I. BASIC PROVISIONS
- Personal Data Manager, according to Article 4 Section 7 of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”) is afg.sk,s.r.o., Pechsteinstraße 47A, 12309 Berlin, Germany. Identification number 36249955, SK2021678627 headquartered (hereinafter referred to as “Data Manager”).
- Contact information of the Data Manager:
- address: Pechsteinstraße 47A, 12309 Berlin, Germany
- email: firstname.lastname@example.org
- Personal information is all information about an identified or identifiable natural person; an identifiable natural person is a natural person that can be identified directly or indirectly, in particular by reference to a particular identifier such as name, identification number, location data, network identifier, or one or more specific factors, physiological, genetic, mental, economic, cultural or social.
- The Data Manager has not appointed a privacy officer. Contact information of privacy officer:
II. SOURCES AND CATEGORIES OF PROCESSED PERSONAL DATA
- The Data Manager handles the personal data you have provided to him or the personal data that the Data Manager has received while processing your order.
- The Data Manager handles your identification and contact details and the data necessary for the fulfillment of the contract.
III. LEGAL REASON AND PURPOSE OF PERSONAL DATA PROCESSING
- The legal reason for the processing of personal data is:
- fulfillment of the contract between you and the Data Manager under Article 6 Section 1 Point b) of the GDPR,
- the Data Manager’s legitimate interest in providing direct marketing (for sending business announcements and newsletters) according to Article 6 Section 1 Point f) of the GDPR,
- Your consent to the processing for the purpose of providing direct marketing (for sending business announcements and newsletters) according to Article 6 Section 1 Point a) of the GDPR in connection with § 7 Section 2 of the Law n. 480/2004 of the Statute, about certain information society services in the absence of an order for goods or services.
- The purpose of processing personal data is:
- processing your order and performing the rights and obligations arising from the contractual relationship between you and the Data Manager; personal information is required to successfully process the order (name and address, contact). The provision of personal data is a necessary requirement for the conclusion and fulfillment of the contract, without the provision of personal data, it is not possible to conclude the contract or fulfill it by the Data Manager.
- There is not automatic individual decision-making within the meaning of Article 22 of the GDPR. You have given your explicit consent to such processing.
IV. PERIOD OF DATA STORAGE
- The Data Manager keeps personal data:
- for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the Data Manager and the claims arising from these contractual relationships (for a period of 15 years from the termination of the contractual relationship).
- until the consent to the processing of personal data for marketing purposes is revoked, at the longest for 15 years, if the personal data is processed by consent.
- After the retention period of the personal data passes, the Data Manager will delete the personal data.
V. RECIPIENTS OF PERSONAL DATA (SUBCONTRACTORS OF THE DATA MANAGER)
- The recipients of personal data are individuals:
- contributing to the delivery of goods/services/execution of payments under the contract
- providing e-shop services and other services related to the operation of the e-shop
- providing marketing services
- The Data Manager does not intend to provide personal data to a third country (outside the EU) or an international organization. Third-party recipients of personal data are cloud services providers.
VI. YOUR RIGHTS
- Under the terms of the GDPR you have:
- the right of access to your personal data according to Article 15 of the GDPR,
- the right to correct personal data according to Article 16 of the GDPR, or limitation of processing according to Article 18 of the GDPR,
- the right to delete personal data according to Article 17 of the GDPR,
- the right to object to the processing of your personal data according to Article 21 of the GDPR,
- the right to data transferability according to Article 20 of the GDPR,
- the right to withdraw consent to processing in writing or electronically to the address or email of the Data Manager referred to in Article III of these conditions.
- You also have the right to file a complaint about the Office For Personal Data Protection in case you believe that your privacy has been violated.
VII. PERSONAL DATA PROTECTION CONDITIONS
- The Data Manager claims to have taken all technical and organizational measures to secure personal data.
- The Data Manager has taken technical measures to secure data repositories and personal data repositories in written form.
- The Data Manager declares that personal data can only be accessed by authorized persons.
VIII. FINAL PROVISIONS