Tamara Concept One s.r.o.
Dear Sir or Madame,
What is personal data?
Personal data means any information relating to an identified or identifiable natural person (a “Data Subject”); an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as name, identification number, location data, network identifier, or one or more specific features of physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Who is the personal data controller?
The controller of your business data is the company Tamara Concept One s.r.o., Company ID No. 08999848, registered office Polská 1505/40, Vinohrady, 120 00 Prague 2, incorporated in the Companies Register kept by the Municipal Court in Prague under reg. No. C 328954, firstname.lastname@example.org. Where this document refers to a personal data controller, it means this controller (the “Controller”). The Controller has not appointed a data protection officer.
Any questions regarding the processing of personal data should be sent by e-mail to the Controller’s e-mail address: email@example.com or in writing to the Controller’s registered office Polská 1505/40, Vinohrady, 120 00 Prague 2.
Whose personal data is processed by the Controller?
For the purposes of providing the offered goods and services, the Controller processes the data of the following persons: e-shop customers, potential business partners and their representatives, and/or other contact persons, e-shop users, persons interested in provided services and goods, and website visitors.
What categories of personal data are processed?
In order for us to provide the goods offered, the Controller processes the following categories of personal data:
- Basic personal identification data, address data of persons listed in point 3):
- Academic degree of natural persons
- Name and surname of entrepreneurial natural persons
- Company name of natural persons
- Date of birth of natural persons
- Sex of natural persons
- Company ID No. of entrepreneurial natural persons
- Tax ID No. of entrepreneurial natural persons
- Function of natural persons acting on behalf of a legal entity
- Permanent residence address of natural persons (street, building No., any other detailed information about the address, postal code, city, state)
- Registered office address of entrepreneurial natural persons (street, building No., any other detailed information about the address, postal code, city, state)
- Invoicing address of entrepreneurial natural persons
- Identification data of the executive representative of (entrepreneurial) natural persons or the contact person of (entrepreneurial) natural persons
- Bank details of (entrepreneurial) natural persons
- Signature of (entrepreneurial) natural persons
- Contact details of persons referred to in point 3):
- Contact telephone number for the purpose of communication with a natural person
- Contact e-mail address for the purpose of communication with a natural person
- Information about services and goods
This includes data on provided services and purchased goods
- Specification of service or goods
- Type of services or goods
- Data on the use of the provided service or goods
- Price for providing a service or purchasing goods
- Information on payment for providing services or purchasing goods
- Data processed in connection with the operation of the website. These are the categories of data that are processed by the Controller in connection with the use of the website:
- Date and time of visiting our website www.deasportswear.com ;
- Website activity data (cookies)
- The user’s IP address and other technical information about the device from which the website is viewed
- When creating an order and / or user account (especially) – Name and surname, Delivery address, E-mail address, Phone, Password for the user account
- Other data related to the company’s activitiesIn connection with the company’s offer of goods, the company may randomly receive and process other types of personal data that is related to the offered goods and which cannot be specified in advance. If such a situation occurs, the Controller will inform you in accordance with the provisions of Articles 13 and 14 of GDPR.
- Personal data of persons under 15 years of age.
Our company does not offer services and goods to persons under 15 years of age and therefore does not process their personal data.
- Basic personal identification data, address data of persons listed in point 3):
What is the legal basis and purpose of processing the personal data?
A legal basis is required for each individual processing of personal data within the meaning of GDPR. These reasons may vary from situation to situation. These are the main reasons:
Processing of personal data on the basis of legal regulations and contracts
Our company is legally required process certain categories of personal data, and certain personal data must be processed in connection with established contractual relationships, i.e., under a concluded purchase contract, between our Company and you. Without you providing and us processing such personal data, we are unable to provide our services, especially sale of goods offered by the Company. Any person who is interested in our services, especially in the purchase of goods offered by us, will have to provide such categories and personal data. Personal data provided under legal regulations and/or contract may not be erased or anonymized at your request.
