Personal data protection - MH Sexshop

Personal data protection

Personal data protection
Personal data protection

INFORMATION MEMORANDUM WITH PERSONAL DATA PROCESSING

Dear customers, this document contains information on how we process your personal data. We appreciate you sharing your personal data with us. We are committed to protecting it as much as possible and being as transparent as possible with you.

In light of new European Union legislation, this information memorandum has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).

This memorandum sets out the basic information we are required to provide as a data controller. The detailed personal data processing principles we follow can be found in PDF here >>

If you have any questions about the processing of your personal data, please contact us at obchod@mhsexshop.com or by phone at +420608926623.

Detailed contact information >>
 

1. Who is the Data Controller of the personal data?

The controller is the person who decides how personal data is processed.
The controller of personal data is Martin Hrubý, Fučíkova 323, 549 54 Police nad Metují, ID 86674510, Živnostenský úřad MÚ Náchod, č.j. 03/203524/F-34 (registered since 4.12.2003).
Detailed contact information >>>

2. Who is the Data Protection Officer?

We do not have a Data Protection Officer. Please contact the controller directly for any information, see point 1.

3. For what purpose do we need the personal data?

  • To enter into and subsequently perform a contractual obligation between the controller and you (Article 6(1)(b) GDPR). Such a relationship gives rise to other legal obligations and the controller must therefore also process personal data for this purpose (Article 6(1)(c) GDPR).
  • Marketing purposes - for these we obtain your unambiguous consent (Article 6(1)(a) GDPR. If you do not give us consent to processing for marketing purposes, we will not send you any advertisements or anything that is not directly related to your order. The order itself will not be affected in any way.
  • Protection of legitimate interests (Article 6(1)(f) GDPR), see point 4.

4. What are our legitimate interests?

The legitimate interests of the controller are in particular the proper performance of all contractual obligations of the controller, the proper performance of all legal obligations of the controller, the protection of the environment and the protection of the controller's business and property. In order to protect the business, we keep a record of problem clients who, in particular, fail to collect parcels on delivery, communicate with us in a vulgar manner or otherwise complicate the running of the business. This list is purely for our internal use and is not shared with anyone else.

5. How do we obtain personal information?

We obtain personal data directly from you, especially from completed forms, communications between us or from contracts we have entered into.

6. What categories of personal data do we process?

To ensure your satisfaction, to comply with our legal obligations, for marketing purposes and to protect our legitimate interests, we process the following categories of personal data:

  • basic identification data - first name, last name, billing and mailing address, IP address, or identification number;
  • contact details - phone number and email address;
  • information about ordered goods - this is information about what products you have purchased, returned, claimed, etc.;
  • information from mutual communication - information from emails, phone calls or other contact forms;
  • invoicing and transaction data - this includes information appearing on invoices, agreed billing terms and payments received.

7. What is the legal title for the processing of personal data?

The lawfulness of the processing is determined by Article 6(1) of the GDPR, according to which the processing is lawful if it is necessary for the performance of a contract, for the fulfilment of a legal obligation of the controller, for the protection of the legitimate interests of the controller or the processing is based on the consent you have given us.
The lawfulness of the processing is further based, for example, on Act No. 563/1991 Coll, No. 89/2012 Coll., the Civil Code or Act No. 235/2004 Coll., on value added tax.

8. Will we pass on personal data to anyone else?

Within the limits of the law, we have to provide personal data to state administration authorities, courts or law enforcement authorities and companies that technically ensure the operation of the shop, order processing, payment administration, etc. In particular:

  • The provider of the UpGates e-commerce system, EVici webdesign s.r.o.;
  • Czech Post (Only if you choose Czech Post shipping.);
  • PPL (Only if you choose PPL shipping.);
  • The company SmartSelling a.s. - provider of the SmartEmailing mail system (Only if you voluntarily subscribe to our newsletter. We only transfer your e-mail address to SmartEmailing.);
  • Bank Citfin, spořitelní družstvo (Only if you pay by bank transfer or we return the payment back to your account);
  • PayPal payment gateway (only if you choose to pay through this gateway);
  • PayU payment gateway (only if you choose to pay through this gateway);
  • Google Analytics
    We only use the most basic features of Google Analytics to report on traffic and conversions. For these purposes, we only process the IP address and the most basic cookies. We do not use active remarketing, search tracking, segmentation, or demographic and interest reports. We do not identify the age, gender or interests of users. For more, see Google's Privacy Policy.
  • Heureka - Verified by customers
    We determine your satisfaction with your purchase through email questionnaires as part of the Verified by Customers program in which our e-shop is involved. We send these to you every time you make a purchase with us, unless you refuse to receive them in accordance with Section 7(3) of Act No. 480/2004 Coll. on certain information society services. The processing of personal data for the purpose of sending questionnaires within the framework of the Verified by Customers programme is carried out on the basis of our legitimate interest, which consists in determining your satisfaction with your purchase with us. We use the processor Heureka.cz, the operator of the Heureka.cz portal, to send questionnaires, evaluate your feedback and analyse our market position; we may pass on information about the goods you have purchased and your e-mail address to Heureka.cz for these purposes. Your personal data is not passed on to any third party for its own purposes when sending email questionnaires. You can object to the sending of email questionnaires within the framework of the Customer Verified programme at any time by rejecting further questionnaires using the link in the email with the questionnaire. If you object, we will no longer send you the questionnaire.

