GDPR

Protection of personal data

1 Introductory Provisions

1.1 The purpose of this document is to familiarize the subject with the processing of his personal data, with the individual purposes of processing, the scope and period of processing of personal data.

1.2 The document regulates the processing of personal data on the website www.i nsync.cz , which is operated by the administrator.

1.3 Every visitor to the website is obliged to read this document and, if they do not understand any information, inform the administrator at the contacts in the article.

2 Administrator

2.1 The controller of personal data is the company Get InSync s.r.o., with its registered office at Babická 4,149 00, Prague, IČO 142 38 152, registered in the commercial register under the file mark složka C 386544 held at the Municipal Court in Prague.

2.2 The contact details for making inquiries regarding personal data, for filing complaints, objections or exercising rights are as follows:

  • e-mail: get@insync.cz
  • Phone: 602216567
  • address: Babická 4,149 00, Prague, ID 142 38 152

3 Purposes of personal data processing

3.1 Fulfillment of the contract (order)

If the subject places an order, his personal data is processed for the purpose of implementing the order online, namely for the purpose of fulfilling the concluded purchase contract.

The legal reason for the processing for this purpose is the fulfillment of the contract.

3.2 Direct Marketing to Customers

If the subject is a customer of the administrator, his personal data is also processed for the purpose of direct marketing to customers based on the legitimate interest of the administrator. Direct marketing carried out towards customers consists in sending catalogs and commercial messages in all ways, including the use of the possibility to send commercial messages regarding the administrator's own products and services by electronic means due to the legal exception according to § 7 paragraph 3 of Act No. 480/2004 Coll. -This processing includes the implementation of simple segmentation (profiling) - which means the choice of suitable offers according to the subject's activity, previous orders made, paid orders, the subject's request, according to his age and gender and according to established preferences.

The legal reason for the processing for this purpose is the controller's legitimate interest in conducting direct marketing to its own customers with an offer of its own similar products and services.
 The subject is entitled to object to this processing and the processing will be terminated.

3.3 Direct marketing at the request of the subject

If the subject gives his consent, his personal data is processed for the purpose of direct marketing. This means that personal data will be included in the administrator's database for direct marketing.

Conducting direct marketing includes the following activities:

  • sending targeted and relevant information about news, events, product and service offers, by all means, including electronic means
  • sending catalogs and business communications by all means, including electronic means,
  • sending products of the administrator and cooperating persons by all means, including electronic means,
  • performing simple segmentation (profiling) – which means choosing suitable offers according to the subject's activity, previous orders made, paid orders, the subject's request, according to his age and gender and according to established preferences.

The legal reason for processing for this purpose is the subject's consent. Consent can be revoked by the subject at any time.

3.4 Protection of administrator rights

If the administrator processes personal data for the purpose of fulfilling a contract or conducting direct marketing (whether due to a legitimate interest or on the basis of the subject's consent), the subject's personal data will also be processed after the end of this processing for the purpose of protecting the rights of the administrator, in particular to defend against the claims of the subject or third parties, in case of control by the supervisory authority and for the recovery of the administrator's claims. The period of initiation of legitimate interest begins with the delivery of the shipment. The administrator's legitimate interest is also in fact the combination of multiple one-off orders of one entity, i.e. the assignment of various contracts to a specific entity due to the subsequent archiving of contracts and tax documents.

The legal reason for processing for this purpose is the administrator's legitimate interest.
The subject can object to this processing.

4 Scope of personal data

4.1 For the purpose of fulfilling the contract (order), personal data is processed in the following scope: name, surname, street, identification number, city, zip code, telephone, e-mail, date of birth, information about the ordered goods, information about the price, other information communicated by the subject.

4.2 For the purpose of direct marketing to customers, personal data is processed in the following scope: name, surname, street, identification number, city, zip code, telephone, e-mail, date of birth, information on previous orders, or information about the first order, on the basis of which commercial communications are sent by electronic means in accordance with the exception based on the Act on Information Society Services, and for a period of three years information about the orders made and the subject's preferences, i.e. information about the form of orders, the type of goods ordered and the subject's purchasing preferences .

4.3 For the purpose of direct marketing at the request of the subject, personal data is processed to the extent provided by the subject, at most to the following extent: name, surname, gender, age, street, identification number, city, zip code, telephone, e-mail, date of birth, information on previous orders, information on the type of product received, information on the number of paid shipments and information on the subject's activity within the framework of receiving products from the Administrator.

4.4 For the purpose of protecting rights, personal data is processed only to the extent necessary for this purpose - to the extent of necessary documentation.

