Privacy Policy

 
INFORMATION ON THE PROCESSING OF PERSONAL DATA
pursuant to Article 13 of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
(hereinafter referred to as "Regulation" or "GDPR").
 
issued by a commercial company
 
Calissi Concept s.r.o.
with registered office at Rybná 716/24, Staré Město, CAP 110 00, Prague 1, Identification Number: 222 87 426, listed in the commercial register kept by the Municipal Court in Prague under File No. C 413951
[hereinafter referred to as the “Seller“].
 
Preamble
The contents of this document inform our customers about the scope, principles and principles in accordance with which your personal data is processed by us.
 
Who processes the personal data provided by me?
The data controller is:
commercial company Calissi Concept s.r.o.
with registered office at Rybná 716/24, Staré Město, CAP 110 00, Prague 1, Czech republic
Identification Number: 222 87 426,
listed in the commercial register kept by the Municipal Court in Prague under File No. C 413951
 
The Controller is the exclusive representative of major brands of clothing, fashion accessories, perfumes, creams and other goods and products for the territory of the European Union and their retailer to end customers.
 
Who can I contact if I have questions about the processing of my personal data?
If you have any questions regarding the processing of your personal data, please contact the Data Protection Officer:
 
Mr. Martin VOLEJNÍK, attorney-at-law
registered office at Fügnerovo náměstí 1808/3, PSČ 120 00, Praha 2 – Nové Město
e-mail: volejnik@akvolejnik.cz
tel.: +420 774 191 262
 
What personal data do we process and for what purpose?
We process only the strictly necessary personal data, which we cannot do without. In general terms, this includes personal data of those who are interested in purchasing our products as consumers, or our customers who have already purchased our product, and similarly, visitors to our website and/or users of our social networks or other marketing and communication electronic channels.
 
In the table below, you will find a detailed overview of the personal data we process, including the legal title and purpose of processing.
 
Purpose of processing
Categories of Personal Data
Length of processing
Pre-contractual communication with those interested in purchasing our products Conclusion of the purchase contract, including any changes to it   Delivery of the purchased goods, payment of the purchase price      
Name, Surname, Delivery address, and/or Billing address, and/or Contact address, Telephone number, Email address, Bank account number
For the duration of the interest in purchasing our products or for the duration of the contractual relationship, subject to the statutory time limits for fulfilling the archiving obligation in relation to the selected data
Sending commercial communications, including commercial communications from third parties
  Email address
For the duration of the consent
 
 
 
Who is the recipient of the personal data?
In the context of our business activities, we generally do not cooperate with third parties, so there is no transfer of your personal data to third parties on our part.
 
The personal data you provide us with is processed internally and may be handled by our administrative staff or by external contractors such as delivery agents, accounting firms or lawyers.
 
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases, and the general Shopify application. They store your data on a secure server behind a firewall.
 
In any case, however, we guarantee that the scope and manner of further processing of your personal data will always be lawful and appropriate for the respective purpose.
 
On what legal basis do we process personal data?
Your personal data is processed:
  • for the purpose of concluding a purchase contract or amending it and/or performing a contract to which the data subject is a party;
  • the performance of legal obligations applicable to the Controller (obligations under the relevant provisions of the Regulation, cooperation with a supervisory authority);
  • on the basis of the legitimate interest of the Controller;
  • on the basis of your consent to the processing of personal data.
Can the Controller process your personal data without your consent?
Yes, but only for the following purposes:
  • to comply with legal obligations arising for the Controller from generally binding legal regulations;
  • the legitimate interests of the Controller, provided that these legitimate interests do not conflict with your legitimate interests and fundamental rights and freedoms.
Can the Controller process your personal data without your consent?
Yes, but only for the following purposes:
  • to comply with legal obligations arising for the Controller from generally binding legal regulations;
  • the legitimate interests of the Controller, provided that these legitimate interests do not conflict with your legitimate interests and fundamental rights and freedoms.
For how long do we process your personal data?
We process your personal data only for the time necessary to fulfil the purpose of processing.
 
Personal data processed on the basis of the data subject's consent are destroyed following a written request from the data subject, and no later than 20 days after receipt of such a request.
 
In general, your personal data are deleted within a maximum period of one month after the purpose or legal basis for processing them has ceased to exist.
 
How and when can you withdraw your consent to the processing of personal data?
You can withdraw your previously granted consent to the processing of personal data at any time via the email address volejnik@akvolejnik.cz.
Withdrawal of consent does not affect the processing of personal data that we may process on the basis of another legal title.
 
How is your personal data secured?
The Controller has adopted appropriate organisational and technical security of personal data, corresponding to the technological maturity of the means available, which provide the maximum level of protection of the personal data provided by you, both in their collection and in the transmission to the recipients, personal data.
 
What are your rights in relation to the protection of your personal data?
Your rights include:
  1. to correct or supplement your personal data whenever they are changed and to inform the Controller of such change. You have the right to request the Controller to correct inaccurate personal data about you. In this context, it is your right to similarly request the Controller to complete incompletely recorded personal data.
 
  1. to request restriction of processing. You have the right, within the meaning of Article 18 of the Regulation, to require the Controller to restrict processing where:
- the data subject contests the accuracy of the personal data, for the period necessary to enable the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject refuses to erase the personal data and requests instead that the use of the personal data be restricted;
- the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims;
- the data subject has objected to the processing pursuant to Article 21 of the Regulation on the grounds that the processing will be restricted until it is verified that the legitimate grounds of the controller override those of the data subject.
 
