Privacy Notice
1 Recitals
1.1. M Computers, s.r.o., a commercial company, ID No.: 26042029, with the registered office at Úlehlova 3100/10, Líšeň, 628 00 Brno, Czech Republic, (the “Seller” or the “Controller”) processes personal data of customers and prospective customers for the purchase of goods or provision of services of the Seller (the “Customers”, “Purchaser” or “Data subjects”) in connection with its business activities.
1.2. The Controller hereby provides information as part of obligations introduced by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of personal data (the “GDPR”), and in accordance with the applicable national legislation, in particular Act No. 110/2019 Coll., on the processing of personal data. In this Privacy Notice, the Controller advises the data subjects on the processing and protection of personal data, their rights, the obligations of the Controller, as well as the duration of the processing and storage of personal data in accordance with national legislation and the GDPR.
1.3. Should any provision of this Privacy Notice be contrary to the law, the applicable law shall apply to the legal relationship between the Seller and the Purchaser in lieu of the unlawful provision.
1.4. The provisions of the Privacy Notice are publicly available on the Controller´s website and online store and may be consulted by the Data Subject at any time.
1.5. The version of the Privacy Notice published on the Seller´s website on the date of conclusion of the Purchase Contract shall apply. The Notice is also available at the Seller´´ s registered office and premises or electronically at https://www.mcomputers.cz/
2 Privacy
CATEGORIES OF PROCESSED PERSONAL DATA
2.1. Personal data are data provided by the Purchase to the Seller, in particular:
- name, surname and residence or business name and registered office of the Purchaser and contact person,
- telephone number or electronic address of the Purchaser (email),
- the recipient´s address, if not the same as the Purchaser´s address,
- ID number and VAT number if the Purchaser is a VAT payer,
- details of any services provided to the Customer, details of telephone communication, email communication, chat and SMS,
- username, password, account settings, in particular saved addresses and profiles, preferences for receiving updates about order status and special offers by email if the Purchaser registers on the store´s website,
- data about the Purchaser´s behavior on the Seller´s website, in particular the goods and services viewed, the links they click on, the way they navigate the website and scroll the screen, as well as data about the device from which they view the website, such as the IP address and the location derived from it, the identification of the device, its technical parameters such as the operating system and its version, the screen resolution, the browser used and its version, as well as data obtained from cookies and similar technologies to identify the device,
- personal data related to the use of the Seller´s call center or a visit to a store, in particular records of telephone calls with the call center, identification of messages sent by the Purchaser, including identifiers such as IP addresses, and recordings from in-store CCTV systems,
- all data provided by the Purchaser to the Seller in connection with the conclusion of the purchase contract and its performance,
(collectively the “Personal Data”).
PURPOSE AND LEGAL GROUNDS
2.2. The Seller processes Personal Data in accordance with the GDPR based on a statutory license under Article 6 (1) (a) and (b) GDPR for the specific purposes for which the Purchaser has consented to the processing of Personal Data and for the performance of the specific purchase contract and the rights and obligations arising therefrom, while respecting the principles of legality, fairness, transparency, limitation of purpose, data minimization, accuracy, limitation of storage, integrity and confidentiality. The Purchaser shall provide the Seller with true, accurate and complete information and shall inform the Seller in writing of any change in the information provided.
The Controller processes the Personal Data of the Data Subject for the following purposes and for the following causes:
- The processing is necessary for the conclusion and performance of the contract between the Controller and the Customer, as well as for the implementation of measures taken prior to the conclusion of the contract at the request of the Customer.
- The processing is necessary for compliance with legal obligations applicable to the Controller. In particular, the Controller has the duty of prevention and prudence when concluding a contract, as well as obligations towards public authorities imposed by law.
- The processing is necessary for the purposes of protecting the legitimate interests of the Controller. The legitimate interest of the Controller may consist in exercising the rights under a purchase contract concluded between the Controller and the Customer. Commercial or other communication with the Customer in connection with the service provided or the performance of the purchase contract may also constitute the legitimate interest of the Controller.
- The processing is necessary for Controller´s marketing based on the Customer´s prior consent, in particular the sending of commercial or advertising messages (in particular current offers of goods) to the Customer´s email and the customization of the Controller´s website and online store design and offers displayed there according to the expected needs of the Customer based on the data obtained from cookies and similar technologies for device identification. The Customer has the right to withdraw his consent at any time.
