Processing of Personal Data

I. Basic provisions

1. The controller of personal data pursuant to Article 4(7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") is Ace Sport s.r.o., with business registration number (IČ) 63887355 and registered address at Sedláčkova 472/6, Písek 39701 (hereinafter referred to as the "administrator").

2. The Administrator’s contact details are as follows

Address: Sedláčkova 472/6, Písek 39701 

E-mail: poptavka@acesport.cz

Phone: +420 602468321

3. Personal data refers to all information about an identified or identifiable natural person; an identifiable natural person is a person who can be directly or indirectly identified, in particular by reference to a specific identifier such as a name, identification number, location data, network identifier, or one or more special elements of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

4. The administrator has not appointed/named a Data Protection Officer. The contact details of the Data Protection Officer, if appointed, are as follows: 

II. Sources and categories of personal data processed

1. The administrator processes personal data that you have provided to them or personal data obtained by the controller in the course of fulfilling your order.

2. The administrator processes your identification and contact information, as well as data necessary for the performance of the contract.

III. Legal basis and purpose of personal data processing

1. The legal basis for processing personal data is as follows:

• The performance of a contract between you and the controller as per Article 6(1)(b) of the GDPR,
• The legitimate interest of the administrator in providing direct marketing, especially for sending commercial communications and newsletters, under Article 6(1)(f) of the GDPR,
• Your consent for processing for the purposes of providing direct marketing, particularly for sending commercial communications and newsletters, under Article 6(1)(a) of the GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on Certain Information Society Services, in cases where there has been no order for goods or services.

 2. The purpose of processing personal data is

• the purpose of processing personal data is to process your order and fulfill the rights and obligations arising from the contractual relationship between you and the administrator. When placing an order, personal data that is necessary for the successful processing of the order (such as name and address, contact information) is required. Providing personal data is a necessary requirement for entering into and performing the contract, and without providing personal data, it is not possible to enter into or fulfill the contract on the part of the controller,
• sending commercial communications and carrying out other marketing activities.

 3. The administrator does not engage/engages in automatic individual decision-making within the meaning of Article 22 of the GDPR. You have provided your explicit consent for such processing.

IV. Data retention period

1. The Administrator retains personal data

• for the duration necessary to perform the rights and obligations arising from the contractual relationship between you and the controller and to assert claims from these contractual relationships (for a period of 15 years from the termination of the contractual relationship),
• for the duration until consent for the processing of personal data for marketing purposes is revoked, for a maximum of 10 years, if personal data is processed based on consent.

 2. After the data retention period has elapsed, the controller will erase personal data.

V. Recipients of personal data (Controller’s subcontractors)

1. The recipients of personal data are individuals 

• involved in the delivery of goods/services/processing of payments under the contract,
• providing e-commerce platform services (Shoptet) and other services related to e-commerce operations,
• providing marketing services.

 2. The administrator does not/does intend to transfer personal data to a third country (outside the EU) or an international organization. Recipients of personal data in third countries are providers of mailing services/cloud services.

VI. Your rights

1. Under the conditions set forth in the GDPR, you have

• the right to access your personal data under Article 15 of the GDPR,
• the right to rectify personal data under Article 16 of the GDPR, and, where applicable, the right to restrict processing under Article 18 of the GDPR,
• the right to erasure of personal data under Article 17 of the GDPR,
• the right to object to processing under Article 21 of the GDPR and
• the right to data portability under Article 20 of the GDPR,
• the right to withdraw consent for processing in writing or electronically to the address or email of the administrator as specified in Section III of these terms.

 2. You also have the right to file a complaint with the Office for Personal Data Protection in the event you believe that your right to personal data protection has been violated.

VII. Conditions for Personal Data Security

1. The administrator declares that they have implemented all appropriate technical and organizational measures to secure personal data. 

2. The administrator has implemented technical measures to secure data storage and storage of personal data in paper form, ensuring that all data is securely stored and encrypted.

3. The administrator declares that only authorized personnel have access to personal data.

VIII. Final provisions 

1. By submitting your order through the online order form, you confirm that you are acquainted with the terms of personal data protection and fully accept them.

2. You agree to these terms by checking the consent box through the online form. By checking the consent box, you confirm that you are acquainted with the terms of personal data protection and fully accept them.

3. The administrator is authorized to modify these terms. The new version of the personal data protection terms will be published on its website, and simultaneously, the administrator will send you the new version of these terms to the email address you have provided.

These terms shall become effective as of January 20, 2020.