-
shop
discover our products.
- modular system
- inspiration
- about us
adopted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”), and in accordance with Act No. 110/2019 Coll., on the Processing of Personal Data.
Boq architekti s.r.o.
Registered office: Kaprova 42/14, 110 00 Prague 1
E-mail: gdpr@haptic.store
Store domain: www.haptic.store
Company ID: 03612449, VAT ID: CZ03612449
Entered in the Commercial Register kept by the Municipal Court in Prague, File No. C 234601
As the operator of the online store www.haptic.store (hereinafter the “Controller”), the Controller processes personal data of data subjects – natural persons who:
The Controller ensures that the processing of personal data of data subjects is lawful, fair, transparent, accurate, confidential, and limited to what is necessary. The Controller also ensures that personal data are properly secured and that all rules laid down by the GDPR and other legal regulations on the handling of personal data are complied with.
These principles are adopted, among other things, to demonstrate the Controller’s compliance of personal data processing with legal regulations. Explanations of individual terms related to personal data processing used in these principles are set out in Article 12 below.
The controller of personal data is Boq architekti s.r.o.
Registered office: Kaprova 42/14, 110 00 Prague 1
E-mail: gdpr@haptic.store
Store domain: www.haptic.store
Company ID: 03612449, VAT ID: CZ03612449
Entered in the Commercial Register kept by the Municipal Court in Prague, File No. C 234601
The Controller can be contacted in any of the following ways:
The Controller processes personal data (name, surname, residence, phone number, e-mail) primarily for the purpose of concluding and performing a purchase contract, i.e., at a minimum to deliver goods purchased in the online store to the customer. The legal basis is Article 6(1)(b) GDPR – performance of a contract to which the data subject is a party.
The Controller processes personal data to comply with its legal obligations, e.g., under accounting and tax laws, the Consumer Protection Act, etc., including the obligation to demonstrate that personal data are processed in accordance with generally binding legal regulations, in particular the GDPR. The legal basis is Article 6(1)(c) GDPR – compliance with a legal obligation applicable to the Controller.
The Controller may process personal data for the purpose of:
The legal basis is Article 6(1)(f) GDPR – the Controller’s legitimate interest.
Based on the data subject’s consent, the Controller may process personal data for the purpose of:
The legal basis is Article 6(1)(a) GDPR – consent of the data subject.
Giving consent to the processing of personal data is entirely voluntary. Failure to give consent will not have any adverse consequences for the data subject.
Every data subject has the right to withdraw consent to the processing of personal data at any time, in particular by:
Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Processing personal data for direct marketing means processing for the purpose of sending commercial communications within the meaning of Act No. 480/2004 Coll., on Certain Information Society Services, as amended (“Act No. 480/2004 Coll.”). A commercial communication means any form of communication, including advertising and invitations to visit the online store, intended to directly or indirectly promote the Controller’s goods, services, or image (in particular newsletters).
Processing personal data for sending commercial communications to potential customers (persons who have not yet purchased in the online store but have opted in to receive commercial communications) is possible only on the basis of their consent to personal data processing. Sending commercial communications to potential customers likewise requires their consent (pursuant to Section 7(2) of Act No. 480/2004 Coll.).
Processing personal data for sending commercial communications to customers (persons who have already purchased in the online store) is possible even without their consent, based on the Controller’s legitimate interest (see Article 3.3 above or Recital 47 GDPR). Sending commercial communications to such customers regarding the Controller’s own similar products or services may likewise be carried out without their consent (pursuant to Section 7(3) of Act No. 480/2004 Coll.), provided the customer did not refuse or does not subsequently refuse such communications.
The Controller will cease processing personal data for direct marketing without undue delay after a customer or potential customer expresses their disagreement with such processing. Disagreement may be expressed, for example, by:
Regardless of the above, the Controller will cease processing personal data for direct marketing no later than 3 years from the last purchase in the online store (conclusion of a purchase contract). Each subsequent purchase extends the processing period by another 3 years.
If no purchase is ever made in the online store, the Controller will terminate processing at the same time as the customer account is cancelled (see Article 10.2 below).
A recipient of personal data is anyone to whom the Controller provides personal data. The Controller will transfer personal data in particular to the following recipients: entities providing accounting or tax services, postal or transport services, newsletter distribution services, legal services, IT services, payment gateway or payment system operators, domain administrators, technical support providers, etc. These recipients will process personal data either as independent controllers (i.e., entities that determine purposes and means of processing independently of the Controller) or as processors (entities processing personal data for the Controller according to its instructions).
