Privacy Policy
I. Basic Provisions
The controller of personal data pursuant to Article 4(7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") is PROSKS s.r.o. with ID 24290041, located at 28. Pluku 907/40, Prague 10 - Vršovice, Czech Republic (hereinafter referred to as the "controller").
The contact details of the controller are: PROSKS s.r.o., Fanshop SK Slavia Praha, U Slavie 1540/2a, Prague 10, Czech Republic; email: info@prosks.cz; tel.: +420 608 940 695. Personal data means all information about an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a specific identifier such as a name, identification number, location data, network identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of this natural person. The controller has not appointed a data protection officer.
II. Sources and Categories of Processed Personal Data
The controller processes personal data that you provided to them or personal data that the controller obtained based on the fulfillment of your order. The controller processes your identification and contact details, as well as data necessary for the performance of the contract.
III. Legal Basis and Purpose of Personal Data Processing
The legal basis for the processing of personal data is:
- The performance of a contract between you and the controller according to Article 6(1)(b) GDPR,
- The legitimate interest of the controller in providing direct marketing (especially for sending business communications and newsletters) according to Article 6(1)(f) GDPR,
- Your consent to the processing for the purposes of direct marketing (especially for sending business communications and newsletters) according to Article 6(1)(a) GDPR in conjunction with § 7(2) of Act No. 480/2004 Coll., on Certain Information Society Services, if no goods or services have been ordered.
The purpose of processing personal data is to process your order and perform the rights and obligations arising from the contractual relationship between you and the controller; when placing an order, personal data necessary for successful order processing (name and address, contact) are required. Providing personal data is a necessary requirement for the conclusion and performance of the contract, without providing personal data, the contract cannot be concluded or performed by the controller.
Sending business communications and conducting other marketing activities.
The controller does not engage in automated individual decision-making within the meaning of Article 22 GDPR.
IV. Data Retention Period
The controller retains personal data for the time necessary to exercise rights and fulfill obligations arising from the contractual relationship between you and the controller and to assert claims from these contractual relationships (for a period of 15 years after termination of the contractual relationship).
For the duration of your consent withdrawal for personal data processing for marketing purposes, up to a maximum of 15 years, if personal data are processed based on consent.
After the expiration of the retention period for personal data, the controller will erase the personal data.
V. Recipients of Personal Data (Controller's Subcontractors)
Recipients of personal data are persons:
- Involved in the delivery of goods/services/payment execution based on the contract,
- Providing e-shop operation services (Shoptet) and other services related to e-shop operation,
- Providing marketing services,
- Managing accounting and tax agenda,
- Providing licenses and trademarks (SK Slavia Praha, Odbor přátel).
The controller does not intend to transfer personal data to a third country (a country outside the EU) or an international organization.
VI. Your Rights
Subject to the conditions set out in the GDPR, you have the right to:
- Access your personal data under Article 15 GDPR,
- Rectify personal data under Article 16 GDPR, or restrict processing under Article 18 GDPR.
- Erasure of personal data under Article 17 GDPR.
- Object to processing under Article 21 GDPR, and
- Data portability under Article 20 GDPR.
You have the right to withdraw your consent to processing in writing or electronically to the address or email of the controller stated in section III of these conditions. Furthermore, you have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.
VII. Conditions for Personal Data Security
The controller declares that they have taken all appropriate technical and organizational measures to secure personal data. The controller has taken technical measures to secure data repositories and repositories of personal data in paper form, especially antivirus software and passwords. The controller declares that only persons authorized by them have access to personal data.
VIII. Cookies
A cookie file is a text file that a visited website stores in your computer. When you visit the same website in the future, it allows you to use the same preferences. We use cookies to optimally create and continuously improve our services, customize them to your interests and needs. The setting of the use of cookie files is part of your internet browser. Most browsers automatically accept cookies by default, but it is possible to reject or limit them using your web browser. Information about browsers and how to set preferences for cookie files can be found on the following websites: Chrome, Internet Explorer, Firefox.
IX. Final Provisions
By submitting an order through the internet order form, you confirm that you have read and accept the terms of personal data protection in their entirety. You agree to these terms by ticking the consent via the internet form. By ticking the consent, you confirm that you have read and accept the terms of personal data protection in their entirety. The controller is entitled to amend these conditions. The new version of the conditions for personal data protection will be published on their website, and a new version of these conditions will be sent to your email address provided to the controller.
These conditions become effective on September 1, 2023.