You cannot fill out this field
Home / Personal Data Processing Policy

Personal Data Processing Policy

Personal Data Processing Policy

adopted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter referred to as the “GDPR”) and in accordance with Act No. 110/2019 Coll., on the processing of personal data.

Introduction
The company HORMA Displays s.r.o. with its registered office at Havlíčkova 2838/112, 767 01 Kroměříž, ID: 29312817,
DIČ: CZ29312817, registered in the Commercial Register of the Regional Court in Brno, Section C, Insert 73618, as the operator of the online store www.111-furniture.com (hereinafter referred to as the "Administrator") processes personal data of so-called data subjects - natural persons who:

are interested in purchasing in the online store (potential customers);

are purchasing or have purchased in the online store (customers).

The Administrator ensures that the processing of personal data of data subjects is lawful, correct, transparent, accurate, confidential and that personal data is processed only to the extent necessary. The Administrator also ensures that personal data is properly secured and that all rules set out in the GDPR and other legal regulations in the field of personal data processing are observed when processing personal data.

These principles have been adopted, among other things, to demonstrate compliance with legal regulations when processing personal data by the Administrator. An explanation of individual terms related to the processing of personal data according to these principles is provided in Art. 12 below.

Personal data administrator
The personal data administrator is HORMA Displays s.r.o. with its registered office at Havlíčkova 2838/112, 767 01 Kroměříž, ID: 29312817, VAT ID: CZ29312817, registered in the Commercial Register of the Regional Court in Brno, Section C, File 73618.

The Administrator can be contacted in any of the following ways:

in person (or in writing) at the Administrator's registered office at: HORMA Displays s.r.o., Havlíčkova 2838/112,
767 01 Kroměříž, Czech Republic;
electronically via e-mail address: sales@111-furniture.com;
by phone at: +420 724 350 956.
Purposes of processing for which personal data are intended and legal basis for processing
3.1. Fulfillment of the purchase contract

The Administrator processes personal data (name, surname, address, telephone number, email) in particular for the purpose of concluding and fulfilling the purchase contract, i.e. at least so that the Administrator can deliver the goods purchased in the online store to the customer.

The legal basis for this processing is Article 6(1)(b) of the GDPR - fulfillment of the contract to which the data subject is a party.

3.2. Fulfillment of the Administrator's legal obligations

The Administrator processes personal data in order to fulfill the Administrator's legal obligations, arising, for example, from accounting and tax laws, the Consumer Protection Act, etc., including the Administrator's obligation to be able to prove that it processes personal data in accordance with generally binding legal regulations, in particular in accordance with the GDPR.

The legal basis for this processing is Article 6(1)(c) of the GDPR - fulfillment of a legal obligation to which the Administrator is subject.

3.3. Legitimate interests of the Controller

The Controller may process personal data for the purpose of:

implementing direct marketing (see Article 5 below);
establishing, exercising or defending legal claims (in particular legal claims arising from a concluded purchase contract).
The legal basis for this processing is Article 6(1)(f) GDPR – the legitimate interest of the Controller.

3.4. Consent of the data subject

Based on the consent of the data subject, the Controller may process personal data for the purpose of:

implementing direct marketing (see Article 5 below);
establishing and maintaining a customer account (see Article 10 below).
The legal basis for this processing is Article 6(1)(a) GDPR – the consent of the data subject.

Processing of personal data based on consent
4.1. Voluntariness

Granting consent to the processing of personal data is completely voluntary. Any refusal to grant consent will not have any adverse consequences for the data subject.

4.2. Withdrawal of consent

Each data subject has the right to withdraw consent to the processing of personal data at any time, in particular in one of the following ways:

via a customer account;
by electronic notification sent to the Controller's e-mail address (see Article 2 above);
by written notification sent to the address of the registered office or establishment/one of the Controller's establishments (see Article 2 above);
by telephone at the Controller's contact details (see Article 2 above).
Consent to the management of a customer account can also be withdrawn by cancelling the customer account (see paragraph 10.2 below).

Withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal.

Direct marketing
5.1. In general

Processing of personal data for direct marketing purposes means processing of personal data for the purpose of sending commercial communications within the meaning of Act No. 480/2004 Coll., on certain information society services, as amended (hereinafter referred to as “Act No. 480/2004 Coll.”).

Commercial communication means any form of communication, including advertising and invitations to visit the website of an online store, intended to directly or indirectly promote goods or services or the image of the Controller (in particular the so-called newsletter.

