PERSONAL DATA PROTECTION
Information of the Personal Data Operator, intended for the owner of personal data, on the processing of personal data received from the owner to fulfill contractual and legal obligations based on the owner’s consent
under Article 12 of the Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data (hereinafter referred to as the “Directive”) by a legal entity
LION RITTER s.r.o. company, Identification number: CZ24772097,
Legal address: Radlicka 112/22, Prague, Czech Republic, postal code: 15000, registered with the Trade Register of the Prague City Court, attachment C, tab C173049,
Correspondence address: P.O. BOX 73, 158 00 PRAHA 58, CZECH REPUBLIC
(hereinafter referred to as the “Personal Data Operator”)
Following the Directive, the Personal Data Operator shall provide you with the following information:
Contact details of the data protection officer.
The Data Protection Officer has not been appointed by the Personal Data Operator since the law does not provide for such an obligation for the Personal Data Operator.
Description of categories of subjects whose data is processed by the Personal Data Operator, categories of personal data and the purposes of processing thereof
Categories of your personal data that the Personal Data Operator shall process in the performance of contractual and legal obligations:
name, surname, and title;
name, identification number (IČO), in some cases, tax identification number (DIČ, VAT, TIN), if you are an entrepreneur or an official representative of a legal entity;
date of birth;
legal address and correspondence address;
data collected by us when you visit the website (browsing data), such as the IP address or URI (universal resource identifier) of the requested resources, request time, method of sending a request to the server, response file data, digital code corresponding to the response by the server (OK, error, etc.), as well as other parameters related to the user’s operating system and computer processing environment.
The Personal Data Operator shall not operate on the so-called confidential personal data, as they are interpreted by the Directive.
Purpose of processing:
Compliance with the legal obligations of the Personal Data Operator and contractual obligations associated with the sales contract (Online Store Order) concluded by the Personal Data Operator with you, negotiating the sales contracts (Online Store Order), and pre-contractual negotiations;
In the case of expressed consent of the owner of personal data, the purpose may be marketing, which consists mainly of distribution of the Operator’s commercial offers.
Description of the categories of entities entitled to access or transmission of your personal data, including recipients from third countries or international organizations.
All personal data may be provided to persons processing personal data (particularly those providing legal, accounting services and tax advisors) collaborating with the Personal Data Operator on a contractual basis and who are required to protect personal data as part of these contractual relationships.
If you are a business partner or buyer, your personal data may be provided to recipients in non-EU countries, except for international organizations (subject to the following conditions). The Personal Data Operator may provide personal data to a non-EU country, provided that this country, as per the decision of the European Commission on security, has the relevant level of protection of personal data and is safe in this regard.
If such a decision is not made, the Personal Data Operator undertakes to provide the personal data owner with sufficient guarantees of the security of his/her data, which is mainly strict corporate policies or standard annexes to contracts. Also, it should be a country that provides effective legal protection for the personal data owner, in particular, ensuring the enforcement of his/her rights.
Information about your rights
A. Without undue delay and in any case within a month from the receipt of the request, the Personal Data Operator shall provide you with information to your written application sent by mail, e-mail or otherwise under Articles 15-22 of the Directive.
B. In particular, you shall have the right to request from the Personal Data Operator the access to your personal data processed by it, to correct them in case of inaccuracy, delete them (the right to be forgotten), to restrict their use, and also to file an objection to the processing of personal data at any time and without giving reasons thereto.
C. You shall have the right to receive confirmation from the Personal Data Operator whether the personal data received from you is used or not. At the same time, the Personal Data Operator warns that if you do not provide contact information, this service cannot be provided in relation to personal data transferred to fulfill legal and contractual obligations.
D. You shall have the right to a copy of the information related to your personality that you had provided to the Personal Data Operator in a structured, widely used and machine-readable format to transfer this information to another Personal Data Operator without permission and obstacles from the current Personal Data Operator.
E. If the personal data are processed based on your consent, you shall have the right to revoke this consent at any time by submitting a request for the revocation of the Personal Data Operator.
F. At any time, you shall have the right to file a complaint against the actions of the Personal Data Operator with the supervisory authority, which is the Personal Data Protection Office.
Method of processing personal data
The automated processing of personal data, including decision-making and profiling, shall not be used as part of the Personal Data Operator activities. Personal data shall be processed manually by the Personal Data Operator or representative thereof (see above).
Information on the planned dates for the deletion of certain categories of personal data
After the expiration of the statutory period during which the Personal Data Operator is required to store the personal data of owners, it agrees to delete such data of owners processed by it based on legal and contractual obligations (the thing is mainly about the terms of archiving the accounting records unless another archiving period is longer).
Personal data processed based on your consent shall be deleted immediately without undue delay at the end of the period during which it has been required, at the latest – upon the expiration of the consent to the processing.
Description of the technical and organizational security measures taken by the Personal Data Operator to protect your personal data.
A. Protection against unauthorized access to personal data
The Personal Data Operator has provided access to the paper records as follows: paper records are located in the locked room of the Personal Data Operator, and some of them, if necessary, are in a locked cabinet. Only authorized persons shall have the right to access a locked room. Other persons may access the premises only accompanied by authorized persons. Software access to recording devices is protected by the username and password, and electronic information containers are sufficiently protected.
Protection against unauthorized reading, copying, forfeiture, modification, and destruction of your personal data.
Access to personal data is protected by username and password. Authorized persons are trained in personal data handling.
The system of the Personal Data Operator is connected to the Internet. Such measures as firewall, protection in the form of using a username and password have been taken against hacker attacks.
Protection against unauthorized use of data for connection (negligence)
Network access passwords are regularly changed.
b) Protection against incompetence
All authorized and responsible persons have been duly instructed. The briefing and training mainly consist of informing these persons about the functional capabilities of the Personal Data Operator’s, recording equipment and software (including updates thereof), as well as about the rights and obligations in the processing of personal data under the Directive.
To operate its online stores, the Personal Data Operator uses the “cookies” function which assigns a unique identification to your computer. Cookies are usually stored on your computer’s hard drive.
Cookies are small text strings that the websites visited by a user directly to respective devices, where they are stored for transmission to the same website upon its subsequent visit by the user. Cookies may perform various functions and have different features. Cookies may be used by the Personal Data Operator or by Third Parties. For more information about cookies, go to allaboutcookies.org.
The Personal Data Operator uses the following types of cookies:
Classification by term of storage:
Short-term cookies are used only when working with the online store and are deleted automatically a few minutes after closing the store’s page. These files provide the basic functionality of the online store.
Long-term cookies are used from a few days to several months. They help the online store in case of repeated visits by a client, upon authorizing or offering products viewed.
Classification by purpose of use:
The main (functional) technical cookies are necessary to ensure the correct functioning of the online store. Without them, the contents of the basket or authorization on the site may periodically disappear
Analytical cookies help to observe the statistics of traffic to pages of the online store and the use of various functions. Based on these data, we can improve our online store.
All standard Internet browsers have the cookies disabling function. Disabling instructions can be found in the help information for the browser used. Attention! When disabling cookies, we do not guarantee the comfortable use of our online store.