Principles of processing personal data of STEPA s.r.o.
Registered office: Sázavská 995, Žichlínské Předměstí, 563 01 Lanškroun
identification number: 46506993
registered in the Commercial Register maintained by the Commercial Register in Hradec Králové, Section C, Insert 2094 (hereinafter referred to as the "Administrator").
In this document, we would like to inform you about the principles according to which we process your personal data and analyse certain aspects of the behaviour of visitors to our website. We would also like to inform you of your rights in this regard.
The protection of the personal data of our customers is really important to us, so we treat this personal data with due care and in accordance with applicable law. Only authorized persons take care of our (and your) personal data protection.
This Policy is freely available both on our website and in our stores. Whenever we collect personal data from you, we refer to this Policy and allow you to read this Policy and inform us of our policy on the processing of personal data. Our company always aims to inform our customers (not only) on the website, in the most comprehensible way.
If you have any questions, please do not hesitate to contact us, we are open to constructive communication with our customers.
Address: Sázavská 995, Žichlínské Předměstí, 563 01 Lanškroun
The processing of personal data is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as "GDPR"), Act No. 110/2019 Coll. on the processing of personal data and Act No. 480/2004 Coll. on certain information society services, as amended.
1.1 Data subject: natural person (consumer and self-employed) to whom
personal data applies (hereinafter also "you" or "customer");
1.2 Personal data: all information about an identified or identifiable customer; an identifiable customer is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name and identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (hereinafter referred to as "PI" or "data");
1.3 Controller: the entity that determines the purpose and means of processing personal data, carries out the processing and is responsible for the processing. The controller of the personal data is STEPA s.r.o., company ID: 46506993 (hereinafter referred to as the "Controller");
1.4 Processor: an entity that processes personal data on behalf of the controller on the basis of a contract for the processing of personal data (hereinafter referred to as "processor" or "business partner") on the basis of the law or on behalf of the controller;
1.5 Website: website available at www.stepa.cz ;
1.6 Purpose of the processing of personal data: the reason why the personal data is processed. This reason may be, for example, to perform a contract, manage user accounts, handle complaints and complaints, send commercial communications or display advertisements based on customer interests;
1.7 Scope of processing of personal data: a list of specific categories of customer personal data processed for a specific purpose;
1.8 Cookies: short text files that are stored by your web or mobile browser. Most cookies contain a unique identifier, called a cookie ID. This is a string of characters assigned by websites and servers to the browser that stored the cookie. This allows websites and servers to distinguish and identify individual browsers. Cookies are used to improve the functioning of websites, to evaluate website traffic and to better target marketing activities. If you browse our website, we assume that you consent to the use of these files.
2.1 The Controller and its contractual processors process the following personal data or categories of personal data in accordance with the relevant legal title and purpose of processing:
a) identification and address data: e.g. name, surname, delivery or other contact address, address of the place of delivery, business address, VAT number, tax identification number;
b) electronic contact details: e.g. telephone number, e-mail address;
c) other electronic data: the IP address processed by means of cookies;
d) other personal data related to the contractual relationship: bank account number, order history;
e) other personal data: typically data provided by the customer in the order form or other documents and in communication with us, including subsequent updates.
3.1. The data controller processes the necessary data that you provide to us, for example, when you place an order,
when registering for a user account, communicating with us, etc. Typically, this involves:
(a) identification and address details;
(b) electronic contact details;
(c) other personal data related to the contractual relationship.
3.2. And furthermore, data that we collect automatically on the basis of you browsing our website. Typically this includes:
d) other electronic data:
a) information about the cookies used and specific cookies,
b) the website from which you came to our website;
c) IP address;
(d) the date of access and the period of access;
e) search queries;
f) http and https response code;
(g) the groups of data to be transmitted;
(h) the browser and operating system of the computer.
