GDPR Privacy Policy

Personal Data Protection – GDPR

If you are our customer, subscriber, supplier, or website visitor, you are entrusting us with your personal data. Please read the following personal data protection terms. Your data is safe with us.

Privacy Policy Terms

I.
Basic Provisions

  1. The controller of personal data pursuant to Article 4, paragraph 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: “GDPR”) is CARERO s.r.o., Company ID No. 28108272, with registered office at Písek 311, 739 84 Písek (hereinafter: “Controller”).

  2. The contact details of the Controller are: info@mimulo.ro.

  3. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  4. The Controller has not appointed a data protection officer.

II.
Legal Basis for Personal Data Processing

  1. The legal basis for processing your personal data is:

    • performance of a contract between you and the Controller under Article 6(1)(b) of the GDPR (hereinafter “Contract Performance”),

    • the legitimate interest of the Controller in providing direct marketing (especially for sending commercial messages and newsletters) under Article 6(1)(f) of the GDPR (hereinafter “Legitimate Interest”),

    • your consent to processing for the purposes of direct marketing (especially for sending commercial messages and newsletters) under Article 6(1)(a) of the GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on Certain Information Society Services, in cases where no order for goods or services has been made (hereinafter “Consent”).

  2. The Controller does not engage in automated individual decision-making within the meaning of Article 22 of the GDPR. You have provided your explicit consent for such processing.
    We declare that as the Controller, we process your personal data based on a valid legal basis.

III.
We process personal data based on the purpose of processing for the following reasons:

Legal Basis Purpose Data Source of Data Recipients of Personal Data (Processors)
Contract Performance Order processing and responding to inquiries sent via contact form or email Clients’ personal data (contact details, sometimes date of birth) Email communication, contact form, order form Subcontractors, mailing services, cloud storage, printed documents, accounting services
Legitimate Interest Provision of direct marketing (especially sending commercial messages and newsletters about similar goods) Clients’ contact details Information from orders Mailing services (Mailchimp, Smartmailing, Ecomail), cloud storage, subcontractors
Legitimate Interest Providing email to third-party service for obtaining reviews Email addresses, information about the ordered goods Order data Price comparison services
Legitimate Interest Basic website traffic analysis Pseudo-anonymized identifiers of registered users, IP addresses Website usage, user registration, page views Google Analytics, web hosting services, and other analytical tools
Consent Marketing and website promotion Emails, names of potential customers, IP addresses, and other technical identifiers Newsletter form, registration forms Web hosting company and email distribution services (Smartmailing, Ecomail, Mailchimp), SMS (Go SMS, MySMS)
Consent Publishing customer reviews, customer photos, and videos Customer’s name, photos, email Email communication, chat Cloud storage, mailing services, web hosting, Facebook

Cookies
When browsing our website, we record your IP address, your behavior on the website, and information about the website from which you arrived. We use cookies to measure website traffic and customize the display of the website, which we consider a legitimate interest of the data controller. This allows us to offer our customers even better services. You can disable or delete cookies on your computer.

IV.
Data Retention Period

  1. The controller retains personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller, and to assert claims from these contractual relationships (for a period of 15 years after the termination of the contractual relationship), as well as for the period necessary for accounting purposes.
    Personal data processed based on consent for marketing purposes is retained until that consent is withdrawn.

  2. After the expiration of the retention period, the controller will delete the personal data.

V.
Recipients of Personal Data (Controller’s Subcontractors)

To perform specific processing operations that the controller cannot carry out alone, the controller uses services and applications of processors who protect the data and specialize in the respective processing.

  1. The controller intends to transfer personal data to third countries (outside the EU) or to an international organization. The recipients in third countries are providers of mailing services, data and file storage, and analytics tools.

  2. The controller may transfer necessary personal data to third parties for order processing and delivery. Processors (e.g., Geis, Czech Post, GLS, and others) will use the data only for product delivery.

  3. The controller is required to provide necessary personal data to the accounting firm to comply with legal obligations regarding the issuance and record-keeping of tax documents and invoices.

  4. The controller will provide basic information (email, order) to the third party Heureka, as a personal data processor, for the "Verified by Customers" program and review collection:

“Your satisfaction with your purchase is monitored via email questionnaires within the Verified by Customers program, which our e-shop is part of. These are sent every time you shop with us, unless you opt out as per § 7(3) of Act No. 480/2004 Coll. on Certain Information Society Services. We process your personal data to send these questionnaires based on our legitimate interest, which lies in determining your satisfaction with your purchase. For sending questionnaires, evaluating your feedback, and analyzing our market position, we use the processor Heureka.cz, to whom we may transfer information about the purchased goods and your email address. Your data is not provided to any third party for its own purposes. You can object to receiving these email questionnaires at any time by using the opt-out link provided in the email. If you object, we will no longer send you these questionnaires.”

VI.
Your Rights

  1. Under the GDPR, you have the following rights:

    • Right of access to your personal data (Article 15),

    • Right to rectification (Article 16),

    • Right to restriction of processing (Article 18),

    • Right to erasure (Article 17),

    • Right to object (Article 21),

    • Right to data portability (Article 20),

    • Right to withdraw consent at any time in writing or electronically to the address or email listed in Article III.

  2. You may unsubscribe from newsletters or third-party emails using the “Unsubscribe” link in the message or by contacting us at info@carero.cz.

  3. You may unsubscribe from marketing messages sent via SMS by contacting info@carero.cz.

  4. You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe your data protection rights have been violated.

VII.
Personal Data Security

  1. The controller declares that all appropriate technical and organizational measures have been taken to secure personal data.

  2. The controller has adopted technical measures to secure both electronic and physical (paper-based) personal data storage.

  3. The controller declares that access to personal data is granted only to authorized personnel.

VIII.
Confidentiality

The controller assures that all employees and collaborators involved in processing personal data are obliged to maintain confidentiality. This confidentiality obligation continues even after the termination of contractual relationships.

IX.
Final Provisions

  1. By submitting an order via the online order form, you confirm that you are familiar with and accept the privacy policy and terms and conditions in their entirety.

  2. You agree to this policy by checking the consent box during online registration or when subscribing to marketing communications.

  3. The controller reserves the right to amend this privacy policy. The new version will be published on the controller’s website.

These terms take effect on May 25, 2018.