 

5.2. How does it actually work?

The processing of personal data for the purpose of sending commercial communications to potential customers (i.e. persons who have not yet made a purchase in the online store, but have decided to receive commercial communications) is possible only on the basis of their consent to the processing of personal data. The actual sending of commercial communications to potential customers can also be carried out only on the basis of consent (in accordance with Section 7, Paragraph 2 of Act No. 480/2004 Coll.).

The processing of personal data for the purpose of sending commercial communications to customers (i.e. persons who have already made a purchase in the online store) is possible even without their consent, based on the existence of a legitimate interest of the Controller (see Section 3.3 above or Recital 47 of the GDPR). Also, the sending of commercial communications to customers, if these commercial communications relate to the Administrator's own similar products or services, can be carried out without their consent (in accordance with Section 7(3) of Act No. 480/2004 Coll.), unless the customer initially refused or subsequently refuses. [for more details, see https://uoou.gov.cz/novinky/obchodni-sdeleni/gdpr-a-primy-elektronicky-marketing]

5.3. Legitimate interests

We also use your personal data to provide you with relevant content, i.e. content that is interesting to you. Based on legitimate interest, we process in particular personal data that we process automatically and cookies.

For the same legal reason, we can send you, as our customers, e-mail and SMS messages, and send so-called push notifications via a mobile application.

5.4. Termination of processing for direct marketing purposes

The Controller shall terminate the processing of personal data for direct marketing purposes without delay after the customer or potential customer has expressed their disagreement with such processing. Disagreement may be made, for example, in one of the following ways:

withdrawal of consent to the processing of personal data (see Article 4 above);
expressing disagreement with the processing of personal data in the same way as consent to the processing of personal data can be withdrawn (see Article 4 above);
by unsubscribing, which can be done in each commercial communication;
by raising an objection to such processing (subject to the conditions of Article 21 of the GDPR).
Notwithstanding the above, the Controller shall terminate the processing of personal data for direct marketing purposes no later than 3 years after the last purchase in the online store (conclusion of the purchase contract). Any further purchase therefore always extends the processing period by another 3 years.

If the purchase in the online store never takes place, the Administrator will terminate the processing at the same time as the cancellation of the customer account (see paragraph 10.2 below).

Categories of recipients of personal data
The recipient of personal data is anyone to whom the Administrator provides personal data.

The Administrator will transfer personal data in particular to the following recipients: entities providing accounting or tax services, postal or transport services, newsletter distribution services, legal services, IT services, operators of payment gateways, payment systems, domain administrators, technical support providers, etc. These recipients will process personal data either as independent administrators (i.e. as entities that themselves determine the purposes and means of processing personal data, independently of the Administrator), or as processors (i.e. entities that process personal data for the Administrator, based on its instructions).

In addition, the Administrator will provide personal data to public authorities if this obligation is imposed on it by generally binding legal regulations. These recipients will always process personal data as independent controllers. However, public authorities are not considered recipients in the exercise of their investigative powers.

Transfer to third countries or international organizations
The Administrator will not transfer personal data to third countries or international organizations within the meaning of Art. 44 et seq. GDPR.

Processing period of personal data
Personal data will only be processed for the period necessary for the purpose of their processing. The termination of one of the legal bases for the processing of personal data does not affect the processing of personal data (to the extent necessary) based on another legal basis.

8.1. Performance of the purchase contract

For this purpose, the Administrator will process personal data within 30 days after the termination of the last of the obligations arising from the purchase contract. This does not affect the possibility for the Administrator to subsequently process such personal data based on other legal bases and for the purposes specified in these principles.

8.2. Fulfillment of legal obligations by the Administrator

For this purpose, the Administrator will process personal data for the duration of the relevant legal obligation of the Administrator set out in generally binding legal regulations.

8.3. Legitimate interests of the Administrator

8.3.1. Direct marketing

For this purpose, the Administrator may process personal data until you express your objection to such processing, but no longer than 3 years from the last purchase in the online store (see paragraph 5.3 above).

8.3.2. Legal claims

For this purpose, the Administrator may process personal data for the duration of the relevant legal claim, but no longer than 1 year after the expiry of the limitation period according to generally binding legal regulations. In the event of the initiation and continuation of judicial, administrative or any other proceedings in which the rights or obligations arising from the relevant legal claim are resolved, the period of processing personal data for this purpose shall not end before the final conclusion of such proceedings.

