In accordance with Articles 13 and 14 of the General Data Protection Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), we would like to inform you that we process your personal data and therefore provide you with the following basic information about the processing and access to it:
1. Personal data controller
1. The controller of your personal data is TCM POINT s.r.o., Company ID No.: 28785517, registered with the Municipal Court in Prague under file No.: 369476, Registered office: Příčná 1892/4, 110 00 Prague 1, e-mail: info@MycoMedica.cz (hereinafter referred to as the "Controller").
2. Purpose of processing personal data and legal basis for processing
1. The purpose of processing your personal data and the legal basis for processing them is primarily the conclusion and performance of a purchase contract (hereinafter referred to as the "Contract") concluded between you and the Administrator, in particular, but not exclusively, through the web interface located on the website available at www.mycomedica.cz, www.mycomedica.eu, www.mycomedica.sk, www.yaomedica.cz, www.yaomedica.eu, www.yaomedica.sk, www.caremedica.cz, www.caremedica.eu and www.caremedica.sk (hereinafter referred to as the "Online Shop").
2. For the purposes of the performance of the Contract, the Controller processes your identification data (name and surname); contact data (e-mail, telephone number, home address or delivery address); billing data (account number and bank connection); data about the goods ordered (type and quantity); data related to the payment for these goods (method of payment); and data related to the delivery of the goods (method of transport or personal collection).
3. The above data may also be processed to fulfil the Controller's legal obligations (e.g. arising from defective performance) and on the basis of the Controller's legitimate interests in the effective defence of its rights, even after the termination of the Contract.
4. The personal data that the Controller processes about you generally comes from sources that you have personally provided to us, in particular in connection with the conclusion of the Contract. You are under no obligation to provide your personal data to the Administrator, but the provision of such personal data is a necessary requirement for the conclusion of the Contract and for its performance. Without the provision and processing of your personal data, it is not possible to conclude the Contract with the Administrator. In addition to the data provided by you, your personal data may also come from public sources, lists and records such as the commercial register, trade register or insolvency register. For the purpose of dealing with your requests, questions, objections or complaints, the Controller processes your identification and contact data as well as the content of mutual communication, based on the performance of the Contract or on legitimate interests in public relations.
5. The Controller processes your e-mail address, as well as your identification and delivery data for the purpose of direct marketing on the basis of its legitimate interests or your consent. By giving your consent, you agree to the sending of commercial communications by the Controller or, where applicable, the future operator of the online shop. You may object to processing for direct marketing purposes. The Controller processes your personal data both automatically in information systems and manually through its employees. The controller does not use this data to make decisions based on automated processing; it only evaluates the behaviour of buyers on the basis of data obtained from the operation of the online shop and may use these outputs for direct marketing purposes on the basis of its legitimate interest in providing relevant information. You may object to such profiling.
6. The controller may also process the data voluntarily provided by you, or data obtained by its own activities, in particular your identification data (name and surname, likeness), contact data (e-mail, IP address, city of residence) and data related to the review (e.g. purchased goods, date of insertion, content of the review) in order to obtain customer reviews, their publication and possible subsequent control. The legal basis for processing is the legitimate interests of the Controller in promoting sales, identifying the author of the review and transparency, or your consent expressed by voluntarily providing optional data that is published (e.g. likeness).
7. The processing of your data, or the transfer of your data, may occur on the basis of the legitimate interests of the Controller in connection with corporate transactions (e.g. corporate restructuring, sale or other transfer of an online shop, merger, etc.);
8. Your data may also be processed by the Controller for other purposes also on the basis of your consent.
3. Recipients of personal data
1. The Controller may transfer your personal data to the following categories of recipients in justified cases and only to the extent necessary:
- to its authorised employees, to contractual partners that the Controller needs for its normal activities and for the implementation of the contractual relationship with you, for example to processors - information technology suppliers (also in third countries, based on standard contractual clauses), sales representatives, accountants, tax and legal advisors, etc;
- to other entities in cases where the provision of such data to the Controller is required by law, or where it is necessary to protect the legitimate interests of the Controller (for example, to courts, the Police of the Czech Republic, etc.);
- to persons involved in corporate transactions involving the Controller, in particular to any future operator of the online shop;
- the public in the case of publication of customer reviews.
2. The Controller will not transfer your personal data to a third country (to a country outside the EU) or to any international organization, except as provided in this Policy.
