Cloudfield a.s., IČ 08277982 (hereinafter the “Controller”) is the personal data controller within the meaning of Art. 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”).
Data shall mean any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Sources and Categories of the Personal Data Processed
The Controller processes personal data provided by you or collected by the Controller in the course of performance of your purchase order.
The Controller processes your identification and contact details and data necessary for the performance of the contract.
Legal Basis and Purpose of Personal Data Processing
Legal basis of personal data processing is as follows:
performance of a contract between you and the Controller pursuant to Art. 6 (1)(b) of the GDPR
The purposes of the personal data processing:
processing of your purchase order and the exercise of rights and fulfilment of obligations arising from the contractual relationship between you and the Controller; placing an order requires filling in certain personal data necessary for a successful processing of the purchase order (name, address, contact details); the provision of personal data is a necessary precondition for the execution and performance of a contract; without providing the personal data, a contract cannot be executed or fulfilled by the Controller.
The Controller does not use automated individual decision-making within the meaning of Article 22 of the GDPR. You have granted your express consent to such data processing.
Data retention period
The Controller shall retain the personal data:
for the period necessary for the exercise of the rights and fulfilment of the obligations following from the contractual relationship between you and the Controller and for the enforcement of claims under these contractual relationships (for a period of 15 years from the termination of the contractual relationship).
where personal data are processed on the basis of a consent, the [Controller shall retain the personal data] for a period until the consent to personal data processing for marketing purposes is revoked, but no longer than for 10 years.
The Controller shall delete the personal data upon expiry of the retention period.
Recipients of Personal Data (Controller’s Subcontractors)
Recipients of personal data shall be the persons:
participating in the delivery of goods/services/performance of payments under a contract;
providing marketing services.
The Controller does not intend to transfer personal data to a third country (outside the EU) or to an international organisation.
Under the conditions stipulated by the GDPR, you have the following rights:
the right of access to your personal data pursuant to Article 15 of the GDPR;
the right to rectification of personal data pursuant to Article 16 of the GDPR or to restriction of processing pursuant to Article 18 of the GDPR;
the right to erasure of personal data pursuant to Article 17 of the GDPR;
the right to object to processing under Article 21 GDPR;
the right to data portability under Article 20 GDPR;
the right to withdraw consent to processing in writing or electronically at the Controller’s address or e-mail address specified in Article I hereof.
Furthermore, if you believe that your right to personal data protection has been violated, you have the right to lodge a complaint with the Office for Personal Data Protection.
The Conditions of Personal Data Security
The Controller represents that it has implemented all the appropriate technical and organisational measures for personal data protection.
The Controller has adopted technical measures to secure data storages and storages of personal data in hard copy, in particular contracts and invoices.
The Controller represents that only authorised persons of the Controller shall have access to the personal data.
By sending a request/order using the online order form, you confirm that you have been acquainted with the Terms and Conditions of Personal Data Protection and that you accept them to the full extent.
You agree with these Terms and Conditions by checking your consent in the online form. By checking your consent, you confirm that you have been acquainted with the Terms and Conditions of Personal Data Protection and that you accept them to the full extent.
The Controller may change these Terms and Conditions. The new version of the Terms and Conditions of Personal Data Protection will be published at the Controller’s website and, at the same time, the Controller will send you a new version of these Terms and Conditions to the e-mail address you provided to the Controller.
These Terms and Conditions become effective on 25 May 2018.