I.Privacy of personal data
1.1. By entering personal data, the user acknowledges that he / she understands the terms of the data protection, agrees to their wording and accepts them in their entirety.
1.2 The Provider is the user of Personal Data Administrator under Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC the Data Protection Regulation) (hereinafter referred to as the “GDPR”). The Provider undertakes to process personal data in accordance with legal regulations, especially the GDPR.
1.3. Personal information is any information about an identified or identifiable natural person; an identifiable natural person is a natural person that can be identified directly or indirectly, in particular by reference to a particular identifier such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, psychological, economic, the social identity of this individual.
1.4 When ordering, the personal data required for successful order execution (name and address, contact) are required. The purpose of processing personal data is to execute the user’s order and to exercise the rights and obligations arising from the contractual relationship between the Provider and the User. The purpose of processing personal information is to send business messages and do other marketing activities. The legal reason for the processing of personal data is the fulfillment of the contract pursuant to Article 6 (1) b) GDPR, fulfillment of the statutory obligation of the administrator pursuant to Article 6 (1) c) the GDPR and the legitimate interest of the Provider pursuant to Article 6 (1) f) GDPR. The Provider’s legitimate interest is the processing of personal data for direct marketing purposes.
1.5 The Provider uses the services of subcontractors, especially mail service providers (personal data are stored in third countries) and web host providers, to perform the license agreement. Subcontractors are screened for the safe processing of personal data. Provider and subcontractor of the web host have entered into a personal data processing agreement under which the subcontractor is responsible for the proper provision of the physical, hardware and software perimeter and hence bears direct responsibility for the user for any leakage or violation of personal data.
1.6 The Provider shall store the user’s personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between the Provider and the User and the enforcement of the claims under these contractual relationships (for 15 years from the termination of the contractual relationship). After it expires, data will be erased.
1.7 The User has the right to request from the Provider access to his / her personal data pursuant to Article 15 of GDPR, the repair of personal data pursuant to Article 16 of the GDPR or, where applicable, the restriction of processing under Article 18 GDPR. The user has the right to delete personal data pursuant to Article 17 (1) (a) and © to (f) of the GDPR. Furthermore, the user has the right to object to processing under Article 21 of the GDPR and the right to data portability under Article 20 GDPR.
1.8 The User has the right to file a complaint with the Personal Data Protection Office if he / she considers that his / her right to the protection of personal data has been violated.
1.9 The user is under no obligation to provide personal information. However, the provision of personal data is a necessary requirement for the conclusion and performance of the contract and without the provision of personal data it is not possible to conclude the contract or to fulfill it by the provider.
1.10 The Provider does not automatically make an individual decision within the meaning of GDPR No. 22.
1.11 Applicants for the use of the Provider’s services by completing the contact form:
1. agrees with the use of his or her personal data for the purpose of sending commercial communications, advertising materials, direct sales, market surveys and direct offers by the Provider and third parties, but not more than once a week, and at the same time
2. Declares that the sending of information according to item 1.11.1 does not consider an unsolicited advertisement within the meaning of Act. No. 40/1995 Coll. as amended, as the user is sending the information according to point 1.11.1 in conjunction with § 7 of Act. No. 480/2004 Coll. explicitly agree.
3. Consent may be revoked at firstname.lastname@example.org at any time in writing
1.12 The Provider uses so-called cookies in its presentation for the improvement of service quality, bid personalization, collection of anonymous data and for analytical purposes. By using the site, the user agrees to use the technology.
II. Rights and Obligations between Administrator and Processor (Processing Agreement)
2.1 The Provider is in relation to the Personal Data of Client Clients by the Client in accordance with Article 28 GDPR. The user is the administrator of this data.
2.2 These Terms and Conditions govern the mutual rights and obligations in the processing of personal data to which the Provider has gained access in connection with the fulfillment of the license agreement concluded in the form of agreement of the General Terms and Conditions on www.crystalsglamour.com (the “License Agreement”) concluded with the User on the date of establishment of the user account.
2.3. The Provider undertakes for the User to process personal data to the extent and for the purposes set out in Articles 2.4 — 2.7 of these Terms and Conditions. Processing resources will be automated. The Provider will collect, store, store, block, and disassemble personal data in the processing. The Provider is not authorized to process personal data in violation or beyond the limits set by these terms.
