PRIVACY POLICY
Company Group PZ s.r.o., registered office: Daliborova 432/3, Mariánské Hory, 709 00 Ostrava, Company ID No.: 08864471, entered in the Commercial Register kept by the Regional Court in Ostrava under file no. C 81113, as the controller of personal data (hereinafter the “Controller”), informs you—its customers, users of the website www.teverun.cz, and data subjects (hereinafter the “Data Subject”)—about the collection of personal data and privacy principles described below.
INTRODUCTION
-
These principles have been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter “GDPR”) and with Act No. 110/2019 Coll., on the Processing of Personal Data.
-
Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
-
Other terms such as “special categories of personal data”, “data subject”, “processing of personal data”, “controller”, “processor”, “high-risk processing”, “automated individual decision-making incl. profiling”, and “appropriate technical and organizational measures” have the meaning given by and must be interpreted in the context of the GDPR.
2. WHAT PERSONAL DATA THE CONTROLLER PROCESSES
2.1. The Controller processes the following data about the Data Subject:
a. Address and identification data: name and surname, address, e-mail, phone
b. Billing and payment data: optional Company ID, VAT ID, registered office address
c. Data on purchased goods and services, data on the use of services, and data on communication with the Controller
2.2.
To improve service quality, personalize offers, collect anonymous data, and for analytics, the Controller uses cookies on its website. Cookie rules are set out in Article 6 below.
2.3.
Personal data may be stored for a longer period than indicated in the table below if processed solely for archiving in the public interest, scientific or historical research, or statistical purposes.
3. PURPOSE AND LEGAL BASIS OF PROCESSING – RETENTION PERIOD
|
Personal data processed |
Purpose of processing |
Legal basis |
Retention period |
|---|---|---|---|
|
Address and identification data |
Handling inquiries and communication regarding conclusion and performance of a contract; sending commercial communications after contract conclusion |
Steps prior to entering into a contract, performance of a contract, legitimate interest |
For the period necessary to negotiate prior to contract and subsequently for performance; for commercial communications for 1 year after termination |
|
Payment and billing data |
Handling inquiries and performance of a contract; bookkeeping |
Performance of a contract, compliance with legal obligations |
10 years from the last payment |
|
Data on purchased goods and services, their use, and communication data |
Contract performance; customer care |
Performance of a contract, legitimate interest |
For the term of the contract and 1 year after termination |
|
All personal data |
Creation and administration of a user account; contract performance |
Performance of a contract, legitimate interest |
For the term of the contract and 3 years from the last login |
|
Name and e-mail obtained outside a contractual relationship solely for newsletter subscribers |
Regular sending of commercial communications with offers, information, and updates in accordance with Act No. 480/2004 Coll. |
Consent |
Until consent is withdrawn or unsubscribing |
|
Address and identification data; data on purchased goods and services |
Sending customer satisfaction questionnaires |
Legitimate interest |
60 days from contract conclusion |
|
E-mail address |
Notifications of stock changes or product/service price changes when using the “watchdog” feature |
Consent |
180 days or until consent is withdrawn |
|
Address and identification data |
Handling messages sent via the website or e-mail |
Steps prior to entering into a contract, performance of a contract |
For the period necessary to handle the communication |
|
Address and identification data |
Publishing comments on the website |
Consent |
Until withdrawn or for 5 years from submission |
3.1. Newsletter subscription
If you subscribed to the newsletter, you grant the Controller consent to use your e-mail address for sending commercial and marketing communications related to offered products or services. Your e-mail address will be processed in accordance with data protection regulations and these principles. You may withdraw consent at any time by e-mail to sales@teverun-europe.com, by sending a notice to the Controller’s registered office, or by clicking the unsubscribe link in each communication.
3.2. Zboží.cz customer satisfaction survey
We measure satisfaction via e-mail questionnaires within the Zboží.cz Rating program, which our e-shop participates in. We send them after each purchase unless you refuse such messages pursuant to Section 7(3) of Act No. 480/2004 Coll. Processing for this purpose is based on our legitimate interest in assessing satisfaction with purchases. We use the processor Seznam.cz, a.s., Radlická 3294/10, 150 00 Prague 5, ID 26168685, to whom we may provide information about purchased goods and your e-mail address. Personal data are not provided to any third party for its own purposes. You may opt out at any time via the link in the questionnaire e-mail.
