English

Processing of personal data

Declaration on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the information of data subjects (hereinafter referred to as "GDPR")

Personal data controller

Ing. Kamila Jungmannová, with registered office at Okružní 59, 26701 Trubín, ID: 19965605, (hereinafter referred to as the “controller”) hereby informs you about the processing of your personal data and your rights in accordance with Article 12 of the GDPR.

Contact to the company representative: Ing. Kamila Jungmannová, info@e-gems.cz.

Scope of processing of personal data

Personal data are processed to the extent that the relevant data subject has provided them to the controller, in connection with the conclusion of a contractual or other legal relationship with the controller, or which the controller has otherwise collected and processes in accordance with applicable law or to fulfil the controller’s legal obligations.

Sources of personal data

  • Directly from data subjects
    • contact form on the website
    • e-shop order form
    • business cards
    • emails and phone calls
  • Publicly accessible registers, lists and records (e.g. commercial register, trade register, public telephone directory, etc.)

Categories of personal data subject to processing

  • Address and identification data used to uniquely and unmistakably identify the data subject
    • Name
    • Last name
    • address of permanent residence
    • ID
  • Data enabling contact with the data subject
    • e-mail
    • phone
  • Other data necessary for the performance of the contract

Categories of data subjects

  • customer of the administrator (when ordering or contacting via the online shop)
  • another person who is in a contractual relationship with the controller

Categories of recipients of personal data

  • financial institutions
  • public constitutions
  • state and other authorities in the performance of their statutory obligations under the relevant legislation
  • processors who process personal data according to our instructions and only for the purposes described in the section “Purposes of processing personal data”:
    • Webglobe, s.r.o., with registered office at Pobřežní 620/3, Karlín, 186 00 Praha, ID: 26159708, VAT: CZ26159708
      (web hosting service provider)
    • Jakub Čuřík, ID: 06476287
      (web design)
  • in order to process your order, we may also transfer your personal data to other entities that are in the role of controller, namely:
    • Czech Post, s.p., ID No.: 47114983
    • Mailroom

Purposes of the processing of personal data

  • performance of the contract (processing of your order) on the basis of Article 6(1)(b) GDPR
  • negotiating a contractual relationship (e.g. if you contact us) on the basis of Article 6(1)(b) GDPR
  • the controller’s compliance with its legal obligations under Article 6(1)(c) of the GDPR

Method of processing and protection of personal data

The processing of personal data is carried out by the controller. The processing is carried out at the controller’s premises, branches and headquarters by individual authorised employees of the controller or by the processor. The processing is carried out by means of computer technology or, where applicable, manually for personal data in paper form, in compliance with all security principles for the management and processing of personal data. To this end, the controller has adopted technical and organisational measures to ensure the protection of personal data, in particular measures to prevent unauthorised or accidental access to, alteration, destruction or loss of personal data, unauthorised transmission, unauthorised processing or other misuse of personal data. All entities to which personal data may be disclosed shall respect the right of privacy of data subjects and shall comply with applicable data protection legislation.

Duration of processing of personal data

In accordance with the time limits specified in the relevant contracts, in the administrator’s filing and shredding rules or in the relevant legislation, this is the time necessary to secure the rights and obligations arising from both the contractual relationship and the relevant legislation.

Lessons learned

The controller processes data with the consent of the data subject, except in cases provided by law where the processing of personal data does not require the consent of the data subject. In accordance with Article 6(1) of the GDPR, the controller may process the following data without the data subject’s consent:

  • the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject
  • the processing is necessary for compliance with a legal obligation to which the controller is subject
  • the processing is necessary to protect the vital interests of the data subject or another natural person
  • the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • the processing is necessary for the purposes of the legitimate interests of the controller or third party concerned, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data

Rights of data subjects

1) In accordance with Article 12 of the GDPR, the controller shall inform the data subject, upon request, of the right of access to personal data and to the following information:

  • the purpose of processing
  • the category of personal data concerned
  • beneficiaries or categories of beneficiaries
  • to whom personal data have been or will be disclosed
  • the planned period for which the personal data will be stored
  • all available information on the source of the personal data
  • if not obtained from the data subject, whether automated decision-making, including profiling, takes place.


2) Any data subject who becomes aware or believes that the controller or processor is carrying out processing of his or her personal data which is contrary to the protection of the private and personal life of the data subject or contrary to law, in particular where the personal data are inaccurate with regard to the purpose of the processing, may:

  • Ask the administrator for an explanation.
  • Require the administrator to remedy the condition thus created. In particular, this may involve blocking, rectifying, supplementing or erasing personal data.
  • If the data subject’s request pursuant to paragraph 1 is found to be justified, the controller shall rectify the defective situation without delay.
  • If the controller does not comply with the data subject’s request pursuant to paragraph 1, the data subject shall have the right to apply directly to the supervisory authority, i.e. the Office for Personal Data Protection.
  • The procedure referred to in paragraph 1 shall not preclude the data subject from submitting his or her complaint directly to the supervisory authority.
  • The controller shall have the right to request a reasonable fee for the provision of the information, not exceeding the costs necessary to provide the information.
Payment methods:

Links

Types of stones on offer
Our blog
About E-gems.cz

For customers

All about buying
Your account

Contact

info@e-gems.cz
Privacy Policy
Terms and Conditions
Cookie settings
E-shop polished to perfection by Creado.cz