The security of your personal data is a priority for us. We therefore pay proper attention to personal data and their protection and we process them fully in line with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the „GDPR“) and Act No. 110/2019 Sb., on Personal Data Processing, as amended.
Arfacemask is entitled to change this Policy at any time with immediate effect. You will be informed about such changes. The latest version of this Policy is available at the footer of our Website.
Your personal data will be processed under the conditions below by arfacemask, e‑shop operator on the Website as the data controller. In order to exercise your rights relating to the processing of your personal data, you may contact us directly through our contact details:
- Postal address: arfacemask.com, Šeříková 681/4, Prague 5, 150 00
- E-mail: firstname.lastname@example.org
Our processing of personal data is both manual and automated. Automated processing of personal data is used in order to perform the contract, in particular, to ensure internal processes within arfacemask and its contractual partners that are necessary for the provision of services. Automated processing of personal data is also used if consent to sending marketing communications is granted.
The Policy thus describes the purposes and methods of personal data processing, informs about individual categories of processed personal data, their potential recipients, retention periods and your rights in relation to personal data protection.
WHAT PERSONAL DATA DO WE COLLECT:
Arfacemask may store and otherwise process personal data you provide to us in connection with the use of our services, especially when entering into a purchase agreement with us through the Website or by subscribing to our newsletters.
In particular, the following personal data are processed:
- name, surname, e-mail address, telephone number, home address, delivery address, bank account number or credit card number, other voluntarily provided information you fill in as part of the registration or order creation (such as apartment number, apartment floor etc.), and details of the purchased goods.
In connection with your activities on our Website, we further collect and process your IP address and cookies.
All personal data we process come directly from you.
FOR WHICH PURPOSES DO WE PROCESS PERSONAL DATA:
We may process your personal data for one or more of the following purposes:
- Performance of the purchase agreement and other contracts, especially managing and processing personal data to create a personal profile within our Website, managing and processing of your purchase through the Website. We use your personal information to deliver to you your ordered goods, to inform you about the status of your order or to exercise your right to withdraw from the purchase agreement or other claims;
- Creation of a user account;
- Fulfilment of legal obligations, especially keeping accounting records and fulfilling our other statutory duties;
- Protection of the controller’s legitimate interest, especially improving the quality of our services and developing new ones, protection against misuse, detection of online frauds related to payment means, prevention and settlement of payment deficiencies;
- Sending commercial communications, especially by email, SMS/MMS or postal service providers to let you know about the latest discounts, latest news, new products, promotions and other related information;
- Sending personalised commercial communications, exclusively with your consent, we may send relevant commercial communications based on analysing your preferences and display content that matches your individual needs;
- Handling buyers’ requests, especially responding to your query sent via contact details or contacting us via telephone customer support, recovery of claims and the exercise of our rights (for example in the case of a lawsuit concerning our services).
In connection with your activities and depending on the scope of your activities, the Website may process the following personal data for the following purposes:
Purposes of processing:
Login and password
performance of the contract, creation of a user account, fulfilment of legal obligations, protection of the controller’s legitimate interest, handling users’ requests
Name, surname, e-mail address, telephone number, home address, delivery address, bank account number or credit card number
performance of the contract, fulfilment of legal obligations, protection of the controller’s legitimate interest, handling users’ requests, sending commercial communications
Name, surname, e-mail address, telephone number
creation of a user account
Personal communication or correspondence
performance of the contract, protection of the controller’s legitimate interest, handling buyers’ requests
Site usage data
protection of the controller’s legitimate interest, sending commercial communications, sending personalised commercial communications
WHAT ENTITLES US TO THE PROCESSING OF PERSONAL DATA?
Arfacemask is authorized to process your personal information under at least one of the following legal bases:
- Performance of the contract. The most common legal basis for collecting and processing your personal data is the conclusion of the purchase agreement through the Website. In order to make a valid purchase agreement and make a purchase, you are required to provide us with your personal data. The establishment of your user account within the Website is also considered to be an agreement, when the conditions are agreed upon. Without providing the required personal data, you cannot create your user account.
- Compliance with legal obligations. In particular, with regard to invoicing and administration, your personal data is processed to meet legal obligations in relation to tax and other legal regulations.
- Consent. In some cases, we process your personal data based on your own consent. This includes, in particular, the consent to sending newsletters and related marketing communications. You may at any time withdraw your consent in accordance with the procedure outlined in this Policy. The non-granting or revocation of consent is not relevant to the processing of your personal data under different legal basis.
