the company TEREZIA COMPANY s.r.o., the owner of the e-shop www.terezia.eu and the producer of food, including food supplements, under the trademark TEREZIA COMPANY, is a controller of personal data of customers of TEREZIA COMPANY according to Art. 4(7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/ES (General Data Protection Regulation) (hereinafter referred to as “GDPR Regulation”).
Identification and contact data of the controller: TEREZIA COMPANY s.r.o., Identification No./IČO/: 27251659, with the registered office Na návrší 997/14, Michle, 141 00 Praha 4, incorporated in the Commercial Register maintained by the Municipal Court in Prague, under File No. C 107724. E-mail: firstname.lastname@example.org. Tel.: (+420) 261 221 277.
TEREZIA COMPANY undertakes to process the personal data provided in compliance with legal regulations, in particular with GDPR Regulation, fairly, in a lawful and transparent manner, only to the extent necessary, and protect the processed personal data in a manner adequate to their importance and nature.
The personal data mean all information about an identified or identifiable natural person – customer; the identifiable natural person is a person which may be directly or indirectly identified, in particular by reference to certain identifier, for instance name, identification number, location data, network identifier or to one or more specific elements of physical, physiologic, genetic, psychological, economic, cultural or social identity of such natural person.
TEREZIA COMPANY uses for processing of some personal data services of subcontractors – processors of personal data (e.g. provider of webhosting). The processors are screened with respect to a safe personal data processing. TEREZIA COMPANY concludes with each processor an agreement on personal data processing, according to which the subcontractor is subject to obligation of secrecy and is liable for a proper security of physical, hardware and software perimeter.
Personal Data Processing when Ordering Goods
1. When placing and order, personal data are required from the customer which are necessary for execution of the order – sale and delivery of goods to the customer, namely: name and surname of the customer, billing and delivery address, e-mail and telephone contact for the customer. Providing personal data is voluntary, however, without their providing TEREZIA COMPANY cannot conclude a purchase agreement with the customer and deliver goods to him.
a. The purpose of processing these personal data is the execution of the customer´s order and the exercise of the rights and obligations arising from the contractual relation between TEREZIA COMPANY and the customer.
b. The legal reason for personal data processing is the performance of the agreement according to Art. 6(1) b) of GDPR Regulation and fulfilment of the controller´s legal obligation according to Art. 6(1) c) of GDPR Regulation, in particular the obligations relating to accounting management.
2. Customer personal data necessary for delivery of the ordered goods to the customer are provided to carriers within the EU, namely either to Česká pošta, s. p., or other non-state carriers mentioned in the General Commercial Terms and Conditions of the E-shop.
3. Customer personal data needed for booking of the purchase are entered by TEREZIA COMPANY for the purpose of accounting into the accounting programme of the company. The data kept in this manner are backed up on the servers of the provider of the accounting programme, being a personal data processor. The processor is obliged to treat personal data according to instructions of TEREZIA COMPANY in compliance with GDPR Regulation.
4. TEREZIA COMPANY stores customer personal data for a period necessary for performance of the rights and obligations arising from the contractual relation between the company and the customer and for making claims arising from these contractual relations and for a period needed for performance of legal obligations of the company. The data shall be erased after expiry of these time limits.
5. In case of an order of goods via E-shop the personal data are further processed by the processor, see paragraph 13 below.
Personal Data Processing during Monitoring Availability of Goods
6. Should the customer ask TEREZIA COMPANY through the e-shop function “Watchdog” for sending an e-mail notice that the goods required by the customer are in stock, TEREZIA COMPANY is processing the e-mail address provided by the customer in order to comply with this request of the customer.
7. The legal reason for personal data processing is the performance of the agreement or execution of measures adopted prior to concluding the agreement upon request of the data subject pursuant to Art. 6(1) b) of GDPR Regulation.
