1. General Provisions

  1. The personal data controller within the meaning of Art. 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons concerning the processing of personal data and on the free movement of such data (hereinafter the “GDPR”) shall be TIMI CREATION s.r.o., Id. No.: 09121994, with its registered office at Morseova 1126/5, 301 00 Plzeň (hereinafter the “Controller”).
  2. Controller’s contact details:
    Address: Morseova 1126/5, 301 00 Plzeň
    E-mail: info@timic.cz
    Telephone: +420 705 108 018
  3. Personal data shall mean any information relating to an identified or identifiable natural person; an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  4. Any questions, suggestions or requests may be sent to the e-mail address: info@timic.cz.

2. Sources and categories of the personal data processed

  1. The Controller processes personal data provided by you or collected by the Controller in the course of the performance of your purchase order.
  2. The Controller processes your identification and contact details, other voluntarily provided data, details regarding purchase orders and the performance thereof, data on the use of Services and the login credentials.

3. Legal basis and purpose of personal data processing

  1. The legal basis for personal data processing:
    • performance of a contract between you and the Controller according to Art. 6 (1)(b) of the GDPR;
    • compliance with legal obligations according to Art. 6 (1)(c) of the GDPR;
    • the Controller’s legitimate interest according to Art. 6 (1)(f) of the GDPR, in particular, to engage in direct marketing (mostly consisting in sending commercial communications and newsletters), and to protect its rights;
    • your consent to the processing for direct marketing (consisting, in particular, in sending commercial communications and newsletters) according to Art. 6 (1)(a) of the GDPR in conjunction with Section 7 (2) of Act No. 480/2004 Coll., on certain services of the information society, if no goods or services were ordered.
  2. The purposes of personal data processing:
    • processing of your purchase order and the exercise of rights and fulfilment of obligations arising from the contractual relationship between you and the Controller, as well as the compliance with related legal requirements; placing an order, requires filling in certain personal data necessary for successful processing of the purchase order (name, address, contact details); the provision of personal data is a necessary precondition for the execution and performance of a contract; without providing the personal data, a contract cannot be executed or fulfilled by the Controller;
    • sending commercial communications and performance of other marketing activities;
    • keeping a User Account and using other Services provided by the Controller, including the support services.
  3. The Controller does not use automated individual decision-making within the meaning of Article 22 of the GDPR.

4. Data retention period

  1. The Controller shall retain the personal data:
    • for the term of the contractual relationship and no longer than for 10 years following the termination of the contractual relationship if the personal data are processed based on the performance of a contract;
    • until the consent is revoked, however, not longer than for 10 years following granting of such consent if the personal data are processed based on a consent;
    • otherwise for the period necessary for the fulfilment of the purpose of the processing, however, not longer than for 10 years.
  2. The Controller shall delete the personal data upon expiry of the retention period.

5. Recipients of personal data (Controller’s subcontractors)

  1. Recipients of personal data shall be the persons:
    • participating in the delivery of goods/services/processing of payments under a contract;
    • providing e-shop services, as well as other services in connection with the operation of an e-shop;
    • providing licensing rights;
    • providing marketing services.
  2. The Controller shall not transfer the personal data to third countries (to countries outside the EU), except for the recipients specified herein. The recipients specified herein shall not make the personal data available any further; a copy of the personal data processed may be obtained from them.
  3. The processing services used, including marketing and support tools:
    • Google Analytics – tracks cookies and web use
    • Google Adwords – tracks cookies and web use

6. Your rights

  1. Under the conditions stipulated by the GDPR you shall have:
    • the right of access to your personal data according to Article 15 of the GDPR;
    • the right to rectification of personal data according to Article 16 of the GDPR or to a restriction of processing according to Article 18 of the GDPR;
    • the right to the erasure of personal data according to Article 17 of the GDPR;
    • the right to object, according to Article 21 of the GDPR, to the processing on the legal basis of legitimate interests or for direct marketing;
    • the right to data portability according to Article 20 of the GDPR;
    • the right to withdraw consent to personal data processing at any time; it is possible to unsubscribe from receiving commercial communications, i.e. to withdraw consent with the related personal data processing through the link included in the communications.
  2. Furthermore, if you believe that your right to personal data protection has been violated, you have the right to complain with the Office for Personal Data Protection.

7. The conditions of personal data security

  1. The Controller represents that it has implemented all the appropriate technical and organizational measures for personal data protection.
  2. The Controller has adopted technical measures to secure the data storage and storage of personal data in hard copy form, including, in particular, a secured/encrypted access to the internet, encryption of customers’ passwords in the database, regular updates of the system and regular backup of the system.
  3. The Controller represents that only authorized persons of the Controller shall have access to the personal data.

8. Cookies

  1. To improve the quality of the Services and facilitate their use, in particular, to analyze traffic, user behaviour, personalization of advertising and access to the social media functions, the Services utilize cookies. The cookies may be saved directly by the Controller, or they may be third-party cookies (see the recipients under paragraph V.3 hereof). These files may not directly contain personal data, however, in conjunction with other data, may gain the nature of personal data. By using the Service, you expressly consent to save cookies on your device and their further utilization by the Controller. You may withdraw your consent at any time through the individual settings of your endpoint device (e.g. settings of your internet browser). In such a case you acknowledge that blocking or deleting cookies may influence the proper functioning of the Services

9. Final Provisions

  1. This Privacy Policy forms an integral part of the Terms and Conditions available at https://store.timic.cz/terms-and-conditions 
  2. This Privacy Policy enters into effect on 1st April 2021.