3.3. Heureka.cz customer satisfaction survey
We measure satisfaction via e-mail questionnaires within the “Verified by Customers” program, which our e-shop participates in. We send them after each purchase unless you refuse such messages pursuant to Section 7(3) of Act No. 480/2004 Coll. Processing is based on our legitimate interest in assessing purchase satisfaction. We use the processor Heureka Shopping s.r.o., Karolinská 650/1, 186 00 Prague 8, ID 24725382, to whom we may provide information about purchased goods and your e-mail address. Personal data are not provided to any third party for its own purposes. You may opt out at any time via the link in the questionnaire e-mail.
4. PRINCIPLES OF PERSONAL DATA PROCESSING
4.1. The Controller processes personal data fairly, lawfully, and transparently. These Principles inform the Data Subject about the scope, content, and methods of processing.
4.2. The personal data processed are adequate, relevant, and limited to what is necessary in relation to the contractual relationship and the stated purpose.
4.3. The Controller needs the Data Subject’s personal data to be accurate and up-to-date. If any provided data become outdated, the Data Subject must inform the Controller of the correct data.
4.4. The Controller processes personal data in a manner ensuring appropriate security, including protection by suitable technical and organizational measures against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
5. RECIPIENTS OF PERSONAL DATA AND INTENT TO TRANSFER INFORMATION
5.1. The Controller may also disclose the Data Subject’s personal data to third parties as recipients, but only in justified cases. Personal data may be disclosed to:
a. processors who process personal data under the Controller’s instructions and with relationships governed by Article 28 GDPR; e.g., providers of software used by the Controller to secure and operate its services—such providers will have access only to the extent necessary and for administration and technical support;
b. public authorities and other entities where required by applicable law;
c. other entities in unforeseen events where disclosure is necessary to protect life, health, property, or another public interest, or to protect the rights, property, or safety of the Controller.
5.2. The Controller does not intend to transfer personal data to a third country or an international organization.
6. COOKIE POLICY
6.1. Cookies
Cookies are small files stored on the Data Subject’s device that help the Controller collect data about the Data Subject’s activity. Cookies enable, in particular, saving settings and preferences, providing targeted content and marketing communications, and analyzing website performance. Cookies may be set by the Controller (“first-party cookies”) or by third parties whose services the Controller uses (“third-party cookies”). Most browsers accept cookies by default. The Data Subject can still set the browser to display cookies before storing them or to disallow them categorically.
Details on cookie settings in common browsers are available here:
-
Google Chrome: https://support.google.com/accounts/answer/61416?hl=en
-
Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-deletemanage-cookies
-
Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
-
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
-
Opera: http://www.opera.com/help/tutorials/security/privacy/
-
Safari: https://support.apple.com/kb/PH19214?viewlocale=en_US
Please note that changes apply only to the given browser. If you use multiple browsers, you must change the settings in each. Cookies can also be deleted from storage at any time. See your browser or operating system help for more information.
IP address
An IP address is a unique number assigned to a computer or other device communicating via the Internet Protocol.
Analytics scripts
Analytics scripts are small pieces of code used to track users and their behavior on websites—from basic tracking (visit) to advanced events (adding a product to cart, product selection, form submission, etc.). Analytics scripts may provide collected data to a third party—the provider of the script.
Use of social plugins
The Controller’s website may offer social media plugins. Data are not sent via such plugins automatically, but only when the plugin is activated by clicking the relevant button. The content and scope of data transmitted as a result of activation are determined solely by the operator of the social network, who is also responsible for protecting personal data received via the plugin.
6.2. Types of cookies
Technical or functional cookies
Some cookies ensure parts of the website work properly and user preferences remain known. By placing functional cookies, the Controller makes visits easier so you don’t have to re-enter the same information. These cookies may be placed without the Data Subject’s consent.
Analytics cookies
Analytics cookies are used to optimize the website for users. Through these cookies the Controller obtains information on how the website is used. Storing these cookies is based on the Data Subject’s consent.
Marketing/Tracking cookies
Marketing/tracking cookies or other local storage are used to create user profiles for displaying advertising or to track users on the website for similar marketing purposes. Storing these cookies is based on the Data Subject’s consent.