8. TEREZIA COMPANY is processing such personal data until dispatch of the required notice to the customer.
Personal Data Processing on the Basis of the Given Consent
9. On the basis of the customer´s consent with personal data processing TEREZIA COMPANY is processing the below mentioned data for the purpose of marketing towards customers – i.e. registration of TEREZIA club, providing discounts to customers, sending commercial communications (including catalogues or leaflets with discount vouchers) and undertaking other marketing activities towards the customer.
10. The consent is voluntary and its giving is not the customer´s duty. However, registration of a member of the TEREZIA club and providing some discounts or using discount programmes of TEREZIA COMPANY is not possible without giving the consent with the customer personal data processing.
11. Registration of a customer to the TEREZIA club and sending commercial communications (including e.g. discount vouchers) require the customer´s providing and the controller´s processing of the following categories of personal data according to the nature of the customer´s registration:
a. In case of a fast registration of a customer via Facebook or Google this relates to some data you have entrusted to the mentioned platforms, namely: e-mail address, password (logging data of the registered customer) and profile picture.
b. In case of a fast registration of a customer on the website of TEREZIA COMPANY (i.e. without your Facebook or Google accounts) it is: e-mail address, password.
c. In case of a complete registration it is: name, surname, telephone number, billing address, delivery address, name and surname of a contact person at the delivery address. The customer may also enter his date of birth or the date of his name day.
d. In case of a separate registration for subscription of commercial communications it is only e-mail address of the customer.
12. On the basis of the given consent TEREZIA COMPANY is entitled to send the customer only its own commercial communications.
13. The purpose of processing the above mentioned personal data (according to the kind of registration) is sending commercial communications and performance of other marketing activities towards the customer, including providing discounts.
14. The legal reason for personal data processing is giving consent by the data subject pursuant to Art. 6(1) a) of GDPR Regulation.
15. On the basis of the consent with the processing TEREZIA COMPANY is also processing the data on registration of the customer with a health insurance company, membership in certain organization or club or keeping certain card or certificate and related data necessary for using a discount within the chosen partnership discount programme, namely name, surname and depending on the chosen discount programme also an identifier authorizing the customer to use the chosen discount (e.g. number of Sphere card, number of a person insured with VZP etc.) depending on the chosen discount programme according to the current offer of the discount programmes published on www.terezia.eu.
a. The purpose of processing these personal data is the marketing towards the customer consisting in providing a discount according to the chosen discount programme.
b. The legal reason for personal data processing is giving the consent by the data subject pursuant to Art. 6(1) a) of GDPR Regulation.
16. The customer gives TEREZIA COMPANY the consent with his personal data processing in the respective column during completing the registration, registration for receiving commercial communications or when ordering goods with the use of the discount voucher.
17. You may withdraw the given consent with personal data processing any time. If you are a registered member of TEREZIA club, your membership in TEREZIA club shall be terminated by the withdrawal of the consent and the discounts following from the membership and the commercial communication shall not be afterwards sent to you. (Termination of the membership is without prejudice to the possibility to continue purchasing goods from TEREZIA COMPANY.) In case of a withdrawal of the consent with sending commercial communications the commercial communications shall not be sent to you. In case of personal data for using the partnership discount programme these personal data shall be erased on the basis of the withdrawal of the consent. The consent with personal data processing for the purposes of registration and marketing may be withdrawn by sending an e-mail with the subject “Withdrawal of the Consent” at email@example.com and in case of a withdrawal of the consent with sending commercial communication by sending an e-mail with the subject “Withdrawal of the Consent Newsletter” on firstname.lastname@example.org.
18. TEREZIA COMPANY keeps personal data which are processed on the basis of the granted consent until withdrawal of such consent by the data subject.
Personal data processing when using the website TEREZIA COMPANY
19. TEREZIA COMPANY uses the so-called cookies and other network identifiers, which are personal data, within increasing the quality of the services, personalisation of the offer, collection of anonymous data and for analytical purposes. By using the website of the company and the E-shop the customer agrees with using the mentioned technology. The customer may forbid storage of cookies files in setting of his browser. You may learn more about cookies on www.terezia.eu/gdpr/cookies.
