Privacy Policy

I.Privacy of per­son­al data

1.1. By enter­ing per­son­al data, the user acknowl­edges that he / she under­stands the terms of the data pro­tec­tion, agrees to their word­ing and accepts them in their entire­ty.

1.2 The Provider is the user of Per­son­al Data Admin­is­tra­tor under Arti­cle 4 (7) of Reg­u­la­tion (EU) 2016/679 of the Euro­pean Par­lia­ment and of the Coun­cil on the pro­tec­tion of indi­vid­u­als with regard to the pro­cess­ing of per­son­al data and on the free move­ment of such data and repeal­ing Direc­tive 95/46 / EC the Data Pro­tec­tion Reg­u­la­tion) (here­inafter referred to as the “GDPR”). The Provider under­takes to process per­son­al data in accor­dance with legal reg­u­la­tions, espe­cial­ly the GDPR.

1.3. Per­son­al infor­ma­tion is any infor­ma­tion about an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son; an iden­ti­fi­able nat­ur­al per­son is a nat­ur­al per­son that can be iden­ti­fied direct­ly or indi­rect­ly, in par­tic­u­lar by ref­er­ence to a par­tic­u­lar iden­ti­fi­er such as name, iden­ti­fi­ca­tion num­ber, loca­tion data, net­work iden­ti­fi­er or one or more spe­cif­ic phys­i­cal, phys­i­o­log­i­cal, genet­ic, psy­cho­log­i­cal, eco­nom­ic, the social iden­ti­ty of this indi­vid­ual.

1.4 When order­ing, the per­son­al data required for suc­cess­ful order exe­cu­tion (name and address, con­tact) are required. The pur­pose of pro­cess­ing per­son­al data is to exe­cute the user’s order and to exer­cise the rights and oblig­a­tions aris­ing from the con­trac­tu­al rela­tion­ship between the Provider and the User. The pur­pose of pro­cess­ing per­son­al infor­ma­tion is to send busi­ness mes­sages and do oth­er mar­ket­ing activ­i­ties. The legal rea­son for the pro­cess­ing of per­son­al data is the ful­fill­ment of the con­tract pur­suant to Arti­cle 6 (1) b) GDPR, ful­fill­ment of the statu­to­ry oblig­a­tion of the admin­is­tra­tor pur­suant to Arti­cle 6 (1) c) the GDPR and the legit­i­mate inter­est of the Provider pur­suant to Arti­cle 6 (1) f) GDPR. The Provider’s legit­i­mate inter­est is the pro­cess­ing of per­son­al data for direct mar­ket­ing pur­pos­es.

1.5 The Provider uses the ser­vices of sub­con­trac­tors, espe­cial­ly mail ser­vice providers (per­son­al data are stored in third coun­tries) and web host providers, to per­form the license agree­ment. Sub­con­trac­tors are screened for the safe pro­cess­ing of per­son­al data. Provider and sub­con­trac­tor of the web host have entered into a per­son­al data pro­cess­ing agree­ment under which the sub­con­trac­tor is respon­si­ble for the prop­er pro­vi­sion of the phys­i­cal, hard­ware and soft­ware perime­ter and hence bears direct respon­si­bil­i­ty for the user for any leak­age or vio­la­tion of per­son­al data.

1.6 The Provider shall store the user’s per­son­al data for the peri­od nec­es­sary to exer­cise the rights and oblig­a­tions aris­ing from the con­trac­tu­al rela­tion­ship between the Provider and the User and the enforce­ment of the claims under these con­trac­tu­al rela­tion­ships (for 15 years from the ter­mi­na­tion of the con­trac­tu­al rela­tion­ship). After it expires, data will be erased.

1.7 The User has the right to request from the Provider access to his / her per­son­al data pur­suant to Arti­cle 15 of GDPR, the repair of per­son­al data pur­suant to Arti­cle 16 of the GDPR or, where applic­a­ble, the restric­tion of pro­cess­ing under Arti­cle 18 GDPR. The user has the right to delete per­son­al data pur­suant to Arti­cle 17 (1) (a) and © to (f) of the GDPR. Fur­ther­more, the user has the right to object to pro­cess­ing under Arti­cle 21 of the GDPR and the right to data porta­bil­i­ty under Arti­cle 20 GDPR.

1.8 The User has the right to file a com­plaint with the Per­son­al Data Pro­tec­tion Office if he / she con­sid­ers that his / her right to the pro­tec­tion of per­son­al data has been vio­lat­ed.

1.9 The user is under no oblig­a­tion to pro­vide per­son­al infor­ma­tion. How­ev­er, the pro­vi­sion of per­son­al data is a nec­es­sary require­ment for the con­clu­sion and per­for­mance of the con­tract and with­out the pro­vi­sion of per­son­al data it is not pos­si­ble to con­clude the con­tract or to ful­fill it by the provider.