4. Duration of storage of personal data
1. Your personal data will be stored with the Controller, as a rule, for the duration of the Agreement and for the duration of the limitation period of any claim arising from this Agreement pursuant to Act No. 89/2012 Coll., Civil Code, as amended. After the expiry of this period, the Administrator shall delete your personal data, unless it is entitled or obliged to process such data on the basis of another legal ground, e.g. for the duration of any litigation until the final settlement of all mutual claims under the Civil Code or the Consumer Protection Act, or for the purpose of fulfilling obligations imposed by other legislation, in particular the Value Added Tax Act, the Income Tax Act and/or the Accounting Act.
2. If the Controller processes your personal data on the basis of your consent, then such personal data shall be stored with the Controller for no longer than the period for which you have given your consent or until its withdrawal (if it is given for an indefinite period).
3. For processing on the basis of the legitimate interest of the Controller, your personal data will be stored for the period necessary to fulfil the relevant purpose (as a rule, no longer than five years from the date of termination of your contractual relationship with the Controller) or until a legitimate objection is raised. The documents containing your personal data will be archived by the Controller for the period of time required by specific legislation, in particular the Value Added Tax Act, the Income Tax Act, the Accounting Act and/or the Archiving Act.
5. Right to access, rectification or deletion of personal data
1. As regards your personal data, you have the right vis-à-vis the Controller to access the personal data it processes about you and to be provided with copies of the personal data processed. However, the right to obtain a copy must not adversely affect the rights and freedoms of others. In addition, you may ask the Controller to correct inaccurate or incomplete personal data that it processes about you or you may request the erasure of your personal data under the conditions set out below.
2. You may only exercise your right to erasure against the Controller if your personal data is no longer necessary for the purposes for which it was collected or otherwise processed; you have withdrawn the consent on the basis of which your personal data was processed and there is no further legal basis for processing it; you have objected to being the subject of a decision based on automated processing of your personal data and there are no overriding legitimate grounds for such processing; you have objected to the processing of your personal data for direct marketing purposes; your personal data has been unlawfully processed; your personal data must be erased to comply with a legal obligation under European Union or Czech law; your personal data has been collected in connection with the offer of information society services.
3. You also have the right to restrict the processing of your personal data in relation to the Controller. You may therefore request that the Controller restrict the processing of your personal data if you have denied the accuracy of your personal data for the time necessary to verify the accuracy of your personal data; the processing of your personal data is unlawful, but you refuse to delete this data and instead request the restriction of its use; Your personal data is no longer necessary for the purposes of processing, but you require it for the establishment, exercise or defence of legal claims; You have objected to the processing of your personal data, pending verification that the legitimate grounds of the Controller outweigh your legitimate grounds.
4. In cases of processing of your personal data on the basis of a Contract or consent and at the same time by automated means, you have the right to the portability of your personal data, i.e. the right to obtain the personal data concerning you which you have provided to the Controller and the right to transmit such data to another controller, in a structured, commonly used and machine-readable format, provided that this right shall not adversely affect the rights and freedoms of other persons.
5. If the processing of your personal data is based on consent, you have the right to withdraw your consent at any time with effect for the future. However, this does not affect the lawfulness of the previous processing of personal data based on your consent.
6. You also have the right to object to the Controller processing your personal data on the basis of its legitimate interest (including profiling) or for direct marketing purposes. You can also withdraw your consent to receive electronic commercial communications by clicking on the unsubscribe link in the delivered commercial e-mail communication.
7. You also have the right to be informed by the Controller in the event of a breach of security of your personal data where this is likely to result in a high risk to the rights and freedoms of natural persons. In relation to automated processing of personal data, you have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects on you or similarly significantly affects you.
8. In order to exercise your rights or in case of any questions, objections or complaints, you can contact the Controller at any time by e-mail or by post at the addresses listed under point 1 of this information. You also have the right to lodge a complaint with the supervisory authority, which in the Czech Republic is the Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Prague 7, website: https://www.uoou.cz.
6. Principles of personal data processing
1. The Administrator processes your personal data in a fair, lawful and transparent manner, collecting it only for the specific, explicit and legitimate purposes set out in this information. Your personal data shall be adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed, shall also be accurate and, where necessary, kept up to date, shall be stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which it is processed, shall be processed in a manner which ensures appropriate security of the personal data, including protection by appropriate technical or organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage.
This policy is effective as of 12/12/2022
TCM POINT s.r.o., Controller