Privacy Policy
Privacy Policy
I. General Provisions
1.
The controller of your personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, “GDPR”) is:
O my dear s.r.o.
Company ID (IČO): 09398082
Registered office: Na Fialce I 1555/67, 163 00 Prague, Czech Republic
(hereinafter referred to as the “Controller”).
2. Contact Details
Correspondence address:
Na Fialce I 1555/67
163 00 Prague
Czech Republic
Email: info@omydear.cz
3.
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to that person’s physical, physiological, genetic, mental, economic, cultural, or social identity.
4.
The Controller has not appointed a Data Protection Officer.
II. Categories and Sources of Personal Data
1.
The Controller processes personal data that you provide directly or that are obtained in connection with the fulfilment of your order.
2.
The Controller processes your identification details, contact information, and any other personal data necessary for fulfilling the contractual relationship.
III. Legal Basis and Purpose of Processing
1. Legal Basis
Your personal data are processed on one or more of the following legal grounds:
- performance of a contract between you and the Controller pursuant to Article 6(1)(b) GDPR;
- the Controller’s legitimate interest in direct marketing, including sending newsletters and promotional communications, pursuant to Article 6(1)(f) GDPR;
- your consent to the processing of personal data for direct marketing purposes pursuant to Article 6(1)(a) GDPR, together with the relevant provisions of Czech Act No. 480/2004 Coll., where no purchase has been made.
2. Purpose of Processing
Your personal data are processed for the following purposes:
- processing your order and fulfilling the rights and obligations arising from the contractual relationship;
- processing payments and arranging delivery;
- customer communication and support;
- sending newsletters and other marketing communications where permitted by law.
Providing personal data required for processing an order is necessary for concluding and performing the contract. Without these data, the Controller cannot process your order.
3. Automated Decision-Making
The Controller does not carry out automated individual decision-making or profiling within the meaning of Article 22 GDPR.
IV. Data Retention
1.
The Controller retains personal data:
- for the period necessary to fulfil the contractual relationship and to exercise rights and obligations arising from that relationship, including the handling of legal claims (up to 15 years after termination of the contractual relationship where required by applicable law);
- until consent for marketing communications is withdrawn, where processing is based on consent.
2.
Once the applicable retention period has expired, personal data will be securely deleted.
V. Recipients of Personal Data
1.
Your personal data may be shared with trusted third parties involved in:
- delivering goods and services;
- processing payments;
- operating and maintaining the online store (including Shoptet);
- providing marketing, email, hosting, cloud, and IT services.
2.
Where necessary, certain service providers may process personal data outside the European Economic Area (EEA). In such cases, the Controller ensures that all transfers comply with the requirements of the GDPR and appropriate safeguards are in place.
VI. Your Rights
Under the GDPR, you have the right to:
- access your personal data (Article 15 GDPR);
- request correction of inaccurate personal data (Article 16 GDPR);
- request restriction of processing (Article 18 GDPR);
- request deletion of your personal data (“right to be forgotten”) (Article 17 GDPR);
- object to processing (Article 21 GDPR);
- receive your personal data in a portable format (Article 20 GDPR);
- withdraw your consent at any time where processing is based on consent.
To exercise any of these rights, please contact us at:
Email: info@omydear.cz
You also have the right to lodge a complaint with the Czech Data Protection Authority (Úřad pro ochranu osobních údajů) if you believe your personal data have been processed unlawfully.
VII. Data Security
The Controller declares that appropriate technical and organisational measures have been implemented to ensure the security of personal data.
These measures include, in particular:
- protection of electronic databases and IT systems;
- protection of paper records;
- access restrictions ensuring that personal data are accessible only to authorised persons.
VIII. Final Provisions
By submitting an order through the online store, you acknowledge that you have read this Privacy Policy and understand how your personal data are processed.
Where your consent is required, you provide it by selecting the appropriate consent option within the online forms available on the Website.
The Controller reserves the right to amend this Privacy Policy at any time. The latest version will always be published on the Website.
