1. Basic provisions
1. 1. What does this policy cover?
This policy contains information about the scope and conditions of the processing of your personal data that we carry out in the course of or in connection with our business activities, in particular when selling goods and providing services, operating our website and e-shop, communicating with you, etc.
1. 2. Who is the controller of my personal data?
Your personal data is administrated by us, namely the company PUMPA,a.s., with registered office at U Svitavy 1, 618 00 Brno, Czech Republic, Business ID no. 25518399, registered in the Commercial Register kept at the Regional Court in Brno under file number B 2555. We are also the operator of the website www.pumpa.eu and the e-shop on this website.
1.3. Why do you process my personal data?
We process your personal data so that we can:
- negotiate contracts with you, in particular to send you price quotations for goods and services according to the parameters specified by you, to create and process your orders and requests for goods and services, to submit price quotations for goods and services requested by you;
- conclude contracts with you;
- supply goods and services which you order from us;
- issue invoices and other documents to you for goods or services supplied;
- identify your payments for goods or services, delivery costs, or other payments;
- deal with any complaints;
- operate and improve our website and e-shop;
- operate your customer account if you use the registration option in the e-shop;
- address any questions or comments you may have about the goods or services we offer;
- deal with any complaints you may have against our company;
- enforce our rights under purchase or other contracts we enter into with you if you fail to fulfil your obligations to us under those contracts, e.g. by failing to pay the price for goods purchased;
- resolve any disputes, whether in or out of court, which may arise between you and us from contracts concluded, the use of the e-shop or for other reasons;
- contact you for marketing purposes, in particular to send you our commercial communications (newsletters), especially about services or goods offered by us, news regarding our product range, discounts, interesting events and other interesting things related to the activities of our company (e.g. trade fairs, exhibitions);
- generate statistics about our business activities, traffic to our website, or the use of our services;
- promote our company and its activities;
- properly maintain our business administration and accounting records and comply with our tax obligations;
- archive our documents.
1.4. What personal data do you process?
For the purposes stated above we process
a) your identification data, in particular your name, surname, academic titles, birth number, date of birth, age, ID number, VAT number, residential address, registered office address (if you are an entrepreneur - natural person), position within the legal entity you represent, gender;
b) your contact details, in particular the delivery or other contact address you provide us with, telephone number (landline, mobile), e-mail address, fax number;
c) your payment details, in particular your bank account number, credit card number, variable symbol, possibly also a specific symbol, a note from the sender or recipient, or any other details you provide in the payment;
d) data about your order, in particular about the goods or services you have ordered;
e) network data that we collect when you access and use our website, in particular your IP address, the MAC address of the device through which you use the site, data about your access to the site, activity on the site, the length of your visit to the site, data about the location of the device through which you use the site;
f) your customer account username;
g) in case of visiting the premises of our company, your likeness as captured on the CCTV footage of our premises.
1.5. Do you process all my personal data for all the purposes you mentioned?
No. We process personal data in accordance with the principle of data minimisation and purpose limitation. This means that we only process your personal data for the purposes for which it is necessary and only to the extent necessary to fulfil that purpose.
1.6. What authorizes you to process my personal data?
We process your personal data on the basis of the reasons set out in the relevant legislation, in particular the General Data Protection Regulation (GDPR) (full name Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), as amended.
We always process your personal data in accordance with the GDPR on the basis of one of the legal reasons set out in Article 6 of the GDPR. These reasons are in particular:
a) your consent to the processing of your personal data;
b) the necessity of processing your personal data for the performance of the contract you have concluded with us or for the implementation of measures taken before the conclusion of the contract;
c) the existence of our legitimate interest in processing your personal data;
d) the necessity of processing your personal data for the performance of our obligations.
1.7. What are your legitimate interests in processing my personal data?
Our legitimate interests in processing your personal data are
a) operating and developing our business activities;
b) improving the quality of the goods and services we offer;
c) operating our website and e-shop, ensuring and improving their functionality;
d) promotion of our business activities, in particular the services or goods offered by us, events organised by us, etc;
e) the enforcement of our legal claims;
f) ensuring the security of our website and e-shop, its users and their customer accounts;
g) protection of our property, protection of life, health and property of our employees, business partners, clients, as well as all persons who are on the premises of our company;
1.8. How long will you process my personal data for?
This depends on the purpose and reason for which we process the personal data. Given the scope of the data processed and the variety of purposes, it is generally not possible to determine this period precisely. Therefore, the duration of the processing of your personal data is defined by the criteria set out below.
