A.  Administrator of personal data

The administrator of personal data is MgA. Daniel Paul, reg. Nr. 04726570, with registered office at Ovenecká 348/36, Prague 7, 170 00 (hereinafter referred to as the “administrator”) declares that all personal data processed by the administrator are strictly confidential. The administrator handles them by following national and European Union regulations applicable in the field of personal data protection.

The administrator collects, stores and uses your personal data within the meaning of Act No. 110/2019 Coll. on the processing of personal data (hereinafter referred to as the Act on the Processing of Personal Data), or Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (hereinafter referred to as the “GDPR Regulation”). The individual purposes for which the administrator processes personal data are further defined.

The administrator also collects personal data through its website at www.danielpaul.cz (hereinafter referred to as the “website”).
These policies are issued by the administrator so that you are sufficiently informed about what personal data the administrator processes, for what purpose, for how long, who will have access to your personal data, and what rights you have. These principles apply to all personal data collected by the controller, whether it was collected to fulfil a contractual relationship, legal obligation, legitimate interest or consent.

B.  Collection of Personal Information

1. The following types of personal data may be collected, stored and used:

a) information about your computer including IP address, geographical location, browser type and version and operating system;
b) information about your visits to and use of this website including the referral source, length of visit, pages viewed and website traversal;
c) information you enter when using the services on our website;
d) information generated when you use our website, including when, how often and under what conditions you use it;
e) information related to your purchase, services used or transactions you make through our website, which includes your name, address, telephone number, email address and credit card details;
f) information contained in any communication you send to us by e-mail or through the website via the contact form, including the content itself and metadata;
g) any other personal data that you send to us.

2. Before you share another person’s personal data with us, you must obtain that person’s consent to the disclosure and processing of that personal data in accordance with this policy.

C.  Purposes of personal data processing

1.  Personal data is processed for various purposes. Individual purposes mean the following:

a)  administering our website and business;
b)  tailoring our website to you;
c)  enabling the use of services available on our website;
d)  sending goods purchased through our website;
e)  provision of services purchased through our website;
f)  sending statements, invoices, payment reminders and collecting payments;
g)  sending non-commercial commercial messages;
h)  sending specifically requested e-mail notifications;
i)  sending you our email newsletter if you have requested it (you can inform us at any time if you no longer require it);
j)  providing statistical information about our users to third parties (however, such third parties will not be able to identify any individual user from this information);
k)  dealing with inquiries and complaints raised by you or otherwise concerning you in connection with our website;
l)  maintaining the security of our website and preventing fraud;
m)  verifying compliance with our website terms of use (including monitoring private messages sent through our private messaging service);
n)  fulfilment of the contractual relationship based on application and participation in the competition;
o)  in case of legitimate interest. Legitimate interest means an effective defence in the event of a dispute; the period of personal data processing in such a case is 4 years after the expiry of the warranty period for the goods and is extended by the period during which the dispute is being conducted. Legitimate interest is also processing for the purposes of: fraud prevention (for example, as part of assessing the riskiness of concluding a contract); direct marketing (e.g. offering relevant services and products to existing customers of the administrator); transfer of personal data for internal administrative purposes; notification of criminal offences or threats to public security and transfer of the personal data concerned to the competent authority; and ensuring network and information security. This list is only exemplary.
p)  fulfilling other legal obligations, i.e., providing information to law enforcement authorities, providing information to other public authorities, etc.

2.  Without your express consent, we will not provide your personal data to any third party for the purpose of direct marketing to them or any other third party.

3.  We process your personal data for the period necessary to ensure all rights and obligations resulting from mutual legal action, at least for the period of processing the order, carrying out the transaction, setting up the service, etc. binding legal regulations or for the period for which you have given the administrator consent. Otherwise, the processing time results from the purposes for which personal data are processed or is determined by legal regulations.

4.  Personal data is processed manually and automatically by the administrator. The administrator is authorised to process certain information automatically, e.g., to create statistical information about website traffic.


D.  Disclosure of Personal Information

1.  Personal data may be provided to Stripe Inc., 354 Oyster Point Boulevard, South San Francisco, California, 94080, USA only for the purpose of online payment processing. Permission to share this information is voluntary, but at the same time, it is decisive for the use of the e-shop.

2.  Personal data may be provided to Zásilkovna s.r.o., Lihovarská 1060/12, Libeň, 190 00 Praha 9 only for the purpose of delivering goods. Permission to share this information is voluntary, but at the same time, it is decisive for the use of the e-shop.

3.  Personal data may be provided to WPForms, LLC, 2701 Okeechobee Blvd Ste 400, West Palm Beach, Florida, 33409, United States, only for the purpose of mediating and sending e-mail communication. Permission to share this information is voluntary, but at the same time, it is decisive for the use of the e-shop.

4.  We may disclose your personal data:

a)  to the extent that we are required to do so by law;
b)  in connection with any ongoing or future legal proceedings;
c)  to establish, exercise or defend our legal rights (including providing information to others to prevent fraud and reduce credit risk);

5.  Except as stated in this policy, we will not provide your personal information to third parties.


E.  Security of Your Personal Information

1. We will take reasonable technical and organizational measures to prevent the loss, misuse or alteration of your personal data.
2. We will store all personal information you provide on our secure servers (password and firewall-protected).
3. All electronic financial transactions entered through our website will be encrypted.
4. You acknowledge that the transmission of information over the Internet is inherently insecure, and we cannot guarantee the security of data sent over the Internet.
5. You are responsible for maintaining the confidentiality of the password you use to access our website; we will not ask you for your password (except when you log in to our website).

F.  Changes

We may update this policy from time to time by posting a new version on our website. You should check this page occasionally to make sure you understand any changes to this policy.

G.  Rights of the data subject

As an entity, you have the listed rights that arise for you from legal regulations, and which you can exercise at any time. It is about:

1. the right to access data. according to which you have the right to obtain from the administrator information about whether the administrator processes your personal data. The administrator is obliged to provide you with this information without undue delay. The content of the information is determined by the provisions of Article 15 of the GDPR regulation. The administrator has the right to request reasonable payment for the provision of information not exceeding the costs necessary to provide the information
2. the right to correct or delete personal data, or restriction of processing, according to which you have the right to have inaccurate or incorrect personal data corrected. If your personal data are no longer needed for the purposes for which they were collected or are processed unlawfully, you have the right to request their deletion. If you do not want to request the deletion of personal data, but only to temporarily limit their processing, you can request a restriction of processing;
3. the right to request an explanation if you suspect that the processing of personal data by the administrator is in violation of the law;
4. the right to contact the Office for the Protection of Personal Data in case of doubts about compliance with obligations related to the processing of personal data;
5. the right to the portability of personal data, i.e. the right to obtain personal data concerning you that you have provided to the administrator in a structured, commonly used and machine-readable format, see Article 20 of the GDPR regulation;
6. the right to object to the processing of personal data that is processed for the purpose of fulfilling a task carried out in the public interest or in the exercise of public authority or for the purpose of protecting the legitimate interests of the controller. The controller will terminate the processing without undue delay unless it proves that there is a legitimate interest/reason for the processing that outweighs your interest, rights or freedoms;
7. the right to withdraw consent to the processing of personal data at any time, if you have given the administrator consent to the processing of personal data.

H.  Cookies

The policy of using cookies is specified in detail at the link: https://danielpaul.cz/cookie-policy-eu/

I.  Transfer to third countries.

Your personal data will not be transferred to third countries.

J.   Information and Questions

The data subject can obtain further information about rights and obligations in the protection of personal data on the website www.danielpaul.cz or via e-mail at studio@danielpaul.cz.