1.10 The Provider does not auto­mat­i­cal­ly make an indi­vid­ual deci­sion with­in the mean­ing of GDPR No. 22.

1.11 Appli­cants for the use of the Provider’s ser­vices by com­plet­ing the con­tact form:

1. agrees with the use of his or her per­son­al data for the pur­pose of send­ing com­mer­cial com­mu­ni­ca­tions, adver­tis­ing mate­ri­als, direct sales, mar­ket sur­veys and direct offers by the Provider and third par­ties, but not more than once a week, and at the same time

2. Declares that the send­ing of infor­ma­tion accord­ing to item 1.11.1 does not con­sid­er an unso­licit­ed adver­tise­ment with­in the mean­ing of Act. No. 40/1995 Coll. as amend­ed, as the user is send­ing the infor­ma­tion accord­ing to point 1.11.1 in con­junc­tion with § 7 of Act. No. 480/2004 Coll. explic­it­ly agree.

3. Con­sent may be revoked at info@crystalsglamour.com at any time in writ­ing

1.12 The Provider uses so-called cook­ies in its pre­sen­ta­tion for the improve­ment of ser­vice qual­i­ty, bid per­son­al­iza­tion, col­lec­tion of anony­mous data and for ana­lyt­i­cal pur­pos­es. By using the site, the user agrees to use the tech­nol­o­gy.

II. Rights and Oblig­a­tions between Admin­is­tra­tor and Proces­sor (Pro­cess­ing Agree­ment)

2.1 The Provider is in rela­tion to the Per­son­al Data of Client Clients by the Client in accor­dance with Arti­cle 28 GDPR. The user is the admin­is­tra­tor of this data.

2.2 These Terms and Con­di­tions gov­ern the mutu­al rights and oblig­a­tions in the pro­cess­ing of per­son­al data to which the Provider has gained access in con­nec­tion with the ful­fill­ment of the license agree­ment con­clud­ed in the form of agree­ment of the Gen­er­al Terms and Con­di­tions on www.crystalsglamour.com (the “License Agree­ment”) con­clud­ed with the User on the date of estab­lish­ment of the user account.

2.3. The Provider under­takes for the User to process per­son­al data to the extent and for the pur­pos­es set out in Arti­cles 2.4 — 2.7 of these Terms and Con­di­tions. Pro­cess­ing resources will be auto­mat­ed. The Provider will col­lect, store, store, block, and dis­as­sem­ble per­son­al data in the pro­cess­ing. The Provider is not autho­rized to process per­son­al data in vio­la­tion or beyond the lim­its set by these terms.

2.4 The Provider under­takes for the user to process per­son­al data in the fol­low­ing extent:

1. com­mon per­son­al data,

2. spe­cial cat­e­gories of data under Arti­cle 9 of the GDPR,

which the User obtained in con­nec­tion with his own busi­ness.

2.5. The Provider under­takes for the user to process per­son­al data in order to process inquiries and client requests obtained from the con­tact form.

2.6. Per­son­al data may only be processed at the work­place of the Provider or his sub­con­trac­tors under Arti­cle 2.8 of these Con­di­tions, with­in the ter­ri­to­ry of the Euro­pean Union.

2.7. The Provider under­takes for the User to process the per­son­al data of the User’s clients, all for the time nec­es­sary to exer­cise the rights and oblig­a­tions aris­ing from the con­trac­tu­al rela­tion­ship between the Provider and the User and to claim the said con­trac­tu­al rela­tions (for 15 years from the ter­mi­na­tion of the con­trac­tu­al rela­tion­ship).

2.8 The user grants per­mis­sion to engage a sub­con­trac­tor as a fur­ther proces­sor under Arti­cle 28 (2) of the GDPR, which is the host­ing appli­ca­tion provider. In addi­tion, the User grants the Provider a gen­er­al autho­riza­tion to engage in the pro­cess­ing of anoth­er per­son­al data proces­sor, but the Provider must inform the user in writ­ing of any intend­ed changes to the accep­tance or replace­ment of the oth­er proces­sors and give the user the oppor­tu­ni­ty to object to these changes. The Provider must impose on its sub­con­trac­tors as per­son­al data proces­sors the same per­son­al data pro­tec­tion oblig­a­tions as set out in these terms.

2.9. The Provider under­takes that the pro­cess­ing of per­son­al data will be ensured in par­tic­u­lar as fol­lows:

1. Per­son­al data is processed in accor­dance with legal reg­u­la­tions and on the basis of the User’s instruc­tions, ie for the per­for­mance of all activ­i­ties nec­es­sary for the pro­vi­sion of web plat­forms.