9. Will we transfer personal data to a third country or international organisation?

We will not transfer personal data to countries outside the European Union or the European Economic Area, or to any international organisation.

10. How long will we store personal data?

Personal data is retained for different lengths of time depending on the specific purposes of the processing:

  • Ordering goods: indefinitely
    The reason for this is to fulfil the contract, for the right to make a complaint and to facilitate advice on your next purchases.
  • Customer account registration: indefinite
    Registration is especially beneficial for you because you don't have to fill in all the details for each order, you have an overview of the orders you have made and their statuses, and you have access to VIP sections. You have the right to cancel your customer account at any time and delete your personal data with us - to cancel please contact us.
  • Newsletter: indefinite
    Subscribing to our newsletter gives you a number of benefits. In order for us to provide these to you, we need your explicit consent. You have the right to cancel the newsletter at any time by clicking on the unsubscribe link in any email sent to you or by asking us to do so in any other way, see Contact.
  • Tax records: 10 years
    Determined by the Income Tax Act and the VAT Act.
  • Current email communication: 3 years
    Classic email is deleted on an ongoing basis, with a vigorous deletion at the end of each year, and no email is retained for longer than 3 years. The only exception is for problem clients, see point 4.
  • Google Analytics: 26 months

After the archiving period has expired, personal data will be securely and irretrievably destroyed so that it cannot be misused.

11. What are your rights in relation to the processing of personal data and how can you exercise them?

You can exercise your individual rights by contacting obchod@mhsexshop.com or by calling +420608926623.

Detailed contact information >>

Right to information about the processing of your personal data
You are entitled to request information from the controller as to whether or not personal data is being processed. If personal data are processed, you have the right to request information, in particular, on the identity and contact details of the controller, the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients of the personal data, the authorised controllers, a list of your rights, the possibility of contacting the Data Protection Authority, the source of the personal data processed and on automated decision-making and profiling.

Right of access to personal data
You are entitled to request information from the controller as to whether or not your personal data is processed and, if so, to access information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients, the period of retention of the personal data, information about your rights, the right to lodge a complaint with the Data Protection Authority, information about the source of the personal data, information about whether automated decision-making and profiling takes place. You have the right to be provided with copies of the personal data processed. However, the right to obtain this copy must not adversely affect the rights and freedoms of others.

Right to rectification
If there has been a change of residence, telephone number or other fact on your part, for example, you have the right to request rectification of the personal data processed. In addition, you have the right to have incomplete personal data completed, including by providing an additional declaration.

Right to erasure (right to be forgotten)
In certain specified cases, you have the right to request that the controller erase your personal data. These cases include, for example, that the data processed is no longer necessary for the purposes mentioned above. The controller deletes personal data automatically after the period of necessity has expired, but you can contact the controller at any time with your request. Your request will then be subject to an individual assessment (despite your right to erasure, the controller may have an obligation or legitimate interest to retain your personal data) and you will be informed in detail about the processing of your request.

Right to restriction of processing
The controller processes your personal data only to the extent strictly necessary. However, if you feel that the controller is, for example, going beyond the purposes for which it processes personal data as set out above, you can make a request that your personal data be processed solely for the strictly necessary lawful purposes or that it be blocked. Your request will then be subject to an individual assessment and you will be informed in detail about the processing of your request.

Right to data portability
If you wish the controller to provide your personal data to another controller or another company, the controller will transfer your personal data in an appropriate format to the entity you have designated, unless prevented by any legal or other significant obstacles.

Right to object and automated individual decision-making
If you become aware or believe that the controller is processing your personal data in breach of the protection of your private and personal life or in breach of the law, you may contact the controller and ask it to explain or rectify the situation.

Right to lodge a complaint with the Office for Personal Data Protection
You may at any time contact the supervisory authority, namely the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Praha 7, website: https://uoou.gov.cz, with your complaint or complaint regarding the processing of personal data.

Right to withdraw consent
You have the right to withdraw your consent to the processing of personal data at any time.
To cancel your newsletter, click on the "UNSUBSCRIBE" link found at the bottom of every email sent.
To withdraw other consents, contact us at any time >>

12. Is personal data automatically evaluated?

Personal data is not automatically evaluated.

13. Cookies

This website uses cookies. All about cookies, including your settings and consent, can be found in the Cookies section.

%s ...
%s
%image %title %code %s