Privacy Policy

I.

Initial provisions

  1. Pursuant to the Article 4 (7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”) the administrator of personal data is Oleksandr Dzjula
    Reg. No.: 06360424, having his legal address at Opařany 132, Opařany, 391 61 (hereinafter referred to as the “Administrator”).
  2. The contact data of the Administrator:

address: Opařany 132, Opařany, 391 61

email: info@orangerent.cz

phone: +420 605 857 988

  1. Personal Data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, either directly or indirectly, in particular by reference to a certain identifier, such as name, identification number, location data, network identifier, or one or more specific physical, physiological, genetic, psychological, economic, cultural or identity of the individual.
  2. The Administrator had not appointed any representative for personal data protection.

II.

Sources and categories of the processed personal data

  1. The Administrator processes the personal data You have provided, or personal data acquired by him upon performance of Your order.
  2. The Administrator processes Your identification and contact data, as well as data indispensable for performance of the contract.

III.

Legal reason and purpose of personal data processing

  1. The legal reason for personal data processing is
  • performance of the contract executed between You and the Administrator as stipulated in the Article 6 section 1 letter b) of the GDPR,
  • rightful interest of the Administrator in provision of the direct marketing (namely for sending of business messages and newsletters) as stipulated in the Article 6 section 1 letter f) of the GDPR,
  • Your consent with the processing for the purposes of provision of the direct marketing (namely for sending of business messages and newsletters) as stipulated in the Article 6 section 1 letter a) of the GDPR in combination with the § 7 section 2 of the Act No. 480/2004 Coll., the Act on some services of information company (in case no goods or services have been ordered).
  1. The purpose of personal data processing is
  • processing Your order and exercising the rights and obligations arising from the contractual relationship between You and the Administrator. When ordering, personal data required for successful execution of the order (name and address, contact) are required, the provision of personal data is a necessary requirement for the conclusion and performance of the contract;
  • sending of business messages and execution of other marketing activities.
  1. There is no automatic individual decision made by the Administrator within the meaning of the Article 22 GDPR.

IV.

Term of personal data storage

  1. The Administrator stores the personal data
  • for the period necessary to exercise the rights and obligations arising from the contractual relationship between You and the Administrator and the exercise of claims under these contractual relationships (for 15 years after the termination of the contractual relationship),
  • for as long as the consent to the processing of personal data for marketing purposes is revoked, for a maximum of 3 years, if personal data are processed by consent.
  1. After the personal data retention period has expired, the Administrator deletes personal data.

V.

Recipients of personal data (Administrator’s subcontractors)

  1. Recipients of personal data are persons
  • participating in supply of goods / services / realization of payments upon the contract,
  • providing web operation services (THINline s.r.o.) and other services related to e-shop operation,
  • providing marketing services.
  1. The Administrator intents to handover the personal data to the third country (outside the EU) or to the international organization. The recipients of personal data in the third countries are mailing / cloud services providers.

VI.

Your rights

  1. Pursuant to the conditions set forth in the GDPR You have the following rights:
  • to access Your personal data pursuant to the Article 15 of the GDPR,
  • to correct Your personal data pursuant to the Article 16 of the GDPR, or to restrict the processing pursuant to the Article 18 of the GDPR,
  • to delete Your personal data pursuant to the Article 17 of the GDPR,
  • to file a claim against the processing pursuant to the Article 21 of the GDPR,
  • to transferability of the data pursuant to the Article 20 of the GDPR,
  • to revoke the consent with the processing in writing or electronically to the mailing address or email set forth in the Article III hereof.
  1. Further, You have the right to lodge a claim to The Office for Personal Data Protection in case You consider Your right for personal data protection has been violated.

VII.

Conditions of securing of personal data

  1. The Administrator proclaims he took all necessary technical and organization measures to secure the personal data.
  2. The Administrator took technical measures to secure the data and personal data storages in the paper form, namely:

1.1.1   pseudonymization and encryption of personal data;

1.1.2. the ability to ensure the continuing confidentiality, integrity, availability and resilience of processing systems and services – the measures in place and their proper functioning will be regularly checked;

1.1.3    the ability to restore and access personal data in a timely manner and in the event of physical or technical incidents;

1.1.4    the process of regular testing, assessment and evaluation of the effectiveness of the technical and organizational measures put in place to ensure processing safety;

1.1.5   multi-level firewall;

1.1.6   antivirus protection and check of unauthorized access;

1.1.7   encrypted data transfer;

1.1.8   access to personal data is granted solely to the authorized persons of the Provider;

1.1.9   servers with personal data are locked in the Provider’s data center; and

1.1.10 data backups are made to a separate geographic location, data is encrypted during transmission and after storage, and only authorized Provider personnel have access to it.

  1. The Administrator proclaims that the personal data are accessed only by him authorized persons.

VIII.

Final provisions

  1. By submitting an order from the online order form, You acknowledge that You are familiar with the Privacy Policy and accept it in its entirety.
  2. You agree to these terms by ticking the consent via the online form. By ticking the consent You acknowledge that You are familiar with the Privacy Policy and accept it in its entirety.
  3. The Administrator is entitled to amend this Policy. The Administrator will publish a new version of the Privacy Policy on his website, and at the same time he will send You a new version of this Policy to Your e-mail address provided to the Administrator.

This Policy is effective upon 19.04.2019 [DD.MM.YYYY]