Personal data is processed on the basis of legal regulations and/or contract pursuant to Art. 6(1)(b) of GDPR, in particular for the following purposes:
- Your identification and contacting for the purposes of concluding and performing the contract, i.e., concluding and performing the contract;
- preparation of invoices for provided goods, i.e., performance of the contract;
- fulfilment of legal accounting and tax obligations by our company, i.e., fulfilment of legal obligations;
- fulfilment of obligations by our company arising from legal regulations in connection with criminal proceedings, including the obligation to provide cooperation to the Police of the Czech Republic and other state authorities; i.e., fulfilment of legal obligations.
Processing of personal data for the purpose of protecting the legitimate interests of our company
Our company also processes your personal data in situations where it is necessary to protect our legitimate interests, which is carried out after careful consideration of individual cases and comparison of the legitimate interests of our company and your interests and rights and freedoms. Your consent is not required to process such personal data; persons who disagree with such processing of personal data may raise an objection against the processing of personal data with the Controller. In order to protect the legitimate interests of our company, personal data is processed mainly for the following purposes:
- taking precautionary measures against incurrence of outstanding debts;
- monitoring data on the progress of contractual relations, including data on payments made, for the purpose of evaluating the possibility of continuing business relations;
- Providing all necessary information about our company for the purpose of negotiations with investors and potential buyers of our company;
- enforcing legitimate claims of our company against third parties, including debtors;
- providing legal advice to our company in all necessary matters, especially in matters of debt collection and disputes with third parties, ensuring the defence of our company, etc.;
- keeping records of debtors of our company;
- sending business communications in connection with the offer of our company’s services and goods, i.e., so-called direct marketing; direct marketing will take place until the data subject raises an objection against it;
- transfer of your personal data for internal administrative and accounting purposes outside our company.
Processing of personal data based on consent granted
Some processing of personal data may only take place with your prior consent. You many revoke your consent at any time (e.g., by a written communication sent to the address of the Controller’s registered office or by an e-mail sent to the Controller’s e-mail address). In the event of revocation of your consent, your personal data will be erased or anonymized; however, please note that your personal data will not be erased or anonymized if the same data is also processed for another reason (e.g., on the basis of legal regulations). Revocation of your consent does not affect the lawfulness of the processing of the personal data before the revocation of the consent.
On the basis of a consent of a data subject, the following personal data, in particular, is processed:
- Processing of cookies from the website www.deasportswear.com – cookies are processed if you have cookies enabled on your computer or mobile device and you express your explicit consent to their use when visiting the www.deasportswear.com. Cookies are processed to ensure the quality of operation of the website www.deasportswear.com. Cookie processing can be disabled in the settings of your web browser;
- information on the use of the services and/or goods offered, benefits and bonuses offered, returning customers, total profitability and data on typological behaviour of the user of the website www.deasportswear.com, the impact of possible advertising and retargeting.
How long is personal data processed?
Personal data is processed only for the time strictly necessary:
- if our company provides you with goods or services, your basic personal, identification, and contact data, data on provided services or goods, and data on mutual communication for the duration of the contractual relationship and of the limitation period (i.e., usually three years from the expiry of the purchase contract and/or another legal relationship) will be processed in our customer database;
- if you we negotiated conclusion of a contract with you, but the contract was not eventually concluded, the personal data will be processed for a period of six months from the end of the pre-contractual negotiations;
- information relating to outstanding debts is processed until the claim expires or is time-barred.
- Issued and received tax documents are archived for a period of 10 years from their issuance (Section 35 of Act No. 235/2004 Coll., on Value Added Tax, as amended)
- legal reasons for issuing invoices are archived for a period of 10 years from the date of termination of the contract, including respective business contracts and related documentation (Section 35 of Act No. 235/2004 Coll., on Value Added Tax, as amended);
- basic network identifiers are processed from the moment of access to the website www.deasportswear.com and are archived for a period at least of 48 hours from the moment of the last access to the website by 18 months;
- personal data processed on the basis of a granted consent is archived for a period of five years or until revocation of the consent to the processing.
In addition to the above, we may continue to store your personal data if you grant us your explicit consent for this purpose.
Where do you obtain personal data?