If we process your personal data on the basis of your consent to its processing, then we process your personal data for the duration of this consent.
In other cases, we process your personal data for the time necessary to fulfil the purpose for which we process it, including the subsequent administration associated with the termination of processing and erasure of personal data.
If just one of the grounds on which we process your personal data for a particular purpose ceases to exist, this does not automatically mean that we are obliged to stop processing it. As long as we have another reason for processing it (e.g. our legitimate interest in processing it ceases to exist, but the processing of your personal data is still necessary for us to fulfil our obligations arising from a contract between us or fulfil our legal obligations), we may continue to process your personal data until all legal grounds for processing it cease to exist. However, if you withdraw your consent to the processing of your personal data, we will no longer continue to process your personal data for the purpose for which the withdrawn consent was originally granted.
1.9. How do you obtain my personal data and who do you pass it on to?
However, in certain cases, we may receive your personal data from or transfer it to third parties. These persons may be in particular:
- our accountants and tax advisors,
- our lawyers,
- our business partners,
- our IT administrators,
- data storage providers,
- our subsidiaries,
- persons who provide us with marketing and PR services,
- persons involved in the processing of orders, delivery of the goods and payment for the goods and their delivery, i.e., our payment service providers (payment gateways) and our transport and logistics service providers,
- public authorities (in particular courts, authorities),
- law enforcement authorities (in particular the police force and prosecutor’s office).
We may also obtain your personal data from publicly accessible sources such as public registers (in particular the Commercial Register), the Trade Register, the Insolvency Register or the Land Registry.
1.10. Do I have to provide you with my personal data?
In many cases, the provision of personal data is necessary in order for us to comply with our contractual or other obligations, pursue our legitimate interests, etc. For example, in order for us to enter into a contract with you and provide you with services or goods, we need to know, in particular, your identification and contact details. Where possible, we try to clearly inform you (e.g. by means of an asterisk by the fields on the website) which data must be provided.
2. Rights in connection with the processing of personal data
2.1. How do I get information about the processing of my personal data?
Upon your written request, we will provide you with information about the scope and conditions of the processing of your personal data. In addition to this request, in the same way you can also request a copy of your personal data that we process.
We will respond to requests in the same way you submit them (i.e. either electronically or in paper form), unless you ask us to respond in a different way in your request.
If you request multiple copies of your personal data in paper form, we will charge you an administrative fee of CZK 30 for each copy in excess of the first one.
2.2. What can I do if I discover an error in my personal data which you process?
In this case, please send us a request to correct your personal data, stating what the error is and what the correct data is. If there is an error in the data recorded in your customer account, then you can correct this error yourself after logging into your account, unless it is data that cannot be changed directly after logging into your customer account (see Article IV for more on this).
2.3. What can I do if I discover that my personal data which you process is incomplete?
In this case, please send us a request to supplement your personal data, specifying how the personal data we process should be supplemented and for what purpose. However, we would like to inform you that if the data you wish to supplement to the personal data already processed is not necessary for the processing for the purpose you have requested, we are not obliged to supplement this data.
2.4. What can I do if I discover that you process my personal data to a greater extent than is necessary?
As stated above, we only process your personal data for the purposes for which it is necessary and only to the extent necessary to fulfil that purpose. Nevertheless, if you find that we are processing your personal data more than necessary for any of the purposes, then you can send us a written request to restrict the processing. In your request, please inform us of the reasons why you believe that we process your personal data to a greater extent than is necessary for the purpose. We will carefully evaluate your request and, if we find it justified, we will take measures to limit the scope of processing.
2.5. What can I do if I don't want you to keep my personal data?
In this case, please send us a written request to erase your personal data. We will carefully examine the request and, if we find it justified, we will erase your personal data. The reasons for which you can request the erasure of your personal data can be found in Article 17 of the GDPR. However, in certain cases we may not grant your otherwise reasonable request. To see which cases it concerns please refer to Article 17 of the GDPR (e.g. if the processing will be necessary for the exercise of the right to freedom of expression and information).
2.6. Can I transfer my personal data that you process to another controller?
At your written request, we will provide you with your personal data in a machine-readable format or, if you ask us to do so, we will provide it directly to another controller that you specify for this purpose in your request. However, please note that this right only applies to your personal data that we process for the performance of a contract between you and our company, and only if we process it in an automated form.