20. Personal data provided by the customer via E-shop are processed by the provider of the webhosting and administrator of the website, on which the E-shop is placed, on behalf and according to instructions of TEREZIA COMPANY. The purpose of processing these personal data is execution of the customer´s order and exercise of the rights and obligations arising from the contractual relation between TEREZIA COMPANY and the customer or the approved marketing towards the customer, if applicable, as mentioned above. The legal reason for personal data processing is performance of the Agreement pursuant to Art. 6(1) b) of GDPR Regulation and fulfilment of the controller´s legal obligation pursuant to Art. 6(1) c) of GDPR Regulation or the consent given pursuant to Art. 6(1) a) of GDPR Regulation.
21. Automated individual decision-making within the meaning of Art. 22 of the GDPR Regulation is not performed by TEREZIA COMPANY.
Your rights in connection with personal data processing
Please note that in connection with Your personal data processing you have, beside others, the right to require from TEREZIA COMPANY access to Your personal data, their rectification or erasure or restriction of the processing, if needed, you have the right to data portability and the right to object to Your personal data processing. You have also the right to file complaint with the supervisory body, which is the Office for Personal Data Protection (www.uoou.cz).
Right to access to personal data (Art. 15 of the Regulation)
You have the right to obtain from TEREZIA COMPANY a confirmation whether the personal data related to you are or are not processed and if they are processed, you have the right to access to these personal data – TEREZIA COMPANY shall provide You upon request a copy of Your personal data being subject to processing.
Right to rectification and erasure (Art. 16, 17 of the Regulation)
You have the right that TEREZIA COMPANY rectifies or completes inaccurate personal data it is processing about You.
You have the right that TEREZIA COMPANY erases Your personal data, if (i) they are no more needed for the purposes for which they were collected or otherwise processed or (ii) you have objected to the processing pursuant to Art. 21(1) of the GDPR Regulation and there do not exist any prevailing legitimate reasons for the processing or (iii) Your personal data were processed unlawfully or (iv) the personal data must be erased in order to comply with the legal obligations stipulated in the law of the EU or the Czech Republic.
Right to restrict the processing (Art. 18 of the Regulation)
You have the right that TEREZIA COMPANY restricts processing of Your personal data in case that:
a) you deny accuracy of Your personal data processed, for a period needed in order that TEREZIA COMPANY may verify accuracy of Your personal data;
b) processing of Your personal data is unlawful and you refuse erasure of the personal data and instead you require a restriction of their using;
c) TEREZIA COMPANY doe not need the personal data for the purpose of processing any more but You require them in order to define, exercise or defend legal claims;
d) you have filed complaint against the processing pursuant to Art. 21(1) of the GDPR Regulation, for a period needed for verification whether the legitimate reasons of TEREZIA COMPANY prevail over Your legitimate reasons.
Rata to data portability (Art. 20 of the Regulation)
You have the right to obtain Your personal data you have provided to TEREZIA COMPANY, in a structured, normally used and machine readable format and the right to transfer the data to another controller, and you have also the right that such personal data are directly transferred by one controller – TEREZIA COMPANY – to a second controller, if this is technically feasible.
Right to object (Art. 21 of the Regulation)
You have the right due to reasons relating to Your specific situation to object anytime to the processing of Your personal data by TEREZIA COMPANY for the purpose of protection of legitimate interests of TEREZIA COMPANY (see purposes of the processing). In such case TEREZIA COMPANY shall not further process Your personal data, if it fails to prove serious legitimate reasons for the processing which prevail over the interests or rights and freedoms of the data subject or for determination, execution or defence of legal claims.
Right to lodge a complaint with the supervisory body (Art. 77 of the Regulation)
You have the right to lodge a complaint with the Office for Personal Data Protection, in case you believe that the GDPR Regulation was infringed by the processing of Your personal data.