- Legitimate interests of arfacemask. We are also authorized to process your personal data for the purposes of our legitimate interests. This is especially the case of our direct marketing or the security of our Website.
TO WHOM CAN WE PROVIDE PERSONAL INFORMATION:
Particularly for the purposes mentioned above, arfacemask transfers personal data to the following partner companies, which act as processors or other controllers of personal data:
- Transporters who are responsible for delivering your ordered goods;
- Our business partners;
- Company operating our PBX for customer support purposes;
- Pay gate providers (payment card providers);
- To our tax and legal advisors in connection with the exercise of our rights;
- Partners responsible for processing returns.
When using services of personal data processors, arfacemask concludes relevant data processing agreements if they are processors of personal data.
Under certain statutory conditions, we are further required to provide or transfer your personal data to, for example, law enforcement agencies (in particular the Police of the Czech Republic) and other public authorities.
HOW LONG ARE YOUR PERSONAL DATA STORED:
We process and store your personal data only for the period strictly necessary for the above purposes. If personal data are processed on the basis of your consent, for the period of your consent (usually 5 years), unless your consent to the processing of personal data is withdrawn.
In the case of personal data processing, we handle and keep your personal data at least for the duration of the contract and until the expiry of the statutory or contractual limitation periods and deadlines for exercising the rights of defective performance or warranty for the possible performance, determination or defence of our claims.
We will process the personal data related to your registration and user account, including the data contained therein, in order to manage your account and send offers of our goods and services until you cancel it.
We may continue to process your personal data after the termination of the contract based on our legitimate interest, i.e. to protect our legal claims, for as long as necessary, but no longer than 3 years, unless a special legal regulation stipulates a longer period.
At the same time, we would like to point out that your personal data is retained in cases where legal regulation requires it, and only for the period prescribed by these laws (especially archiving deadlines for accounting and tax documents).
HOW ARE YOUR PERSONAL DATA SECURED:
All personal data that you provide and which we process are secured by standard procedures and technologies. All security measures are regularly checked, especially for any weaknesses in the system and potential attacks. At the same time, we use security measures to prevent unauthorized access to your personal data, and to provide sufficient security with respect to the state of the art. The security measures adopted are then regularly updated.
Personal data are stored on secured servers in the relevant IT systems. Access to your user account is only possible after entering your personal password. In this context, we would like to point out that it is essential that you do not share your access data with third parties and that you always log off after completing your personal activity, especially if you are using the computer together with other people. Arfacemask does not take responsibility for the misuse of the passwords.
Cookies are an essential tool for the functionality of our Website. They are a short text file that a visited webpage sends to the browser that saves it to your computer. Cookies contain information about your visit, preferred language, login information and other settings. The goal of these files is to find out how these pages are used in order to optimize their content.
Cookie settings are fully under your control. In the browser settings you can set everything according to your wishes. You can delete, block, or set that the cookies will be saved only with your given consent in each instance individually.
Depending on the purpose of use, cookies can be divided into:
- Essential cookies are needed to operate the Website. They include, for example, cookies that allow you to log in to secured parts of our Website. These cookies do not collect information about users that could be used for marketing purposes or to remember which sites users visited on the Internet;
- Performance cookies we use to improve the operation of the Website. These cookies collect information about how visitors use this Website, such as which pages visitors visit most frequently and whether they receive error messages from the Website. They also allow us to record and count the number of visitors to the Website, which allows us to track how visitors use the Website;
- Functional cookies make it easy to use and improve the functionality of the Website. They are used to activate specific features of the Website and set them up to your preference (e.g. language), in order to enhance your Website experience. At the same time, functional cookies are used to remember your preferences the next time you visit the Website;
- Targeting and advertising (profiling) cookies are used to track the preferences that you reveal through the use of the Website and to send advertising messages in accordance with those preferences.
You can find more information about our cookies and their current list through individual web browsers, most often in Developer Tools.
Different browsers can also be pre-set to automatically reject cookies or automatically display information when cookies are offered. For more information on how to manage cookies in each browser, visit the following links:
- Explorer Internet Explorer - https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Edge Microsoft Edge - https://docs.microsoft.com/en-us/sccm/compliance/deploy-use/browser-profiles
There are also many third-party applications that allow you to block or manage cookies. You can also delete cookies that were previously stored on your device by clearing your browsing history. Make sure you check the option to clear cookies when you do so.
