INFORMATION MEMORANDUM ON DATA PROTECTION
Our company, iuven.io s.r.o., with its registered office at Wichterlova 2372/10, Libeň, 180 00 Prague 8, business ID number 04534689, entered in the Commercial Register administered by the Prague Municipal Court in file C 249259, operates a website at www.iuvenio.com (“the website”) and focuses on the production, distribution and sale of cosmetic products. As part of the website, we also operate an online shop where you can purchase the goods offered (“the e-shop”).
In relation to the operation of the website and the e-shop, we collect and process your personal data. In this Information Memorandum, you can read who is subject to this processing, how this processing is performed and what rights you can exercise in this context.
1. WHO THE CONTROLLER OF YOUR PERSONAL DATA IS AND WHO YOU CAN CONTACT
We are the controller of personal data, i.e., the company iuven.io s.r.o., with its registered office at Wichterlova 2372/10, Libeň, 180 00 Prague 8, business ID number 04534689, registered in the Commercial Register administered by the Prague Municipal Court in file C 249259. You can contact us by email at email@example.com, by data mailbox at 4itbcw2 or by phone on +420 731 271 431.
2. WHOSE PERSONAL DATA WE PROCESS
In relation to our activities, we collect and subsequently process the personal data of the following groups of people:
The primary data subjects whose data we process are, of course, our customers who purchase our cosmetic products from the e-shop.
2.2 Visitors to the website and e-shop
We also process the personal data of visitors to the website and e-shop, including those visitors who have given us consent to receive commercial communications or have created a user account on the website or e-shop.
2.3 Trading partners
Another group of people whose personal data we process in relation to our activities is our trading partners.
2.4 Job applicants and employees
We also process the personal data of our employees and applicants for employment with our company.
2.5 Our suppliers
An additional category is our suppliers of various services and goods.
2.6 Other subjects
The other subjects whose data we process include in particular those people who have attended one of our seminars or other social events, who have given us their business card or have otherwise been in contact with us, and have also consented to receiving commercial communications.
You may withdraw your consent at any time by clicking “unsubscribe” in any of the emails we send you.
3. WHAT PERSONAL DATA WE PROCESS
Depending on the relationship you have with us (see subject types above), we process in particular the following information about you:
3.1 General identification and contact details
First name, surname (including former), permanent address, delivery address, email address and telephone number, date and place of birth, personal ID number, education, title, photograph, employment history, skills and experience, interests, professional credentials and memberships, signature, identification number (ID number), tax identification number (TIN), registered office address, file number of legal or other similar proceedings.
3.2 Billing information
We also store and process invoices and other data provided to us by customers and trading partners.
3.3 Information about purchasing goods in the e-shop
These are details of what cosmetic products you have purchased and at what price.
This data is mainly used to provide a better user experience and personalised content for our website and e-shop.
3.5 Records of communication between us
These are primarily records of our communication through any communication channel. In particular, this involves email, written or other interaction between us and you. We do not use phone records.
4. WHY WE NEED THE PERSONAL DATA AND THE LEGAL BASIS FOR PROCESSING IT
We use your personal data for purposes related to our business, i.e., in relation to the production, presentation, offering, distribution and sale of cosmetic products, in particular through the website and e-shop. This includes (a) fulfilling our contractual obligations, (b) complying with the legal obligations that apply to us, and (c) protecting our legitimate interests. With the exception of cookies and the processing of data for indirect marketing purposes, we do not in principle need to obtain your consent, as the processing is permitted directly by law.
The specific purposes are in particular:
(i) the sale of cosmetic products in the e-shop – the legal basis for this processing is entering into and implementing a purchase agreement and the fulfilment of the legal obligations that apply to us;
(ii) communicating with you or others in relation to the operation of the website and e-shop – the legal basis for this processing is entering into and implementing a purchase agreement, compliance with legal obligations that apply to us and the protection of our legitimate interests;
(iii) compliance with the requirements of supervisory and other state authorities, provision of mandatory cooperation, including compliance with legal obligations arising from special legislation (e.g., the Consumer Protection Act, Public Health Act, etc.) – the legal basis for this processing is compliance with the legal obligations that apply to us;
(iv) direct marketing (i.e., sending commercial communications to existing customers and trading partners, including those with whom we terminated the business relationship no more than one year ago) – the legal basis for this processing is the protection of our legitimate interests;
(v) indirect marketing – the legal basis for this processing is your consent;
(vi) ensuring that the website and e-shop function properly and resolving any problems – the legal basis for this processing is the protection of our legitimate interests;
(vii) defending our legal claims in judicial, extrajudicial or other proceedings – the legal basis is our legitimate interest.
5. WHERE WE GET THE PERSONAL DATA FROM
We usually obtain personal data directly from you when you voluntarily provide it to us. We may also obtain personal data from others on the basis of your consent or from third parties authorised to access and share your personal data. We also obtain data from our own activities.
