I. General provisions
Bioline Products s.r.o. (hereinafter the “Controller”) is the personal data controller within the meaning of Art. 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”).
Controller’s contact details:
Address: Krakovská 1338/10, Postal Code 110 00, Prague 1
Telephone: +420 702 240 532
Personal data mean any and all information relating to an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a certain identifier, for example: name, identification number, location data, network identifier, etc.
The Controller did not appoint a data protection officer.
II. Sources and categories of the personal data processed
The Controller processes personal data provided by you or collected by the Controller in the course of performance of your purchase order.
The Controller processes your identification and contact details and data necessary for the performance of the contract.
If you contact our customer helpline or write a message to us, we will also process your personal data contained in such communication.
If you provide us with personal data of third parties, you are obliged to inform the person concerned accordingly and to obtain his/her consent to these Terms and Conditions of Personal Data Protection.
When you visit our website, we can automatically collect certain information about you, such as IP address, date and time of access to our website, information on your web browser, operating system, etc. We can also process information on your behaviour when using our website. However, information on your conduct on the website is anonymised in order to protect your privacy. We also automatically process cookies.
III. Legal basis and purpose of personal data processing
The statutory reason for personal data processing is the performance of a contract between you and the Controller in terms of Art. 6 (1)(b) of the GDPR; the Controller’s legitimate interest in the provision of direct marketing (especially for sending commercial communications and newsletters) in terms of Art. 6 (1)(f) of the GDPR, and your consent to data processing for the purpose of direct marketing (especially for sending commercial communications and newsletters) in terms of Art. 6 (1)(a) of the GDPR in conjunction with Section 7 (2) of Act No. 480/2004 Coll., on certain services of the information society, in case no purchase order for goods or services has been placed.
The purpose of the personal data processing is as follows: (i) handling your purchase order and exercising the rights and fulfilment of the obligations arising from the contractual relationship between you and the Controller. Placing an order requires filling-in certain personal data necessary for a successful processing of the purchase order (name, address, contact details). The provision of personal data is a necessary precondition for the execution and performance of a contract. Without providing the personal data, a contract cannot be executed or fulfilled by the Controller; (ii) sending of commercial communications and performance of other marketing activities.
The Controller uses automated individual decision-making procedure within the meaning of Article 22 of the GDPR. You have granted your express consent to such data processing.
IV. Data retention period
The Controller shall retain the personal data for the period necessary for the exercise of the rights and fulfilment of the obligations following from the contractual relationship between you and the Controller and for the enforcement of claims under these contractual relationships (for a period of 10 years from the termination of the contractual relationship). Where personal data are processed on the basis of a consent, the [Controller shall retain the personal data] for a period until the consent to personal data processing for marketing purposes is revoked, but no longer than for 3 years.
The Controller shall delete the personal data upon expiry of the retention period.
V. Recipients of personal data (Controller’s subcontractors)
The following persons are recipients of the personal data: (i) persons engaged in supply of the goods or services or arrangement of payments on the basis of a contract; (ii) persons operating the e-shop or providing other services associated with the operation of the e-shop; (iii) persons providing marketing services; (iv) [persons to whom data is provided] for the purpose of bookkeeping of tax receipts in accordance with a contract and the generally binding legal regulations, within the following scope:
- Name and surname, academic degree;
- Mailing Address;
- Billing address;
- E-mail address;
- Telephone contact;
- Bank details;
- Information on the subject of performance provided by the Controller.
VI. Your rights
Under the conditions stipulated by the GDPR, you have the following rights:
- the right of access to your personal data pursuant to Article 15 of the GDPR;
- the right to rectification of personal data pursuant to Article 16 of the GDPR or to restriction of processing pursuant to Article 18 of the GDPR;
- the right to erasure of personal data pursuant to Article 17 of the GDPR;
- the right to object to processing under Article 21 GDPR;
- the right to data portability under Article 20 GDPR;
- the right to withdraw consent to processing in writing or electronically at the Controller’s address or e-mail address specified in Article I hereof.
- Furthermore, if you believe that your right to personal data protection has been violated, you have the right to lodge a complaint with the Office for Personal Data Protection.
VII. The conditions of personal data security
The Controller represents that it has implemented all the appropriate technical and organisational measures for personal data protection. The Controller has adopted technical measures to secure data storages and storages of personal data in hard copy. The Controller represents that only authorised persons of the Controller shall have access to the personal data.
VIII. Final provisions
By sending an order using the online order form, you confirm that you have been acquainted with the Terms and Conditions of Personal Data Protection and that you accept them to the full extent.
You agree with these Terms and Conditions by checking your consent in the online form. By checking your consent, you confirm that you have been acquainted with the Terms and Conditions of Personal Data Protection and that you accept them to the full extent.
The Controller may change these Terms and Conditions of Personal Data Protection. The new version of the Terms and Conditions of Personal Data Protection will be published at the Controller’s website and, at the same time, the Controller will send you a new version of these Terms and Conditions of Personal Data Protection to the e-mail address you provided to the Controller.
These Terms and Conditions of Personal Data Protection become effective on 25 May 2018