I. Content and purpose of the document
- This document contains information regarding the personal data protection provided by visitors to www.imaxhair.com, our clients and those interested in our services and products.
- The purpose of this document is to inform you (as data subjects) about your rights and to provide complete information about how personal data will be handled.
- We appreciate Your trust that you provide us your personal data. We are working on the processing and handling of personal data under Regulation (EU) 2016/679, the General Data Protection Regulation, which came into force on May 25, 2018 and is usually known as GDPR. By clicking on the regulation number in the previous sentence, you can go directly to the text of this regulation in English and you will find the exact version of the legal provisions which are mentioned in the text below.
- This document contains these parts:
- I. Content and purpose of the document
- II. Privacy Manager - who we are and how can you contact us?
- III. What personal data do we process and how do we obtain it?/em>
- IV. For what purposes do we process personal data, for what time and what entitles us to do so?
- V. Disclosure of Personal Data to Other Persons
- VI. More information about your other rights in area of personal data protection
- VII. Other important information for exercising your rights
II. Privacy Manager - who we are and how can you contact us?
ABSOWIN s.r.o., Rychtářská 1129/10, 460 14, Liberec, IČ: 06671888 (hereinafter as "the controller"), registered in the Companies Register maintained by the Regional Court in Ústí nad Labem, file number C 40704
III. What personal data do we process and how do we obtain it?
We process the data you provide to us. In particular cases, it may include providing data by filling one of the forms on the website, or by inserting data in an established user account on our website, by providing data during the preparation of contracts and related documents and in connection with the performance of contracts (i.e. in connection with the delivery of goods, by providing services), and finally by personal contact by phone or in written form, by mail or by other means of communication (SMS messages, messages in skype, FB messenger, WhatsApp).
We also process data that you publish on the Internet especially on social websites (such as Facebook, Instagram, LinkedIn) and data from public registers (especially for checking your identification data used for contracts).
If we need your consent to process any personal data for specific purposes, we only process such data with your consent.
You provide data to us voluntary, but in some cases we would not be able to supply the goods you ordered without providing the data (e.g. if we have to send the good to your contact address, which you don´t fulfil), or to provide a service (for example, some input is necessary for consulting), we will always notify you in advance. You are required to provide us with information compulsorily where it is directly set by law.
Personal data may be divided into two groups – the first category "normal personal data", or it may be specific categories of data, “sensitive data”, where law imposes stricter conditions for their processing.
A. Common Personal Information We Process:
Name, surname, title, address, date of birth, age, personal identification number, registration number, TAX ID and VAT number, EORI, telephone number, e-mail, education, IP address, cookies, information about the ordered goods and services, information about what goods you bought from us, what services we have provided to you, your marital status, gender, profile photos, photos from our events, videos from these events, your interests.
IV. For what purposes do we process personal data, for what time and what entitles us to do so?
A. Processing of personal data to concluding a contract and performing contractual obligations
In order to conclude a contract with you and deliver the goods or services ordered by you and to be in touch with you, we process the following personal data: Name, Surname, Title, Address, Date of Birth, Age, registration number, VAT number , TAX ID, EORI, phone number, e-mail, IP address, cookies, information about ordered goods and services, information about what goods you bought from us and what services we provided to you.
The legal authorization for processing this data is directly the performance of the contractual obligations under the contract concluded between us. Such an obligation may be the supply of goods. Naturally it could not be classic written contract signed by hand. For example, a contract concluded orally, by phone or by completing and submitting an order form on the website and by our confirmation of this order. For this purpose, we process personal data for the duration of the contractual relationship between us. After the termination of the contractual relationship, certain data are retained to performing legal obligations or for purposes of legitimate interest, as it is mentioned in the following sections of this document.
B. Processing of personal data to compliance with accounting, tax and other legal obligations
In order to fulfil the obligations arising from the applicable law, especially in the areas of accounting, tax law and archiving, and obligations under Act No. 253/2008 Coll., on selected measures against legitimisation of proceeds of crime and financing of terrorism ("AML act"), We process the following data: Name, surname, title, address, registration number, VAT number or TAX ID, EORI, telephone number, e-mail, bank account.
We proceed the data during the period which is set directly by the law that impose the obligation to process them.