4.1 We process individual data in accordance with Article 6 of the GDPR, i.e. in particular if you give us your explicit consent to do so, if the processing is necessary for compliance with legal obligations to which we are subject as a controller, if the processing is necessary for the performance of a contract or if it is in the legitimate interest of the controller. The individual acts in which the processing of personal data takes place can be found below:
a) Conclusion of the contract and performance of the contractual relationship
Purpose: You are entitled to the goods or services you have ordered based on the contract between you and the Administrator. We, on the other hand, are entitled to payment of the agreed price. In order to process your order correctly, it is necessary to process your identification and address data, contact data and other personal data related to the contractual relationship - in particular your account number.
Legal basis: the processing of personal data for the purpose of fulfilling the contractual relationship is justified by the contractual relationship between you and us. The provision of personal data in this case is a contractual requirement without which the contract cannot be concluded.
Storage period: the storage period is determined by the duration of the customer's contractual relationship with us, normally for a period of 5 years after the order has been placed.
b) Communication with customers, evaluation of satisfaction, publication of reviews, handling of complaints
Purpose: We use your data to manage your enquiries, make product recommendations, deal with complaints and complaints with our customer support. We may also contact you to ask you to complete a satisfaction survey.
We also use your data to notify you of the status of your order and to notify you of any changes to your order (non-payment of the agreed amount, change of delivery, etc.). In the event that you do not complete your order, we may send you an email or SMS reminding you that you have not completed this order. Thanks to the feedback we can appreciate this useful service, but whenever you would not be comfortable with it, you have the right to express your disagreement and then we do not need to contact you anymore.
We also process this data in cases of exercising your rights in respect of defective performance and in exercising your rights in connection with the processing of your personal data.
Legal basis: the processing of personal data for the purpose of communicating with customers, evaluating satisfaction, handling suggestions and complaints is justified by our legitimate interest in being able to communicate with customers. The provision of personal data in this case is not a legal or contractual requirement. Thus, you are under no obligation to provide us with your personal data for this purpose.
Storage period: the data storage period is determined by the duration of the customer's contractual relationship with us and subsequently for a period of 4 years after its termination.
d) Sending commercial communications and offering our goods and services
Purpose: We send regular email updates about our goods and services to our customers and those who have consented. You can quickly and easily stop receiving these commercial communications at any time by using the unsubscribe link included in each newsletter.
Otherwise, we ask for your consent to receive commercial communications about our goods and services, events and promotional campaigns. We may use the information you provide to us, as well as information otherwise obtained in connection with our goods and services - such as information about your use of the website, information about orders placed, or information about your participation in promotions and contests - to personalize our marketing communications. We will ask for your consent to receive commercial communications whenever consent is required by applicable law.
Legal basis: the processing of personal data for the purpose of sending commercial communications and offering our goods and services is justified by your consent or our legitimate interest in direct marketing. The provision of personal data on the basis of your consent is voluntary in this case, but without it it would not be possible to send you commercial communications. You can withdraw your consent at any time. The provision of personal data in this case is not a legal or contractual requirement. You are therefore under no obligation to provide us with your personal data for this purpose.
Storage period: the storage period is determined by the duration of your consent. We will consider your consent withdrawn or your legitimate interest terminated if you do not open our commercial communications for a period of 5 years.
(e) Direct marketing and the creation of personalised content and advertising
Purpose: Personalized content creation and advertising technologies allow us to show visitors who are already interested in our website or services. We strive to ensure that you are only shown advertising that you are genuinely interested in, and not advertising without any connection to your personality or interests. Based on your order history, interests and website behaviour, you may be shown personalised content and offers on our website and third party websites and applications (including social media). In addition, we are entitled to store other personal data about you subject to compliance with legal provisions for our own marketing purposes. Furthermore, we would like to assure you that there is no transfer of stored data to third parties. All data is anonymised and pseudonymised for these partners who help us with this type of advertising. This includes in particular cookies. You can read about managing your preferences regarding the processing of cookies in the Cookies section.
Legal basis: the processing of personal data for the purpose of direct marketing and the creation of personalised content and advertising is justified by your consent or our legitimate interest in direct marketing. The provision of personal data on the basis of your consent is voluntary in this case, but without it it would not be possible to provide you with personalised content and advertising. You can withdraw your consent at any time. The provision of personal data in this case is not a legal or contractual requirement. You are therefore under no obligation to provide us with your personal data for this purpose.
