Information on Personal Data Processing
I. Personal Data Controller
The personal data controller is ERTEA SE, registered office Klimentská 1746/52, 11000 Prague, Company ID: 09108033, VAT ID: CZ09108033 (hereinafter the “Controller”).
II. Contact Details of the Controller
For all matters related to personal data processing, you may contact the Controller at the following email address: support@ertea.eu .
III. Purposes of Personal Data Processing
The Controller processes personal data for the following purposes:
- Order processing and delivery of goods
- Customer account management
- Marketing purposes (sending commercial communications)
- Fulfilment of legal obligations (e.g., accounting and tax obligations)
- Protection of the Controller’s rights and legally protected interests (e.g., debt collection)
IV. Categories of Processed Personal Data
The Controller processes the following categories of personal data:
- Identification data (first name, surname)
- Contact details (address, email address, phone number)
- Payment information (bank account number, payment card)
- Order information (ordered goods, order history)
V. Legal Basis for Personal Data Processing
Personal data processing is based on the following legal grounds:
- Performance of a contract (order processing)
- Fulfilment of legal obligations (accounting, tax obligations)
- Legitimate interest of the Controller (protection of rights and legally protected interests)
- Consent of the data subject (marketing purposes)
VI. Recipients of Personal Data
Personal data may be transferred to the following recipients:
- Carriers (for the purpose of goods delivery)
- Payment service providers (for the purpose of payment processing)
- External accountants and tax advisors (to fulfil legal obligations)
- IT providers (to ensure the operation of the e-shop)
VII. Personal Data Retention Period
Personal data is retained for the period necessary to achieve the purpose of processing, but no longer than:
- For the duration of the contractual relationship and subsequently for 10 years (for accounting and tax purposes)
- For the duration of consent regarding processing for marketing purposes
VIII. Rights of Data Subjects
Data subjects have the following rights:
- Right of access to personal data
- Right to rectification of inaccurate personal data
- Right to erasure of personal data (right to be forgotten)
- Right to restriction of personal data processing
- Right to data portability
- Right to object to personal data processing
- Right to lodge a complaint with the supervisory authority (the Office for Personal Data Protection)
IX. International Transfer of Personal Data
Personal data may be transferred to third countries outside the European Union only under conditions set out by the GDPR. The Controller ensures that any transfer of personal data to third countries is carried out in accordance with Articles 44 to 50 of the GDPR, particularly on the basis of:
- Adequacy decisions issued by the European Commission
- Appropriate safeguards, such as standard contractual clauses approved by the European Commission
- Binding corporate rules approved by the relevant supervisory authority
X. Data Security
A) The Controller adopts technical and organisational measures to secure personal data against unauthorised access, loss, destruction, or damage. These measures include:
- Data encryption
- Use of firewalls and antivirus programs
- Regular data backups
- Access control to personal data
- Employee training in personal data protection
B) The Controller regularly reviews and updates security measures to ensure an adequate level of personal data protection.
XI. Automated Decision-Making and Profiling
Personal data is not subject to automated decision-making or profiling.