5 Time of personal data processing

5.1 For the purpose of fulfilling the contract (order), personal data is processed for the duration of the fulfillment and duration of the relevant contract and 3 years thereafter, for the purpose of asserting a claim, guarantee or other claim of the entity or for the purpose of collecting claims by the controller.

5.2 For the purpose of direct marketing to customers, personal data is processed for an indefinite period, but at the latest until the objection against direct marketing is asserted. Data for segmentation is stored for a maximum of three years.

5.3 For the purpose of direct marketing at the request of the subject, personal data is processed for an indefinite period, but at the latest until the consent is revoked by the subject.

5.4 For the purpose of protecting rights, personal data is processed for the necessary period during which control by supervisory authorities can be carried out, claims can be made or receivables and rights can be enforced, which is a maximum of 3 years or the period for which the procedure lasts from the execution of the purchase contract, respectively its termination. This processing does not affect further processing imposed by the administrator by the relevant legal regulations, for example the retention of tax documents for a period of ten years, etc.

6 Withdrawal of consent, submission of objections and complaints

6.1 The consent given by the entity to the administrator can be revoked at any time by sending such a written statement to the e-mail get@insync.cz or to the address Babická 4, 149 00.

6.2 If the processing is based on a legitimate interest, the subject can object to this. Objecting to the processing for the purpose of conducting direct marketing means the termination of this processing. For other purposes, after objections have been submitted, the validity of the objections will be reviewed and the subject will be informed about the handling of these objections. Objections can be submitted by e-mail to the address: get @insync.cz or to the address Babická 4, 149 00 Prague

6.3 If the subject believes that the administrator does not proceed in accordance with legal regulations when processing personal data, or the subject has other reservations, he can file a complaint at e-mail get@insync.cz or to the address Babická 4, 149 00 Prague.

6.4 The entity may file a complaint with the Office for Personal Data Protection at any time.

7 Recipients and processors

7.1 The recipient of personal data is the administrator.

7.2 To the extent necessary, processors from the following categories may have access to personal data: e-shop platform operator , marketing companies, commercial call centers, accounting companies, auditing companies, companies providing legal services, companies dealing with personnel and education, companies providing IT services , internet marketing companies, marketing systems development, sales and service companies, enterprise system development and implementation companies, web and mobile application development companies, online communication software licensing companies, packaging and delivery companies . In particular, such companies are: Zásilkovna, Česká pošta, Shoptet, ČSOB, Ecomail, Google, Meta, Seznam).

8 Cookies

8.1 Cookies are used to ensure that the website is as easy to use as possible. Other purposes of cookies are the display of relevant advertising.

8.2 The terms of use of Cookies are described in the Cookies document.

9 Instruction on subject rights

9.1 Right of access, transparent information, communication and procedures for exercising the rights of the data subject
 The subject has the right to information about what personal data the administrator processes about him.

The administrator will take appropriate measures to provide the subject in a concise, transparent, understandable and easily accessible manner, using clear and simple language means, all information (e.g. about the processor of personal data and the course of this processing) and make all communications about the processing. The administrator of the subject will provide the information in writing or by other means (for example, in electronic form). Provided that the identity is proven in other ways, the subject also has the right to request the provision of this information orally.

The administrator will not refuse to comply with the subject's request in the exercise of the subject's rights (in particular the right of access), unless he proves that he cannot ascertain the identity of the data subject to whom the data in question relates.

The subject has the right to have the controller provide him with information on the measures taken upon request, without undue delay and in any case within one month of receiving the request. If necessary, this deadline can be extended by another two months, taking into account the complexity and number of applications. The administrator will inform the subject of any such extension within one month of receiving the request, together with the reasons for this delay. If the entity submitted the request in electronic form, the information will be provided in electronic form, if possible and if it does not request another method.

If the administrator does not take the measures requested by the subject, he informs the subject immediately and no later than one month after receiving the request about the reasons for not taking the measures and about the possibility of filing a complaint with the supervisory authority and requesting judicial protection.

The administrator informs the subject that all such information, communications and actions are provided free of charge. If the submitted requests are evaluated as manifestly unfounded or disproportionate, and especially if they are repeated, the controller may either:

  • impose a reasonable fee taking into account the administrative costs associated with providing the requested information or communication or taking the requested actions; or
  • refuse to comply with the request.

The manager proves that the request is manifestly unfounded or unreasonable.

If the administrator has reasonable doubts about the identity of the natural person who submits the request, he may request the provision of additional information necessary to confirm the identity of the subject.

The information to be provided to the subject may be supplemented by standardized icons in order to provide an overview of the intended processing in an easily visible, comprehensible and clear manner. If the icons are presented in electronic form, they must be machine readable.

