gdpr
Information on the Processing of Your Personal Data
The processing of personal data of visitors on the website spiritdrinks.cz, operated by Spirit Goods s.r.o., with its registered office at Hřbitovní 92/35, 664 51 Šlapanice, Czech Republic, Identification Number: 28349857, registered in the Commercial Register kept by the Regional Court in Brno, Section C, Insert 62996 (hereinafter referred to as the “Controller”), is governed by the provisions of:- Act No. 110/2019 Coll., on the Processing of Personal Data in its current version (hereinafter referred to as the “Act”), effective in the Czech Republic since April 24, 2019;- General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”), effective across the EU since May 25, 2018;- Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (hereinafter referred to as the “Directive”);- Act No. 374/2021 Coll., on Electronic Communications (hereinafter referred to as “ZEK”); and- Act No. 634/1992 Coll., on Consumer Protection and legal regulations precisely named in Paragraph 13, Article I of the General Terms and Conditions.
The operator of the website spiritdrinks.cz, where the business presentation of Spirit Goods s.r.o. is located, informs visitors and users that the amendment to ZEK effective from January 1, 2022, imposes the obligation on the website operator to store cookies only with the active consent of the visitor.
The website operator is required to:- Obtain active consent from the user for collecting cookies via a cookie banner, ensuring that the consent complies with the requirements of GDPR and the Act.- Allow the user to actively choose what information they provide to the operator via cookies.- Collect only functional cookies, which are necessary to ensure the technical functionality of the website, if the user does not make any selection. The operator clarifies that there are functional, marketing, analytical, and preference cookies.
Cookie regulations in the Czech Republic are implemented within ZEK, transposing the Directive, which aims to:- Respect fundamental rights and uphold principles recognized particularly in the Charter of Fundamental Rights of the European Union;- Fully comply with the rights set out in Articles 7 and 8 of the Charter of Fundamental Rights of the European Union;- Prohibit the retention of communications without the user’s consent, and ensure that information is not kept longer than necessary, maintaining confidentiality during this period.
According to Paragraph 26 of the Directive, data on participants processed within electronic communication networks for establishing connections and transmitting information include private life details of individuals and relate to the right to privacy of their correspondence or legitimate interests of legal entities. Such data may only be retained to the extent necessary for service provision for billing and payment purposes, and for a limited time. Any further processing for marketing, communication services, or providing value-added services is permissible only with the participant’s informed consent. Operational data used for marketing communication services or value-added services should be erased or anonymized after the service provision. Service providers must always inform participants about the type of processed data, purposes, and duration of such processing.
- User: A natural person using a publicly available electronic communication service for private or business purposes, not necessarily a subscriber to the service.- Operational data: Data processed for the purpose of transmitting a communication in an electronic communications network or for billing purposes.- Location data: Data processed in an electronic communications network indicating the geographic location of the terminal equipment of a user of a publicly available electronic communications service.- Communication: Information exchanged or transmitted between a finite number of parties through a publicly available electronic communications service.- Call: A connection established through a publicly accessible telephone service enabling two-way communication in real time.- User or subscriber consent: Corresponds to the consent of the data subject.- Value-added service: A service requiring the processing of operational or location data other than operational data to the extent necessary for transmitting a communication or billing purposes.- Electronic mail: Text, voice, sound, or image message sent via a public communications network, which can be stored in the network or recipient’s terminal equipment until retrieved by the recipient.
The Controller collects and processes necessary personal data of its potential customers or buyers for the purposes of:- Communication through a completed contact form.- Processing orders, including the buyer’s name, surname, address, phone number, email address, and other details necessary for identification and order fulfillment.- Handling complaints, requiring similar personal details as for order processing.- Sending newsletters, based on the buyer’s consent and legal provisions.
The Controller is obligated to implement technical and organizational measures to prevent unauthorized or accidental access to personal data, alteration, destruction, loss, unauthorized transmission, or other unauthorized processing or misuse. This obligation continues even after the personal data processing has ended. The Controller must also ensure the protection of personal data in accordance with the Act and other legal regulations, keeping documentation of these measures for the duration of personal data processing.
Visitors have the right to request an explanation from the Controller if they believe their personal data is being processed contrary to the protection of their private and personal life or if the data is inaccurate for the intended processing purpose. Buyers can also demand that the Controller rectify, supplement, or delete the personal data in question. If the request is justified, the Controller must promptly rectify the situation and inform the buyer.
If the Controller breaches its obligations under the Act, it is liable for any damage caused. The responsible person is the executive director Ing. Martin Lošťák.
The Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Prague 7, is the central administrative authority for personal data protection, established by Act No. 101/2000 Coll. Buyers who believe their personal data is being mishandled by the Controller have the right to file a complaint with the Office for Personal Data Protection.
For more information, visit uoou.cz or contact posta@uoou.cz.
These Information Policies are effective as of May 30, 2024.