PERSONAL DATA PROTECTION POLICIES

Privacy Policy

1.1 By pressing the "I understand" button below these terms and conditions, the user confirms that he/she understands the privacy policy, that he/she agrees to its wording and that he/she accepts it in its entirety.

1.2 The Provider is the data controller of the User's personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: "GDPR"). The Provider undertakes to process personal data in accordance with the legal provisions, in particular Article 4(7) of the GDPR. GDPR.

1.3 Personal data is any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.4 When placing an order, the personal data required for the successful execution of the order (name and address, contact details) are requested. The purpose of the processing of personal data is the execution of the User's order and the exercise of the rights and obligations arising from the contractual relationship between the Provider and the User. The purpose of processing personal data is also to send commercial communications and to carry out other marketing activities. The lawful reason for processing personal data is the performance of the contract according to Article 6 1(b) GDPR, the performance of the legal obligation of the controller pursuant to Article 6(1)(c) GDPR and the legitimate interest of the Provider pursuant to Article 6(1)(f) GDPR. The legitimate interest of the Provider is the processing of personal data for direct marketing purposes.

1.5 For the performance of the license agreement, the Provider uses the services of subcontractors, in particular a mailing service provider (personal data is stored in 3rd countries) and a web hosting provider. Subcontractors are vetted for the secure processing of personal data. The provider and the web hosting subcontractor have entered into a data processing agreement, according to which the subcontractor is responsible for the proper security of the physical, hardware and software perimeter and is therefore liable to the user directly for any leakage or breach of personal data.

1.6 The Provider shall store the User's personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between the Provider and the User and to assert claims arising from such contractual relationship (for a period of 15 years from the termination of the contractual relationship). Upon expiry of this period, the data will be deleted.

1.7 The User has the right to request from the Provider access to his/her personal data in accordance with Article 15 GDPR, rectification of personal data in accordance with Article 16 GDPR, or restriction of processing in accordance with Article 18 GDPR. The user has the right to erasure of personal data pursuant to Article 17(1)(a), and (c) to (f) GDPR. Furthermore, the user has the right to object to processing pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR.

1.8 The user has the right to lodge a complaint with the Data Protection Authority if he/she believes that his/her right to data protection has been violated.

1.9 The User is under no obligation to provide personal data. However, the provision of personal data is a necessary requirement for the conclusion and performance of the contract and without the provision of personal data, the contract cannot be concluded or performed by the provider.

1.10 There is no automatic individual decision-making on the part of the Provider within the meaning of No. 22 GDPR.

1.11 Interested in using the Provider's services by completing the contact form:

  • 1. agrees to the use of his/her personal data for the purpose of electronic sending of commercial communications, advertising materials, direct sales, market research and direct product offers by the Provider and third parties, but not more often than once a week, and at the same time
  • 2. declares that it does not consider the sending of information according to point 1.11.1 to be unsolicited advertising within the meaning of Act No. 40/1995 Coll. as amended, since the User expressly consents to the sending of information according to point 1.11.1 in conjunction with Section 7 of Act No. 480/2004 Coll.
    • .
  • 3. The user may revoke consent under this paragraph at any time in writing to prodejna@mctree.cz

1.12 The Provider uses so-called cookies in its presentation to improve the quality of services, personalize the offer, collect anonymous data and for analytical purposes. By using the website, the User agrees to the use of this technology.

  1. Rights and obligations between the controller and the processor (processing contract)

2.1 The Provider is a processor in relation to the personal data of the clients of the Users pursuant to Article 28 of the GDPR. The User is the controller of such data.

2.2 These terms and conditions govern the mutual rights and obligations in the processing of personal data to which the Provider has gained access in the context of the execution of the license agreement concluded by way of agreeing to the general terms and conditions at www.lord.eu (hereinafter referred to as the "License Agreement") concluded with the User on the date of setting up a User account.

2.3 The Provider undertakes to process personal data for the User to the extent and for the purposes set out in Articles 2.4 - 2.7 of these Terms. The means of processing shall be automated. The Provider will collect, store, block and destroy personal data in the processing. The Provider shall not be entitled to process personal data in contravention of or in excess of the scope set out in these Terms and Conditions.