Personal data that we process is usually provided directly by data subjects within the meaning of GDPR, i.e., from you. At the same time, we also obtain your personal data from publicly available sources, which data we check for correctness. This includes, in particular, public registers and collections of documents pursuant to Act No. 304/2013 Coll., on Public Registers of Legal and Natural Persons, as amended, from the Trade Register within the meaning of Act No. 455/1991 Coll., on Trade (Trade Act), as amended, from the Land Register pursuant to Act No. 256/2013 Coll., on Land Register (Land Register Act), as amended, from the Insolvency Register pursuant to Act No. 182/2006 Coll., on Bankruptcy and Methods of Resolution (Insolvency Act), as amended, from the Central Register of Distraints pursuant to Act No. 120/2001 Coll., on Court Distrainors and Distraints (Distraint Code), as amended, from the Register of Value Added Tax Payers within the meaning of Act No. 235/2004 Coll., on VAT, as amended, and from the records and lists of documents on community property and pledges pursuant to Act No. 358/1992 Coll., on Notaries and Their Activities (Notarial Code), as amended.
Whom is personal data transferred to?
Our company cooperates with a number of experts (suppliers) in the performance of its legal obligations, contractual obligations, in the protection of its legitimate interests, and in all other activities related to the collection and processing of personal data. This includes the following categories of persons / processors of personal data: suppliers of accounting and tax services, lawyers, forensic experts, suppliers of IT systems and services, postal and transportation services, etc. However, these processors of your personal data are not entitled to use the personal data in any way; our suppliers are also prohibited from handling the personal data in violation of our instructions and in violation of the concluded contract. In addition, your personal data is only provided to these persons to the extent necessary. Your personal data is processed by persons with the registered office in the Czech Republic and in another Member State of the European Union. We transfer your personal data to third countries (i.e., countries outside the European Union) only in accordance with the conditions of admissibility set out in Articles 44 to 49 of GDPR.
We will send you a list of suppliers who receive your personal data upon your request. Your personal data is also transferred to state authorities in accordance with the law (Art. 6(1)(c) of GDPR and Art. 6(1)(f) of GDPR).
Do you carry out special procedures in the processing of personal data?
We do not use any automated decision-making, profiling, or other unusual technology in the processing of your personal data.
What are your rights in connection with the processing of your personal data?
Right to object against processing of personal data
Pursuant to Article 21 of GDPR, anyone whose personal data is processed has the right to object to the processing of the personal data according to Art. 6(1)(e) to (f) of GDPR, including against processing in the form of profiling based on these provisions.
The Controller may not further process your personal data unless it proves binding legitimate reasons for the processing which prevail over your interests or rights and freedoms or for the determination, exercise, or defence of our claims.
For the sake of completeness, however, please note that the exercise of this right does not affect the lawfulness of the processing of your personal data processed before the exercise of this right.
Right to access
Under this right, pursuant to Article 15 of GDPR, you have the right to know whether our company processes your personal data (i.e., the right to obtain confirmation that your personal data is being processed), what categories of your personal data are processed, for what purposes, for what period, where your personal data is obtained, to whom it is transferred (i.e., to whom your personal data will be made available under the conditions set out above and in related legislation), who processes your personal data in addition to our company, whether you have the right to request correction and erasure of your personal data, whether you have the right to file a complaint with the supervisory authority, and other information in accordance with Article 15 of GDPR. However, please note that in the event that the exercise of your right of access could or would adversely affect the rights and freedoms of third parties, it cannot be ruled out that we will not provide you with the information requested by you.
Right to rectification of inaccurate and/or incomplete data
In the event that you become aware of that your personal data processed by our company is inaccurate or incomplete, you have the right, pursuant to Article 16 of GDPR, to have them rectified or supplemented without undue delay after you notify us thereof. Considering the purpose of processing, you have the right to request provision of an additional statement on the rectification/supplementing your personal data.
Right to erasure (“right to be forgotten”)
Pursuant to Art. 17(1) of GDPR, you have the right to have the Controller erase your personal data without undue delay in the event one of the reasons stated in this Article of GDPR arises. If any information you request to be erased has been disclosed, the Controller must take reasonable steps in view of available technology and cost of such steps, including technical measures, to inform the controllers who process your personal information that you are requesting them to delete all references to such data, including copies and replications thereof.
Right to restrict the processing of personal data
You also have the right, in situations referred to in Art. 18(1)(a) to (d) of GDPR, to restrict the processing of your personal data. For the sake of completeness, however, please note that the exercise of this right does not affect the lawfulness of the processing of your personal data processed before the exercise of this right.
