Terms and Conditions for Personal Data Protection
- Basic provisions
- Sources and categories of procesed personal data
- LAWFUL REASON AND PURPOSE OF PERSONAL DATA PROCESSING
1.1 The controller of the personal data in accordance with clause 4, item 7 of the Regulation of European Parliament and Council (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter only referred to as: „GDPR”) is NORMSERVIS s.r.o. company ID 26249324, address Hamry nad Sázavou 460, 591 01 Žďár nad Sázavou (hereinafter only referred to as: „the controller“).
1.2 Controller’s contact information is
address: Hamry nad Sázavou 460, 591 01 Žďár nad Sázavou
telephone: +420 777 173 315
1.3 Personal data shall be interpreted as any information on identified or identifiable natural person; an identifiable natural person is a natural person which may be directly or indirectly identified, especially with reference to a certain identifier, such as name, identification number, location data, network identifier or to one or more special elements of natural, physiologic, genetic, psychic, economic, cultural or social identity of such natural person.
1.4 The controller has not appointed a data protection officer.
2.1 The controller processes personal data which you provided or personal data which the controller received through execution of your order.
2.2 The controller processes your identification and contact data and data necessary for execution of the contract.
3.1 Lawful reason for personal data processing includes
- Execution of contract concluded between you and the controller in accordance with clause. 6, article 1 letter b) GDPR,
- Controller’s justified interest in provision of direct marketing (especially for sending commercial messages and newsletters) in accordance with clause 6 article 1 letter f) GDPR,
- Your consent with processing for the purpose of direct marketing (especially for sending commercial messages and newsletters) in accordance with clause 6 article 1 letter. a) GDPR in connection with § 7, article 2, act no. 480/2004 Sb., on some services of information society even if goods or service was not ordered.
3.2 The purpose of personal data processing is
- Execution of your order and execution of rights and obligations implied by the contractual relationship between you and the controller; order requires personal data that is necessary for successful execution of the order (name and address, contact information), provision of personal data is a prerequisite for conclusion and execution of the contract, without provision of personal data, the contract cannot be concluded or executed by the controller, either,
- Sending of commercial messages and other marketing activities.
3.3 The controller does not make automatic individual decisions in terms of clause 22 GDPR.
4.1 The controller saves the personal data
- For a period necessary for execution of rights and obligations implied by the contractual relationship between you and the controller and enforcement of claims implied by the contractual relationships (for 15 years after the contractual relationship ends).
- Until consent for personal data processing for marketing purpose is revoked, for not more than 10 years if the personal data is processed upon the consent.
4.2 After the period of personal data saving elapses, the controller shall delete the personal data.
5.1 Recipients of the personal data are persons
- Participating in delivery of goods, services, realization of payments in accordance with the contract,
- Accounting company in accordance with the contract,
- Senders of the goods in accordance with the contract,
- Providing marketing services.
5.2 For IEEE and SAE standards, the controller intends to forward the personal data (address, e-mail and telephone) to a third country (country outside EU) or to an international organization. The data shall only be provided to the publishers of those standards. For other products, the personal data is not forwarded to a third country (country outside EU).
6.1 Recipients of the personal data are persons with rights
- To access their personal data in accordance with clause 15 GDPR,
- To correct personal data in accordance with clause 16 GDPR, or to limit processing in accordance with clause 18 GDPR,
- To delete personal data in accordance with 17 GDPR,
- To raise an objection against processing in accordance with clause 21 GDPR,
- To transfer the data in accordance with clause 20 GDPR,
- To revoke the consent with processing in written or electronic form sent to controller’s address or email specified in clause. III herein.
6.2 Furthermore you have the right to lodge a complaint to the office for personal data protection if you think that your right for personal data protection was breached.
7.1 The controller declares that the controller has taken any suitable technical and organizational measures to secure the personal data.
The controller has taken technical measures to secure data storages and storage of personal data in paper format, especially passwords, records of access, evidence of keys, antivirus program, encryption, back-ups.
7.2 The controller declares that only authorized persons can access the personal data.
8.1 By sending the order from the internet order form you confirm that you have been familiarized with the terms and conditions for personal data protection and that you accept them in full extent.
8.2 You express your consent with the terms and conditions by ticking the consent via web form. By ticking the consent you confirm that you have been familiarized with the terms and conditions for personal data protection and that you accept them in full extent.
8.3 The controller is entitled to change the terms and conditions anyhow. New version of the terms and conditions for personal data protection shall be published at the controller’s website and the new version of the terms and conditions will be sent to by email to the address which you provided the controller with.
The terms and conditions come into force on May 25, 2018.