In addition, the Controller will provide personal data to public authorities where such obligation is imposed by generally binding legal regulations. These recipients will always process personal data as independent controllers. Public authorities acting within their investigative powers are not considered recipients.
The Controller will not transfer personal data to third countries or international organisations within the meaning of Articles 44 et seq. GDPR.
Personal data will be processed only for the period necessary in view of the purpose of processing. The expiry of one legal basis for processing does not affect processing (to the necessary extent) on the basis of another legal basis.
For this purpose, the Controller will process personal data for up to 30 days after the expiry of the last obligation arising from the purchase contract. This is without prejudice to the Controller’s ability to further process such personal data on other legal bases and for the purposes stated in this policy.
For this purpose, the Controller will process personal data for the duration of the relevant legal obligation set by generally binding legal regulations.
For this purpose, the Controller may process personal data until disagreement with such processing is expressed, but no longer than 3 years from the last purchase in the online store (see Article 5.3 above).
For this purpose, the Controller may process personal data for the duration of the relevant legal claim, but no longer than 1 year after the expiry of the limitation period under generally binding legal regulations. If judicial, administrative or other proceedings are initiated and ongoing in which rights or obligations arising from the relevant claim are addressed, the processing period for this purpose will not end before the final conclusion of such proceedings.
For this purpose, the Controller may process personal data until:
but no later than until the customer account is cancelled (see Article 10.2 below).
For this purpose, the Controller may process personal data until the customer account is cancelled (see Article 10.2 below).
Without undue delay after the expiry of the processing periods under Articles 8.1, 8.2 or 8.3.2 above, the Controller will anonymise or destroy the respective personal data for which the processing purpose has ceased.
In the cases under Articles 8.3.1 or 8.4 above, the Controller will cease processing personal data for the stated purposes without undue delay after consent is withdrawn, disagreement is expressed, or the customer account is cancelled.
Every data subject has, among others, the following rights:
Any data subject who believes that the Controller is processing their personal data in a manner that infringes the data subject’s privacy or applicable legal regulations, in particular if personal data are inaccurate in relation to the purpose of processing, may:
If the data subject believes that their right to personal data protection has been violated, they also have the right to lodge a complaint with the supervisory authority, i.e., the Office for Personal Data Protection, Pplk. Sochora 27, Holešovice, 170 00 Prague 7.
Creating a customer account is entirely voluntary, as the Controller allows purchases in the online store even without creating an account (guest checkout). For the Controller to store personal data entered in the form for creating and managing the customer account (or added to the account later), consent is required.
Until a potential customer concludes a purchase contract with the Controller (i.e., becomes a customer) and subsequently after all obligations under the concluded purchase contract have been fulfilled, the Controller will not handle personal data other than for the purpose of managing the customer account; this does not affect the Controller’s ability to process personal data on other legal bases, in particular on the basis of consent granted for direct marketing (sending commercial communications).
A customer account can be cancelled at any time via the account settings or upon a cancellation request sent to any of the contact addresses listed in Article 2 above.
Notwithstanding the foregoing, the Controller may cancel a customer account 3 years after the customer’s last purchase in the online store, and may also cancel the account if the customer breaches their obligations under the purchase contract. If no purchase is ever made, the Controller may cancel the customer account 3 years after it is created.
More detailed information about cookies and other technical data processed when visiting the online store website is provided in a separate Cookies document.
Personal data means any information relating to an identified or identifiable natural person (the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, surname, date of birth, residence, e-mail, telephone number, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
A customer is a natural person who has concluded a purchase contract with the Controller through the online store, i.e., a person who has a customer relationship with the Controller.
A potential customer is a natural person who has not yet concluded a purchase contract with the Controller through the online store, i.e., a person who does not have a customer relationship with the Controller.
The Controller is obliged to adopt technical and organisational measures to prevent unauthorised or accidental access to personal data, their alteration, destruction, loss, unauthorised transmission or any other unauthorised processing or misuse. This obligation continues even after the processing of personal data has ended.
For questions regarding personal data processing, the Controller can be contacted via any of the contact addresses listed in Article 2 above. General information on personal data processing can also be found on the website of the Office for Personal Data Protection at www.uoou.cz.
These principles take effect on 1 July 2024.
