top of page

PRINCIPLES OF
PERSONAL DATA PROCESSING & PROTECTION UNDER THE GDPR
(hereinafter also referred to as "Principles")

of Tamandua s.r.o., with registered office at Na Nábřeží 112, 517 71 České Meziříčí, Czech Republic, identification number: 21222177, registered in the Commercial Register, Section C, Insert 52444, kept at the Regional Court in Hradec Králové.

1. INTRODUCTORY PROVISIONS

1.1. The controller of personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "GDPR") is: the trading company Tamandua s.r.o, with its registered office at Na Nábřeží 112, 517 71 České Meziříčí, Czech Republic, identification number: 21222177, registered in the Commercial Register, Section C, Insert 52444, kept at the Regional Court in Hradec Králové. Contact - e-mail: tamandua@tamandua.shop, telephone: +420 733 579 530.

1.2. When processing personal data, the Administrator shall comply with the GDPR, Act No. 101/2000 Coll., on the protection of personal data, Act No. 89/2012 Coll., the Civil Code and other related legislation.

1.3. Below is a list of personal data, the manner in which they are processed, the period for which your personal data are processed, the purpose of the processing, as well as the information provided to you as data subjects by the controller.

2. CATEGORIES OF PERSONAL DATA

2.1. The controller processes only the strictly necessary basic data, namely:

  1. Identification data (your name and surname, business name, residential or registered office address, if applicable also your delivery address, VAT number, tax identification number, your date of birth)

  2. contact details (your email and phone number or IP address).

2.2. The controller processes personal data that you have provided to the controller or personal data that the controller has obtained as a result of the fulfilment of your order.

3. REASON AND PURPOSE FOR PROCESSING PERSONAL DATA

3.1. The lawful reason for processing personal data is:

  1. the performance of a contract to which you as the data subject are a party,

  2. the fulfilment of the legal obligation of the administrator,

  3. the legitimate interest of the controller in providing direct marketing,

  4. your consent to the processing of personal data for the purpose of direct marketing (sending commercial communications and newsletters).

3.2. The controller processes personal data for the purpose of processing your order, for the purpose of fulfilling its own legal obligations towards the state (e.g. tax) and for marketing activities.

3.3. You may withdraw your consent to the sending of commercial communications to the controller at any time (see paragraph 7.6 of the Policy).

4. RETENTION PERIOD OF PERSONAL DATA

4.1. The controller shall retain your personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship or for the period necessary to fulfil archiving obligations under other legislation (Accounting Act, Archives and Records Act, VAT Act), but no longer than 10 years after the termination of the contractual relationship. Unless you withdraw your consent to the processing of personal data for direct marketing purposes, the data is processed for a maximum of 3 years.

4.2. We will delete your personal data after the retention period has expired.

5. SECURITY OF PERSONAL DATA

5.1. Taking into account the state of the art, the cost of implementation, the nature, scope, context and purposes of the processing, as well as the different likely and different risks to the rights and freedoms of natural persons entailed by the processing, the controller has put in place appropriate technical and organisational measures to comply with the GDPR and to protect the rights of data subjects.

6. RECIPIENTS OF PERSONAL DATA

6.1. The controller transfers personal data to the following recipients:

  1. external accountants,

  2. payment service providers and payment processors to secure the transfer of funds,

6.2. We do not transfer your personal data to a country outside the European Union. Personal data is processed manually and automatically.

7. YOUR RIGHTS

7.1. RIGHT OF ACCESS TO PERSONAL DATA (Article 15 GDPR)

You have the right to request access to the personal data processed concerning you and to the following information:

  1. the purpose of processing personal data;

  2. the category of personal data processed;

  3. the category of recipients to whom the personal data have been or will be disclosed;

  4. the period of processing and storage of personal data;

  5. any available information about the source of the personal data, unless it is obtained from you;

  6. whether automated decision-making, including profiling, takes place.

7.2. the right to rectification of personal data (Article 16 GDPR)

You may contact us to request a correction if the information we hold about you is inaccurate, incomplete or out of date. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by providing an additional declaration.

7.3. RIGHT TO DELETION OF PERSONAL DATA (Article 17 GDPR)

You can contact us to request that your personal data be deleted if:

  1. the data is not necessary for the purpose for which it was collected or otherwise processed,

  2. if you have withdrawn your consent to data processing,

  3. the data was processed unlawfully,

  4. the data must be erased to comply with a legal obligation under EU or Member State law to which the controller is subject; or

  5. if you have objected to processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for processing or you object to processing pursuant to Article 21(2) GDPR.

