Privacy Policy

I. Basic Provisions

1. The controller of personal data pursuant to Art. 4, point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons in relation to the processing of personal data and on the free movement of such data (hereinafter: "GDPR") is the business company AGRO AQUA PRO s.r.o., with its registered office at Politických vězňů 912/10, 110 00 Prague 1, Czech Republic and office at Vesecká 97, 460 06 Liberec 6, Czech Republic, identification number: 05641713, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 268136 (hereinafter: "the Controller").

2. The Controller's contact details are as follows:
Address: Politických vězňů 912/10, 110 00 Prague 1
Email: vedeni@agroaquapro.cz
Telephone: +420 483 704 746

3. "Personal data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

4. The Controller has not appointed a Data Protection Officer.

 

II. Sources and Categories of Processed Personal Data

1. The Controller processes personal data that you have provided, or personal data that the Controller has obtained on the basis of the fulfillment of your order.

2. The Controller processes your identification and contact data and the data necessary for the performance of the contract.

 

III. Legal Basis and Purpose of Processing Personal Data

1. The legal basis for the processing of personal data is

  • the performance of the contract between you and the Controller pursuant to Art. 6(1)(b) GDPR,
  • the legitimate interest of the Controller in providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Art. 6(1)(f) GDPR,
  • your consent to the processing for the purposes of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Art. 6(1)(a) GDPR in conjunction with § 7(2) of Act No. 480/2004 Coll. on Certain Information Society Services, in the event that no order for goods or services has been placed.

 2. The purpose of processing personal data is

  • to process your order and to perform the rights and obligations arising from the contractual relationship between you and the Controller; when placing an order, personal data necessary for the successful processing of the order (name and address, contact details) are required; providing personal data is a necessary condition for concluding and performing the contract, and without such data the contract cannot be concluded or performed by the Controller,
  • to send commercial communications and carry out other marketing activities.

3. The Controller carries out automated individual decision-making within the meaning of Art. 22 GDPR. You have given your explicit consent to such processing.

 

IV. Data Retention Period

1. The Controller retains personal data

  • for the period necessary to perform the rights and obligations arising from the contractual relationship between you and the Controller and to assert claims arising from these contractual relations (for 10 years from the termination of the contractual relationship),
  • for as long as consent to the processing of personal data for marketing purposes has not been withdrawn, but no longer than 10 years if personal data are processed on the basis of consent,
  • after the retention period expires, the Controller will delete the personal data.

V. Recipients of Personal Data (Controller’s Subprocessors)

  1. The recipients of the personal data are the persons involved in the preparation of goods for dispatch and those entrusted with entering orders into the system, the shippers of goods, the courier service, the accounting department, Shoptet, and the internal accounting program Pohoda.
  • those involved in the delivery of goods / services / execution of payments under the contract,
  • those providing services for operating the e-shop (Shoptet) and other services related to the operation of the e-shop,
  • those providing marketing services.

The Controller intends to transfer personal data to a third country (a country outside the EU) or to an international organization. The recipients of personal data in third countries are the providers of the mailing service Mailkit.

VI. Your Rights

1. Under the conditions specified in the GDPR, you have the

  • right to access your personal data pursuant to Art. 15 GDPR,
  • right to rectify your personal data pursuant to Art. 16 GDPR, or to restrict processing pursuant to Art. 18 GDPR,
  • right to erasure of your personal data pursuant to Art. 17 GDPR,
  • right to object to processing pursuant to Art. 21 GDPR, and
  • right to data portability pursuant to Art. 20 GDPR,
  • right to withdraw your consent to the processing by submitting a written or electronic request to the address or email of the Controller as provided in Section III of these conditions.

2. Furthermore, you have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your personal data protection rights have been violated.

 

VII. Security Conditions for Personal Data

1. The Controller declares that it has adopted all appropriate technical and organizational measures to secure personal data.

2. The Controller has adopted technical measures to secure data storage facilities and paper storage of personal data, in particular antivirus programs, encryption, backups, and passwords.

3. The Controller declares that only authorized persons have access to the personal data.

 

VIII. Final Provisions

1. By submitting an order through the online order form, you confirm that you have read the privacy policy and that you accept it in its entirety.

2. You agree to these conditions by checking the consent box in the online form. By checking the consent, you confirm that you have read the privacy policy and that you accept it in its entirety.

3. The Controller is entitled to change these conditions. The new version of the privacy policy will be published on its website and will also be sent to the email address you provided to the Controller.

These conditions shall enter into force on 25.5.2018. Updated on 1.1.2023.