2.4 The Provider undertakes for the user to process personal data in the following extent:
1. common personal data,
2. special categories of data under Article 9 of the GDPR,
which the User obtained in connection with his own business.
2.5. The Provider undertakes for the user to process personal data in order to process inquiries and client requests obtained from the contact form.
2.6. Personal data may only be processed at the workplace of the Provider or his subcontractors under Article 2.8 of these Conditions, within the territory of the European Union.
2.7. The Provider undertakes for the User to process the personal data of the User’s clients, all for the time necessary to exercise the rights and obligations arising from the contractual relationship between the Provider and the User and to claim the said contractual relations (for 15 years from the termination of the contractual relationship).
2.8 The user grants permission to engage a subcontractor as a further processor under Article 28 (2) of the GDPR, which is the hosting application provider. In addition, the User grants the Provider a general authorization to engage in the processing of another personal data processor, but the Provider must inform the user in writing of any intended changes to the acceptance or replacement of the other processors and give the user the opportunity to object to these changes. The Provider must impose on its subcontractors as personal data processors the same personal data protection obligations as set out in these terms.
2.9. The Provider undertakes that the processing of personal data will be ensured in particular as follows:
1. Personal data is processed in accordance with legal regulations and on the basis of the User’s instructions, ie for the performance of all activities necessary for the provision of web platforms.
2. The Provider undertakes to provide technically and organizationally the protection of the processed personal data so that unauthorized or accidental access to the data, its modification, destruction or loss, unauthorized transmissions, any other unauthorized processing as well as other misuse and to ensure that all personal data processor obligations resulting from the law are safeguarded continuously throughout the personal and organizational continuity of the processing of data.
3. The technical and organizational measures adopted shall correspond to the level of risk. Provider ensures the continued confidentiality, integrity, accessibility, and resilience of processing systems and services, and timely restores the availability of and access to personal data in the event of physical or technical incidents.
4. The Provider hereby declares that the personal data protection is subject to the Provider’s internal security regulations.
5. Personal data shall be accessible only to authorized Provider and subcontractors pursuant to Article 2.8 of these Conditions, which shall stipulate to the Provider the conditions and extent of data processing and any such person will access personal data under his / her unique identifier.
6. Empowered persons Providers who process personal data under these conditions are required to maintain confidentiality about personal data and security measures whose disclosure would compromise their security. Provider shall ensure their demonstrable commitment to this obligation. The Provider will ensure that this obligation for both the Provider and the Beneficiary will continue after the termination of a legal or other relationship with the Provider.
7. Provider will assist the user, through appropriate technical and organizational measures, if possible, to meet the user’s obligation to respond to the data subject’s requests for data subject to the GDPR; as well as ensuring compliance with the obligations under GDPR Articles 32 to 36, taking into account the nature of the processing and the information available to the Provider.
8. Upon termination of the provision of the performance associated with the processing under Article 2.7 of these Conditions, the Provider is obliged to delete all personal data or to return it to the User if he is not obliged to store personal data under a special law.
9. The Provider will provide the User with all the information necessary to demonstrate that the obligations under this Agreement and the GDPR have been met, will allow audits, including inspections, conducted by the User or another auditor assigned by the User.
2.10 The User undertakes to promptly report any facts known to him that could adversely affect the proper and timely fulfillment of the obligations arising from these Conditions and to provide the Provider with the necessary cooperation to meet these conditions.
III. Final Provisions
3.1 These Terms shall expire on the expiry of the time specified in Article 1.6 and Article 2.7 of these Conditions.
3.2 The user agrees to these terms by ticking the consent via the online form. By signing the consent, the user expresses that he has read these terms, agrees with them and accepts them in their entirety.
3.3 The Provider is entitled to change these terms. The Provider is obliged to publish a new version of the terms on its website without any undue delay. will send the new version to the User at its email address.
3.5 Relationships not expressly governed by these terms and conditions shall be governed by the GDPR and the legal order of the Czech Republic, in particular by Act No. 89/2012 Coll., The Civil Code, as amended.
These Terms become effective on May 14, 2018.