2. The Provider under­takes to pro­vide tech­ni­cal­ly and orga­ni­za­tion­al­ly the pro­tec­tion of the processed per­son­al data so that unau­tho­rized or acci­den­tal access to the data, its mod­i­fi­ca­tion, destruc­tion or loss, unau­tho­rized trans­mis­sions, any oth­er unau­tho­rized pro­cess­ing as well as oth­er mis­use and to ensure that all per­son­al data proces­sor oblig­a­tions result­ing from the law are safe­guard­ed con­tin­u­ous­ly through­out the per­son­al and orga­ni­za­tion­al con­ti­nu­ity of the pro­cess­ing of data.

3. The tech­ni­cal and orga­ni­za­tion­al mea­sures adopt­ed shall cor­re­spond to the lev­el of risk. Provider ensures the con­tin­ued con­fi­den­tial­i­ty, integri­ty, acces­si­bil­i­ty, and resilience of pro­cess­ing sys­tems and ser­vices, and time­ly restores the avail­abil­i­ty of and access to per­son­al data in the event of phys­i­cal or tech­ni­cal inci­dents.

4. The Provider here­by declares that the per­son­al data pro­tec­tion is sub­ject to the Provider’s inter­nal secu­ri­ty reg­u­la­tions.

5. Per­son­al data shall be acces­si­ble only to autho­rized Provider and sub­con­trac­tors pur­suant to Arti­cle 2.8 of these Con­di­tions, which shall stip­u­late to the Provider the con­di­tions and extent of data pro­cess­ing and any such per­son will access per­son­al data under his / her unique iden­ti­fi­er.

6. Empow­ered per­sons Providers who process per­son­al data under these con­di­tions are required to main­tain con­fi­den­tial­i­ty about per­son­al data and secu­ri­ty mea­sures whose dis­clo­sure would com­pro­mise their secu­ri­ty. Provider shall ensure their demon­stra­ble com­mit­ment to this oblig­a­tion. The Provider will ensure that this oblig­a­tion for both the Provider and the Ben­e­fi­cia­ry will con­tin­ue after the ter­mi­na­tion of a legal or oth­er rela­tion­ship with the Provider.

7. Provider will assist the user, through appro­pri­ate tech­ni­cal and orga­ni­za­tion­al mea­sures, if pos­si­ble, to meet the user’s oblig­a­tion to respond to the data subject’s requests for data sub­ject to the GDPR; as well as ensur­ing com­pli­ance with the oblig­a­tions under GDPR Arti­cles 32 to 36, tak­ing into account the nature of the pro­cess­ing and the infor­ma­tion avail­able to the Provider.

8. Upon ter­mi­na­tion of the pro­vi­sion of the per­for­mance asso­ci­at­ed with the pro­cess­ing under Arti­cle 2.7 of these Con­di­tions, the Provider is oblig­ed to delete all per­son­al data or to return it to the User if he is not oblig­ed to store per­son­al data under a spe­cial law.

9. The Provider will pro­vide the User with all the infor­ma­tion nec­es­sary to demon­strate that the oblig­a­tions under this Agree­ment and the GDPR have been met, will allow audits, includ­ing inspec­tions, con­duct­ed by the User or anoth­er audi­tor assigned by the User.

2.10 The User under­takes to prompt­ly report any facts known to him that could adverse­ly affect the prop­er and time­ly ful­fill­ment of the oblig­a­tions aris­ing from these Con­di­tions and to pro­vide the Provider with the nec­es­sary coop­er­a­tion to meet these con­di­tions.

III. Final Pro­vi­sions

3.1 These Terms shall expire on the expiry of the time spec­i­fied in Arti­cle 1.6 and Arti­cle 2.7 of these Con­di­tions.

3.2 The user agrees to these terms by tick­ing the con­sent via the online form. By sign­ing the con­sent, the user express­es that he has read these terms, agrees with them and accepts them in their entire­ty.

3.3 The Provider is enti­tled to change these terms. The Provider is oblig­ed to pub­lish a new ver­sion of the terms on its web­site with­out any undue delay. will send the new ver­sion to the User at its email address.

3.4. Provider Con­tact Details in mat­ters relat­ing to the fol­low­ing con­di­tions: +420 483 382 617, info@crystalsglamour.com

3.5 Rela­tion­ships not express­ly gov­erned by these terms and con­di­tions shall be gov­erned by the GDPR and the legal order of the Czech Repub­lic, in par­tic­u­lar by Act No. 89/2012 Coll., The Civ­il Code, as amend­ed.

These Terms become effec­tive on May 14, 2018.