Storage period: the storage period is determined by the duration of your consent. The storage period of cookies may vary depending on the type of cookie. Some cookies are limited by the duration of the session (so-called session cookies). These are processed while the browser is running and are automatically deleted when the browser is switched off. Other cookies are permanent (called persistent cookies). These cookies remain in the browser after it has been switched off until a specified date, or until they are manually deleted by the user. These cookies can be used to identify the user's computer when the web browser is restarted and the internet is browsed. You can read more about the storage period of cookies in the Cookies section.
f) Improving the quality of our goods and services, analysing traffic to our website and your behaviour on the website
Purpose: We are always striving to improve the quality of our services and goods and your experience. The development of new services and goods and the improvement of existing ones is done by identifying the needs and wishes of users through phone calls, questionnaires, website analysis, interest in certain services and texts, etc.
In connection with browsing our website, we also process information about traffic, readership, the number of pages viewed, the device from which you come to our website, the time spent on the website. This data helps us to identify areas of our website that are harder to access or less comprehensible. We collect this data so that we can offer quality content that is user-friendly for you and to develop services that you are clearly interested in. We regularly improve our website based on this information.
If you do not want data collected by these technologies, there is a simple process you can follow: most browsers offer you the option to automatically reject many of these technologies or give you the choice to accept or reject them. You can read about managing your preferences regarding the processing of cookies in the Cookies section.
g) Protecting our rights, property or safety or the rights, property or safety of others
Purpose: We may use information about your use of our website or information about your orders to prevent or detect fraud, abuse, misuse and violations of our terms and conditions, as well as to comply with court or other law enforcement authorities, government authorities or conditions imposed by applicable law.
Legal basis: the processing of personal data for the purpose of protecting our rights, property or safety or the rights, property or safety of others is justified by the performance of legal obligations or our legitimate interest in protecting our rights, property or safety or the rights, property or safety of others. The provision of personal data in this case is not a legal or contractual requirement. Thus, you are under no obligation to provide us with your personal data for this purpose.
Storage period: the storage period is 10 years from the end of our contractual relationship or 4 years from the date of acquisition.
(h) Accounting and tax purposes
Purpose: We must also process your personal data because we are required to do so by the relevant accounting and tax legislation.
Legal basis: we handle this personal data mainly for the purpose of the performance of the concluded contract. The performance of contractual obligations typically occurs when, on the basis of a concluded contract, we have to record invoices or other tax documents in the accounting system in accordance with Act No. 563/1991 Coll., on Accounting
Storage period: for the period prescribed by law, in particular Accounting data is processed for 5 years starting from the end of the accounting period to which it relates, tax documents for 10 years from the end of the tax period in which the transaction took place.
i) Handling of complaints
Purpose: Based on the contract between you and the Administrator, you are entitled to a guarantee for the goods or services ordered and the handling of complaints. In order to process them, it is necessary to process your identification and address data, contact data and other personal data related to the contractual relationship.
Legal basis: the processing of personal data for the purpose of handling complaints is justified by legal obligations arising from the contractual relationship between you and us. The provision of personal data in this case is a contractual requirement without which it is not possible to fulfil contractual and legal obligations.
Storage period: the storage period is determined by the duration of the customer's contractual relationship with us, normally for a period of 5 years after the order has been placed.
5.1 Your personal data is disclosed primarily to our employees who need the data in order to provide you with our services.
5.2 In addition to our employees, we must transfer your personal data to various business partners who enable the Administrator to operate and help us provide you with better, more accurate and overall more specific content and services. We select the processors to whom we entrust your personal data very carefully. We only work with those who are able to ensure that technical and organisational security measures are in place to prevent unauthorised or accidental access to or other misuse of your data. All such partners are only authorised to process your data on the basis of a data processing addendum, in which they undertake a duty of confidentiality. They may also not use the data provided for any purpose other than that for which we have made it available to them.
