Accepted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter referred to as "GDPR") and in accordance with Act No. 110/2019 Coll., on the processing of personal data.
Martin Dušek, with its registered office at Dolní cesta 302, 561 51 Letohrad, ID: 87426587, VAT number: CZ7604033690, a natural person operating under the Trade Licensing Act, not registered in the Commercial Register, as the operator of the online store www.4dox.com (hereinafter referred to as "Controller"), processes the personal data of data subjects – natural persons who:
The Controller ensures that the processing of personal data of data subjects is lawful, fair, transparent, accurate, confidential, and that personal data is processed only to the extent necessary. The Controller also ensures that personal data is properly secured and that all rules set by the GDPR, as well as other legal regulations in the field of personal data handling, are followed during the processing of personal data.
These principles have been adopted, among other reasons, to demonstrate compliance with legal regulations concerning the processing of personal data by the Controller. An explanation of individual terms related to the processing of personal data under these principles is provided in Article 12 below.
The data controller is the entrepreneur Martin Dušek, with its registered office at Dolní cesta 302, 561 51 Letohrad, ID: 87426587, VAT number: CZ7604033690.
The Controller can be contacted in one of the following ways:
3.1. Performance of the Purchase Agreement
The Controller processes personal data (first name, last name, address, phone number, email) primarily for the purpose of entering into and fulfilling the purchase agreement, i.e., at a minimum, to enable the Controller to deliver the goods purchased in the online store to the customer.
The legal basis for this processing is Article 6(1)(b) of the GDPR – the performance of a contract to which the data subject is a party.
3.2. Fulfillment of Legal Obligations of the Controller
The Controller processes personal data for the purpose of fulfilling the legal obligations of the Controller, arising, for example, from accounting and tax laws, the consumer protection law, etc., including the obligation of the Controller to demonstrate that personal data is processed in accordance with applicable legal regulations, particularly in compliance with the GDPR.
The legal basis for this processing is Article 6(1)(c) of the GDPR – the fulfillment of a legal obligation to which the Controller is subject.
3.3. Legitimate Interests of the Controller
The Controller may process personal data for the purpose of:
The legal basis for this processing is Article 6(1)(f) of the GDPR – the legitimate interest of the Controller.
3.4. Consent of the Data Subject
Based on the consent of the data subject, the Controller may process personal data for the purpose of:
The legal basis for this processing is Article 6(1)(a) of the GDPR – consent of the data subject.
4.1. Voluntariness
Granting consent for the processing of personal data is entirely voluntary. Failure to provide consent will not have any adverse consequences for the data subject.
4.2. Withdrawal of Consent
Each data subject has the right to withdraw consent for the processing of personal data at any time, especially by one of the following methods:
Consent for maintaining a customer account can also be withdrawn by canceling the customer account (see Section 10.2 below).
The withdrawal of consent does not affect the lawfulness of processing based on consent given prior to its withdrawal.
5.1. General
Processing of personal data for direct marketing purposes refers to the processing of personal data for the purpose of sending commercial communications within the meaning of Act No. 480/2004 Coll., on certain services of the information society, as amended (hereinafter "Act No. 480/2004 Coll.").
A commercial communication is any form of communication, including advertising and encouraging visits to the online store, aimed at directly or indirectly promoting the products or services or image of the Controller (especially newsletters).
5.2. How Does It Work?
Processing of personal data for the purpose of sending commercial communications to potential customers (i.e., individuals who have not yet made a purchase in the online store but have decided to subscribe to commercial communications) is possible only with their consent to the processing of personal data. Sending commercial communications to potential customers is also only possible with their consent (in accordance with Section 7(2) of Act No. 480/2004 Coll.).
Processing of personal data for the purpose of sending commercial communications to customers (i.e., individuals who have already made a purchase in the online store) is possible even without their consent, based on the legitimate interest of the Controller (see Section 3.3 above or Recital 47 GDPR). Sending commercial communications to customers, if the communication relates to similar products or services of the Controller, can be done without their consent (in accordance with Section 7(3) of Act No. 480/2004 Coll.), unless the customer originally refused or later refuses to receive them. [For more details, see https://uoou.gov.cz/novinky/obchodni-sdeleni/gdpr-a-primy-elektronicky-marketing]
5.3. Termination of Processing for Direct Marketing Purposes
The Controller will immediately cease processing personal data for direct marketing purposes as soon as the customer or potential customer expresses disagreement with such processing. Disagreement can be made, for example, by one of the following methods:
Regardless of the above, the Controller will cease processing personal data for direct marketing purposes no later than 3 years after the last purchase in the online store (signing of the purchase agreement). Any further purchase will extend the processing period by another 3 years.
If no purchase is ever made in the online store, the Controller will terminate processing simultaneously with the cancellation of the customer account (see Section 10.2 below).
A recipient of personal data is anyone to whom the Controller provides personal data.
The Controller will provide personal data mainly to the following recipients: entities providing accounting or tax services, postal or courier services, newsletter distribution services, legal services, IT services, payment gateway operators, payment systems, domain administrators, technical support providers, etc. These recipients will process personal data either as independent controllers (i.e., entities that independently determine the purposes and means of processing personal data, regardless of the Controller) or as processors (i.e., entities that process personal data for the Controller, based on its instructions).
