Privacy Policy

I. Basic Provisions

The data controller under Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”) is Inventive Trade s.r.o., Company ID No. 05345618, with its registered office at Nádražní 36/70, Smíchov, 150 00 Prague 5, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File 261742 (hereinafter the “Controller”).

The Controller’s contact details are:

  • Address: Nádražní 36/70, Smíchov, 150 00 Prague 5
  • E-mail: info@inventivetrade.eu
  • Telephone: +420 776 643 036

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

The Controller has/have not appointed a Data Protection Officer.

II. Sources and Categories of Processed Personal Data

The Controller processes personal data that you have provided, or personal data obtained by the Controller in connection with the performance of your order:

  • Name and surname
  • E-mail address
  • Postal address
  • Telephone number

III. Legal Grounds and Purposes of Personal Data Processing

The legal grounds for processing personal data are:

  • compliance with a legal obligation of the Controller under Article 6(1)(c) GDPR,
  • the Controller’s legitimate interest in direct marketing (in particular for sending commercial communications and newsletters) under Article 6(1)(f) GDPR,
  • your consent to processing for the purposes of direct marketing (in particular for sending commercial communications and newsletters) under Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on Certain Information Society Services, in cases where no order of goods or services has been made.

The purposes of processing personal data are:

  • processing your order and exercising rights and obligations arising from the contractual relationship between you and the Controller; personal data required for successful order processing (name, address, contact details) are a necessary requirement for contract conclusion and performance – without providing personal data, it is not possible to conclude or perform the contract,
  • compliance with legal obligations,
  • sending commercial communications and carrying out other marketing activities.

The Controller does/does not use automated individual decision-making within the meaning of Article 22 GDPR. In cases where it applies, you have given your explicit consent to such processing.

IV. Data Retention Period

The Controller retains personal data:

  • for the period necessary to exercise rights and obligations arising from the contractual relationship between you and the Controller and to assert claims under such contractual relationships (for a period of 15 years after the termination of the contractual relationship),
  • for the period until consent to processing for marketing purposes is withdrawn, but no longer than 20 years, if processing is based on consent.

After the expiry of the retention period, the Controller deletes the personal data.

V. Recipients of Personal Data (Controller’s Subcontractors)

Recipients of personal data include:

  • persons involved in the supply of goods/services and payment execution under a contract,
  • providers of marketing services.

The Controller does/does not intend to transfer personal data to a third country (outside the EU) or an international organization. Recipients of personal data in third countries may include providers of mailing services / cloud services.

VI. Personal Data Processors

Personal data are processed by the Controller, but may also be processed by the following processors on behalf of the Controller:

  • other providers of processing software, services, and applications currently not used by the Controller.

VII. Your Rights

Under the GDPR, you have the following rights:

  • the right of access to your personal data under Article 15 GDPR,
  • the right to rectification of personal data under Article 16 GDPR, or restriction of processing under Article 18 GDPR,
  • the right to erasure of personal data under Article 17 GDPR,
  • the right to object to processing under Article 21 GDPR,
  • the right to data portability under Article 20 GDPR, and
  • the right to withdraw consent to processing at any time, in writing or electronically, to the Controller’s postal or e-mail address provided in Article I of this Privacy Policy.

You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been infringed, or to seek judicial remedy.

VIII. Personal Data Security

The Controller declares that appropriate technical and organizational measures have been taken to secure personal data.

The Controller has implemented technical measures to secure data storage and storage of personal data in paper form.

The Controller declares that personal data are accessible only to authorized persons.

IX. Final Provisions

By submitting an order via the online order form, you confirm that you are familiar with this Privacy Policy and that you accept it in its entirety.

The Controller is entitled to amend this Privacy Policy. A new version will be published on the Controller’s website and at the same time sent to your e-mail address provided to the Controller.

This Privacy Policy is effective as of 1 August 2020.