The personal data controller referred to in Article 4(7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter called as “the GDPR”) is Systemia s.r.o. (hereinafter called as “the Controller”).
The Controller has not appointed any Data Protection Officer.
Contact details of the Controller
Systemia s. r. o., reg. no. 28513177, VAT no. CZ28513177 (VAT payer)
address: Smetanova 131, 250 82 Úvaly, Czech Republic
website: www.tropiko.eu, www.tropiko.de, tropiko.at, www.tropiko.pl, www.tropiko.sk
telephone: +420 281864404
Personal data means any information about an identified or identifiable natural person who is an interested party or a buyer (hereinafter called as “the Interested Party”).
An identifiable natural person is a natural person who can be identified directly or indirectly, in particular by reference to a particular identifier (such as a name, address, telephone and email).
The Controller processes the personal data provided by the Interested Party or received by the Controller on the basis of an order.
The Controller processes the identification and contact details and data necessary for the contract performance.
The purpose of data processing is as follows:
- Handling of the Interested Party’s order.
- Sending of commercial communications and marketing activities.
The legitimate purpose of data processing is as follows:
- The performance of the contract between the Interested Party (buyer) and the Controller under Article 6(1)(b) of the GDPR.
- The Controller’s legitimate interest in providing direct marketing under Article 6(1)(f) of the GDPR.
- The Interested Party’s consent to data processing for the purpose of providing direct marketing (in particular for sending commercial communications and newsletters) in accordance with Article 6(1)(a) of the GDPR in conjunction with Section 7(2) of the Act No. 480/2004 Coll., on Certain Information Society Services in the Event of Non-Order of Goods or Services.
When ordering, personal data is required to handle an order successfully (name and address, contact person). The provision of personal data is a necessary prerequisite to conclude and perform a contract. It is not possible to conclude a contract or to execute it by the Controller without the personal data provision.
The Controller makes individual decisions in an automated way within the meaning of Article 22 of the GDPR. The Interested Party gives his/her explicit consent to such processing.
The Controller shall retain the personal data:
- For the period necessary to exercise rights and obligations arising from the contractual relationship.
- Until the consent to the personal data processing for marketing purposes is revoked, however for a maximum of 20 years.
After the retention period of the personal data has expired, the Controller shall destroy the personal data.
Personal data recipients
Personal data recipients are persons involved in the delivery of goods and services (carriers), payments, e-shop operation and marketing services.
The Controller does not transmit personal data to non-EU countries or to international organizations.
Interested Party’s Rights
Under the terms and conditions set out in the GDPR, the Interested Party shall have:
- a right of access to his/her personal data under Article 15 of the GDPR;
- a right to rectification of his/her personal data under Article 16 of the GDPR, and a right to restriction of processing under Article 18 of the GDPR;
- a right to erasure of his/her personal data under Article 17 of the GDPR;
- a right to object to processing of his/her personal data under Article 21 of the GDPR;
- a right to data portability under Article 20 of the GDPR;
- a right to withdraw his/her consent in a message sent in writing or electronically to the Controller’s e-mail;
- a right to file a complaint with the Data Protection Office of the Czech Republic provided the data protection rights have been violated.
Personal data security
The Controller has taken all appropriate technical and organizational measures to safeguard personal data.
The Controller has taken technical measures to secure data and documents.
Only authorized person(s) of the Controller can access personal data.
The Interested Party agrees to these terms and conditions by ordering goods or services.