8.4. Consent of the data subject

8.4.1. Direct marketing

For this purpose, the Administrator may process personal data until:

withdrawal of consent to the processing of personal data (see Article 4 above);
expression of disagreement with the processing of personal data, in the same way as consent can be withdrawn (see Article 4 above);
however, no longer than until the cancellation of the customer account (see paragraph 10.2 below).

8.4.2. Customer account management

For this purpose, the Controller may process personal data until the customer account is cancelled (see paragraph 10.2 below).

8.5. Deletion of personal data

Immediately after the processing period pursuant to paragraphs 8.1, 8.2 or 8.3.2 above, the Controller shall anonymize or destroy the relevant personal data for which the purpose of their processing has ceased.

In cases pursuant to paragraphs 8.3.1 or 8.4 above, the Controller shall terminate the processing of personal data for the stated purposes immediately after the withdrawal of consent, expression of disagreement or cancellation of the customer account.

Rights of data subjects
Each data subject has, among others, the following rights:

the right to request access to their personal data (subject to the conditions of Article 15 of the GDPR);

the right to rectification or erasure of personal data (under the terms of Article 16 or Article 17 GDPR);
the right to restriction of processing of personal data (under the terms of Article 18 GDPR);
the right to object to processing (under the terms of Article 21 GDPR);
the right to data portability (under the terms of Article 20 GDPR);
the right to withdraw consent to the processing of personal data (see Article 4 above).
Any data subject who believes that the Controller is processing his or her personal data in a manner that is contrary to the protection of the data subject's private and personal life or to the relevant legal regulation, in particular if the personal data are inaccurate with regard to the purpose of their processing, may

a) request an explanation from the Controller (see Article 2 above for contact details), or

b) request that the Controller remedy the situation, in particular by correcting, supplementing or deleting the personal data (see Article 2 above for contact details).

If the data subject believes that his or her right to the protection of personal data has been violated, he or she also has the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, Holešovice, 170 00 Prague 7.

Customer account

10.1. Creating a customer account

Creating a customer account is completely voluntary, as the Administrator allows purchases to be made in the online store even without creating a customer account (i.e. without registration).

In order for the Administrator to store personal data entered into the form for creating and maintaining a customer account (or entered into the customer account at any time later), the Administrator needs consent.

Until the potential customer concludes a purchase contract with the Administrator (i.e. becomes a customer), and subsequently after fulfilling all obligations under the concluded purchase contract, the Administrator will not handle personal data other than for the purposes of maintaining a customer account; however, this does not affect the Administrator's ability to process personal data on the basis of other legal bases, in particular on the basis of consent granted for the purposes of applying direct marketing (sending commercial communications).

10.2. Cancellation of a customer account

A customer account can be cancelled at any time via the customer account or by submitting a request for cancellation of the customer account to one of the contact addresses specified in Article 2 above.

Notwithstanding the above, the Administrator may cancel the customer account after 3 years from the customer's last purchase in the online store, and the Administrator may cancel the customer account even if the customer breaches his obligations under the purchase contract.

In the event that a purchase in the online store never occurs, the Administrator may cancel the customer account after 3 years from its establishment.

Cookies and other technical data
More information about so-called cookies and other technical data processed when visiting the online store's website is provided in a separate document Cookies.

Basic terms
Personal data is all information about an identified or identifiable natural person (so-called data subject); An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as name, surname, date of birth, address, e-mail address, telephone number, identification number, location data, network identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Processing of personal data is any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

A customer is a natural person who has concluded a purchase agreement with the Administrator through the online store, i.e. a person who has a so-called customer relationship with the Administrator.

A potential customer is a natural person who has not yet concluded a purchase agreement with the Administrator through the online store, i.e. a person who does not have a so-called customer relationship with the Administrator.

Further information on the processing of personal data
The Administrator is obliged to take such technical and organisational measures as to prevent unauthorised or accidental access to personal data, their alteration, destruction, loss, unauthorised transfer or other unauthorised processing or misuse. This obligation applies even after the processing of personal data has been terminated.

In the event of any questions regarding the processing of personal data, the Administrator can be contacted via one of the contact addresses listed in Article 2 above of these principles.

General information on the processing of personal data can also be found on the website of the Office for Personal Data Protection available at www.uoou.cz.

These principles come into force on 12 February 2025.

 

What are you looking for?