csen

Privacy Policy

I. Basic Provisions

1. The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: "GDPR") is Wander Book s.r.o., Hodkovická 20/20, 460 06 Liberec (hereinafter: the "Controller").

2. The contact details of the Controller are:

Wander Book s.r.o.
Hodkovická 20/20, 460 06 Liberec
Czech Republic
Phone: +420 484 847 339

3. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

4. The Controller has not appointed a Data Protection Officer (DPO).

II. Sources and Categories of Processed Personal Data

1. The Controller processes personal data provided by you or personal data obtained by the Controller based on the fulfillment of your order.

2. The Controller processes your identification and contact details and data necessary for the performance of the contract.

III. Legal Basis and Purpose of Processing

1. The legal basis for processing personal data is:

  • performance of the contract between you and the Controller pursuant to Article 6(1)(b) of the GDPR,
  • legitimate interest of the Controller in providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(f) of the GDPR,
  • your consent to processing for the purposes of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(a) of the GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll.

2. The purpose of processing personal data is:

  • processing your order and exercising rights and obligations arising from the contractual relationship between you and the Controller; personal data required for successful order processing are requested during the order process,
  • sending commercial communications and conducting other marketing activities.

3. There is no automated individual decision-making by the Controller within the meaning of Article 22 of the GDPR.

IV. Data Retention Period

1. The Controller stores personal data:

  • for the period necessary to exercise the rights and obligations arising from the contractual relationship (for a period of 10 years from the termination of the contractual relationship),
  • until consent to the processing of personal data for marketing purposes is withdrawn, for a maximum of 5 years.

2. Upon expiry of the retention period, the Controller shall delete the personal data.

V. Recipients of Personal Data (Subcontractors)

1. Recipients of personal data are persons:

  • involved in the delivery of goods / services / execution of payments based on the contract,
  • providing e-shop operation services and marketing services.

2. The Controller does not intend to transfer personal data to a third country or an international organization.

VI. Your Rights

1. Under the conditions set out in the GDPR, you have:

  • the right of access to your data, its correction, erasure, or restriction of processing,
  • the right to object to processing and the right to data portability,
  • the right to withdraw consent to processing.

2. You also have the right to file a complaint with the Office for Personal Data Protection.

VII. Data Security Conditions

1. The Controller declares that it has taken all appropriate technical and organizational measures to secure personal data.

2. Only persons authorized by the Controller have access to personal data.

VIII. Final Provisions

1. By submitting an order, you confirm that you are familiar with the privacy policy and that you accept it in its entirety.

2. The Controller is entitled to change these terms. The new version will be published on its website.

These terms come into effect on January 1, 2016.