6. HOW LONG WE KEEP PERSONAL DATA
We take all steps to ensure that the personal data we process is reliably fit for the intended purpose and is sufficiently accurate and complete to fulfil the purposes described in this Information Memorandum. We therefore only retain personal data for the time necessary.
Below are examples of some of our retention periods that we observe in this context:
(i) we retain personal data from documentation and communication with customers, trading partners and others for no longer than the maximum statutory limitation period in a given case in order to be able to present evidence in legal disputes and defend our interests;
(ii) we retain personal data for direct marketing purposes for the duration of our contractual relationship and for one year after its termination;
(iii) the accounting records that we use to support our accounting (which may include some, in particular, personal billing information) are retained in accordance with Act No 563/1991 Coll. on accounting, as amended, for a period of at least five years commencing at the end of the relevant accounting period; and
(iv) if you consent to us processing and sharing your data for purposes other than direct marketing, we will process your personal data until you withdraw your consent.
7. WITH WHOM WE SHARE PERSONAL DATA
Your personal data may be transferred to third parties if this is necessary to achieve any of the purposes listed above. Whilst the list of external subjects changes over time and may be partially protected by trade secrets, we at least disclose the categories of potential recipients to you.
As part of our business, we use a number of external subjects to perform certain activities that form part of our Services to ensure that we operate as efficiently as possible. Within the framework of this outsourcing, the personal data of customers, trading partners and others may also be processed on the basis of legal regulations (we do not need consent for this processing). Our suppliers therefore become processors, but are only entitled to handle the personal data of customers, trading partners and others for the purposes of the activities they perform for us. These include law firms, IT service providers, marketing agencies, advertising agencies, graphic designers or other artists, debt collectors, document and records management providers, etc.
In order to comply with our other legal obligations, we are sometimes obliged to transfer your personal data to the relevant government authorities or other public authorities (e.g., tax authorities, courts, law enforcement authorities, etc.).
8. USE OF AUTOMATED INDIVIDUAL DECISION-MAKING
We do not automatically process any personal data or use automated decision-making as part of our activities.
9. YOUR RIGHTS IN RELATION TO DATA PROTECTION
Protecting your privacy is a priority for us and we take the exercise of your rights seriously. The preferred way for you to exercise your rights with us is by using a data mailbox that allows you to verify your identity securely. Our data mailbox ID is 4itbcw2. If you choose another method where there is reasonable doubt about your identity, we may ask you to provide additional information to verify it.
We provide all communication and statements regarding the rights you have exercised free of charge. However, if a request is manifestly unfounded or unreasonable, in particular because it is repetitive, we are entitled to charge a reasonable fee taking into account the administrative costs involved in providing the requested information.
We will provide you with a statement and, if necessary, information on the measures taken as soon as possible, but within one month at the latest. We are entitled to extend the deadline by two months if necessary, taking into account the complexity and number of applications. We will inform you about the extension including the reasons.
(i) You have the right to access your data – you can ask us to confirm that we are processing your data and to provide you with a copy of this data.
(ii) You have the right to rectify and complete your data – you can ask us to correct inaccurate data. You also have the right to have us supplement any incomplete data.
(iii) You have the right to erasure – you can also ask us to erase your data without undue delay, unless we have a legal basis for processing it.
(iv) You have the right to restriction of processing – you can ask us to restrict the processing of your data (i.e., to not use it, but not destroy it completely).
(v) You have the right to portability of your data – you have the right to have us provide you with data relating to you in a structured, commonly-used and machine-readable format or, where appropriate, to have that data transferred to another controller.
(vi) You have the right to object – you have the right to object to the processing of data that is carried out for the purposes of our legitimate interests. If we are subsequently unable to demonstrate to you that we have compelling reasons for this processing which override your interests or rights and freedoms, or which are necessary for the establishment, exercise or defence of legal claims, the processing of your personal data will cease.
(vii) You have the right to withdraw your consent – if we use your consent to process your data, you are entitled to withdraw your consent at any time. Withdrawal of consent only applies to future processing, so the lawfulness of the previous processing will not be affected in any way. You may use any of the contacts listed above to withdraw your consent, which must include information about:
• who is making the appeal (i.e., attach your first name, surname, home address, date of birth, or other identifying information); and
• what specific consent you are withdrawing and to what extent.
(viii) You have the right to lodge a complaint with the Office for Personal Data Protection – if for any reason you believe that the processing of your data is not being carried out in an orderly manner, you may contact the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Prague 7, email: firstname.lastname@example.org, phone: +420 234 665 111.
10. PERSONAL DATA TRANSFER TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
We will not transfer personal data to countries outside the European Union or the European Economic Area or to any international organisation.
In an effort to keep your personal data as secure as possible, we take appropriate technical, physical, legal and organisational measures in accordance with applicable privacy and data security laws. If you have reason to believe that your communication with us is no longer secure (for example, if you believe that the security of any personal data you have entrusted to us has been compromised), please notify us immediately using the contact details above.