Privacy policy

Introduction

1. For the purposes of this Privacy Policy:

  • Company – BUGR Art s.r.o., registered office dr. Tůmy 1608/6, České Budějovice 370 01, IČ 116 65 009, zaps. in the Commercial Register maintained by the Regional Court in Č.Budějovice, Section C, Insert 31231.
  • Subject - a natural person who enters or is in a relationship with the Company and provides the Company with his or her personal data;

 

2. This Privacy Policy may be changed or supplemented by the Company. We shall inform the Company of any such change by e-mail at least 30 days before the changes take effect. If the Entity does not agree with the change, it has the right to terminate the contractual relationship established with the Company without any penalty.

 

3. This Privacy Policy describes how the Company handles personal data of natural persons in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation, also known as GDPR (hereinafter referred to as "GDPR").

 

4. The Company is the controller of personal data. The Company processes only personal data obtained from Subjects.

 

5. Personal data is processed by the Company to the extent necessary for the provision of the service it negotiates with the Subject. They can be divided into two groups, namely personal data that can be processed without the consent of the Subject and personal data that cannot be processed without consent. If it concerns the processing of personal data for which no consent is required, the establishment of a contractual relationship is never tied to the provision of consent.

 

6. The Company processes these personal data within the meaning of Article 4 para. 1 GDPR:

  • name and surname
  • Home address
  • e-mail address (e-mail)
  • bank account number
  • telephone number
  • ID and VAT number

 

7. The Company processes the personal data referred to in point 6 of these principles for the purpose of:

  • performance of a contract pursuant to Article 6(1)(b) of the GDPR to which the Subject is a party;
  • fulfillment of a legal obligation that applies to the Company and arises from special legal regulations;
  • protection of the legitimate interests of the Company and the Entity arising from and following the contractual relationship established between the Company and the Entity.  

If the Subject refuses to disclose the personal data necessary for any of the above reasons, the Company cannot provide the relevant service or other performance for which it needs the personal data.

 

8. Personal data is stored by the Company only for the necessary period of time and archived in accordance with the statutory deadlines imposed on the Company by legal regulations. Personal data is processed by the Company for the duration of the contractual relationship or other legal title that allows the Subject's personal data to be processed. The Company has set strict internal rules that verify the legality of the possession of personal data and that the Company does not keep the data longer than it is entitled. After the loss of the legal reason, the Company deletes the relevant personal data.  Personal data processed by the Company with the consent of the Subject are stored only for the duration of the purpose for which the consent was granted.

 

9. In the provision of services, we are assisted by the following processors, whose operation is in accordance with European data protection standards, while the processing of personal data by third parties is regulated by their own terms of service. The Subject agrees that the Company may transfer the Subject's personal data to them for the fulfilment of the above purposes, if it is necessary to ensure or ensure the performance of services:

  • carriers, at the choice of the Subject in the Company's order form, when concluding the purchase contract in a distance manner through the Company's online store, located at the www.bugr.art Internet address, where the carrier may be:
    • PPL CZ s.r.o., K Borového 99, Jažlovice, 251 01, Říčany, IČ: 25194798;
    • Zásilkovna s.r.o.Praha -Libeň, Drahobejlova 1019/27 PSČ 190 00 , IČ: 28408306
    • Česká pošta, s.p. ,Politických vězňů 909/4, 225 99 Praha 1 IČ: 47114983

Personal data does not leave the territory of the European Union

 

10. No other processor will be involved in the processing without the consent of the Subject or without concluding a contract that obliges the sub-processor to substantially similar obligations with regard to the processing of personal data to which the Company is bound.  In the event that the Company intends to involve another processor in the processing, the Company is obliged to inform the Subject. Any instructions for other processors will comply with the data protection legislation and this Policy. The Company shall always ensure the appropriate selection of processors, in particular on the basis of guarantees to ensure technical and organizational protection

Personal data transferred by the Company.

 

11. The Company undertakes to ensure that other processors or persons involved in the processing on behalf of the Company always meet a high standard of trust, in particular by concluding a personal data processing agreement.

 

Data processing based on consent

12. The Company may also further process the Subject's data if the Subject gives conscious, voluntary and informed consent within the meaning of Article 6 (1) (a) GDPR.

 

13. Consent most often takes the form of an e-mail or will be granted by an active step of the Subject required in the e-mail.

 

14. The Company may process personal data on the basis of consent for the duration of the provision of services. The processing period may be shorter if the consent is withdrawn.

 

Withdrawal of consent

15. The Subject may withdraw consent to the processing of personal data at any time by sending a request to the address of the Company's registered office. The processing of personal data that took place before the withdrawal of consent is lawful.

 

16. The consent granted also applies to processors commissioned by the Company.

 

17. The Company undertakes to secure personal data in accordance with Article 32 GDPR. The Company declares that as of the date of conclusion of the contract, the Company has taken technical measures to ensure the security of personal data.

 

18. The Parties are obliged to provide mutual cooperation in the event of suspected misuse of personal data of the Data Subjects. The Parties shall use their best endeavours and take such measures to prevent the risk of misuse of personal data.

 

Other provisions on the protection of personal data

19. The Company does not process personal data of children or special categories of personal data, so-called sensitive personal data, within the meaning of Article 9 of the GDPR.

 

20. The Company always makes every effort to prevent unauthorized processing of personal data by other persons, however, it is not liable to the Subject or other persons for damage caused by unauthorized processing of personal data by a third party.

 

21. In the event that the Company learns of a security risk associated with personal data, it shall notify the Subject without undue delay.

 

22. The Company undertakes that in the event of damage in connection with the leakage of personal data or other facts that lead to the damage, the Company undertakes to provide the Subject with cooperation and legal assistance in the recovery of compensation from the responsible processors. However, the Company itself is not responsible for the misconduct of processors commissioned by it.

 

23. The Subject acknowledges that he/she has full responsibility for the accuracy of the data provided to the Company. The subject confirms that the personal data provided are true, accurate and relate exclusively to his person or that he has stated data whose use did not interfere with the rights of third parties. The subject undertakes to always notify the Company of changes in personal data so that only current and complete data are processed, at the Company's request or without a request.

 

Assistance in handling personal data

24. The Company processes personal data transparently, fairly and in accordance with legislative requirements. If the Subject believes that the Company is processing his or her personal data in violation of the protection of his or her private and personal life or in violation of the law, especially if the personal data are inaccurate with regard to the purpose of their processing, he/she may:

  • always ask the Company for an explanation or copy of the personal data that the Company processes about the Subject;
  • object to processing for the purpose of legitimate interest;
  • request the provision of information on the scope or method of processing the Subject's personal data;
  • update or complete inaccurate or incomplete personal data;
  • request the erasure of personal data if they are not needed for the purpose for which they were processed, if the consent to their processing has been withdrawn, they have been unlawfully processed, must be erased to comply with a legal obligation, or if they were collected in connection with the offer of information society services;
  • request restriction of the processing of personal data.

 

The Subject is entitled to exercise the above rights in writing to the address of the Company's registered office or by e-mail to the address of the info@bugr.art and the Company responds to such information or requests within a reasonable time (maximum 30 days).

 

25. The subject also has the right to contact the Office for Personal Data Protection (www.uoou.cz) directly

Office for Personal Data Protection:

Lt. Col. Sochora 27

170 00 Prague 7

phone: +420 234 665 111

Final provision

26. All private-law legal relationships arising on the basis of or in connection with the processing of personal data are governed by the laws of the Czech Republic, regardless of where access to them was made from. The Czech courts, which will apply Czech law, are competent to resolve any disputes arising in connection with the protection of privacy between the Entity and the Company.