What are you looking for?

We recommend

Home / Personal data protection

Personal data protection

Privacy Policy (Personal Data Protection)

This Privacy Policy describes how MOIRA CZ, a.s. processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation – “GDPR”).

1. Data Controller

The controller of personal data pursuant to Article 4(7) GDPR is:

MOIRA CZ, a.s.
Antala Staška 114/20
140 00 Prague 4
Czech Republic
Company ID: 26479761

Correspondence address:
MOIRA CZ, a.s.
Kochana z Prachové 121
386 01 Strakonice
Czech Republic

E-mail: export@moira.cz
Phone: +420 608 608 511

The Controller has not appointed a Data Protection Officer.

2. Personal Data

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3. Sources and Categories of Personal Data

The Controller processes personal data that:

 

  • you have provided to the Controller, or
  • the Controller has obtained in connection with the performance of your order.

The Controller processes in particular:

  • identification and contact details,
  • order and transaction details,
  • data necessary for the performance of the contract.

4. Legal Basis and Purpose of Processing

4.1 Legal bases for processing

Personal data are processed on the basis of:

  • performance of a contract between you and the Controller pursuant to Article 6(1)(b) GDPR,
  • the legitimate interest of the Controller in direct marketing (in particular sending commercial communications and newsletters) pursuant to Article 6(1)(f) GDPR,
  • your consent to processing for direct marketing purposes pursuant to Article 6(1)(a) GDPR, in cases where no purchase of goods or services has taken place.

4.2 Purposes of processing

The purposes of processing personal data are:

  • processing and fulfilment of your order and exercising rights and obligations arising from the contractual relationship; providing personal data is necessary for the conclusion and performance of the contract and without such data the contract cannot be concluded or fulfilled,
  • sending commercial communications and carrying out marketing activities.

The Controller does not carry out automated individual decision-making within the meaning of Article 22 GDPR.

5. Data Retention Period

The Controller stores personal data:

  • for the period necessary to exercise rights and obligations arising from the contractual relationship and to assert claims arising therefrom, for up to 15 years after termination of the contractual relationship,
  • for marketing purposes, until consent is withdrawn, or until an objection is raised against processing based on legitimate interest.

After expiry of the retention period, the Controller deletes the personal data.

6. Recipients of Personal Data

Recipients of personal data may include:

  • carriers and delivery service providers,
  • payment service providers,
  • providers of e-shop operation and IT services,
  • accounting and tax advisors,
  • marketing service providers.

7. Transfers to Third Countries

The Controller may transfer personal data to third countries (outside the EU/EEA) in connection with the use of mailing, cloud or analytical services. Such transfers are carried out only in accordance with GDPR requirements and using appropriate safeguards.

8. Your Rights

Under the conditions set out in GDPR, you have the right

  • to access your personal data pursuant to Article 15 GDPR,
  • to rectification pursuant to Article 16 GDPR,
  • to erasure (“right to be forgotten”) pursuant to Article 17 GDPR,
  • to restriction of processing pursuant to Article 18 GDPR,
  • to data portability pursuant to Article 20 GDPR,
  • to object to processing pursuant to Article 21 GDPR,
  • to withdraw consent at any time by contacting the Controller.

You also have the right to lodge a complaint with the supervisory authority. The supervisory authority in the Czech Republic is the Office for Personal Data Protection.

9. Personal Data Security

The Controller declares that it has adopted appropriate technical and organisational measures to secure personal data.

Personal data are accessible only to authorised persons.

10. Final Provisions

By submitting an order through the online order form, you acknowledge that you have read and understood this Privacy Policy.

The Controller is entitled to amend this Privacy Policy. The current version is always published on the E-shop website.

This Privacy Policy is effective as of 25 January 2023, as amended.

.