We use marketing tools, in particular, through Google Ireland and Facebook Ireland, to help us target ads to users who have already visited our Website. The purpose and scope of the data collection, as well as the applicable rights and options for setting the scope of privacy, can be found in the information on these third-party sites, such as:
- Facebook: https://www.facebook.com/policies; and
- Google: https://policies.google.com/privacy.
More about these marketing tools can be found at:
- Facebook: https://cs-cz.facebook.com/business/ads/dynamic-ads; and
If you don't want to be addressed by our ad, you can turn off ad personalisation by following the links below:
- Facebook: https://cs-cz.facebook.com; and
- Google: https://adssettings.google.com.
We use one of Google's basic analytics tools - Google Analytics. For information on the scope and method of processing personal data processed by this company, please visit: https://www.support.google.com/analytics/answer/6004245.
WHAT KIND OF RIGHTS DO YOU HAVE WITH RESPECT TO PROCESSING OF YOUR PERSONAL DATA?
In connection with personal data processing, you have the rights listed below that you may exercise at any time under the terms stipulated in Articles 15 through 21 of the GDPR.
The right to withdraw the consent. In case of processing based on your consent, you have the right to withdraw at any time the page about your personal information that is available upon login here. Withdrawal of consent is without prejudice to the lawfulness of the processing of your personal data prior to such withdrawal. Withdrawal of consent does not affect the processing of your personal data on the basis of any different legal basis, in particular in connection with the processing necessary for performance of the contract or fulfilment of a legal obligation.
The right to access personal data. In accordance with Article 15 of the GDPR, you have the right to receive confirmation of whether and what personal data are processed by arfacemask and gain access to these personal data, including information about the purpose of the processing, categories of personal data, recipients, retention periods, personal data sources, if they have not been obtained directly from you, and whether automated decision making, including profiling takes place.
The right to rectify inaccurate data or complete incomplete data. You have the right to ask arfacemask to correct your personal data if it is inaccurate or to complete it if it is incomplete. You may make a correction or complete your personal data through your user account on our Website if you are registered.
The right to erasure / the right to be forgotten. If you ask for erasure, arfacemask will erase your personal data if: (i) they are no longer needed for the purposes for which they have been collected or otherwise processed; (ii) the processing is unlawful; (iii) you raise objections to the processing and there are no prevailing legitimate reasons for the processing of your personal data; or (iv) arfacemask is required to erase the data under legal regulations. Arfacemask will not comply with your request if any of the circumstances under Article 17 (3) of the GDPR prevents it from doing so.
The right to restriction of personal data processing. You have the right to restrict the processing of your personal data by arfacemask if: a) you deny the accuracy of your personal data (for as long as the accuracy is verified), b) the processing is unlawful and you request for the restriction of the use of your personal data instead of the deletion; c) you will need the data to determine, exercise or defend legal claims, even if arfacemask will no longer need it for further processing; or d) if you object to processing of personal data for the purposes of our legitimate interests (especially in the context of direct marketing).
The right to portability of personal data. If you want arfacemask to transfer your personal data that arfacemask processes based on your consent or data that are necessary for the performance of the contract to a third entity, you may exercise your right to data portability. If the exercise would adversely affect rights and freedoms of other persons, arfacemask will not be able to comply with your request.
The right to object. You have the right to raise an objection to the processing of personal data that are processed for the purposes of performing a public service task or in the exercise of public authority or for the purposes of protecting arfacemask’s legitimate interests. If arfacemask does not prove that there is a serious legitimate reason for the processing which takes precedence over the interest or rights and freedoms of the customer, arfacemask will terminate the processing based on the objection without undue delay.
Automated individual decisions. You have the right not to be the subject of a decision based solely on automated processing, including creating profiles that have legal effects for you or will have a similar effect, unless one of the legal exceptions applies.
The right to file a complaint. You have the right at any time to file a complaint with the Supervisory Authority, which is the Office for Personal Data Protection (www.uoou.cz) in Czech Republic, regarding the processing of your personal data.
In the event of repeated or apparently unjustified requests for the exercise of the above rights, arfacemask is entitled to charge an appropriate fee for the exercise of the right, or to refuse its exercise. We would inform you about the procedure in advance.
Arfacemask reserves its right to verify the identity of the person requesting the exercise of rights in accordance with Article 12 (6) of the GDPR.
Prague, 4. 5. 2020