Your browser may be used to delete cookies automatically or manually. You can also specify that certain cookies may not be placed. Another option is to change your browser settings so that a message is displayed every time a cookie is stored. See your browser help for more information.
Please note that the website may not function properly if all cookies are disabled. If you delete cookies in your browser, they will be placed again after consent is granted upon your next visit to the Controller’s website.
7. RIGHTS OF THE DATA SUBJECT
7.1. Data Subject rights are a key element of personal data protection. If the Data Subject exercises any right below, the Controller will provide information on measures taken without undue delay and in any case within one month of receipt of the request. In exceptional cases, the Controller may extend this period by up to two months. The Controller will inform the Data Subject of any extension and the reasons.
7.2. Personal data are processed automatically in electronic form.
7.3. The Data Subject has the right to:
a. be informed about personal data processing
The Controller provides this information notably through this Privacy Policy.
b. access personal data
Upon request, the Data Subject will receive confirmation whether their personal data are processed. If so, the Data Subject has the right to obtain: purposes of processing; categories of personal data; recipients or categories of recipients; envisaged retention period; the existence of the right to request rectification or erasure; the right to object; the right to lodge a complaint with a supervisory authority; any available information as to the source of the personal data if not obtained from the Data Subject; and the fact of automated decision-making, including profiling. Most of this information is contained here, but you may also ask the Controller directly.
c. rectification or completion
If the Data Subject knows or believes the Controller processes inaccurate data, they may notify the Controller, who must correct them. If any data are incomplete considering the purpose, the Controller must complete them upon request.
d. erasure
The Controller must erase personal data under Article 17(1) GDPR if at least one of the following applies and none of the exceptions in Article 17(3) GDPR applies:
-
the data are no longer necessary for the purposes for which they were collected;
-
the Data Subject withdraws consent and no other legal ground exists;
-
the Data Subject objects and there are no overriding legitimate grounds;
-
the data have been unlawfully processed;
-
erasure is necessary for compliance with a legal obligation;
-
the data were collected in relation to the offer of information society services under Article 8(1) GDPR.
e. restriction of processing
The Data Subject may request restriction of processing. If the conditions of Article 18(1) GDPR are met, the Controller must restrict processing.
f. data portability
The Data Subject has the right to obtain their personal data from the Controller in a structured, commonly used, machine-readable format and to have the data transmitted directly to another controller.
g. object
In certain cases, the Data Subject may object to processing, in particular where they could not influence that their data are processed and the processing is not for a legal obligation or vital interest. Objections may concern:
-
processing based on legitimate interest or a task in the public interest/exercise of official authority;
-
processing for direct marketing based on legitimate interest;
-
processing for scientific or historical research or statistical purposes.
If an objection is raised, the Controller shall no longer process the data unless it demonstrates compelling legitimate grounds overriding the Data Subject’s interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. If the objection concerns processing for direct marketing or related profiling, the Controller must stop processing.
h. not be subject to automated individual decision-making, including profiling
The Data Subject is never subject to automated individual decision-making, including profiling.
i. withdraw consent where processing is based on consent
The Data Subject may withdraw consent at any time for data processed on that basis.
j. be informed of a personal data breach
Where a personal data breach is likely to result in a high risk to the rights and freedoms of the Data Subject, the Controller shall notify the Data Subject without undue delay.
k. lodge a complaint with a supervisory authority
If the Data Subject believes the Controller is breaching its obligations, they may lodge a complaint with the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7; e-mail: posta@uoou.cz; website: https://www.uoou.cz; tel.: +420 234 665 111.
8. CHANGES TO THE POLICY
8.1. This Privacy Policy may change over time. All changes will be published on the Controller’s website. In the case of significant changes, the Controller may inform the Data Subject by e-mail.
9. OUR CONTACT DETAILS
9.1. If the Data Subject wishes to contact the Controller in connection with the processing of their personal data, they may use:
a. In writing to the registered office: Daliborova 432/3, Mariánské Hory, 709 00 Ostrava, Company ID No.: 08864471
b. By e-mail: sales@grouppz.cz
THIS PRIVACY POLICY IS VALID AND EFFECTIVE AS OF: September 24, 2023