The personal data controller pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”) is Machac Motors s.r.o. Company Registration No. 29396727, based at Dolina 212, 742 72 Mořkov, Czech Republic (hereinafter referred to as the “Controller”).
Controller’s contact details:
Address: Dolina 212, 742 72 Mořkov, Czech Republic
Phone: +420 731 167 938
Personal Data means any information relating to an identified or identifiable natural person; an identifiable natural person is one that can be identified, directly or indirectly, in particular, by reference to a certain identifier such as a name, identification number, location data, network identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
The Controller has not appointed the data protection officer.
Sources and Categories of Personal Data Processed
The Controller processes the personal data provided by you or which the Controller received based on performance of your purchase order.
The Controller shall process your identification and contact details, and other information which is essential for performing the contract.
Legal Reason and Purpose of the Personal Data Processing
The legal reasons for the personal data processing include:
- performance of a contract between you and the Controller pursuant to Article 6(1)(b) of the GDPR;
- a legitimate interest of the Controller in providing direct marketing (especially sending commercial communications and newsletters) pursuant to Article 6(1)(f) of the GDPR;
- your consent to processing for the direct marketing purposes (especially for sending commercial communications and newsletters) pursuant to Article 6(1)(a) of the GDPR in connection with Section 7(2) of Act No. 480/2004 Coll. on certain information society services, assuming that no goods or services have been ordered.
The purposes for the personal data processing include:
- processing your purchase order and exercising the rights and obligations arising from a contractual relationship between you and the Controller; to be successfully processed, the purchase order requires your personal data (name and address, contact details), provision of the personal data is necessary for the contract conclusion and performance; without this data, it will not be possible to enter into a contract and the Controller will not, therefore, be able to provide a performance;
- sending commercial communications and carrying out other marketing activities.
- The Controller does not engage in any automated individual decision-making within the meaning of Article 22 of the GDPR. You have granted your express consent to such processing.
Data Retention Periods
The Controller shall store the personal data:
- for the period of time necessary for exercising the rights and obligations arising from a contractual relationship between you and the Controller, and for enforcing the claims from such contractual relationships (for a period of 15 years as the termination of a contractual relationship);
- until the consent to the personal data processing for marketing purposes is revoked, maximum of 2 years, provided the personal data are processed on the basis of approval.
- After the retention period, the Controller shall erase the personal data.
Personal Data Recipients (Controller’s Subcontractors)
The personal data recipients are persons:
- taking part in the delivery of goods/services or payments on the basis of the contract,
- providing e-shop operation services and other services related to e-shop operation,
- providing marketing services.
The Controller does not intend to forward the personal data to third countries (outside of the EU) or international organizations.
Subject to the terms and conditions stipulated in the GDPR, you have the right to:
- access your personal data pursuant to Article 15 of the GDPR;
- rectification of your personal data pursuant to Article 16 of the GDPR or restriction of the processing as per Article 18 of the GDPR;
- erasure of your personal data as per Article 17 of the GDPR;
- object to processing pursuant to Article 21 of the GDPR; and
- to the data portability pursuant to Article 20 of the GDPR;
- revoke the consent of the processing in writing or electronically to the email address of the Controller specified in Article III of these Terms and Conditions.
Further, you have the right to lodge a complaint with the Office for Personal Data Protection, should you believe that your right to personal data protection has been violated.
Personal Data Security
The Controller hereby declares that it has taken all and any appropriate technical and organisational measures to ensure the security of the personal data.
The Controller has taken measures to secure any repositories of personal data in electronic or paper form.
The Controller hereby declares that only persons authorised by the Controller shall have access to personal data.
By placing the purchase order using the on-line form, you confirm that you are familiar with the personal data protection policy and accept them fully.
The Policy becomes effective on February 19 2022.