1.2 The Provider is the data controller of the User's personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: "GDPR"). The Provider undertakes to process personal data in accordance with the legal provisions, in particular Article 4(7) of the GDPR. GDPR.
1.3 Personal data is any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.4 When placing an order, the personal data required for the successful execution of the order (name and address, contact details) are requested. The purpose of the processing of personal data is the execution of the User's order and the exercise of the rights and obligations arising from the contractual relationship between the Provider and the User. The purpose of processing personal data is also to send commercial communications and to carry out other marketing activities. The lawful grounds for processing personal data are the performance of a contract pursuant to Article 6(1)(b) GDPR, the fulfilment of a legal obligation of the controller pursuant to Article 6(1)(c) GDPR and the legitimate interest of the Provider pursuant to Article 6(1)(f) GDPR. The legitimate interest of the Provider is the processing of personal data for direct marketing purposes.
1.5 For the performance of the license agreement, the Provider uses the services of subcontractors, in particular a mailing service provider (personal data is stored in 3rd countries) and a web hosting provider. Subcontractors are vetted for the secure processing of personal data. The provider and the web hosting subcontractor have entered into a data processing agreement, according to which the subcontractor is responsible for the proper security of the physical, hardware and software perimeter and is therefore directly liable to the user for any leakage or breach of personal data.
1.6 The Provider stores the User's personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between the Provider and the User and to assert claims arising from such contractual relationship (for a period of 15 years from the termination of the contractual relationship). Upon expiry of this period, the data will be deleted.
1.7 The User has the right to request from the Provider access to his/her personal data pursuant to Article 15 GDPR, rectification of personal data pursuant to Article 16 GDPR, or restriction of processing pursuant to Article 18 GDPR. The User has the right to erasure of personal data pursuant to Article 17(1)(a), and (c) to (f) GDPR. Furthermore, the user has the right to object to processing pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR.
1.8 The user has the right to lodge a complaint with the Data Protection Authority if he/she believes that his/her right to data protection has been violated.
1.9 The User is under no obligation to provide personal data. However, the provision of personal data is a necessary requirement for the conclusion and performance of the contract and without the provision of personal data the contract cannot be concluded or performed by the provider.
1.10 The Provider does not make automatic individual decisions within the meaning of No. 22 GDPR.
1.11 The interested party may use the Provider's services by filling in the contact form:
1. agrees to the use of his/her personal data for the purposes of electronic sending of commercial communications, advertising materials, direct sales, market research and direct product offers by the Provider and third parties, but no more frequently than once a week, and at the same time
2. declares that it does not consider the sending of information according to point 1.11.1 to be unsolicited advertising within the meaning of Act No. 40/1995 Coll. as amended, since the User expressly consents to the sending of information according to point 1.11.1 in conjunction with Section 7 of Act No. 480/2004 Coll.
3. The user may withdraw the consent under this paragraph at any time in writing to firstname.lastname@example.org.
II. Rights and obligations between the controller and the processor (processing agreement)
2.1 The Provider is the processor in relation to the personal data of the User's clients pursuant to Article 28 GDPR. The User is the controller of this data.
2.2 These terms and conditions govern the mutual rights and obligations in the processing of personal data to which the Provider has gained access in the context of the performance of the license agreement concluded by way of acceptance of the general terms and conditions at www.qrs.cz (hereinafter referred to as the "License Agreement") concluded with the User on the date of the User's account creation.