Personal data controller pursuant to Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the: „GDPR”) is the company Filament ID s. r. o., with its registered office at U Náměstí 707, Dolní Břežany, Postal Code 252 41, Company ID No. 07308931, a company registered in the Commercial Registry maintained by the Municipal Court in Prague under section C, File No. 298858 (hereinafter referred to as the: „Data Controller“).
Contact details of the Data Controller:
If you have any questions concerning personal data protection or withdrawal of consent to further processing, please use following contact details:
Phone number: +420 777 800 009
Does the company Filament ID have a Data Protection Officer?
No, the company Filament ID has not appointed a Data Protection Officer.
What is personal data?
Personal data is any information that relates to an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as name, identification number, location data, network identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or the social identity of this natural person.
What personal data do we process?
We process the personal data you provide to us in connection with the use of our services (for example, when ordering our goods or subscribing to a newsletter), most often it is data obtained through the order form. In this form, the fields are divided into two types.
- Mandatory fields that are necessary for the conclusion of the Purchase Agreement and its subsequent realization. This information is required to process your order. This includes first name, last name, delivery and billing information, email address and phone number. In this case, the e-mail address and phone number are used to send confirmation of successful receipt of your order, to send payment receipts, to keep you informed about the status of your order and for any subsequent communication regarding the order.
- Optional fields that you can fill in voluntarily. They help us specify your requirements and they also help us handle your order in a better way and more efficiently. However, they are not necessary for order processing.
Third party personal data you provide to us
If you provide us with personal data of third parties, it is your responsibility to inform the person concerned and ensure that the person agrees to these conditions.
Personal data we process automatically
When you visit our website, we may collect certain information about you, such as your IP address, browser settings that help us determine which language you prefer, the websites you visit, including the date and time of the visit, on what links do you click, in order to make the content more interesting to you and offer you the products and content you value.
We also automatically process cookies. You can find out what cookies are and how we use them to make our website work better by reading our Cookies Policy.
Why do we process your personal data?
We process your personal data for the following reasons:
- Purchase of goods: We primarily process your personal data in order to comply with the Purchase Agreement, that is, to properly handle and deliver your order. For this purpose, we may pass on your personal data to third parties, such as the carrier of the goods.
- Customer Care: If you contact us with a question or a problem, we need to process your personal information to be able to answer such question or resolve the problem.
- Marketing and Commercial Communications:
- E-mail marketing: all commercial communications are sent to you based on your consent or based on our legitimate interest in establishing a business relationship. You can unsubscribe at any time directly through the commercial communication or you can contact us by e-mail at email@example.com.
- Improving our services: by using your order history and website activity, we can offer more relevant offers of other goods you might also want to purchase. In certain places, we show you products that are right for you and that match your needs and interests. We can also use tools such as Google Analytics, etc. to optimize the elements on your site.
- Legal regulations: we are required by law to keep some of your personal information. These are mainly personal data associated with purchase agreements and other similar data, due to possible checks carried out by public authorities and for other legitimate reasons.
On what legal basis do we process your personal data?
If you buy goods from us, or when you complete the order, a purchase agreement arises. In order to be able to perform the contract successfully, we need your personal data, which is described in the section “What personal data do we process?”, including a list of the specific data.
We also process your data based on legitimate interest so that we can improve our services, target them better, and offer you more relevant content. Based on our legitimate interest, we process particularly personal data, which we process automatically and cookies.
In order to send you commercial communications (e-mail marketing), we must do so with your consent. The exception is when you made a purchase with us, as we then have a legitimate interest in sending you these commercial communications. Of course, you have the right to unsubscribe from these communications, either directly in the commercial communication or via email to firstname.lastname@example.org.
Of course, if you give us the consent in another way than through an order, you also have the right to withdraw it at any time, in the same way as written above.
Third Party Data Processors
In following cases, we pass on your personal data to third parties:
- Delivery of Goods: the carrier of your choice would not be able to deliver the ordered goods to you unless we have given him your delivery information. We will pass these data on to the carrier according to how you fill in the order. The data transmitted in this way shall include your name and surname, delivery address, telephone number at which the carrier may contact you. In relation to the personal data we pass on to him, the carrier is entitled to process them only for the purpose of delivery of goods and then to delete the personal data without delay.
- Payment by card and payment buttons: as a payment gateway provider we use the company Československá obchodní banka, a.s., with its registered office at Radlická 333/150, Postal Code 150 57, Prague 5, Company ID No.: 0000150. We do not handle your credit card, nor we do come into contact with these data. When paying by card we only provide to this company payment information such as the order number (or variable symbol), your name and surname, e-mail and the total amount you want to pay. After the process is completed, we will be informed by the company ČSOB whether the payment was successful or ended in error.
