Terms and conditions of personal data protection

I. Basic provisions

  1. The Controller of personal data according to Article 4(7) of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter referred to as “GDPR”), is BOHO NATURAL s.r.o. Company Number 059 77533, having its registered office at gen. Píky 323/14a, Řepčín 779 00 Olomouc, Czech Republic (hereinafter referred to as the “Controller”).
  2. Contact details to the Controller are as follows: address: Havlíčkova 4489/117A, 767 01 Kroměříž, Czech Republic, email: info@bohonatural.cz, telephone: 00420 773 194 570.
  3. Personal data are understood to be all information about an identified or identifiable natural person; an identifiable natural person is a natural person that can be directly or indirectly identified, in particular with reference to a specific indicator, for example, name, identification number, location data, network identifier, or one or more of the special elements of physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  4. The Controller has not appointed a Data Protection Officer.

II. Sources and categories of processed personal data

  1. The Controller processes the personal data which you have provided to it, or the personal data which the Controller has obtained based on the completion of your order.
  2. The Controller processes your identification and contact details and the data required for the performance of the contract.

III. Statutory ground for and purpose of personal data processing

  1. The statutory ground for personal data processing is
  • performance of the contract between you and the Controller according to subparagraph 6(1)(b) GDPR;
  • the legitimate interests pursued by the Controller in the provision of direct marketing (in particular for the sending of commercial communications and newsletters) according to subparagraph 6(1)(f) GDPR.
  • your consent to processing for the purposes of providing direct marketing (in particular for the sending of commercial communications and newsletters) according to subparagraph 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Sb. on certain services of the information society in the case that no goods or services have been ordered.
  1. The purpose of personal data processing is
  • to handle your orders and the exercise of the rights and fulfilment of the obligations arising from the contractual relationship between you and the Controller; when placing an order, personal data which are necessary for the successful handling of the order are required (name and address, e-mail, telephone number); the provision of personal data is a necessary requirement for the conclusion and performance of a contract; no contract can be concluded, or performed by the Controller, without the provision of personal data;
  • the sending of commercial communications and the undertaking of other marketing activities.
  1. There shall be no automated individual decision-making by the Controller, in accordance with Article 22 GDPR.

IV. The period of record-keeping

  1. The Controller keeps records of personal data
  • for the length of time required for the exercise of the rights and obligations arising from the contractual relationship between you and the Controller and the making of claims arising from those contractual relationships (a period of 15 years from the expiration of the contractual relationship);
  • for the period of time until consent to personal data processing for marketing purposes is withdrawn, not longer than for the period of the same activity by the company, if personal data are processed with consent.  
  1. The Controller shall erase personal data after the passing of the term of retention of personal data.

V. Personal data recipients (the subcontractors of the Controller)

  1. The recipients of personal data are persons
  • participating in the delivery of goods / services / the execution of payments pursuant to the Contract;
  • ensuring the running of the e-shop and other services in connection with the running of the e-shop;
  • ensuring marketing services;
  • ensuring accounting for the company.
  1. The Controller does not intend to transfer personal data to a third country (to a country outside the EU) or to any international organisation. The recipients of personal data in third countries are the providers of mailing services / cloud services.

VI. Your rights

  1. You have, under the terms and conditions laid down in GDPR,
  • the right of access to your personal data according to Article 15 GDPR;
  • the right of rectification of personal data according to Article 16 GDPR, or restriction of processing according to Article 18 GDPR;
  • the right of erasure of personal data according to Article 17 GDPR;
  • the right to lodge a complaint against processing according to Article 21 GDPR;
  • the right of portability of data according to Article 20 GDPR;
  • the right to withdraw consent to processing, in writing or electronically, at the address or e-mail address of the Controller specified in Article III of these terms and conditions.
  1. You also have the right to lodge a complaint with Úřad pro ochranu osobních údajů (Office for Personal Data Protection) if you believe that your right to personal data protection has been violated.

VII. Conditions of securing personal data

  1. The Controller declares that it has taken all appropriate technical and organisational measures to secure personal data.
  2. The Controller has taken technical measures to secure data storage sites and storage sites of personal data on paper, in particular passwords.
  3. The Controller declares that only the persons that it has authorised have access to personal data.

VIII. The use of cookies

  1. When visiting our e-shop, temporary files known as cookies might be saved. Boho Natural s.r.o. does not store any personal data in cookies. The data stored in cookies are used solely for the purpose of the personalisation of content and advertisements, the provision of social media functions, and analysis of our usage level. We share information about how you use our website with our partners for social media, advertisements, and analysis. Partners may combine that data with other information which you have provided or which they obtain as a result of the fact that you use their services. When processing cookie files, Boho Natural s.r.o. proceeds in accordance with the relevant legal regulations of the European Union.
  2. A visitor may prevent the storage of cookies by opening the Boho Natural website in incognito mode. All modern Internet browsers support incognito mode, and no cookie files are stored in the browser in this mode.

IX. Final provisions

  1. By submitting an Order using the Internet order form you confirm that you are acquainted with the terms and conditions of personal data protection and that you accept them in full.
  2. You agree with these terms and conditions by marking consent on the Internet form. By marking consent you confirm that you are acquainted with the terms and conditions of personal data protection and that you accept them in full.
  3. The Controller is authorised to amend these terms and conditions. It shall make a new version of the terms and conditions of personal data protection public at its website and shall at the same time send you the new version of these terms and conditions to the e-mail address which you communicated to the Controller.

These terms and conditions enter into effect on 25.5.2018.