Personal data protection

Dear Customers,

In accordance with Articles 13 and 14 of the General Data Protection Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), we would like to inform you that we process your personal data and therefore provide you with the following basic information about the processing and access to it:

1. Personal data controller

  1. The controller of your personal data is the company TCM POINT s.r.o., ID No.: 28785517, registered at the Municipal Court in Prague under the file No.: 369476, Registered office: Příčná 1892/4, 110 00 Prague 1, e-mail: info@MycoMedica.cz (hereinafter referred to as the "Controller").

2. Purpose of processing personal data and legal basis for processing

  1. The purpose of the processing of your personal data and the legal basis for its processing is primarily the conclusion and performance of the purchase contract (hereinafter referred to as the "Contract") concluded between you and the Administrator, in particular, but not exclusively, through the web interface located on the website available at www.mycomedica.cz, www.mycomedica.eu, www.mycomedica.sk, www.yaomedica.cz, www.yaomedica.eu, www.yaomedica.sk, www.caremedica.cz, www.caremedica.eu and www.caremedica.sk (hereinafter referred to as the "Online Shop").
  2. For the purposes of the performance of the Contract, the Controller processes your identification data (name and surname); contact data (e-mail, telephone number, home address or delivery address); billing data (account number and bank connection); data about the goods ordered (type and quantity); data related to the payment for these goods (method of payment); and data related to the delivery of the goods (method of transport or personal collection).
  3. The above data may also be processed to fulfil the Controller's legal obligations (e.g. arising from defective performance) and on the basis of the Controller's legitimate interests in the effective defence of its rights, even after the termination of the Contract.
  4. The personal data that the Controller processes about you generally comes from sources that you have personally provided to us, in particular in connection with the conclusion of the Contract. You are under no obligation to provide your personal data to the Administrator, but the provision of such personal data is a necessary requirement for the conclusion of the Contract and for its performance. Without the provision and processing of your personal data, it is not possible to conclude the Contract with the Administrator. In addition to the data provided by you, your personal data may also come from public sources, lists and records such as the commercial register, trade register or insolvency register. For the purpose of dealing with your requests, questions, objections or complaints, the Controller processes your identification and contact data as well as the content of mutual communication, based on the performance of the Contract or on legitimate interests in public relations.
  5. The Controller processes your e-mail address and, where applicable, your identification and delivery data for the purpose of direct marketing on the basis of its legitimate interests or your consent. By giving your consent, you agree to the sending of commercial communications by the Controller or, where applicable, the future operator of the online shop. You may object to processing for direct marketing purposes. The Controller processes your personal data both automatically in information systems and manually through its employees. The controller does not use this data to make decisions based on automated processing; it only evaluates the behaviour of buyers on the basis of data obtained from the operation of the online shop and may use these outputs for direct marketing purposes on the basis of its legitimate interest in providing relevant information. You may object to such profiling.
  6. The controller may also process the data voluntarily provided by you, or data obtained through its own activities, in particular your identification data (name and surname, likeness), contact data (e-mail, IP address, city of residence) and data related to the review (e.g. goods purchased, date of insertion, content of the review) for the purpose of obtaining customer reviews, their publication and possible follow-up. The legal basis for processing is the legitimate interests of the Controller in promoting sales, identifying the author of the review and transparency, or your consent expressed by voluntarily providing optional data that is published (e.g. likeness).
  7. The processing of your data, or the transfer of your data, may occur on the basis of the legitimate interests of the Controller in connection with corporate transactions (e.g. corporate restructuring, sale or other transfer of an online shop, merger, etc.);
  8. Your data may also be processed by the Controller for other purposes also on the basis of your consent.

3. Recipients of personal data

  1. The Controller may transfer your personal data to the following categories of recipients in justified cases and only to the extent necessary:

  1. The Controller will not transfer your personal data to a third country (to a country outside the EU) or to any international organization, except as provided in this Policy.

