Controller

Controller is in accordance of Article 4 point 7 of General Data Protection Regulation (EP 2016/679) on the protection of natural persons with regards to the processing of personal data and on the free movement of such a data (hereinafter referred to as “GDPR”) is:
4Each s.r.o., VAT Number: CZ24673692, based Nad Kralovskou oborou 147/25, Praha 7, Czech Republic (hereinafter referred to as “controller”).

Contact information of controller is:
Nad Kralovskou oborou 147/25, Praha 7, Czech Republic
Mail: 4each@4each.cz
Phone: +420 212 242 233

A Personal Data Protection Officer (DPO) has been appointed
Ing. Vojtech Jankovsky
Nad Kralovskou oborou 147/25, Praha 7, Czech Republic
Mail: vjankovsky@4each.cz
Phone: +420 212 242 233

Personal data categories and the purpose of personal data processing

Controller is processing data he has received from you to complete the order, specifically:

• Billing contact including name, email, address, and phone,
• Delivery contact including name, address, and phone,
• List of ordered products including number of pieces and price.

Controller is processing data of registered users to make easier next orders, specifically:

• E-mail,
• List of contacts including the name, address and phone

Retention time of data

The data necessary for the performance of the rights and obligations arising from the contractual relationship between the customer and the controller and the exercise of the claims of such relationship shall be kept by the Controller for as long as is necessary (5 years after termination of the contractual relationship).

Data subject to personal data processing (ie. Customer Account) will be kept by Controller for 3 years since the last login.

Data recipients

Data recipients are following persons or companies:

• WeDeCom s.r.o. company, which ensures the operation of the e-shop represented by Mr. Jiří Bláha
• Contractual carriers for gods delivery: Czech post, DHL
• Accountant of 4Each s.r.o. company, Ms. Petra Ježdíková
• PayPal for on-line payment processing

Customer rights

The GDPR provides following rights to you:

• The right to access your personal data
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• The rights related to automated individual decision-making, including profiling

Security of personal data

The Controller has taken all appropriate organizational and technical measures to prevent unauthorized access to personal data, modification or loss and unauthorized processing, in particular:

• Securing web application against common attacks.
• Ensure password logging into the web application and instruct administrators to use strong passwords.
• Running websites on secure HTTPS.
• Limiting access to personal data only for authorized persons.
• Setting the relationship between the owner and the e-shop operator by the processing agreement.