We are closed for the Christmas holidays. The last working day this year is Friday, December 20th. We will reopen on Monday, January 6th, 2025.

Personal Data Processing Policy

I.

Basic provision

1. The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data (hereinafter: "GDPR") is Unie neslyšících Brno, sociální podnik, s.r.o., registration number (IČO) 29309158, with registered office at Palackého třída 19/114, Brno 612 00, registered in the Business Register maintained by the Regional Court in Brno, section C, file 72924 (hereinafter: "controller").

2. The controller's contact details are:
Company: Unie neslyšících Brno, sociální podnik, s.r.o.
Address: Palackého třída 19/114, Brno 612 00
Email: info@unb.cz
Phone: +420541245321, +420725605216

3. Personal data means all information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be directly or indirectly identified, in particular by reference to a certain identifier, for example a name, identification number, location data, network identifier or to one or more special elements of physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

4. The controller did not appoint a personal data protection officer.
 

II.

Sources and categories of personal data being processed

1. The controller processes personal data provided to them or personal data obtained by the controller based on the fulfillment of the order:

  • first and last name
  • email address
  • postal address
  • phone number

2. The controller processes identification and contact data and data necessary for the fulfillment of the contract.
 

III.

Legal basis and purpose of personal data processing

1. The legal reason for processing personal data is

  • performance of the contract between you and the controller according to Article 6(1)(b) GDPR,
  • fulfillment of the controller's legal obligations pursuant to Article 6(1)(c) GDPR,
  • the controller's legitimate interest in providing direct marketing (especially for sending commercial messages and newsletters) according to Article 6(1)(f) GDPR,
  • your consent to processing for the purposes of providing direct marketing (in particular for sending business communications and newsletters) pursuant to Article 6(1)(a) GDPR in connection with Section 7(2) of Act No. 480/2004 Coll., on certain information society services in the event that no goods or services have been ordered.

2. The purpose of personal data processing is

  • processing your order and exercising the rights and obligations arising from the contractual relationship between you and the controller; when placing an order, personal data are required that are necessary for the successful processing of the order (name and address, contact information), the provision of personal data is a necessary requirement for the conclusion and fulfillment of the contract, without the provision of personal data it is not possible to conclude the contract or fulfill it on the part of the controller,
  • fulfillment of legal obligations towards the state,
  • sending business messages and doing other marketing activities.

3. The controller makes automatic individual decisions within the meaning of Article 22 of the GDPR. You have given your express consent to such processing.
 

IV.

Data retention period

1. The controller stores personal data

  • for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller and the exercise of claims from these contractual relationships (for a period of 15 years from the termination of the contractual relationship),
  • for the period until consent to the processing of personal data for marketing purposes is revoked, no longer than 1 year, if personal data is processed on the basis of consent.

2. After the personal data retention period has expired, the controller will erase the personal data.
 

V.

Recipients of personal data (controller's subcontractors)

1. Recipients of personal data are persons

  • participating in the delivery of goods/services/realization of payments based on the contract,
  • providing services for running an online store (Unie neslyšících Brno) and other services in connection with running an online store,
  • providing marketing services.

2. The controller does not intend to transfer personal data to a third country (a country outside the EU) or to an international organization. Recipients of personal data in third countries are providers of mailing services / cloud services.
 

VI.

Personal data processors

1. The processing of personal data is carried out by the controller, but the following processors may also process personal data for the controller:

  • service provider,
  • potentially another provider of processing services or software not currently used by the controller.

VII.

Your rights

1. Under the conditions set out in the GDPR, you have

  • the right to access your personal data according to Article 15 GDPR,
  • the right to rectification of personal data according to Article 16 GDPR, or restriction of processing according to Article 18 GDPR,
  • the right to erasure of personal data according to Article 17 GDPR (‘right to be forgotten’),
  • the right to object to processing according to Article 21 GDPR,
  • the right to data portability according to Article 20 GDPR,
  • the right to withdraw consent to processing, in writing or electronically, at the address or email address of the controller listed in Article III of these terms and conditions.

2. Additionally, you have the right to file a complaint with the Office for Personal Data Protection, if you believe that your right to the protection of personal data has been violated. You also have the right to apply to the courts with your complaint.
 

VIII.

Terms of protection and security of personal data

1. The controller declares that they have taken all appropriate technical and organizational measures to ensure a level of security of personal data appropriate to the risk.

2. The controller has taken all necessary technical measures to secure data repositories and repositories of personal data in paper form, in particular.

3. The controller declares that only authorized persons have access to personal data
 

IX.

Final Provisions

1. By submitting an order from the online order form, you confirm that you are familiar with the terms of personal data protection and that you accept them in their entirety.

2. You agree to these terms and conditions by checking the box regarding your consent in the online form. By checking consent, you confirm that you are familiar with the terms of personal data protection and that you accept them in their entirety.

3. The controller is authorized to change these terms and conditions. In that event, they will publish the new version of the personal data protection conditions on their website and at the same time send you the updated version of the document to the email address that you provided to the controller.
 

These conditions take effect on June 1, 2021.