Right to portability
Pursuant to Article 20 of GDPR, you also have the right to obtain from our company all your personal data which you have provided to us in connection with the performance of the contract or on the basis of your consent and which is processed automatically. Your personal data will then be provided to you in a structured, commonly used, and machine-readable format. At the same time, you have the right to request the transfer of this personal data to another controller (you have the right to request that your personal data is transferred by us directly to a controller designated by you, if this is technically feasible). This right can be exercised only for such personal data that is processed automatically on the basis of the performance of a contract or on the basis of your consent.
Right to revoke consent
If the reason for processing your personal data is your consent, you have the right to revoke that consent at any time (see Article 6, point C above). For the sake of completeness, however, please note that the exercise of this right does not affect the lawfulness of the processing of your personal data processed before the exercise of this right.
Right to information about recipients of personal data
Pursuant to Article 19 of GDPR, we have the right to notify you of all recipients of your personal data in the event of rectification or erasure of your personal data or of restriction of the processing of your personal data. At the same time, you have the right to request information about the recipients of your personal data.
Right not to be subject to decision based solely on automated processing
Pursuant to Article 22 of GDPR, you also have the right not to be subject of any decision based solely on automated processing, including profiling, which has legal effects for you or which applies to you in a similar way. In this context, however, please note that we do not carry out any automated decision-making without the influence of human judgement that would have legal effects and/or similar effects for you (see Article 10 above).
Right to file complaint with the supervisory authority
If you suspect that GDPR has been violated in connection with the processing of your personal data, you can file a complaint with the supervisory authority, which is the Office for Personal Data Protection, located at the address Pplk. Sochora 27, 170 00 Prague 7.
How is my personal data protected as regards cookies?
A cookie is tiny data file that the server www.deasporswear.com sends to a browser which stores it on the user’s computer or mobile phone; this data, which is used to distinguish users, is then used by the browser during each subsequent visit to this server.
Visitors of the e-shop at the website www.deasposrtswear.com is informed that cookies appear on the website By using the website, the visitor agrees to their use.
Cookies are used, for example, to remember access data to sign in to a user account or to store customer data. Cookies are also be used to store data on customers’ favourite goods. Also, cookies are used to validate signing in to user accounts and check goods in the shopping cart. Cookies are also used for the collection of statistical data and determining analytical tools to optimize the e-shop websitewww.deasportswear.com.
When processing and using a cookie, the identification data of the cookie will be linked to the personal data of the data subject, which was provided during its creation. The identification data of the cookie file will be linked to the data subject only when creating a user account on the website www.deasportswear.com. The legal basis for the processing of cookies is our legitimate interest (see Article 6.B above).
The data subject may delete cookies from their computer or mobile device in the browser (cookies may also be disabled or set to receive notifications each time a new cookie file is sent to the data subject’s computer or mobile device).
How do I exercise my rights?
You can exercise the above-mentioned rights by a written request sent to the address of the Controller’s registered office or by a written request signed by a qualified electronic signature sent to the Controller’s e-mail address firstname.lastname@example.org. The Controller is obliged to identify persons filing such requests; therefore, you may be asked to prove your identity (for such purposes, a request for identification will be sent to you by post or e-mail).
The Controller has one month to process your request; in justified cases, this period may be extended by another two months. You will be notified in advance by the Controller of any extension of that period.
Your request for exercising your rights must also state how you wish to be replied to; if the request does not contain this information, the Controller will only send you a reply by e-mail. If your request is clearly unfounded and/or if your request is harassing and/or repeats within a short period of time, the Controller may charge you a fee for the provision of information on the processing of your personal data.
Statement of the Controller on the protection of personal data
The Controller declares that it has taken all appropriate technical and organizational measures to secure personal data and to secure data repositories and personal data repositories in paper form, in particular, it uses a specialized database for these purposes while using encrypted access to the account (i.e. backup hosting, encrypted passwords, limited access to databases, password access, system and application antivirus programs). The Controller declares that only the Controller and its authorized persons gain access to personal data.
The Controller reserves the right to change these terms. The Controller will publish a new version of the terms of personal data protection on its website.