C. Processing of personal data for the purposes of our or third person´s legitimate interests
A legitimate interest may cover several situations. Therefore, we inform you of our legitimate interests for which we process personal data:
- A legitimate interest is the protection and proving our rights and legal claims, especially from concluded contracts or caused harm. For this purpose, we process personal data for 4 years after the termination of the contractual relationship or our last contact, unless the contract was concluded. That limit is set due to the limitation period. Is necessary to consider that we do not know about any claim applied in court by the second party immediately. For this purpose, contract data and our mutual communications are retained.
- Direct marketing is also a legitimate interest. We will process the following personal data for sending commercial messages: Name, surname, address, e-mail. You can always cancel the sending of commercial messages to your email simply by clicking on the link in the email or send an e-mail "Do not send commercial messages" to firstname.lastname@example.org. If we use a classic written form of contract or another form by phone or by using the Skype, Messenger, WhatsApp to send our offer or news, we will respect if you let us know that you do not want another contact.
- To offer you tailored products and services, and to send you only those offers and news that will not overwhelm you and are beneficial to you, we have our contact and personal database in multiple lists. For example, if you wish to receive information about our news, your email contact will automatically be added to the "newsletter" database. Similarly, if you send us an order from the web, your contact will be added in the "Ordered" list and after payment to the "Paid" list, at which point the system will automatically send you the ordered electronic product (or order shipping, etc.). Part of this automatic processing serves directly to fulfil our contractual obligations and part is used for common marketing (i.e. it falls into the category of legitimate interest). If this "sorting" of data is done on a large extent, much "specialized", then we could do it based on your consent only (and you can cancel it at any time, as mentioned below in this document).
D. Processing of Personal Data based on Your Consent
If you give us your consent, we will process your personal data to send you our services or products. We will need your consent in case you are not our client. In addition, if you give us further consent, we will process your personal data as well as send the offer of services or products of our business partners. Before you give us your consent, we will inform you of what data and specific purpose of processing will be object to your consent. You can cancel your consent any time. However, if we process some of your personal data under a different legal authorization (for example points A-C), we will process your personal data after your consent has been cancelled, because this is an area where your consent is not necessary.
V. Disclosure of Personal Data to Other Persons
With some of our contractual or legal obligations, we are assisted by other processors. They are for example collaborating accountants, carriers, storage and software applications providers. We have written agreements with processors to keep your data safe. Especially we cooperate with external accountants, carriers, internal network administrators.
Personal data will be also disclosed to the competent administrative authorities if this obligation is set by law (i.e. in the case of a check when the authority is entitled to request the submission of personal data).
VI. More information about your other rights in area of personal data protection
A. Right of access to personal data
This is the right to give a consent to process your personal data and, if so, to access to personal data and their processing.
B. Right to rectification
This is the right to clear wrong personal data that concerns with you without undue delay. Considering the purposes of the processing, you have the right to refill incomplete personal data, moreover by providing an additional declaration (with clear details).
C. Right to erasure (right to be forgotten)
In cases stipulated by law or by GDPR, you have the right to require us to delete your personal data without undue delay (there are reasons in Article 17 in GDPR, including exceptions when the erasure is not made).
D. Right to restriction processing
In the cases set out in Article 18 of the GDPR, you have the right to request that we limit the processing of your personal data.
E. Right to data portability
Under the terms of Article 20 of the GDPR, you have the right to obtain your personal data and to transfer it to another controller. If technically possible, you have the right to request a direct transfer to another controller.
F. Right to object
In cases where we process personal data for legitimate interests, you have the right to object because of this processing and then we will no longer process the data unless our legitimate interest prevails over your interests or rights and freedoms. If direct marketing is a legitimate interest, then an objection always results in the termination of further processing for direct marketing purposes.
G. Right to lodge a complaint with the supervisory authority
If you believe your privacy rights are being violated, you have the right to file a complaint with the Data Protection Office. For more information on the Office and personal data protection, please visit the Office's website at www.uoou.cz.
VII. Other important information for exercising your rights
If you have further questions about processing your personal data by us, you can contact us by e-mail email@example.com. You may also use your email to send us a written request to directly exercise your rights under Article VI. Please note that we may contact you and verify your identity that the request is truly applied by you. It is same in application made by phone or other way.
The current version of this document can be found at imexhair.com in the link to the protection of personal data. This version is effective from 01.07.2019.