5.3 The following categories of our partners (recipients) may have access to your personal data:
a) Partners who transport our goods and services for us
b) Partners to whom we provide data for the purpose of analysing traffic to our website, your behaviour on the website and business conversions
We strive to make your experience of using our website as pleasant as possible. That's why we work with partners who analyse traffic and your behaviour on our website. Thanks to these partners, we have information about which parts of our website are not clear, where you are looking for the information you want and whether you find it, which offers on our website you clicked on, etc. We then regularly improve our website based on this information.
c) Partners who provide their services to us, who provide the technical operation of a service for us, and the operators of the technology we use for our services
In order for the Controller to function properly and to provide our services to you, we must work with a number of partners who provide their services to us, provide the technical operation of a particular service, or operate the technologies we use for our services. Typically, these categories of partners are:
(d) Public authorities
6.1 Personal data is processed manually and automatically. We keep proper records of all processing activities in accordance with the relevant legislation - in particular Article 30, Records of processing activities.
7.1 To exercise your rights, please contact us using our contact details set out at the beginning of this policy. We reserve the right to reasonably verify the identity of the applicant for the rights in question. If requests are repetitive and manifestly unfounded or unreasonable, we may impose a reasonable fee or refuse to comply with the request.
a) Right of access to personal data
If you want to know whether we are processing your personal data, you have the right to obtain information from us about whether your personal data is being processed and, if so, you also have the right to access your personal data. In the event of a repeated request, we are entitled to charge a reasonable fee based on our administrative costs for a copy of the personal data provided.
b) Right to rectification of inaccurate and completion of incomplete personal data
If you believe that we are processing inaccurate or false data about you, you have the right to request its correction. You also have the right to have incomplete data completed. We will carry out the correction or completion without undue delay, but always taking into account our technical possibilities.
(c) Right to erasure
In the event that your personal data is no longer necessary for the purposes (in particular for the necessary legislative regulations) for which it was collected or otherwise processed, or if you discover that it has been processed unlawfully, you have the right to request its deletion.
d) Right to restriction of processing of personal data
If you are not interested in complete erasure, but only in a temporary restriction of the processing of your personal data, you can request us to restrict the processing of your personal data in certain cases.
(e) Right to data portability
If you want us to transfer your personal data to third parties, you can exercise your right to data portability if you have given your prior consent. In the event that the exercise of this right may adversely affect the rights and freedoms of third parties, we will not be able to comply with your request.
(f) Right to object
You have the right to object at any time to the processing of personal data processed for the performance of a task carried out in the public interest or in the exercise of official authority or for the protection of our legitimate interests. If we do not demonstrate that there is a compelling legitimate reason for the processing which overrides your interests or rights and freedoms, we will terminate the processing without undue delay on the basis of your objection.
g) Right to withdraw consent at any time
If the processing of your data is based on your consent, you have the right to withdraw your consent at any time.
h) Right to information about automated decision-making, including profiling
You are not the subject of any decision based solely on automated processing, including profiling, which would have legal effects on you or which would affect you in a similarly significant way.
(i) Right to lodge a complaint with the Supervisory Authority
Last but not least, you also have the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection, located at Pplk. Sochova 27, 170 00 Prague 7, tel.: 234 665 111, web: www.uoou.cz.
a) ensuring the functioning of the basic functions of the Website,
b) saving your preferred language,
c) analysis of traffic in order to improve the Website,
d) marketing purposes, in particular the display of advertising on the Site.
9.1 Our website is not directed at children under the age of 16. We therefore do not intentionally collect their personal data. If we become aware that we have inadvertently obtained personal data about children under the age of 16, we will take steps to delete that data as soon as possible, except where we are required by applicable law to retain it.
10.1 The Personal Data Processing Policy was approved by the Managing Director on 25 February 2021.
10.2 Our business strategy and related processing of your personal data may change. If we decide to update this policy, we will post the changes on our website and inform you of these changes not only on the aforementioned website but also on social media. We ask that you read this policy carefully and check this policy regularly when you continue to communicate with us or use our website.
In Lanškroun on 1 January 2022.