
- • Right to data portability;
- • Right to object to processing in certain cases;
- • Right to withdraw your consent with personal data processing anytime;
- • Right to be informed about breach of security of personal data in certain cases;
- • Other rights stipulated in the personal data protection act and in GDPR after it comes to effect.
- • What does it mean that you have the right to object?
If you do not like any more that you obtain some commercial communication or other information from us from time to time about new introductions in our product portfolio, you can object further processing your personal data for purpose of direct marketing. If you do so, your data will not be processed for this purpose anymore and you will not be sent any further commercial communication and newsletters.
For more information about this right please refer to article 21 of GDPR.
• How can you contact us?
If you have any questions concerning personal data protection or withdrawal of your consent with further processing of your personal data, please do not hesitate to contact us on firstname.lastname@example.org
In this connection we would like to point out that we may require from you to prove your identity in a suitable way to be able to check your identity. It is a preventive security measure aimed at prevention of access of unauthorised persons to your personal data. For increasing quality of services and filing of records concerning fulfilment of our obligations arising from law, all communication with you is monitored.