Privacy Policy

With this document, we provide you with information about your rights related to the processing of personal data by CatROUND s.r.o. When processing personal data, we comply with applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the ‘GDPR’) and Act No. 101/2000 Coll., on the Personal Data Protection.

At CatROUND s.r.o., we follow strict rules determining which employees have access to personal data and which groups of personal data they can process. Personal data are carefully secured and are not transferred outside CatROUND s.r.o. and the processor with the concluded processing contract. An exception to this rule may consist of rare cases where the data subject’s prior consent has been granted, it is imposed or justified by the law or our legitimate interest (e.g. in the case of requests of authorities active in criminal/administrative/civil proceedings, etc.).

The processing of personal data always takes place only to the extent given by the purpose of the processing. We treat personal data with due care and in accordance with applicable law. We protect personal data to the maximum extent possible, corresponding to the technical level of available resources.

Please read the information provided here thoroughly. We did everything we could to make it as understandable as possible. If something is not clear to you, we will be happy to explain any concept or passage to you. For questions and comments, as well as to exercise your rights described below in connection with the protection of personal data and the GDPR, please use our contact form below on this page.

The protection of personal data and compliance with applicable law shall be supervised by:

Office for Personal Data Protection (hereinafter referred to as the ‘DPO’)

Address: Pplk. Sochora 27, 170 00 Prague 7,

Phone: +420 234 665 111, website: www.uoou.cz

 

Basic information about the personal data controller:

CatROUND s.r.o., with its registered office at Korunní 2569/108, Vinohrady, 101 00 Prague 10, company ID No. 09219251, maintained by the Municipal Court in Prague under File No. C332764, email: info@catround.cz, phone: +420 605 923 119 (hereinafter referred to as ‘CatROUND’ or the ‘Controller’).

 

The Controller did not appoint a Data Protection Officer.

 

Purpose of the processing of personal data

The Controller processes personal data in accordance with European Union law, in particular in accordance with the GDPR and the Personal Data Protection Act. Personal data are processed only for the specified purpose, to the extent specified below, for the period specified in the relevant acts or for the agreed period.

The Controller processes personal data necessary for the performance of the contract concluded between the Controller and the data subject (the natural person to whom the personal data relate), for the purposes of implementing the business relationship between the Controller and the data subject contained in the contract and for managing the relationship with the data subject. The Controller processes personal data on the basis of its legitimate interests, unless those interests are overridden by the interests, rights or freedoms of the data subject.

Purposes of the processing of personal data for which the personal data are intended and the legal basis for their processing:

  • Performance of the contract and provision of services
  • The Controller’s legitimate interest in the provision of direct marketing (especially for sending commercial communications and newsletters)
  • Your consent to the processing for the purpose of providing direct marketing (especially for sending commercial communications and newsletters) if there is no order of goods or services
  • Sending commercial communications and carrying out other marketing activities
  • Accounting and tax purposes
  • Debt collection
  • Assertion of legal claims
  • Compliance with a legal obligation
  • Protection of property and persons
  • Provision of operational activities
  • Archiving as required by law

 

Scope of the processing of personal data:

The Controller processes personal data to the extent provided to it by the data subject or obtained by the Controller in another way (in particular the transfer of contractual documents of its legal predecessors) and processes them in accordance with applicable law. The scope and duration of the processing of personal data are linked to the legal title to be processed, while the legal titles are defined in the GDPR regulation. The following personal data are processed:

  • First name, surname, permanent residence address, date of birth, correspondence address, telephone number, email address, bank account number, etc.

Personal data processed by the Controller differ for individual groups of data subjects (employees, clients, debtors, etc.). The Controller thoroughly assesses what personal data are necessary for each group to achieve the purpose of their processing and only such data are further processed. Specific categories of personal data processed by the Controller will be communicated on the basis of the exercised right to information of the data subject. The rights of the data subject can be exercised through the contact form available below on this page.

 

Personal data retention period:

The Controller keeps personal data

  • For the time necessary to exercise the rights and obligations arising from the contractual relationship between you and the Controller and to assert claims arising from such contractual relationships (for a period of 15 years from the termination of the contractual relationship)
  • Until the consent to the processing of personal data for marketing purposes is withdrawn, up to a maximum of 3 years if the personal data are processed on the basis of consent.

The Controller deletes the personal data when the retention period expires.

 

Rights of the data subject:

The Controller processes personal data transparently, properly and in accordance with the GDPR. The Controller informs at this point the data subjects of their rights, which are as follows:

  • Right of access
  • Right to know the purpose of the processing of personal data
  • Right to know the categories of personal data concerned
  • Right to request the rectification or erasure of personal data
  • Right to know the recipients or categories of recipients of personal data
  • Right to know the period for which the personal data will be stored
  • Right to object to the processing
  • Right to lodge a complaint with the supervisory authority
  • Right to information on the source of personal data if they are not from the data subject
  • Right to withdraw consent to the processing of personal data at any time if the personal data are processed on the basis of the consent granted
  • Right not to be subject to automated individual decision-making with legal or similar effects, including profiling

The data subject has the right not to provide the Controller with their personal data. In the event that the provision of such personal data is mandatory (by law or contract), the Controller notifies the data subject that the provision of possible services is bound to the transfer of personal data.

 

Processors and recipients of personal data:

The processors and recipients of personal data managed by the Controller are:

  • Service suppliers and providers, i.e. legal services, accounting services, similar services
  • Persons who provide e-shop operation services (Shoptet) and other services in connection with e-shop operation
  • Persons providing marketing services
  • Partners operating payment systems for the purpose of securing payment
  • Transport partners
  • State and other authorities within the performance of contractual obligations
  • State and other authorities within the performance of legal obligations

 

Transfer of personal data to third countries:

The Controller does not transfer personal data to third countries. An exception may be the fulfilment of the Controller’s legal obligation. In such a case, the Controller shall ensure that adequate safeguards are provided to ensure the protection of personal data in accordance with the GDPR.

 

Final provisions and contact details:

By sending an order using the online order form, you confirm that you are aware of the terms and conditions of personal data protection and that you accept them in their entirety.

 

You agree to these terms and conditions by checking the consent box in the online form. By checking the consent box, you confirm that you are familiar with the terms and conditions of personal data protection and that you accept them in their entirety.

 

The Controller is entitled to change these terms and conditions. Any new version of the terms and conditions of personal data protection will be published on its website and sent to the email address you provided to the Controller.

If you have any questions or wish to exercise your rights, please use this contact form.

If possible, indicate:

  • What right regulated by the GDPR you want to exercise
  • Your sufficiently specific identification
  • The way we can contact you and send you a reply (typically an email)

 

The Controller hereby informs you that by sending a message via the contact form, you consent to the processing of your data necessary for further communication. These data are identification data (first name, surname), contact details (email, phone number) and any other data provided in your message. Personal data obtained in this way will be deleted by the Controller after your request has been processed.

 

First name and surname

Email

Your message

Back shopping