Privacy Policy

1. The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”) is [Company Name], with its registered office at [Registered Office] (hereinafter referred to as the “Controller”).
2. The Controller’s contact details are:
   Address: [Enter address]
   Email: [Enter email]
   Phone: [Enter phone number]
3. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
4. The Controller has not appointed a Data Protection Officer.

1. The Controller processes personal data that you have provided to it or personal data that the Controller has obtained in connection with the fulfilment of your order.
2. The Controller processes your identification and contact details and data necessary for the performance of the contract, including electronic files (“cookies”).
3. If you have subscribed to our newsletter, the Controller processes your email address and a time record of when consent to receive commercial communications relating to goods offered in the e-shop www.kobzuvpivovar.com was granted.

1. The legal basis for the processing of personal data is:

• the performance of a contract between you and the Controller pursuant to Article 6(1)(b) of the GDPR,
• the legitimate interest of the Controller in providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(f) of the GDPR,
• the legitimate interest of the Controller consisting in communication with a potential customer/website visitor after submitting a contact form,
• your consent to the processing for the purposes of direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(a) of the GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on Certain Information Society Services, in cases where no order for goods or services has been placed.

2. The purpose of the processing of personal data is:

• the processing of your order and the exercise of rights and obligations arising from the contractual relationship between you and the Controller; when placing an order, personal data required for the successful processing of the order (name, address, contact details) are required; the provision of personal data is a necessary requirement for the conclusion and performance of the contract, and without the provision of personal data it is not possible to conclude or perform the contract on the part of the Controller,
• sending commercial communications and carrying out other marketing activities,
• statistical and analytical processing of website traffic.

3. The Controller carries out automated individual decision-making within the meaning of Article 22 of the GDPR. You have given your explicit consent to such processing.

1. Správce uchovává osobní údaje

• po dobu nezbytnou k výkonu práv a povinností vyplývajících ze smluvního vztahu mezi Vámi a správcem a uplatňování nároků z těchto smluvních vztahů (po dobu 10 let od ukončení smluvního vztahu).
• po dobu, než je odvolán souhlas se zpracováním osobních údajů pro účely marketingu, nejdéle 10 let, jsou-li osobní údaje zpracovávány na základě souhlasu.

2. Po uplynutí doby uchovávání osobních údajů Správce osobní údaje vymaže.

1. The Controller retains personal data:

• for the period necessary to exercise rights and obligations arising from the contractual relationship between you and the Controller and to assert claims arising from such contractual relationships (for a period of 10 years from the termination of the contractual relationship);
• for the period until consent to the processing of personal data for marketing purposes is withdrawn, but no longer than 10 years, where personal data are processed on the basis of consent.

2. After the expiry of the retention period, the Controller shall delete the personal data.

1. Under the conditions set out in the GDPR, you have:

• the right of access to your personal data pursuant to Article 15 of the GDPR,
• the right to rectification of personal data pursuant to Article 16 of the GDPR, or restriction of processing pursuant to Article 18 of the GDPR,
• the right to erasure of personal data pursuant to Article 17 of the GDPR,
• the right to object to processing pursuant to Article 21 of the GDPR,
• the right to data portability pursuant to Article 20 of the GDPR,
• the right to withdraw consent to the processing in writing or electronically to the address or email of the Controller specified in Article III of these Terms.

2. You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to the protection of personal data has been infringed.

1. The Controller declares that it has adopted all appropriate technical and organisational measures to secure personal data.

2. The Controller has adopted technical measures to secure data repositories and repositories of personal data in paper form, in particular the protection of physical documents, technical security of data storage systems, encryption, antivirus software, backups, and other measures.

3. The Controller declares that only persons authorised by it have access to personal data.

1. By submitting an order via the online order form, you confirm that you have familiarised yourself with the personal data protection terms and that you accept them in full.

2. You agree to these terms by ticking the consent checkbox via the online form. By ticking the consent checkbox, you confirm that you have familiarised yourself with the personal data protection terms and that you accept them in full.

3. The Controller is entitled to amend these terms. The new version of the personal data protection terms will be published on the Controller’s website and, at the same time, sent to you at the email address you have provided to the Controller.

These terms shall become effective on 24 April 2024.