In addition, the Controller will provide personal data to public authorities if required by applicable legal regulations. These recipients will always process personal data as independent controllers. Public authorities acting within their investigative powers are not considered recipients.
7. Transfer to Third Countries or International Organizations
The Controller will not transfer personal data to third countries or international organizations within the meaning of Articles 44 et seq. GDPR.
Personal data will be processed only for as long as necessary for the purpose of its processing. The cessation of one of the legal bases for processing personal data does not affect the processing of personal data (to the necessary extent) based on another legal basis.
8.1. Performance of the Purchase Agreement
For this purpose, the Controller will process personal data for up to 30 days after the termination of the last obligation arising from the purchase agreement. This does not affect the possibility of the Controller to further process these personal data based on other legal bases and for the purposes stated in these principles.
8.2. Performance of Legal Obligations by the Controller
For this purpose, the Controller will process personal data for the duration of the relevant legal obligation of the Controller as set by applicable legal regulations.
8.3. Legitimate Interests of the Controller
8.3.1. Direct Marketing
For this purpose, the Controller may process personal data until the objection to such processing is expressed, but no longer than 3 years after the last purchase in the online store (see Section 5.3 above).
8.3.2. Legal Claims
For this purpose, the Controller may process personal data for the duration of the relevant legal claim, but no longer than 1 year after the expiration of the statute of limitations according to applicable legal regulations. If a legal, administrative, or any other procedure is initiated and ongoing in which the rights or obligations arising from the relevant legal claim are addressed, the processing period for this purpose will not end before the final conclusion of such proceedings.
8.4. Data Subject’s Consent
8.4.1. Direct Marketing
For this purpose, the Controller may process personal data until:
but no longer than until the cancellation of the customer account (see Section 10.2 below).
8.4.2. Customer Account Management
For this purpose, the Controller may process personal data until the cancellation of the customer account (see Section 10.2 below).
8.5. Deletion of Personal Data
Immediately after the processing period ends according to Sections 8.1, 8.2, or 8.3.2 above, the Controller will anonymize or destroy the relevant personal data where the purpose of its processing has ceased.
In the cases described in Sections 8.3.1 or 8.4 above, the Controller will immediately cease processing personal data for these purposes after the consent is withdrawn, disagreement is expressed, or the customer account is canceled.
Each data subject has the following rights:
Any data subject who believes that the Controller is processing their personal data in violation of the protection of their private and personal life or applicable legal regulations, especially if the personal data is inaccurate in relation to the purpose of its processing, may:
a) Request an explanation from the Controller (contact details in Section 2 above), or
b) Request that the Controller rectify, supplement, or delete the personal data (contact details in Section 2 above).
If the data subject believes their right to personal data protection has been violated, they also have the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection, located at Pplk. Sochora 27, Holešovice, 170 00 Prague 7.
10.1. Creation of a Customer Account
Creating a customer account is entirely voluntary, as the Controller allows for purchases in the online store without creating a customer account (i.e., without registration).
To store personal data entered in the customer account creation form (or later added to the customer account), the Controller requires consent.
Until the potential customer concludes a purchase agreement with the Controller (i.e., becomes a customer), and after fulfilling all obligations from the concluded purchase agreement, the Controller will process the personal data only for the purposes of managing the customer account; this does not affect the Controller's ability to process personal data based on other legal grounds, especially based on consent granted for direct marketing purposes (sending commercial communications).
10.2. Cancellation of a Customer Account
A customer account can be canceled at any time through the customer account or upon request by sending a cancellation request to one of the contact addresses provided in Section 2 above.
Regardless of the above, the Controller may cancel the customer account after 3 years from the last purchase by the customer in the online store. The Controller may also cancel the customer account if the customer breaches their obligations from the purchase agreement.
If a purchase in the online store never occurs, the Controller may cancel the customer account after 3 years from its creation.
Further information about cookies and other technical data processed when visiting the online store's website is provided in a separate document called "Cookies."
Personal data refers to any information about an identified or identifiable natural person (the data subject); an identifiable natural person is one who can be directly or indirectly identified, particularly by reference to an identifier such as name, surname, date of birth, residence, email, phone number, identification number, location data, network identifier, or one or more special aspects of the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
Personal data processing refers to any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination, or any other form of accessibility, sorting, or combination, restriction, erasure, or destruction.
A customer is a natural person who has concluded a purchase agreement with the Controller via the online store, i.e., a person who has a customer relationship with the Controller.
A potential customer is a natural person who has not yet concluded a purchase agreement with the Controller via the online store, i.e., a person who does not have a customer relationship with the Controller.
The Controller is required to implement technical and organizational measures to ensure that unauthorized or accidental access to personal data, their alteration, destruction, loss, unauthorized transmission, or any other unauthorized processing or misuse does not occur. This obligation applies even after the processing of personal data ends.
In case of any questions regarding personal data processing, the Controller can be contacted through any of the contact addresses provided in Section 2 above of these principles.
General information on personal data processing is also available on the website of the Office for Personal Data Protection at www.uoou.cz.
These principles come into effect on January 6, 2025.
Cookies
We need your consent to the use of individual data so that you can show information about your interests, among other things. Click "OK" to give your consent.
Cookie - Settings
Here you can customize your cookie settings according to your preferences.