OBLIGATIONS OF THE CONTROLLER
2.3. The Seller undertakes to collect Personal Data to the extent necessary for the fulfilment of the specific purpose for which the Purchaser has given consent or where the Controller has lawful grounds for processing and for the fulfilment of the purpose of the specific purchase contract, and to process such Personal Data only in accordance with the purpose for which they were collected. In this context, the Seller undertakes in particular to:
- ensure that Personal Data are always processed in accordance with the GDPR, are up-to-date, accurate and true, and appropriate for purpose for which they were collected,
- take appropriate measures to provide Purchasers with all information and make all disclosures required by the GDPR in a concise, transparent, comprehensible and easily accessible manner using clear and plain language, • ensure that only authorized persons have access to Personal Data, on the basis of specific user authorizations granted exclusively to such persons,
- where external personnel of the Controller, who are not employees, require access to certain Personal Data of Customers
- in order to perform a specified agreed service provided to the Controller (e.g. accounting), provide such Personal Data only on the basis of the prior consent of the Customer and a date processing agreement concluded between the Controller and the external personnel, specifying the Personal Data of Customers to be provided and the purpose of the disclosure,
- put in place technical, organizational, personnel and other appropriate measures within the meaning of the GDPR to ensure and be able to demonstrate at any time that the processing of Personal Data is in accordance with the GDPR so that unauthorized or accidental access to, alteration, destruction or loss of, unauthorized transmission of, or other unauthorized processing of, Personal Data and data storage media containing such data, as well as other misuse of such data, is prevented, and review and update these measures as necessary,
- keep and continuously review and update records of Personal Data processing in accordance with the GDPR,
- report any data breaches to the Office for Personal Data Protection in a proper and timely manner and cooperate with the Office for Personal Data Protection to the extent necessary,
- maintain confidentiality of Personal Data and security measures which, if disclosed, would compromise Personal Data security,
- comply with other requirements imposed by the GDPR, in particular with the general principles of Personal Data processing, the duty to inform, not to Transfer Personal data to third parties without the necessary authorization, to respect the rights of Data Subjects and to provide them with the necessary cooperation in this respect.
DURATION AND MANNER OF DATA PROCESSING
2.4. The Seller shall retain Personal Data for a period strictly necessary for the performance of contractual or legal obligations and as specified by or in accordance with applicable law. The Seller processes Personal Data in electronic form in an automated manner or in printed form in a non-automated manner. After the expiry of the given period, the Seller shall remove, i.e. permanently destroy, all Personal Data of the Purchasers on all devices and media, except where removal is not possible or where further storage is required by law or justified by the legitimate interests of the Seller.
2.5. The Seller may appoint a third party as a processor to process the Purchaser´s Personal Data. In addition to persons transporting goods, persons providing accounting and similar operational services to the Seller, or persons providing software and web services to the Seller, Personal Data shall be provided by the Seller to other third parties without the Purchaser´s prior consent. In such case, the Seller undertakes to ensure that a data processing agreement is signed with all third parties that shall receive Personal Data from the Seller in the relevant operational cases, in particular to ensure maximum protection of the Purchaser´s Personal Data.
2.6. Employees of the Seller who process Personal Data to which they have access in the performance of their duties, or third parties authorized by the Seller to process the Purchaser´s Personal Data (the “Processor”), are obliged to comply with the relevant generally binding legislation (in particular the GDPR) and the internal regulations and procedures of the Seller. In particular, they are obliged to:
- arrange access to or otherwise process Personal Data strictly to the extent necessary for the performance of their tasks,
- maintain strict confidentiality of all Personal Data to which they have access, even after termination of employment.
2.7. The Purchaser is entitled in particular to:
information and access to his Personal Data in accordance with Article 15 15 of the GDPR,
- rectification of inaccurate data pursuant to Article 16 GDPR,
- erasure of his Personal Data pursuant to Article 17 GDPR,
- restriction of processing under Article 18 GDPR,
- the portability of Personal Data pursuant to Article 20 GDPR,
- object to the processing of Personal Data pursuant to Article 21 GDPR.
2.8. Customer´s Personal Data shall be stored for the duration of the contractual relationship between the Controller and the Customer and after the termination of the contractual relationship for the period of existence of the Controller´s legitimate interests. In other cases, the Personal Data shall be stored for the archiving period set by specific legal regulations, in particular the Archiving Act. In the event of judicial, administrative or other proceedings, the Controller shall process the Customer´s Personal Data to the extent necessary for the duration of such proceedings and the remaining part of the limitation period after their closure. Identification and contact details of the Controller are provided above.
The Purchaser may exercise his rights or file a complaint in writing at the Seller´s registered office or with the Office for Personal Data Protection, ID No.: 70837627, seated at Pplk. Sochora 27, 170 00 Praha 7.