trading company Higarden s.r.o.
based in K žižkovu 640/1 Praha 9 19000, Czech Republic
identification number: 242 88 128
for the sale of goods through the online store
By browsing this Higarden web interface or contacting Higarden via the contact form, e-mail phone, social media, or providing Higarden with any kind of personal information, Higarden stores and processes your personal information. This document informs you, in accordance with legal regulations, how personal data is processed and the rights that result from the processing of personal data.
1. WHO IS THE ADMINISTRATOR OF YOUR PERSONAL DATA?
The administrator of your personal data is Higarden s.r.o., with a registered office at K žižkovu 640/1 Praha 9 19000, Czech Republic, identification number: 04319346, e-mail: firstname.lastname@example.org, tel.: 777 968 622 (hereinafter referred to as the “Administrator").
2. IN WHAT SITUATIONS WILL WE PROCESS YOUR DATA?
A) WITH YOUR CONSENT
Legal title: Agreement.
We will ask you for the agreement if we have no other similar relationship with you that meets the requirements of processing your personal data without your consent (recital 47 of the General Data Protection Regulation (hereinafter referred to as the “GDPR”) and you want to receive:
- receive marketing offers;
- receive commercial communications;
- receive the benefits of our customer program;
If you give us your consent to process your personal data under this clause for sending marketing offers, commercial communications, or to receive the benefits of the Administrator's customer program, you may at any time withdraw such consent in writing to the Administrator’s address or electronically to: email@example.com.
B) WITHOUT YOUR CONSENT
Without your consent, we may process your personal data on the basis of the following legal titles and for the following purposes:
a) Legal title: Fulfillment of a contract.
- implementation of the concluded contract (most often the purchase contract), including delivery and related communication
b) Legal title: Fulfillment of a contract or the execution of pre-contract measures implemented at your request.
- providing information at your request regarding the conditions of a conclusion of the contract, availability of goods, delivery of goods, etc.
c) Legal title: Protection of the rights and legally protected interests of the Administrator.
- for the recovery of amounts due for goods delivered or other receivables of the Administrator;
- evaluating your credibility in selected cases;
- direct marketing directed solely at our registered customers and those meeting the requirements of Recital 47 of the GDPR by offering relevant products and services provided by our company in connection with the previous fulfilment of the contract, or in connection with your customer account registration.
d) Legal title: Performance of legal obligations resulting from the law.
- providing assistance to state authorities on the basis and within the limits of the law, including data retention on the basis of the law;
- an electronic record of revenues.
3. AUTOMATICALLY PROCESSED PERSONAL DATA
When you visit our online store website, we may collect certain information about you, such as your IP address, date and time of website access, and information about your internet browser, operating system or language settings.
We may also process information about your behaviour on our website, e.g. what links you have visited on our website and which goods were displayed.
However, for your maximum privacy, information about your behaviour on the web is anonymized and therefore we are unable to assign it to a specific user, that is, to a specific person. If you access our website from a mobile phone or similar device, we may also process information about your mobile device.
The stated automatic processing of personal data is intended solely to improve our services. For example, using order history and web behaviour, we can display more relevant offers of additional goods and services for the purchased products. In certain places, we show you offers that are made for you and match your needs and interests.
4. WHAT PERSONAL DATA DO WE PROCESS ABOUT YOU?
Depending on the type of legal title, we may process the following personal information about you:
- identification data (name, surname, date of birth);
- contact details (telephone number, e-mail address, postal address);
- details of the products you have purchased or the services we have provided to you;
- data from our mutual communication (whether it was in person, in writing, by telephone, by questionnaire, review or otherwise);
- payment information (for example the paid sum and similar);
- only in the anonymised form: information about access to the store website - IP address, date and time of access, information about the internet browser, operating system or language settings;
- only in selected cases, information about your credibility, for the purposes of the so-called blacklist (see the Terms and Conditions of the Administrator - article Transport and delivery of goods).
5. WHAT ARE THE SOURCES OF THIS INFORMATION?
Your personal data processed by the Administrator for the purposes of point 2 of this policy come exclusively from you. It is the data you have provided to us during the conclusion of the contract (purchase of goods), or you have communicated it to us at customer registration, or with your explicit consent.
6. WHO IS THE RECIPIENT OF THE PERSONAL DATA
We provide your personal data in justified cases and only to the extent necessary or to the extent specified in the following recipient categories:
1. our contractual partners, who we need for our regular operation and contractual relationship with you, which are in particular:
- information technology suppliers, through whom we run the online shop and process your orders. We are responsible for complying with the privacy obligations of these persons to the same extent as set forth herein;
- providers of accounting and tax services to fulfil our legal obligations;
- courier (delivery service) or postal service providers, but only to the extent of your name and surname, delivery address, a telephone number at which the carrier can contact you and if the goods have not been paid in advance, and in some cases, the sum to be collected upon delivery. In relation to the personal data we pass on to them, the courier is entitled to process it only for the purpose of delivery of the goods and to delete the personal data without delay;
- in the case of automatically sending customer reviews and customer satisfaction questionnaires, we use the services of the Trustpilot business group. This entity is bound by the obligation of confidentiality and may not use your personal data for any other purpose, for which we are fully responsible.