2.4 The Provider undertakes to process personal data for the User to the following extent:

  1. common personal data,
  2. special categories of data under Article 9 of the GDPR,

obtained by the User in connection with his/her own business activities.

2.5 The Provider undertakes to process personal data for the User for the purpose of processing enquiries and requests from clients obtained from the contact form.

2.6 Personal data may only be processed at the Provider's or its subcontractors' workplaces, as referred to in Article 2.8 of these Terms and Conditions, within the territory of the European Union.

2.7 The Provider undertakes to process personal data of the User's clients for the User, all for the period necessary to exercise the rights and obligations arising from the contractual relationship between the Provider and the User and from the exercise of claims arising from such contractual relationship (for a period of 15 years from the termination of the contractual relationship).

2.8 The User grants permission with the involvement of a subcontractor as an additional processor pursuant to Article 28(2) GDPR, which is the application hosting provider. The User further grants the Provider general permission to engage an additional processor of personal data, however, the Provider must inform the User in writing of any intended changes regarding the engagement of additional processors or their replacement and provide the User with the opportunity to object to such changes to object. The Provider must impose on its subcontractors in their capacity as processors of personal data the same obligations for the protection of personal data° as set out in these Terms.

2.9 The Provider undertakes that the processing of personal data shall be secured in particular in the following manner:

  1. Personal data is processed in accordance with legal regulations and on the basis of the User's instructions, i.e. for the performance of all activities necessary for the provision of the web platform.
  2. The Provider undertakes to technically and organisationally ensure the protection of the personal data processed so that unauthorised or accidental access to the data, their alteration, destruction or loss, unauthorised transfers, other unauthorised processing as well as other misuse cannot occur and that all the obligations of the data processor arising from the legal regulations.
  3. The technical and organisational measures taken shall be appropriate to the level of risk. The provider shall use them to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services, and to restore the availability of and access to personal data in a timely manner in the event of physical or technical incidents.
  4. The Provider hereby declares that the protection of personal data is subject to the Provider's internal security regulations.
  5. Personal data will only be accessed by authorized persons of the Provider and subcontractors as per Article 2.8 of these Terms and Conditions, who will have the terms and scope of data processing set by the Provider, and each such person will access the personal data under their unique identifier.
  6. The Provider's authorised persons who process personal data pursuant to these terms and conditions are obliged to maintain confidentiality of personal data and security measures, the disclosure of which would compromise their security. The Provider shall ensure their demonstrable commitment to this obligation. The Provider shall ensure that this obligation for the Provider and the Authorised Persons continues after the termination of the employment or other relationship with the Provider.
  7. The Provider shall assist the User through appropriate technical and organisational measures, where possible, to comply with the User's obligation to respond to requests to exercise the data subject's rights under the GDPR; as well as in ensuring compliance with the obligations under Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to the Provider.
  8. After the termination of the provision of the performance that is associated with the processing, according to Article 2.7 of these Terms and Conditions, the Provider is obliged to delete all personal data or return them to the User, unless it is obliged to store personal data on the basis of a specific law.
  9. The Provider shall provide the User with all information necessary to demonstrate that the obligations under this Agreement and the GDPR have been complied with, and shall allow audits, including inspections, to be carried out by the User or another auditor commissioned by the User.

2.10 The User undertakes to promptly report all facts known to him/her that could adversely affect the proper and timely performance of the obligations arising from these Terms and Conditions and to provide the Provider with the necessary cooperation for the performance of these Terms and Conditions.

  1. Final Provisions

3.1 These Conditions shall expire on the expiry of the period set out in clauses 1.6 and 2.7 of these Conditions.

3.2 The User agrees to these terms and conditions by ticking the consent box via the online form. By ticking the consent box, the User indicates that he/she has read these terms and conditions, that he/she agrees to them and that he/she accepts them in their entirety.

3.3 The Provider is entitled to change these terms and conditions. The Provider is obliged to publish the new version of the Terms and Conditions on its website without undue delay or send the new version to the User's e-mail address.

3.4 Contact details of the Provider in matters related to these Terms: +420 724 147 096, prodejna@mctree.cz

3.5 Relationships not expressly regulated by these terms and conditions are governed by the GDPR and the legal order of the Czech Republic, in particular Act No. 89/2012 Coll., the Civil Code, as amended.

These terms and conditions come into force on 14.5.2018.