  1. object to or complain about processing in certain cases Your right to object to the processing of personal data within the meaning of Article 21 of the Regulation is:
- processing on the basis of a legitimate interest and the performance of a task carried out in the public interest or in the exercise of official authority;
- processing for direct marketing purposes on the basis of a legitimate interest; and
- processing for scientific or historical research purposes or for statistical purposes.
 
  1. to request the portability of personal data (including the right to obtain, free of charge, their processed personal data in a structured and machine-readable format) Your right under Article 20 of the Regulation is the right to obtain the personal data you have provided to the Controller in a structured, commonly used and machine-readable format and to transfer that data to another controller where:
- the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b); and
- the processing is carried out by automated means.
 
  1. have access to personal data It is your right to make a request to the Controller for information (confirmation) as to whether or not your personal data is being processed and, if it is being processed, it is your right to obtain such personal data and to obtain the following information from the Controller:
  • processing purposes,
  • the categories of personal data concerned,
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed,
  • the intended period for which the personal data will be stored,
  • the existence of the right to request from the controller the rectification or erasure of personal data, the right to object,
  • the right to lodge a complaint with a supervisory authority,
  • the right to object
  • any available information about the source of the personal data, unless it is obtained from the data subject,
  • the fact that automated decision-making, including profiling, is taking place.
 
If the Controller does not process any data about the natural person, information is provided that the personal data of the interviewee are not subject to personal data processing by the Controller.
 
  1. be informed of a personal data breach. In the event that a breach of security occurs and such a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Controller is obliged to notify you of the breach without undue delay.
 
  1. erasure of personal data in certain cases, including the right to be forgotten. In the event that one of the following conditions is met, i.e.:
- the personal data is no longer necessary for the purposes for which it was collected or otherwise processed,
- the data subject withdraws consent and there is no further legal basis for the processing,
  - the data subject objects to the processing and there are no overriding legitimate grounds for the processing,
- the personal data have been unlawfully processed,
  - the personal data must be erased to comply with a legal obligation,
  - the personal data have been collected in connection with the offer of information society services pursuant to Article 8(1) of the General Regulation,
 
it is your right to request that the personal data be deleted or that the Controller disposes of your personal data.
 
What are the remedies in the event of a violation of your rights?
In the event of a violation of your rights related to the processing of your personal data, it is your right to file a complaint with the regional competent Office for Personal Data Protection, e.g.:
Exercise of rights without consideration
The exercise of all your rights set out above is free of charge and does not involve any fee or charge.
 
However, if your requests are manifestly unfounded or unreasonable due to repetition, we are entitled either to impose a reasonable fee, taking into account the administrative costs involved in providing the requested information, communication or action, or to refuse to comply with your request.
 
If we have reasonable doubt about your identity or the identity of the person exercising the right, we may ask you for additional information necessary to confirm your identity.
 
If you exercise any of your rights, you can expect our response without undue delay, at the latest within one month from the moment your request was received or communicated to us in person or by telephone.
 
Please note that due to the complexity and number of requests, we may extend this period by a further two months. We will, of course, inform you of this extension within one month of receipt of your request, including the reasons for it.
 
If you choose to communicate with us electronically to exercise one of your rights, we will also provide you with information about your request electronically. If you prefer a different method of providing information about your request (for example, in writing or orally) and you tell us, we will try to communicate with you in the way you choose, provided that we are able to prove your identity unambiguously.
 
We will inform you of the processing of your request, even if we do not take the action you have asked us to take, and the reasons why we have done so.
 
We will notify all recipients to whom we disclose your personal data of any rectification, restriction or erasure of personal data, except where this proves impossible or requires disproportionate effort.
 
What about social networks?
Our website and our mobile apps may contain links to third-party websites. Please note that we are not responsible for the collection, use, storage, sharing or provision of data and information by such third parties. If you provide information on third party sites, the privacy policy and terms of service of such sites will apply. Before providing personal information, we recommend that you first read the privacy policy of the website you are visiting.
 
What are cookies and what types of cookies does the Administrator use?
Cookies are small text files that are stored on your computer by the websites you visit. These files are commonly used to help the website run or operate more efficiently and to provide internet services and features to users. Cookies are stored on individual computers using a web browser. Cookies do not pose a danger, are not used to obtain any sensitive personal information or to identify you as a specific person, but are important for privacy protection.
 
Cookies can be either persistent (persistent cookies) or temporary (session cookies). Persistent cookies are text files sent by a web server to a web browser which, once stored by the browser, remain active until a set deletion date (unless the user deletes them before that date). Conversely, temporary cookies are deleted at the end of each session after the browser is closed.
 
Cookies allow your person to be recognised as an existing user (e.g. when logging into their user account, etc.). The administrator may also use cookies for statistical purposes or to measure website traffic. Cookies are not used to collect any sensitive personal data.
 
Here is a list of cookies that we use. We’ve listed them here so you can choose if you want to opt-out of cookies or not.
 
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits.
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional.
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
PREF, persistent for a very short period, Set by Google and tracks who visits the store and from where.
 
It is your right to refuse the use of cookies. If your browser has cookies enabled, the Administrator will assume that you consent to the use of standard cookies by the Administrator's website.
 
In most internet browsers, the above cookies can be managed in the browser settings. For more information about cookies and how to see what cookies have been set and how to manage and remove them, please visit www.aboutcookies.org and www.allaboutcookies.org.
 
To change the cookie settings installed by Google Analytics, please visit http://tools.google.com/dlpage/gaoptout.
 
Please note that any changes to the cookie settings on your internet browser may affect the proper functioning of the Administrator's website.