Privacy information
1. Identity and Details of the Controller
the company Aviso s.r.o.
registered office: Křtětice 8, Vodňany 389 01
identification number: 08251622
registered in the Commercial Register maintained by the Regional Court in České Budějovice, Section C, Entry 28931
(hereinafter the “Controller”)
2. Processed Personal Data, Purposes of Processing, Legal Basis of Processing, Recipients of Personal Data, Legitimate Interests of the Controller
The Controller trades in clothing suitable for parkour and, as the operator of an online store and seller, processes the personal data of its customers (hereinafter the “Customer”). Some personal data is processed based on the Customers’ consent, while other personal data is processed without the Customers’ consent based on legal regulations or on a contract concluded between the Controller and the Customer.
2.1 Personal data processed based on a contract without Customers’ consent
In connection with our sales activities, we process without Customers’ consent only the personal data necessary for:
1. fulfilling the contract under which the Customer is supplied with the goods they ordered. For this purpose, personal data is processed for the duration of all rights and obligations arising from the respective contract;
2. fulfilling the legal obligations imposed on the Controller. For this purpose, personal data is processed for the duration of the Controller’s obligations arising from the respective legal regulations;
3. the Controller’s legitimate interests, i.e., for the protection of the Controller’s property, enforcement of the Controller’s claims, and direct marketing. For this purpose, personal data is processed for a period of 5 years.
For the above purposes, we process the following personal data of our Customers:
1. first name and surname;
2. residence / registered office / place of business;
3. delivery address;
4. email address;
5. telephone number.
Without this information, we cannot accept your request and/or conclude a contract with you, as we would not be able to meet our contractual and legal obligations.
2.2 Personal data processed based on granted consent
Aside from the statutory exceptions above, we may process personal data only with the consent of the data subject. Granting consent to the processing of personal data is voluntary and in no way a condition for concluding a contract with the Controller. You can withdraw your consent for these purposes at any time.
We process personal data for the following purposes based on consent:
1. offering services of the Controller and cooperating business partners listed in the consent you granted;
2. marketing use, which helps us better understand your needs, create customer analyses, offer corresponding products, and improve the services provided by the Controller.
The scope of offered services, marketing use, and the specific personal data processed for these purposes depends on the specific consent granted for personal data processing. If you give consent, we may offer services via electronic means (e.g., SMS, email) or transfer your personal data to other divisions of the Controller and cooperating business partners for the purpose of offering services. We transfer personal data to our business partners exclusively with your consent and only within the Czech Republic.
Personal data processed based on your consent is stored separately and only for the period specified in your consent.
III. Rights of Data Subjects and Their Exercise
3.1 Right to request access to personal data
The data subject has the right to obtain confirmation from the Controller as to whether personal data concerning them is being processed. This right applies both to data processed based on consent and data processed without consent under statutory exceptions.
If we do process your personal data, you also have the right to access that personal data and receive information regarding the processing of personal data:
1. the purposes of processing;
2. the categories of personal data concerned;
3. the recipients to whom the personal data has been or will be disclosed;
4. the period for which personal data will be stored, or the criteria used to determine that period;
5. the existence of the right to request rectification, erasure, or restriction of processing of personal data, as well as the right to object to such processing or the right to lodge a complaint with a supervisory authority;
6. information on the source of personal data, if not obtained directly from you (e.g., obtained from publicly available records);
7. information on whether automated decision-making, including profiling, is taking place. In such case, you have the right to receive meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
3.2 Right to rectification of personal data
If you believe that the personal data we process is inaccurate or incomplete, you may request its correction and/or completion.
3.3 Right to erasure of personal data
If we process your personal data, you may, under certain circumstances, request that the personal data be deleted, i.e., removed from our databases.
You may request erasure if:
1. the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
2. you have withdrawn your consent and there is no other legal basis for processing the personal data (e.g., legal obligations of the Controller);
3. the personal data has been processed unlawfully, e.g., without your consent when required, or without a legal basis;
4. the personal data must be erased to comply with a legal obligation.
Erasure is not possible if we still need the data to comply with legal obligations, to establish, exercise or defend legal claims, or for the exercise of the right to freedom of expression and information.
3.4 Right to restrict processing
You may request restriction of processing if you believe your personal data is inaccurate, or if processing is unlawful and you do not wish to request erasure, or if you require the personal data for the establishment, exercise, or defense of legal claims, even though the Controller no longer needs the data, or if you have raised an objection to processing (see below).
If processing is restricted, the Controller may process the data only in a very limited way as provided by law. If the issue (e.g., data inaccuracy) is resolved, the Controller may resume full processing, but you must be notified in advance.
3.5 Right to object
If we process your personal data, you have the right to object at any time to processing for direct marketing purposes. After such an objection, your personal data will no longer be used for direct marketing.
You can also object to processing based on the Controller’s legitimate interests. After an objection, we may continue processing only if we demonstrate compelling legitimate grounds which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
3.6 Right to data portability
You may obtain the personal data you have provided to us in a structured, commonly used, and machine-readable format and transmit it to another controller. If technically feasible, we will transfer the data directly to the new controller.
This right applies only if the data is processed automatically. Not all data we hold is processed automatically, so not all data may be transferable.
3.7 Right to withdraw consent
If we process your personal data based on your consent, you may withdraw that consent at any time. You do not need to give any reason for withdrawing consent. Withdrawal does not affect the lawfulness of processing already carried out based on consent before its withdrawal.
3.8 Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data violates Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), you may lodge a complaint with a supervisory authority. You may do so in the Member State of your residence, place of work, or where the alleged infringement occurred.
In the Czech Republic, the competent supervisory authority is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7.
3.9 Exercising data subject rights
If you wish to exercise any of the above rights (except the right to lodge a complaint), you may do so in the following ways:
1. by sending a written request to the Controller’s registered office: Křtětice 8, Vodňany 389 01, Czech Republic
2. by sending an email to: info@fizishop.cz
