Home / Terms of personal data protection (GDPR)

Terms of personal data protection (GDPR)

  • Information on the method and scope of personal data processing according to the General Regulation on the Protection of Personal Data No. 2016/679/EU (hereinafter referred to as "GDPR")

  • BASIC PROVISION
    Business firm LaPaya s.r.o., identification number 19831994, with registered office at Kloboučnická 1735/26, registered in the commercial register C 392359 maintained at the Municipal Court in Prague, phone contact +420606076535 ("Company"), is the administrator by legal title (i) of the proceedings on the contract with the customer, (ii) the performance of the contract concluded with the customer and (iii) the performance of public law obligations is authorized to process in particular the following personal data of its customers:

     

    name, surname, or date of birth and residence address for records; and
    e-mail and telephone number for mutual communication.
    The administrator has not appointed a personal data protection officer.

    The user of the web interface, whose personal data is processed, has the right, in accordance with the GDPR, to request access to personal data and information referred to in Article 15 of the GDPR; the right to correction or erasure, or restriction of processing; the right to data transferability to another administrator under the conditions and with the restrictions specified in Article 20 of the GDPR; the right to raise an objection to the administrator against the processing of his personal data.

     

    The legal basis for the processing of users' personal data is the fulfillment of the contract and the legitimate interest of the controller. The administrator processes personal data for the purposes of fulfilling the contract and for direct marketing purposes in the scope of first and last name, residential address or delivery address and billing address, if different from the residential address, identification number and tax identification number, e-mail address and telephone number, while provision of personal data is voluntary. For the purposes of the proper functioning of the web interface, text files of cookies stored in the user's browser are also processed.

    LEGAL REASON and PURPOSES OF PROCESSING
    The administrator processes personal data only for the purposes listed below and on the basis of the stated legal bases:

    - fulfillment of the contract according to Article 6 paragraph 1 letter b) GDPR

    - marketing; on the basis of your revocable consent according to Article 6 paragraph 1 letter a) GDPR, i.e. in particular the offering of services, the sending of information about organized events, services and other activities, including direct marketing via electronic means pursuant to Act No. 480/2004 Coll., on certain information society services

    - maintaining a user account on the basis of your revocable consent according to Article 6 paragraph 1 letter a) GDPR

    - bookkeeping; if you are a customer., Your personal data (invoicing data) absolutely necessary to comply with the legal obligation to issue and register tax documents

    - photographic documentation, references, live events, workshops; based on your consent, we can use your photos, references, feedback, etc., until the consent is revoked

    COOKIES
    The administrator uses cookies in order to monitor the preferences of the visitors and to optimally create the website accordingly. Cookies are small "files" that are used for the hard drive. This leads to easier navigation and ensuring a high level of user comfort of the website. Cookies can be used to determine whether the visitor has already visited the website in the past. The use of cookies can be deactivated on your internet browser.

    TRANSFER OF PERSONAL DATA TO THIRD PARTIES
    Recipients of personal data are persons:

    - participating in the delivery of goods/services/realization of payments based on the contract,

    - providing web interface operation services and other services,

    - providing marketing services.

    PERIOD OF DATA RETENTION
    The administrator stores personal data:

    - for the period necessary for the exercise of rights and obligations arising from the contractual relationship between you and the controller and the application of claims from these contractual relationships (for a period of 5 years from the termination of the contractual relationship)

    - for the period until the consent to the processing of personal data for marketing purposes is revoked, but no longer than 5 years.

    After the personal data retention period has expired, the administrator deletes the personal data.

    RECIPIENTS OF PERSONAL DATA
    (administrator subcontractors) Recipients of personal data are persons:

    - participating in the delivery of goods/services/realization of payments based on the contract,

    - providing e-shop operation services and other services related to e-shop operation,

    - providing marketing services.

    The administrator intends to transfer personal data to a third country (a country outside the EU) or an international organization. Recipients of personal data in third countries are providers of mailing services and cloud services

    YOUR RIGHTS
    Under the conditions set out in the GDPR, you have:

    - the right to access personal data according to Article 15 GDPR; at any time, you can request confirmation from the administrator as to whether or not your personal data is being processed, and if so, for what purposes, to what extent, to whom it is made available, how long it will be processed, whether you have the right to correction, erasure, restriction of processing or to raise objection and where the personal data was obtained.

    - the right to correct or supplement personal data according to Article 16 GDPR; at any time you can ask the administrator to correct or supplement personal data if it was or is inaccurate or incomplete

    - the right to erasure of personal data according to Article 17 GDPR; the administrator must delete your personal data if it is no longer necessary for the purposes for which it was collected or processed, or if you withdraw your consent and there is no other reason for processing, or there are no overriding legitimate reasons for processing, the processing is unlawful or it is imposed by a legal obligation (in some cases, however, the administrator is bound by a legal obligation and must register issued tax documents for a period specified by law)

    - the right to object to processing according to Article 21 GDPR; at any time you can file a written or electronic objection to the processing of your personal data with the administrator, thereby ensuring that the administrator does not process the personal data further, unless he proves serious legitimate reasons for the processing that outweigh your interests or rights and freedoms

    - the right to data portability according to Article 20 GDPR; you have the right to obtain your personal data that you have provided to the administrator with consent for processing or for the purpose of fulfilling the contract, the data is transferred in a machine-readable form, and if it is technically feasible, you have the right to have the administrator transfer this data to another administrator

    - the right to withdraw consent to processing in writing or electronically to the administrator's address or e-mail

    You can exercise all of your rights set forth above with the administrator either in writing by registered letter sent to the address of the administrator's registered office, or electronically at the e-mail address www.lapaya.cz, or by telephone at +420606076535.

    You also have the right to file a complaint against the processing of personal data with the Office for Personal Data Protection at www.uoou.cz.

    SECRECY
    The administrator assures that he is obliged to maintain the confidentiality of personal data and security measures, the disclosure of which would endanger the security of your personal data, as well as his employees and collaborators. At the same time, this confidentiality lasts even after the end of the contractual relationship with the administrator. Without your consent, your personal data will not be released to any other third party.

     

    These terms and conditions and information become effective on March 1, 2024.