This page provides an overview of the main principles regarding the protection of personal and other processed data.

I. Basic Provisions

The controller of personal data in accordance with Article 4, Point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR") is Imperia Trading CZ s.r.o., Company ID: 28170997, with its registered office at Sadová 137, 25065 Bořanovice (hereinafter "Controller").

The Controller's contact details are:

Address: Sadová 137, 25065 Bořanovice

Email: faktury@giftlab.cz

Phone: +420 603 914 000

Personal data refers to any information about an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

The Controller has not appointed a Data Protection Officer.

II. Sources and Categories of Processed Personal Data

The Controller processes personal data that you have provided or personal data that the Controller has obtained through the fulfillment of your order.

The Controller processes your identification, contact details, and data necessary for fulfilling the contract.

III. Legal Basis and Purpose of Personal Data Processing

The legal basis for processing personal data is:

• The performance of a contract between you and the Controller under Article 6(1)(b) GDPR,
• The legitimate interest of the Controller in providing direct marketing (particularly for sending commercial messages and newsletters) under Article 6(1)(f) GDPR,
• Your consent to the processing of personal data for the purposes of direct marketing (particularly for sending commercial messages and newsletters) under Article 6(1)(a) GDPR in connection with Section 7(2) of Act No. 480/2004 Coll., on certain information society services, in cases where no order for goods or services has been made.

The purpose of processing personal data is:

• To handle your order and fulfill the rights and obligations arising from the contractual relationship between you and the Controller. When placing an order, personal data necessary for successful order processing (such as name and address, contact details) are required; providing personal data is a necessary requirement for entering into and performing the contract. Without providing personal data, it is not possible to conclude the contract or fulfill it from the Controller's side.
• To send commercial messages and carry out other marketing activities.

The Controller does not engage in automatic individual decision-making as defined in Article 22 of GDPR.

IV. Data Retention Period

The Controller retains personal data:

• For the time necessary to fulfill the rights and obligations arising from the contractual relationship between you and the Controller and for asserting claims from these contractual relationships (for 15 years after the end of the contractual relationship).
• After the expiration of the retention period, the Controller will delete personal data.

V. Recipients of Personal Data (Controller's Subcontractors)

Recipients of personal data are individuals involved in:

Services:

• Solitea Česká republika a.s. (Company ID: 25568736), Drobného 555/49, Ponava, 602 00 Brno, Czech Republic.
• Payment processing based on the contract:
• GoPay s.r.o. (Company ID: 26046768), Planá 67, 370 01 Planá, Czech Republic.
• E-shop operation services (Shoptet) and other services related to the operation of the e-shop:
• Google Ireland Limited (Registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland; the privacy policy of this company is available here: https://policies.google.com/technologies/ads;
• Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02 X525, Ireland; the privacy policy of this company is available here: https://cs-cz.facebook.com/about/privacy;
• YANDEX LLC 16 Lva Tolstogo St., Moscow 119021, Russia; the privacy policy of this company is available here: https://yandex.com/legal/metrica_eea_termsofuse/
• Seznam.cz a.s. (Company ID: 26168685), Radlická 3294/10, 150 00 Praha - Smíchov, Czech Republic.

The Controller does not intend to transfer personal data to a third country (outside the EU) or an international organization.

VI. Your Rights

Under the conditions set out in the GDPR, you have the right to:

• Access your personal data under Article 15 GDPR,
• Correct personal data under Article 16 GDPR, or limit processing under Article 18 GDPR,
• Delete personal data under Article 17 GDPR,
• Object to the processing of your data under Article 21 GDPR,
• Data portability under Article 20 GDPR,
• Withdraw your consent to processing either in writing or electronically to the Controller’s address or email as specified in Article III of these terms.

Furthermore, you have the right to file a complaint with the Office for Personal Data Protection if you believe your personal data protection rights have been violated.

VII. Conditions for Securing Personal Data

The Controller declares that it has taken all appropriate technical and organizational measures to secure personal data.

The Controller has implemented technical measures to secure data storage and personal data storage in paper form, including antivirus software.

The Controller declares that personal data can only be accessed by authorized persons.

VIII. Final Provisions

By submitting an order through the online order form, you confirm that you are familiar with the terms of personal data protection and that you fully accept them.

You agree to these terms by checking the consent box via the online form. By checking this consent, you confirm that you are familiar with the terms of personal data protection and that you fully accept them.

The Controller is entitled to change these terms. The new version of the personal data protection terms will be published on its website, and the new version will also be sent to your email address, which you provided to the Controller.

These terms take effect on August 8, 2023.