2. other entities in cases where the provision of your data is required by law or if it is necessary to protect our legitimate interests (e.g. courts, the Police of the Czech Republic, etc.);
3. Our company does not have access to the credit card information you give in our online store. Only the secure payment gateway and the relevant banking institution have access to your credit card information.
7. FOR HOW LONG DO WE PROCESS YOUR PERSONAL DATA?
We will process your personal data for the entire duration of the contractual relationship between you and us. In the case of processing personal data for which consent has been given, the personal data will generally be processed for a period of 5 years or until such consent is revoked. If you subscribe to commercial messaging or marketing offers, we will process this personal data for a period of 5 years or until you express your disagreement with their further sending/usage.
We process data obtained through the customer account on our website or other similar methods while browsing our website. Subsequently, only the basic identification data, the reason why the customer account was cancelled, or data forming part of data backup necessary for function, are stored for a reasonable period of time.
Please note that the personal information is necessary to properly provide services in order to fulfil all our obligations, whether these obligations arise from our contract or from generally binding legal regulations, we must process, regardless of your consent, for a period set by or in accordance with applicable legal regulations (e.g. this period is at least 10 years for tax documents).
8. WHAT RIGHTS DO YOU HAVE IN THE PROCESSING OF YOUR PERSONAL DATA?
Regarding your personal data, you have the following rights, which you may exercise electronically by contacting us at our e-mail address: firstname.lastname@example.org, or contacting us in writing at the registered office of the Administrator:
Right to access - You may ask the Administrator for access to the personal information we process about you. The Administrator will also provide you with a copy of the processed personal data.
You also have the right to request from the Administrator
- what are the specific purposes of processing your personal data;
- what are the categories of personal data concerned;
- who, besides us, are recipients of your personal information;
- the planned period for which your personal data will be stored with the Administrator;
- whether you have the right to require us to rectify or delete your personal data, limit its processing, or object to such processing;
- information about the source of your personal information, unless we have obtained it from you.
Right to modification - You may request the Administrator to correct inaccurate or incomplete personal data we process about you
Right to deletion - You may ask the Administrator to delete your personal information (unless the Administrator has already done so) if any of the following occurs:
a) personal data are no longer needed for the purposes for which they were collected or otherwise processed;
b) you have withdrawn the consent (which was the basis for processing your personal data) and there is no other legal reason for further processing;
c) you have objected to being the subject of decision-making based on the automated processing of your personal data and there are no prevailing justifiable reasons for such processing, or you have objected to the processing of your personal data for the purposes of direct marketing;
d) your personal data has been processed illegally;
e) your personal data must be deleted in order to comply with a legal obligation laid down in Union or Member state legislation related to the Administrator;
Right to restrict processing - You may request the Administrator to restrict the processing of your personal data if any of the following occurs:
a) you have denied the accuracy of the personal data for the time needed to allow the Administrator to verify the accuracy of the personal data;
b) the processing of your personal data is unlawful, but you refuse to delete such data and instead ask to restrict their use;
c) the Administrator no longer needs the personal data for processing purposes, but you are requesting it to identify, exercise or defend legal claims;
d) you have objected to the processing of your personal data according to Article 21, Paragraph 1 of the GDPR until it is verified if the justified reasons of the Administrator outweigh your justified reasons
Right to data portability - In the cases foreseen by the GPDR, you have the right to obtain personal data related to you which you have provided to the Administrator in a structured, commonly used and machine-readable format and this right must not adversely affect the rights and freedoms of other people.
Right to revoke consent - If your personal data processing is based on consent, you have the right to (at any time) revoke the consent to the processing of personal data for the purpose for which you have granted consent.
Right to object - You may at any time object to the processing of your personal data by the Administrator for the purposes of direct marketing performed on the basis of the legitimate interest of the Administrator.
Right to file a complaint - you have the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, Czech Republic or directly at https://europa.eu/european-union/abouteuropa/legal_notices_en#personal_data_protection.
You may have control over what cookies the Administrator processes about you. You can use an add-on program from Google (only available from your computer). Or you can use one of the following Internet browsers (eg Internet Explorer, Safari, Firefox, Chrome) with the incognito browsing feature turned on to prevent data about visited websites from being saved, or you can disable the storage of cookies in your browser. However, if you also disable the processing of technical and functional cookies, it will disable some functions. Turning off analytic cookies does not mean we will stop displaying marketing offers, they will only be less relevant to you.