Privacy Policy

I.
Basic Provisions

1. The data controller according to Article 4, point 7 of the Regulation of the European Parliament and Council (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") is dmpagency.cz s.r.o., Company ID 28973925, located at U Kamýku 284/11, Kamýk, 142 00 Prague (hereinafter referred to as "controller").

2. The contact details of the controller are:

Thákurova 676/3
160 00 Prague 6
Czech Republic
info@dmpublishing.cz

3. Personal data means any information about an identified or identifiable individual; an identifiable individual is a person who can be identified, directly or indirectly, especially by reference to a specific identifier, such as a name, identification number, location data, network identifier, or to one or more specific elements of physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.

II.
Sources and Categories of Processed Personal Data

1. The controller processes personal data that you have provided to them or personal data that the controller has obtained based on fulfilling your order.

2. The controller processes your identification and contact details and data necessary for fulfilling the contract.

III.
Legal Grounds and Purpose of Processing Personal Data

1. The legal grounds for processing personal data are:

• fulfillment of the contract between you and the controller according to Article 6, paragraph 1, letter b) of GDPR,
• legitimate interest of the controller in providing direct marketing (especially for sending commercial communications and newsletters) according to Article 6, paragraph 1, letter f) of GDPR.

2. The purpose of processing personal data is:

• to process your order and execute the rights and obligations arising from the contractual relationship between you and the controller; providing personal data is a necessary requirement for concluding and fulfilling the contract, without providing personal data it is not possible to conclude the contract or for the controller to fulfill it,
• sending commercial communications and conducting further marketing activities.

3. The controller does not engage in automated individual decision-making within the meaning of Article 22 of GDPR.

IV.
Data Retention Period

1. The controller retains personal data:

• for the duration necessary to enforce the rights and obligations arising from the contractual relationship between you and the controller and to assert claims from these contractual relationships (for a period of 15 years from the termination of the contractual relationship).
• until the consent to the processing of personal data for marketing purposes is revoked, for a maximum period of 15 years, if the personal data is processed based on consent.

2. After the retention period of personal data expires, the controller will delete the personal data.

V.
Recipients of Personal Data (Subcontractors of the Controller)

1. Recipients of personal data are:

• persons participating in the delivery of services / execution of payments based on the contract,
• persons involved in ensuring the operation of services,
• persons providing marketing services.

2. The controller does not intend to transfer personal data to a third country (to a country outside the EU) or to an international organization.

VI.
Your Rights

1. Under the conditions set out in GDPR, you have:

• the right to access your personal data according to Article 15 of GDPR,
• the right to correct personal data according to Article 16 of GDPR, or to restrict processing according to Article 18 of GDPR,
• the right to erasure of personal data according to Article 17 of GDPR,
• the right to object to processing according to Article 21 of GDPR, and
• the right to data portability according to Article 20 of GDPR,
• the right to withdraw consent to processing in writing or electronically to the address or email of the controller provided in Article III of these terms.

2. You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to the protection of personal data has been violated.

VII.
Conditions for Securing Personal Data

1. The controller declares that it has taken all appropriate technical and organizational measures to secure personal data.

2. The controller has taken technical measures to secure data repositories and repositories of personal data in paper form.

3. The controller declares that only authorized persons have access to personal data.

VIII.
Final Provisions

1. The controller is entitled to change these terms. The new version of the personal data protection terms will be published on its website, or it may send you the new version of these terms to the email address you provided to the controller.

 

These terms come into effect on January 1, 2024.