- The personal data controller pursuant to Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as: “the GDPR”) is Patrik Kopřiva, date of birth: 4 January 1979 (hereinafter referred to as: “the Controller”).
- Controller’s contact details:
address: Patrik Kopřiva, Ve Smečkách 1312/17, 110 00 Praha 1–Nové Město
phone: +420 777 503 774
- Personal Data shall mean any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
- The controller has not appointed a data protection officer.
Sources and Categories of the Processed Personal Data
- The controller shall process personal data which you provide or which the controller obtains on the basis of your orders/reservations (hereinafter referred to as “Reservations”) made by telephone or e-mail, or through an electronic reservation service in connection with the provision of goods and services under the controller’s business name: “BARBER SHOP U BŘITVY”.
- The controller shall process your identification and contact details, and other information which is essential for performing a contract.
Legal Grounds and Purpose of Personal Data Processing
- Legal grounds for personal data processing are:
- the performance of a contract between you and the controller pursuant to Article 6(1)(b) of the GDPR
- a legitimate interest of the controller for direct marketing purposes (especially sending commercial communications and newsletters) pursuant to Article 6(1)(f) of the GDPR
- your consent to processing for the direct marketing purposes (especially for sending commercial communications and newsletters) pursuant to Article 6(1)(a) of the GDPR in connection with Section 7(2) of Act No. 480/2004 Coll., on certain information society services, assuming that no goods or services are reserved
- Purposes for processing personal data are:
- processing your reservations and exercising rights and obligations arising from a contractual relationship between you and the controller; personal data which is required for successful order processing (name and address, telephone number and/or e-mail address) has to be provided in order to enter into and perform a contract; without this data it will not be possible to enter into a Contract and the controller will not, therefore, be able to provide a performance
- sending commercial communications and carrying out other marketing activities
- No automatic decision-making shall be used by the controller pursuant to Article 22 of the GDPR.
Duration of Data Storage
- The controller shall store the personal data:
- for the length of time necessary for exercising the rights and obligations ensuing from a contractual relationship between you and the controller, and for enforcing claims from such contractual relationships (for a period of 15 years from the termination of a contractual relationship)
- until consent to processing the personal data for marketing purposes is withdrawn; however, for no longer than 15 years provided that the personal data is processed on the basis of consent
- After the storage period, the controller shall erase the personal data.
Personal Data Recipients (Subcontractors of the Controller)
- Recipients of the personal data are:
- persons involved in the supply of the controller’s goods and services, and persons involved in implementing payments on the basis of a contract
- business corporations with headquarters in the EU in which the controller is a shareholder and/or a company executive
- persons who are licensed by the controller to use the brand name “BARBER SHOP U BŘITVY”<
- accountants, tax advisers, lawyers and other persons bound by the legal obligation to secrecy
- the company Reservio, s.r.o.,with its registered seat at: Hlinky 995/70, Staré Brno, 603 00 Brno, Czech Republic, which runs an electronic booking service for the controller in the Czech Republic
- persons who provide the controller with marketing and IT services
- Recipients are only authorised and obliged to handle your personal data in compliance with this policy and in the scope necessary for performing their contractual relationships with the controller.
- The controller will not supply your personal data to third countries (non-EU) or to international organisations, with the exception of servers of Reservio, s.r.o. under the conditions specified in the website www.reservio.com.
- Under the terms set out in the GDPR, you have:
- the right of access to your personal data pursuant to Article 15 of the GDPR
- the right to rectification of personal data pursuant to Article 16 of the GDPR, or the right to restriction of personal data pursuant to Article 18 of the GDPR
- the right to erasure of your personal data pursuant to Article 17 of the GDPR
- the right to object to processing pursuant to Article 21 of the GDPR
- the right to portability of your personal data pursuant to Article 20 of the GDPR
- the right to withdraw your consent to processing by letter or by e-mail sent to the controller’s respective address provide in Article I. of this policy
- You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.
Personal Data Security Measures
- The controller declares that he/she has taken all suitable technical and organisational measures necessary for ensuring the security of your personal data.
- The controller has taken technical measures to secure electronic and physical data repositories for personal data in paper form, particularly by way of passwords, antivirus programmes and backup, but also lockable spaces and shredders (in the case of physical data repositories).
- The controller declares that only he/she personally and people that he/she authorises have access to your personal data.
- Upon making a reservation by calling the controller’s telephone number or writing to the controller’s e-mail address specified in Article I. and providing your name, surname, address, phone number and/or e-mail address, or by making a reservation through the services of Reservio at the website www.reservio.com, you confirm that you are familiar with the terms and conditions of personal data protection and accept them to their full extent.
- You also agree to these terms and conditions by ticking “I agree” in a paper or online form. By ticking “I agree”, you confirm that you are familiar with the terms and conditions of personal data protection and accept them to their full extent.
This policy shall enter into effect on 25 May 2018.