1. Data Data Controller
Aviator Custom Guitars s.r.o., headquarters at Komenského 889, 753 01 Hranice, Czech Republic, ID: 089 35 491, registrated by County Court at Ostrava
under insertion C 81355, Tax ID: CZ08935491 (hereinafter referred to as the "Administrator")
You hereby inform, in accordance with Article 12 of the GDPR, the processing of your personal data and your rights.
2. Scope of personal data processing
Personal data is processed to the extent that the data subject has provided the data to Data Controller in connection with the conclusion of a contractual or other legal relationship with the Data Controller or which the Data Controller has collected otherwise and processes them in accordance with the applicable legal regulations or to fulfill the statutory obligations of the Data Controller.
3. Sources of personal data
- directly from data subjects (web site registrations and purchases, emails, phone, chat, contact form on the web, social networks, business cards, etc.)
- publicly accessible registers, lists and records (eg business register, trade register, land register, public telephone directory, etc.)
4. Categories of personal data that are being processed
- addressing and identification data used for the unambiguous identification of the data subject (eg name, surname, title, or birth number, date of birth, permanent address, ID, VAT number) and contact details of the data subject contact address, telephone number, fax number, e-mail address and other similar information)
- descriptive data (e.g., bank account)
- other data necessary for performance of the contract
- data provided in excess of the applicable laws processed within the framework of the consent given by the data subject (photo processing, use of personal data for personnel management, etc.)
5. Categories of data subjects
- Data Controller's website visitor
- Data Controller's customer
- Data Controller's employee
- service provider
- another person who is in a contractual relationship with the Data Controller
6. Categories of recipients of personal data
- data processor
- financial institutions
- public institutions
- state, etc. in the fulfillment of the legal obligations established by the relevant legal regulations
- other recipients (eg transfer of personal data abroad - EU countries)
7. Purpose of personal data processing
- purposes contained within the data subject's consent
- negotiations on a contractual relationship
- performance of the contract
- the protection of the rights of the Data Controller, the recipient or other persons concerned (eg recovery of claims by the Data Controller)
- archiving under the law
- the statutory obligations on the part of the Data Controller
- protection of the vital interests of the data subject
8. Method of personal data processing and protection
Processing of personal data is done by the Data Controller. The processing is carried out at its premises and the headquarters of the Data Controller by the individual authorized employees of theData Controller, or by processor. The processing takes place via computer technology, and manually to personal data in paper form, with all the security policies for managing and processing your personal information.
For this purpose, the Data Controller has adopted technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, alteration, destruction or loss, unauthorized transmission, unauthorized processing, and other misuse of personal data. All entities to which personal data may be made available respect the privacy rights of data protection entities and are required to comply with applicable privacy laws.
9. Time of processing of personal data
In accordance with the deadlines specified in the relevant contracts or in the relevant legislation, it is the time necessary to ensure the rights and obligations flowing both from the obligation relationship and from the relevant legal regulations.
The Data Controller processes the data with the consent of the data subject, except in cases where the processing of personal data does not require the consent of the data subject.
In accordance with Article 6 (1) of the GDPR, the Data Controller may, without the consent of the data subject, process the following data:
- the data subject has given consent for one or more specific purposes,
- processing is necessary for the performance of the contract to which the data subject is subject or for the implementation of measures taken prior to the conclusion of the contract at the request of that data subject,
- processing is necessary to fulfill the legal obligation to which the manager is subject,
- processing is necessary to protect the vital interests of the data subject or other natural person,
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of public authority entrusted to the Data Controller,
- processing is necessary for the purposes of the legitimate interests of the relevant Data Controller or third party, except in cases where the interests or fundamental rights and freedoms of the data subject that require the protection of personal data prevail over those interests.
11. Rights of data subjects
In accordance with Article 12 of the GDPR, the Data Controller shall, at the request of the data subject, inform the data subject of the right of access to personal data and the following information:
- the purpose of processing,
- the category of personal data concerned,
- the recipients or categories of recipients whose personal data have been or will be made available,
- the planned time for which personal data will be stored,
- all available information about the personal data source,
- if they are not obtained from the data subject, the fact that automated decision making, including profiling, occurs.
Any data subject who discovers or considers that the Data Controller or processor processes his or her personal data in a way that is contrary to the privacy or privacy of the data subject, or in violation of law, in particular if personal data are inaccurate with regard to the purpose of processing, may:
- Ask the Data Controller for an explanation.
- Require the Data Controller to remove the resulting state. In particular, it may be blocking, repairing, adding or deleting personal information.
- If the data subject's request under paragraph 1 is found to be justified, the Data Controller shall immediately remove the malfunction.
- If the Data Controller does not satisfy the data subject's request under paragraph 1, the data subject has the right to contact the supervisory authority, the Personal Data Protection Authority directly.
- The procedure provided for in paragraph 1 shall not prevent the data subject from contacting the supervisory authority directly.
- The Data Controller is entitled to require reasonable compensation for the provision of the information, not exceeding the costs necessary to provide the information.
This statement is publicly accessible on the Data Controller's website.
Updated 2020, April 25th