Personal data processing policy

Company: DIY barefoot shoes s.r.o.

File No. C 405858 filed with the Municipal Court in Prague, ID No.: 21739692

Registered office: 9.května 107, 29441 Dobrovice, Czech Republic

Telephone number: 00420776829323

E-mail: info@diybarefootshoes.com

Website: https://diybarefootshoes.com/


The processing of personal data is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the "Regulation"), the Act on the processing of personal data and Act No. 480/2004 Coll., on certain information society services, as amended.

1. Concepts
Data subject: the natural person (consumer and self-employed) to whom the personal data relates (hereinafter also "you" or "customer");
Personal data: Any information about an identified or identifiable customer; an identifiable customer is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (hereinafter also "data" or "information");
Controller: The entity that determines the purpose and means of the processing of personal data, carries out the processing and is responsible for the processing. The controller of the personal data is MUDr. Karolína Částková (hereinafter also referred to as "we");
Processor: The entity which, on the basis of law or on behalf of the controller, processes personal data for the controller on the basis of a contract for the processing of personal data (hereinafter also "business partner" or "partner");
Website: website available at www.diybarefootshoes.com;
Purpose of the processing of personal data: The reason why the personal data is processed. This reason may be, for example, for the performance of a contract, the management of user accounts, the handling of suggestions and complaints, the sending of commercial communications (newsletters) or the display of advertisements based on customer interests;
Cookies: short text files that are stored by your web or mobile browser. Most cookies contain a unique identifier, called a cookie ID. This is a string of characters assigned by websites and servers to the browser that stored the cookie. This allows websites and servers to distinguish and identify individual browsers. Cookies are used to improve the functioning of websites, to evaluate website traffic and to better target marketing activities. If you browse our website, we assume that you consent to the use of these files.
Third countries: countries outside the European Economic Area, which primarily includes the member countries of the European Union and Iceland, Liechtenstein and Norway.

2. What personal data is processed?
We and its contractual processors process the following personal data or categories of personal data in accordance with the respective legal title and purpose of processing:
(a) identification and address data: e.g. name, surname, delivery or other contact address, address of the place of delivery, place of business, registration number, VAT number;
(b) electronic contact data: e.g. telephone number, e-mail address;
c) other electronic data: IP address, cookies;
d) other personal data related to the contractual relationship: bank account number, order history;
e) other personal data: typically data provided by the customer in the order form or other documents and in communication with us, including subsequent updates.

3. What is the origin of the personal data?
We process the data you provide to us, for example, when ordering our services, registering a user account, communicating with us or subscribing to our newsletter. Typically this includes
        ◦ Identification and address data;
        ◦ electronic contact details;
        ◦ Other personal data related to the contractual relationship.

And also data that we collect automatically as a result of you browsing our website. Typically this includes:
        ◦ Other electronic data:
            the website from which you came to our website;
            IP address;
            date and time of access;
            search queries;
            http and https response code;
            data groups transmitted;
            information about the browser and operating system of the computer.

4. Why is personal data processed?
Your personal data may be processed for the following purposes:
- Performance of a contractual relationship
- Managing customer accounts
- Communicating with customers, assessing satisfaction, publishing reviews, recommending books, handling complaints and complaints
- Sending commercial communications and offering our goods
- Direct marketing and creation of personalised content and advertising
- Improving the quality of our goods and services, analysing traffic to our website and your behaviour on the website
- Running customer competitions and delivering prizes
- Protecting our rights, property or safety or the rights, property or safety of others
- Accounting and tax purposes
- Fulfilling other legal obligations

Your personal data may be processed on the following legal grounds:
- Performance of a contract
- Performance of a legal obligation
- The legitimate interest of the controller in sending commercial communications
- Consent to receive commercial communications

The processing of personal data for the purposes of performance of a contractual relationship, accounting and tax purposes and the performance of other legal obligations are legal or contractual requirements. If you intend to place an order through our website, you are obliged to provide us with your personal data for these purposes.

5. How long is personal data processed?
Your personal data is processed:
- For the period necessary for the exercise of the rights and obligations arising from the contractual relationship between you and us and the exercise of claims arising from this contractual relationship (4 years);
- for the time necessary to comply with a legal obligation (accounting documents for 5 years, tax documents for 10 years);
- for the duration of our legitimate interest in sending you commercial communications (2 years from the last time you opened a commercial communication);
- for the duration of your consent (for a maximum of 5 years from the date of consent or 5 years from the last order).

6. To whom is the personal data disclosed?
The following categories of our partners (recipients) may have access to your personal data:
◦ Providers of transport of goods
◦ Providers of accounting and tax advice
◦ Providers of IT services and hosting, in particular the ByznysWeb system
◦ Providers of security and integrity of our services and websites
◦ Providers of analytics services
◦ Providers of customer support assistance services,
◦ Payment gateway providers (payment card providers)
◦ Legal service providers, attorneys
◦ Printing and mailing service providers
◦ Partners cooperating with us in loyalty programs, conferences, seminars and other events
◦ Partners who provide direct marketing for us and partners and operators of technical solutions that allow us to show you personalized content and advertising

7. Is personal data transferred outside the EU?
The controller may transfer personal data to a third country (outside the European Economic Area) or an international organisation. The recipients of personal data in third countries are:
◦ Partners to whom we provide data for the purpose of analysing traffic to our website, your behaviour on the website and business conversions
◦ IT service providers and hosting providers, including cloud services
◦ Mailing service providers

8. How is personal data processed?
Personal data is processed manually and automatically. We keep proper records of all processing activities in accordance with the relevant legislation.

9. What are the rights of data subjects?
To exercise your rights, please contact us using our contact details, which are set out at the beginning of this policy.

You have the following rights in relation to the processing of your personal data (Articles 15 to 21 GDPR):
- Right of access to personal data
- The right to rectification of inaccurate and completion of incomplete personal data
- The right to erasure of personal data
- The right to restrict the processing of personal data
- The right to data portability
- Right to object to processing
- Right to information about automated decision-making, including profiling

If we process your personal data on the basis of your consent, you have the right to withdraw this consent at any time.

You also have the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection, located at Pplk. Sochova 27, 170 00 Prague 7, tel.: 234 665 111, web: www.uoou.cz.

10. How are cookies processed?
The cookies processed can be divided according to their validity into:
- temporary cookies (session cookies), which remain stored in your browser only until you close your browser,
- persistent cookies, which remain stored in your browser for a long time, until their lifetime expires or until you manually delete them (the duration of the cookies stored in your browser depends on the setting of the cookie itself and your browser settings).

And according to the features on:
- Essential, which are necessary for the functionality of our website,
- preferential, which allow our website to remember information that changes how the website behaves or looks (such as your preferred language or the region where you are located), these cookies are not strictly necessary for the functioning of our website, but they enhance the functionality and usability of the website,
- analytical cookies, which help us analyse your experience on our website (called User Experience) and help us understand how you use our website,

We do not use third party cookies, which track multiple websites, to provide you with personalised content and advertising on third party websites and other sales channels.

11. Is data about children also processed?
Our website is not intended for children under the age of 18. We therefore do not intentionally collect their personal data. If we discover that we have inadvertently collected personal data about children under the age of 18, we will take steps to delete this data as soon as possible, except where we are bound by applicable law to retain it.

12. Conclusion
The law and our business strategy and related ways of processing your personal data may change. If we decide to update this policy, we will post the changes on our website and notify you of these changes. Where there is to be a more fundamental change to this policy, or where we are required to do so by law, we will inform you in advance. We ask that you read this policy carefully and check this policy regularly when you continue to communicate with us or use our website.


These conditions are effective from 28.12.2022.