4. Duration of storage of personal data

  1. Your personal data will be stored with the Controller generally for the duration of the Contract and for the duration of the limitation period of any claim arising from this Contract pursuant to Act No. 89/2012 Coll., Civil Code, as amended. After the expiry of this period, the Administrator shall delete your personal data, unless it is entitled or obliged to process such data on the basis of another legal ground, e.g. for the duration of any litigation until the final settlement of all mutual claims under the Civil Code or the Consumer Protection Act, or for the purpose of fulfilling obligations imposed by other legislation, in particular the Value Added Tax Act, the Income Tax Act and/or the Accounting Act.
  2. If the Controller processes your personal data on the basis of your consent, then such personal data shall be stored with the Controller for no longer than the period for which you have given your consent or until its withdrawal (if it is given for an indefinite period).
  3. For processing on the basis of the legitimate interest of the Controller, your personal data will be stored for the period necessary to fulfil the relevant purpose (as a rule, no longer than five years from the date of termination of your contractual relationship with the Controller) or until a legitimate objection is raised. The documents containing your personal data will be archived by the Controller for the period of time required by specific legislation, in particular the Value Added Tax Act, the Income Tax Act, the Accounting Act and/or the Archiving Act.

5. Right to access, rectification or deletion of personal data

  1. With regard to your personal data, you have the right vis-à-vis the Controller to access the personal data it processes about you and to be provided with copies of the personal data processed. However, the right to obtain a copy must not adversely affect the rights and freedoms of others. In addition, you may ask the Controller to correct inaccurate or incomplete personal data that it processes about you or you may request the erasure of your personal data under the conditions set out below.
  2. You may exerciseyour right to erasure against the Controller only if your personal data are no longer necessary for the purposes for which they were collected or otherwise processed; you have withdrawn the consent on the basis of which your personal data were processed and there is no further legal basis for processing them; you have objected to being the subject of a decision based on automated processing of your personal data; andthere are no overriding legitimate grounds for such processing; you have objected to the processing of your personal data for direct marketing purposes; your personal data has been unlawfully processed; your personal data must be erased to comply with a legal obligation under European Union or Czech law; your personal data has been collected in connection with the offering of information society services.
  3. Furthermore, you have the right against the Controller to restrict the processing of your personal data. You may therefore request that the Controller restrict the processing of your personal data if you have denied the accuracy of your personal data for the time necessary to verify the accuracy of your personal data; the processing of your personal data is unlawful but you refuse to delete the data; andyou request instead a restriction on their use; your personal data is no longer necessary for the purposes of processing but you require it for the establishment, exercise or defence of legal claims; you have objected to the processing of your personal data for a period of time until it is verified that the legitimate grounds of the Controller outweigh your legitimate grounds.
  4. In cases of processing of your personal data on the basis of a contract or consent and at the same time by automated means, you have the right to the portability of your personal data, i.e. the right to obtain personal data concerning you andthat you have provided to the Controller and the right to transmit that data to another controller in a structured, commonly used and machine-readable format, provided that this right shall not adversely affect the rights and freedoms of others.
  5. If the processing of your personal data is based on consent, you have the right to withdraw your consent at any time with effect for the future. However, this does not affect the lawfulness of the previous processing of personal data based on your consent.
  6. You also have the right to object to the Controller processing your personal data on the basis of its legitimate interest (including profiling) or for direct marketing purposes. You can also withdraw your consent to receive electronic commercial communications by clicking on the unsubscribe link in the delivered commercial e-mail communication.
  7. You also have the right to be informed by the Controller in the event of a breach of security of your personal data where this is likely to result in a high risk to the rights and freedoms of natural persons. In relation to automated processing of personal data, you have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects on you or similarly significantly affects you.
  8. In order to exercise your rights or in the event of any questions, objections or complaints, you may contact the Controller at any time by e-mail or by post at the addresses listed under point 1 of this information. You also have the right to lodge a complaint with the supervisory authority, which in the Czech Republic is the Office for Personal Data Protection, located at Pplk. Sochor 27, 170 00 Prague 7, website: https://www.uoou.cz.

6. Principles of personal data processing

  1. Your personal data is processed by the Administrator in a fair, lawful and transparent manner and is collected only for the specific, explicit and legitimate purposes set out in this information. Your personal data is adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed, and is accurate and inupdated where necessary, are stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which they are processed, are processed in a manner which ensures appropriate security of personal data, including protection by appropriate technical or organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage.

This policy is effective as of 12/12/2022

TCM POINT s.r.o., Controller

neexpedujeme