- Commercial Communications: in the case of commercial communications, we may use a third party for distribution. This entity is bound by confidentiality and may not use your personal information for any other purpose.
- State Authorities: in the case of enforcing our rights, your personal data may be passed on to a third party (such as lawyer). If the law or a state authority (e.g. the Police of the Czech Republic) imposes an obligation on us to share your personal data with it, we must do so.
Do we pass on your data to another country outside the European Union?
In some cases (e.g. when delivering goods), we may also pass on your personal data to countries that are not part of the European Union, or the European Economic Area, and therefore these countries may not ensure an adequate level of protection of personal data. We will only pass on the personal data if the processor complies with the standard contractual clauses issued by the European Commission.
How long do we keep your personal data?
We process and store your personal data for a period that is required to exercise the rights and obligations arising from the contractual relationship and to assert claims arising from these contractual relationships, that is, at least for the time that is necessary to complete your order, and also for as long as the company Filament ID is obliged as the Data Controller to keep according to the generally binding legal regulations or for as long as you have given us the consent to the processing of personal data.
In other cases, the processing time results from the purpose of processing or is established by legal regulations regarding the personal data protection. We divide personal data into two groups according to which the retention period is determined.
- Mandatory: personal data, for which the law prescribes how long we must keep them. This personal information cannot be deleted, even at your request. These are mainly personal data related to the purchase agreement (e.g. for tax documents this period is set at least 3 years, or 10 years for the VAT payers). In order to meet your requirements and provide you with quality customer support, we keep your contact information until the contractual relationship is conclude and until the warranty of the goods you have purchased expires.
- Optional: personal data, that is used to improve our services, target our commercial communications, etc. If you subscribe to our commercial communications, we will process your personal data for 5 years, or until you withdraw your consent to receiving such communication. You have the right to request the deletion of this data at any time. We will automatically delete this data once the retention period has elapsed.
Am I obliged to provide my personal data? What if I do not provide personal information?
You provide us with your personal data voluntarily (however, providing personal data for some services is required, i.e. if you do not provide us with such information, you will not be able to use this service).
Processing of your personal data, often only in an anonymized form, without being able to identify you as a specific user, allows us to provide you with our services and to continually improve them. If you do not give us your consent, or if you withdraw it subsequently, we may no longer be able to provide these services, or provide them in full or in adequate quality. However, you are not obliged to use our free services.
How do we secure your personal data?
Personal data and collected data are primarily stored on our servers, which are adequately secured. We are continuously improving the security and constantly monitoring access to this data. All communication between your device and our web servers is encrypted.
What rights do you have regarding the processing of personal data?
As a data subject, you have the following rights, arising from the legislation, that you can exercise at any time.
- Right of access to the personal data: you have the right to request from us a list of all the personal data we process about you. We can generate this list for you after properly verifying your identity. If you are interested, please send your request to email@example.com.
- Right to rectification: if you find out that the personal information, we keep about you is incorrect, you have the right to obtain without undue delay the rectification of inaccurate personal data, but always according to our technical possibilities. Please contact us at firstname.lastname@example.org.
- Right to have your personal data erased (the right to be forgotten): you have the right to request the deletion of all personal data we process about you, except for those required by law, or that are necessary for the performance of a pending purchase agreement, since without such personal information we would not be able to successfully complete the contract. If you wish to have your personal data erased, please contact us at email@example.com.
- Right to restrict processing of personal data: if you are not interested in erasing your personal data, but you only wish to temporarily restrict the processing of your personal data, you can contact us at firstname.lastname@example.org and request a restriction on the processing of your personal data.
- Right to object to the processing of personal data: if you believe that we are processing some personal data unlawfully, you can dispute this action. We process some of the personal data within our legitimate interest and we will be happy to specify these reasons for you, just write an email to email@example.com. If we do not prove that there is a valid legitimate reason for processing this data that outweighs your interests or rights and freedoms, then we will terminate the processing based on your dispute without undue delay.
- Right to lodge a complaint: you can send any privacy concerns or questions directly to us so that we can provide immediate assistance or support in your matter. Just email us at firstname.lastname@example.org. You also have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.
- Right to withdraw your consent: you may withdraw your consent to the processing of personal data at any time by sending an e-mail to: email@example.com. Revocation of consent does not affect the ability to continue to process your personal data based on your consent prior to its revocation. Revocation of consent also does not affect the processing of personal data that we process on a legal basis other than your consent (i.e. especially if processing is necessary for the fulfillment of the contract, of legal obligation or for other reasons specified in the applicable legislation).
These conditions come into force on 1 September 2019