7.4. RIGHT TO LIMIT THE PROCESSING OF PERSONAL DATA (Article 18 GDPR)

You have the right to restrict the processing of personal data if:

  1. you deny the accuracy of the personal data for the time necessary for us to verify the accuracy of the personal data;

  2. the processing is unlawful and you refuse the erasure of your personal data and request instead that its use be restricted;

  3. we no longer need the personal data for processing purposes, but you require it for the establishment, exercise or defence of legal claims;

  4. you have objected to processing pursuant to Article 21(1) of the GPDR until it is verified that our legitimate grounds outweigh your legitimate grounds.

If you have reached a processing restriction, you will be notified in advance that the processing restriction will be lifted.

7.5. RIGHT TO PORTABILITY OF PERSONAL DATA (Article 20 GDPR)

You can ask us to provide your personal data in a structured, commonly used and machine-readable format or to transfer it directly to another controller if:

  1. the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR; and

  2. processing is carried out automatically.

7.6. THE RIGHT TO WITHDRAW YOUR CONSENT TO THE PROCESSING OF PERSONAL DATA AT ANY TIME

You may withdraw your consent to the processing of your personal data at any time, without prejudice to the lawfulness of the processing based on the consent prior to its withdrawal.

7.7. RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA (Article 21 GDPR)

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you on the basis of Article 6(1)(e) or (f), including profiling based on these provisions. We will no longer process personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests or rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for this marketing, which includes profiling insofar as it relates to this direct marketing.

7.8. THE RIGHT TO LODGE A COMPLAINT

If you believe that we are unlawfully processing your personal data, you have the right to lodge a complaint with the supervisory authority, which is:

Data Protection Authority,

registered office Pplk. Sochora 27, 170 00 Prague 7

DS ID: qkbaa2n,

e-mail: official: posta@uoou.cz, telephone: landline: +420 234 665 111 (switchboard), fax: +420 234 665 444.

8. PERSONAL DATA BREACH

8.1. If a data breach is likely to result in a high risk to your rights and freedoms, we will notify you of the breach without undue delay. The notification will describe the nature of the personal data breach and will include at least the information and measures referred to in Article 33(3)(b), (c) and (d) of the GDPR. Such notification shall not be required if any of these conditions are met:

  1. we have put in place appropriate technical and organisational safeguards and these safeguards have been applied to the personal data affected by the personal data breach, in particular those that make the data incomprehensible to anyone not authorised to access it, such as encryption;

  2. we have taken follow-up measures to ensure that the high risk to your rights and freedoms is no longer likely to occur;

  3. it would require a disproportionate effort.

9. COOKIES

9.1 The data controller, as the operator of the tamandua.shop website, uses cookies on this website. Cookies are short text files that the website stores on the visitor's computer and that are provided by the internet browser each time the user returns to the website.

9.2 Standard web browsers (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) support the management of cookies. Within the browser settings, you can manually delete, block or completely disable the use of individual cookies, or you can block or enable them only for individual websites. For more detailed information, please use your browser's help. If your browser is enabled to use cookies, we will assume that you consent to the use of cookies by our server and cookies from our processors.

9.3. Cookies used here for the purpose of:

  1. measuring website traffic and generating statistics on website traffic and visitor behaviour;

  2. basic functionality of the website.

9.4 The collection of cookies for the purposes set out above may be considered as processing of personal data. Such processing is possible on the basis of a legitimate reason - the legitimate interest of the controller, and is permitted by Article 6(1)(f) of the Regulation.

9.5 Cookies, which are collected for the purpose of measuring site traffic and generating statistics relating to visitor traffic and behaviour on the site, are treated in the form of an aggregate and in an anonymous form that does not allow the identification of an individual.

9.6 The collected cookies may be processed by other processors:

  1. Google Analytics, operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;

  2. The Wix service provider, operated by Wix.com LTD, located at Yunitsman 5 Tel Aviv, Israel.

10. DATA PROTECTION OFFICER

10.1 The Administrator does not have a person called a "delegate". You can contact us directly for matters relating to the processing of personal data.

Delivery address: Bieblova 38/2, 500 03 Hradec Králové, Czech Republic

E-mail: tamandua@tamandua.shop

All contact details can also be found on the administrator's website: tamandua.shop/contact.

This Policy shall come into force and effect on 30 April 2025.

bottom of page