Protection of personal data

1. Basic provisions

  1. The personal data controller pursuant to Art. Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as 'GDPR') is Patrik John, IČ: 18036741, with its registered office at V Sobotín 239, 788 16 (hereinafter referred to as 'controller').
  2. The contact details of the controller are:
    address: Sobotín 239, 788 16
    email: info@lostgen.eu
    Phone: +420 775396007
  3. According to GDPR, Article 4, personal data means: any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  4. The Controller has not appointed a Data Protection Officer.

2. Purpose of processing, sources, categories and recipients of processed personal data

  1. The Controller processes the personal data that you have provided to him / her or the personal data that the Administrator has obtained on the basis of the performance of your order.
  2. The Controller processes your identification and contact details and data necessary for the performance of the contract.

3. Legal reason and purpose of personal data processing

  1. The legal reason for the processing of personal data is
    • performance of the contract between you and the administrator pursuant to art. 6 par. 1 letter b) GDPR (hereinafter referred to as "Performance of a contract"),
    • the legitimate interest of the administrator in providing direct marketing (in particular for occasional sending of commercial communications and newsletters) pursuant to art. 6 par. 1 letter f) GDPR (hereinafter referred to as "Legitimate interest"),
    • Your consent to processing for the purposes of providing direct marketing (in particular for sending occasional commercial communications and newsletters) pursuant to Art. 6 par. 1 letter a) GDPR in conjunction with § 7 para. 2 of Act No. 480/2004 Coll., on certain information society services in the event that no goods or services have been ordered (hereinafter referred to as "Consent).
  2. The purpose of personal data processing is
    • processing your order and exercising the rights and obligations arising from the contractual relationship between you and the administrator; when ordering, personal data are required that are necessary for the successful execution of the order (name, surname and address, contact), the provision of personal data is a necessary requirement for the conclusion and performance of the contract, without the provision of personal data it is not possible to conclude the contract or to perform it by the administrator,
    • occasional sending of business messages and other marketing activities.
  3. There is no automatic individual decision-making on the part of the administrator within the meaning of art. 22 GDPR.

Overview for the administrator role:

Legal ground Purpose Data Data source Recipients of personal data (processors)
Performance of the contract Order processing and response to the inquiry sent via the contact form, email Personal data of clients (contact details, delivery address) E-mail communication, contact form Subcontractors (Czech Post, bank), cloud storage, printed documents
Performance of the contract Bookkeeping Personal data of suppliers, customers (contact details, place of residence, sometimes dates of birth) Invoice Printed documents
Legitimate interest Providing direct marketing (especially for sending business messages and newsletters) Client contact details Information from orders Mailing services, cloud storage, subcontractors
Legitimate interest Routine traffic analysis, detecting server errors, and preventing fraud and server attacks Pseudonymized identifiers of registered users such as UserID, IP address, etc. User navigation on the site, registration and creation of anonymized user ID, page view with error Google Analytics, web hosting services, or other analytical services
Assent Advanced traffic analysis Track users' movements on the site and fill out forms Move the user on the web, move the mouse, click, type on the keyboard Services for tracking the user's movement on the web
Assent Marketing and promotion of the website Emails, lead names, IP addresses and other technical identifiers Newsletter form Web hosting company and email sending services

Assent

 Post a customer review Customer name, photo, email E-mail communication, contact form Cloud storage, mailing services
Assent Profiling to display targeted content on the web and in direct marketing (newsletters) View pages of specific products that a user is viewing Clicking on links to product details Web hosting company

4. Data retention period

  1. The Controller stores personal data
    • for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the administrator and to exercise claims arising from these contractual relationships (for a period of 15 years from the termination of the contractual relationship).
    • for the period until the consent to the processing of personal data for marketing purposes is withdrawn, if personal data are processed on the basis of consent.
  2. Upon expiry of the personal data retention period, the controller shall erase the personal data.

5. Recipients of personal data (subcontractors of the controller)

  1. The recipients of personal data are persons
    • involved in the delivery of goods and the implementation of payments under a contract (bank, Czech Post),
    • providing e-shop operation services (hosting) and other services in connection with the operation of the e-shop (web administration),
    • providing delivery services (Czech Post)
  2. The administrator intends to transfer personal data to a third country (to a non-EU country) or to an international organization. The recipients of personal data in third countries are providers of mailing services, data storage, files and analysis tools who have servers stored in third countries.

6. Your rights

  1. Under the conditions set out in the GDPR, you have
    • the right of access to your personal data pursuant to Art. 15 GDPR,
    • the right to rectification of personal data pursuant to Art. 16 GDPR, or restriction of processing pursuant to Art. 18 GDPR.
    • the right to erasure of personal data pursuant to Art. 17 GDPR.
    • the right to object to processing pursuant to Art. 21 GDPR a
    • Right to data portability pursuant to Art. 20 GDPR.
    • the right to withdraw consent to processing in writing or electronically to the e-mail address of the administrator referred to in art. 1 of these Terms.
  2. You also have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.

7. Terms of security of personal data

  1. The administrator declares that he has taken all appropriate technical and organizational measures to secure personal data.
  2. The Administrator has taken technical measures to secure data repositories and personal data repositories in paper form, in particular the security of the data storage with a password, antivirus program, locking the locker with printed orders and invoices in a lockable space.
  3. The administrator declares that only persons authorized by him have access to personal data.

8. Final provisions

  1. By submitting an order from the online order form, you confirm that you are familiar with the privacy policy and that you accept it in its entirety.
  2. You agree to these terms by ticking the consent via the online form. By ticking the consent, you confirm that you are familiar with the privacy policy and that you accept it in its entirety.
  3. The administrator is entitled to change these terms. The new version of the terms and conditions will be published on its website and at the same time the new version of these terms will send you the new version of these terms and conditions your e-mail address that you have provided to the administrator.

9. Information about cookies

In order to improve the quality of services, personalize the offer, collect anonymous data and for analytical purposes in its presentation, the Controller uses the so-called Newsletter. Cookies. By using the Site, the User agrees to the use of said technology.

  • Functional cookies – Cookies strictly necessary to ensure the operation of websites and internet services. Consent is not required for the use of these cookies.
  • Performance cookies – Cookies used for anonymous monitoring of site traffic and performance. Consent is not required for the use of these cookies.
  • Marketing cookies – Cookies falling into this category may be used to track user activity on our website. Thanks to this, we can track what customers like and improve our services or better target advertising on social networks. Consent is required for the use of these cookies.