2.7. What can I do if I don't like the way you process my personal data?
If we process your personal data on the grounds of our legitimate interest, you may object to such processing in writing. In response to your objection, we will assess whether our legitimate interest in such processing continues and is not overridden by the interest in protecting the rights and freedoms of natural persons. If we find that your objection is justified, we will cease the processing of your personal data to which you have objected.
It is also possible to lodge a complaint against the processing of personal data with the supervisory authority in the field of personal data processing, which in the Czech Republic is the Office for Personal Data Protection.
3. Consent to the processing of personal data
3. 1. When do you need my consent to process my personal data?
We only require consent to process your personal data in cases where we cannot process your personal data for that purpose on any other legal basis. We therefore only ask for your consent in exceptional cases, e.g. for marketing purposes or for the processing of personal data via cookies, except for those without which our website would not function properly.
3.2. Do I have to give you my consent?
Consent is completely voluntary and you can withdraw it at any time. In particular, the granting of consent is not a condition for the provision of other services.
3.3. How can I withdraw my consent?
3.4. Can commercial communications be sent to me without my consent?
If you have provided us with your e-mail address in connection with the sale of products offered by us or the provision of our services, we may, in accordance with the Act on Certain Information Society Services (Act No. 480/2004 Coll.), send you commercial communications to this e-mail address without your consent. In this case, we process your e-mail address on the basis of our legitimate interest. This is our interest in the promotion of our business activities, especially the goods and services we offer, discount and special offers and other events related to our company.
However, you can object to this processing (see paragraph 2.7. for more information on the right to object). At the same time, in each e-mail containing commercial communications, you have the option to unsubscribe from commercial communications free of charge by clicking on the relevant link. If we receive your objection to sending them or if you unsubscribe from receiving them, we will no longer send you commercial communications to your e-mail address.
4. Registration, customer and user accounts
4.1. How can I create a customer account?
By registering on our website you can create a customer account. For the purpose of registration it is necessary to complete and send the registration form. The information marked with an asterisk must be completed on the registration form in order for the registration to take place and for the customer account to serve its purpose.
4.2. How do I log in to my customer account?
You log in to your customer account using the login name and password you have chosen.
4.3. What precautions must be taken to ensure the security of my customer account?
Your personal data is collected in your customer account. It is therefore essential that you are aware of the risks arising from possible unauthorised access to your customer account by third parties, in particular the risks associated with the possible misuse of your customer account and the personal data collected therein.
As the operator of the www.pumpa.eu website and e-shop, we ensure, to the best of our abilities, the highest possible level of security, including the security of your customer account and your personal data collected therein. However, without you also taking the necessary measures to secure your customer account and your personal data, any security efforts on our part are useless.
First of all, do not disclose your customer account login details, especially your password, to anyone.
When choosing a password, it is essential to remember that weak (simple) passwords can be easily cracked by third parties (hackers), either by using specialised password cracking tools or by simply guessing. It is therefore crucial that you choose a sufficiently strong (complex) password that cannot be easily cracked by third parties. Your password must meet the requirements listed in the registration form. The system will not allow you to set a password that does not meet these requirements.
Furthermore, you must always log out of your customer account immediately after you have finished using it. Otherwise, you are making it easy for a third party who accesses the computer on which you have used your customer account to misuse your customer account and your personal data.
We therefore ask you to take all necessary precautions to secure your customer account and your personal data collected therein. The above examples are a guide, but they are by no means an exhaustive list of measures you should follow.
Please remember that you are responsible for any misuse of your customer account or the data collected therein that is caused by your error.
4.4. How can I change the data in my customer account?
If you have registered under an IČO (Business ID number), you can only change your password directly after logging into your customer account. To change other details, please contact the salesperson who is assigned to you. If you registered without entering an IČO, then you can change the data entered in the customer account directly after logging into the customer account.
4.5. How can I close my customer account?
Upon your written request, we will close your customer account without undue delay. Requests can be sent to us electronically (e-mail) at the e-mail address email@example.com, or by letter to the address PUMPA,a.s., U Svitavy 1, 618 00 Brno.
4.6. Can you close my customer account without a request?
Yes, we can also close your customer account ourselves, without your request, but only in the following cases:
a) if you do not log into your customer account for more than 12 (twelve) months;
5. Concluding Provisions
5.1. Can this policy be changed? Where can I find the current version?
5.2. If the written form is required, does that include e-mail?
5.3. From when does this policy apply?