9.2 Right to Repair

The subject has the right to have the administrator correct inaccurate personal data concerning him without undue delay. Taking into account the purposes of processing, he also has the right to supplement incomplete personal data, including by providing an additional statement.

9.3 Right to erasure ("right to be forgotten")

The subject has the right to have the administrator delete personal data concerning him without undue delay, and the administrator has the obligation to delete personal data without undue delay if one of the following reasons is given:

  • the personal data are no longer needed for the purposes for which they were collected or otherwise processed;
  • the entity revokes the consent on the basis of which the data was processed and there is no other legal reason for the processing;
  • the subject objects to the processing (as per the “right to object” below) and there are no overriding legitimate grounds for the processing;
  • personal data were processed unlawfully;
  • personal data must be deleted to comply with a legal obligation set out in Union or Member State law applicable to the controller;
  • personal data were collected in connection with the offer of information society services in the case of a person under the age of 16, for whom the person exercising parental responsibility must give consent to the processing in accordance with effective legislation.

9.4 Right to restriction of processing

The subject has the right to have the controller restrict the processing in any of the following cases:

  • if the subject denies the accuracy of the personal data, for the time required for the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the entity refuses to delete the personal data and requests instead to restrict its use;
  • the administrator no longer needs the personal data for processing purposes, but the subject requires them for the determination, exercise or defense of legal claims;
  • if the subject has raised an objection to the processing, until it is verified whether the justified reasons of the administrator prevail over the justified reasons of the subject.

9.5 Notification obligation regarding correction or deletion of personal data or restriction of processing
The administrator shall notify the individual recipients to whom personal data has been made available of any correction or deletion of personal data or restriction of processing, except where this proves to be impossible or requires disproportionate effort. The administrator will inform the entity about these beneficiaries if requested.

9.6 Right to Data Portability

The subject has the right to obtain the personal data relating to him/her that he/she has provided to the administrator in a structured, commonly used and machine-readable format, and the right to transfer this data to another administrator without hindrance from the administrator to whom the personal data was provided.

9.7 Right to Object

For reasons relating to his specific situation, the subject has the right to object to the processing of personal data concerning him at any time. If the subject objects to processing for direct marketing purposes, personal data will no longer be processed for these purposes.

9.8 Automated individual decision-making, including profiling

The subject has the right not to be the subject of any decision based solely on automated processing, including profiling, which has legal effects for him or significantly affects him in a similar way. The administrator does not make any decisions based solely on automated processing.

10 Definitions

Personal data is any information relating to a specified or determinable data subject. A data subject is considered determined or determinable if the data subject can be directly or indirectly identified, in particular on the basis of a number, code or one or more elements specific to his physical, physiological, psychological, economic, cultural or social identity; for example, personal data is e-mail, mobile phone, personal data can also be information about a purchase preference in connection with a surname.

The subject is a natural person whose personal data is processed according to this document.

A special category of personal data is data indicating the racial or ethnic origin, political opinions, trade union membership, religious or philosophical beliefs, state of health, sex life or sexual orientation of the data subject. The administrator never requires data falling into a special category of personal data. These are not processed.

The processing of personal data is any operation or set of operations that the controller or processor systematically carries out with personal data, either automatically or by other means.

The processing of personal data means in particular the collection, storage on information carriers, making available, modification or alteration, search, use, transmission, dissemination, publication, storage, exchange, sorting or combining, blocking and disposal; by collecting personal data, a systematic procedure or a set of procedures, the aim of which is to obtain personal data for the purpose of their further storage on an information carrier for their immediate or later processing; the retention of personal data is the maintenance of data in such a form that allows them to be further processed; blocking of personal data is an operation or a set of operations which limit the method or means of personal data processing for a specified period of time, with the exception of necessary interventions; the disposal of personal data means the physical destruction of their carrier, their physical deletion or their permanent exclusion from further processing.

The administrator is any entity that determines the purpose and means of personal data processing, performs the processing and is responsible for it.

By processing personal data, the administrator can authorize or authorize the processor.

The processor is a natural or legal person, public authority, agency or other entity that processes personal data for the controller.

The purpose of processing is the reason why the administrator processes personal data.

By scope we mean specific personal data that are processed, for example first and last name.

11 Final Provisions

11.1 This document becomes effective on 6.5. 2024.

11.2 The administrator is authorized to update this document. The subject is obliged to monitor changes in this document. The current version of this document is always displayed on the website of the administrator and its archiving and reproduction by the buyer is possible.

Get InSync sro