Principles concerning the processing of personal data
Pursuant to Article 4 (7) of Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”), the personal data controller is Bubby Bubby s.r.o., Company ID (IČ) 06184405 , with its registered office at Dlouha 322/8, Ricany – Strasin, 251 01 (hereinafter referred to as “Controller”).
The Controller’s contact information is as follows:
Address: Dlouha 322/8, Ricany – Strasin, 251 01, Czech Republic; e-mail: firstname.lastname@example.org
Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a particular identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
What kind of personal data do we collect?
The Controller processes your personal data obtained or provided by you during the fulfilment of your order, such as your email address, first name, surname, telephone numbers and mailing address.
Why and for how long do we retain personal data?
The legal reason for processing personal data is the fulfilment of a contract between you and the Controller and the Controller’s legitimate interest in providing direct marketing (for sending commercial messages and newsletters).
The purpose of processing is to fulfil your order and exercise the rights and obligations arising from the contractual relationship between you and the Controller; processing of personal data such as name, surname, e-mail address, telephone number and mailing address is necessary for the successful fulfilment of your order and for sending out commercial messages and newsletters.
The Controller retains your personal data for as long as is necessary to fulfil contractual commitments and obligations, for a maximum period of 15 years from the termination of the contractual relationship. Personal data collected for marketing purposes is stored for a maximum period of 3 years from the termination of the contractual relationship, or until the consent to the processing of personal data is withdrawn.
How do we protect personal data?
The Controller has implemented all appropriate and necessary technical and organizational measures to ensure that your personal data is secure.
With whom do we share personal data?
We may share your personal data with third parties that provide us with IT services and other internal services such as accounting and marketing.
What rights do you have?
Under data protection legislation, you have a number of rights in relation to the personal data the Controller has about: you may request access to your personal data, information about the processing of your personal data, rectification or erasure of your personal data, you may restrict or object to the processing of your personal data, request clarification or rectification of inaccurate data, and you may exercise your right to data portability.