You provide us with your personal data by visiting our website, subscribing to news and business announcements, registering or making an order. We are Nanopharma, a.s., reg. no.: 28448898, registered in the commercial register maintained by Hradec Králové Regional Court, section B, entry no. 3160. We are the controller of your personal data – we process the data and are responsible for its security. We promise to protect your data adequately and we comply with the requirements of the General Data Protection Regulation (GDPR).
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (GDPR), we are taking this opportunity to inform you of the personal data about you that we collect, what reasons we have for doing so, and how we handle your data. Below, we will also tell you about your rights regarding the personal data we use and how you can exercise them.
Controller of your personal data
We, Nanopharma, a.s., are the controller of your personal data. If you need to, you can contact the controller at the e-mail address email@example.com.
How do we process data and why?
We process your personal data so that we can handle your orders, make it easier for you to place orders by recording you as a registered customer or send you permitted marketing messages. Some of your personal data (cookies and other network identifiers) are used to display the e-shop correctly for you (for example, remembering the language according to your initial settings in the e-shop).
We need your personal data and consent to its processing so that we can send you news, record you as a registered customer, and display the e-shop correctly for you.
Personal data provided when ordering – RECORDING ORDERS
When filling out an order you provide us with the following personal data: e-mail, full name, phone number, address. We use the data to process the order, as specified in the contract between us and you. By law, in particular due to statutory warranty periods and the running of time limits for limitation of claims, we process your data in the order records for 6 years. We then archive the data from these records in the documentation for possible financial control as required by law. We keep these archived data for 10 years.
In order to deliver your ordered goods, we pass the necessary data on to our carriers. For shipping and logistics services we use Skladon, which obtains from us your personal information needed to process the transporting of your order. Due to possible complaints we process these data for 5 years.
So we need all these personal data from you in order to fulfil the contract and to meet our statutory obligations.
Users’ personal data – REGISTERED USERS RECORDS
We also process your personal data in the registered users records, to the extent to which you provide us with information with your consent when registering or editing your profile. We use these records mainly to make it easier for you to make purchases in our e-shop (for example, by filling in your details when placing an order) and for marketing purposes.
Personal data stored for marketing purposes
We also process your contact details for marketing purposes. We obtain your data when you place an order, register or subscribe to receive marketing messages. You can unsubscribe at any time.
If you have already purchased something from us, we will use your data for marketing activities based on our legitimate interest and in accordance with applicable consumer protection laws. If you have subscribed to marketing messages separately or when you registered, we will use your data for marketing activities based on your consent.
We process your data for marketing purposes for 5 years from your last order, or until your consent is withdrawn.
Passing personal data on to third parties
We process your data only for internal purposes, and because we do not provide all the services that we would need to operate our e-shop, we work with third parties to whom we provide your personal information.
For orders, your personal data are passed on to the Skladon transport service operated by Central Warehouse Solution s.r.o., registered address: náměstí J. A. Komenského 18, Brušperk, 739 44, reg. no.: 042533311
In order to measure how you like our e-shop, where you spend the most time and where you click, we use other service providers for analytical purposes. These are:
Google and its Google Analytics software
Facebook and its FB Pixel software.
The information we send by email, whether for marketing purposes or relating to your order, is sent via the ActiveCampaign external service operated by ActiveCampaign LLC, registered address: 150 North Michigan Avenue, Suite 1230, Chicago IL 60601, USA.
ActiveCampaign operates this service fully in compliance with GDPR.
The provider of web hosting for our e-shop through which your data entered on our e-shop flows to us is WEDOS Internet a.s.
Where do we store data?
Data are stored on the backup servers of WEDOS Internet, a.s., registered address: Masarykova 1230, Hluboká nad Vltavou, 373 41, reg. no.: 28115708. The data centre security is fully compliant with GDPR and more information can be found on the company’s website.
Access to your personal data is restricted to a limited number of people who need to have access in order to do their job. These are mainly employees dealing with orders, complaints and marketing campaigns.
How to contact us
If you have any questions or requests concerning the protection of your personal data, you can contact us at the e-mail address: firstname.lastname@example.org.
Transferring your data outside the European Union
We process your data exclusively in the European Union or in countries that provide an adequate level of protection on the basis of the European Commission’s decision.
Security and protection of personal data
Your data is safe with us. We have taken technical measures to secure personal data by encrypting data transfer using the HTTPS protocol (that lock that is next to our URL address ;-)) and have secured your personal data in accordance with Article 32 of GDPR.
Your rights in connection with personal data protection
You have a number of rights in connection with personal data protection. If you want to use any of these rights, please contact us by e-mail: email@example.com.
You have the right to the information that you are reading right now. 🙂
With the right of access you can contact us at any time and we will tell you which of your personal data we process and why.
If anything changes or you find your personal data to be out-of-date or incomplete, you
have the right to have your personal data completed or rectified.
You can use the right to the restriction of processing if you believe we are processing your inaccurate data, you believe that the processing is unlawful but do not want to erase all your data, or if you have objected to processing.
You can restrict the scope of the personal data or the purposes of the processing.
Right to erasure (right to be forgotten)
Another right that you have is the right to erasure (right to be forgotten). We do not want to forget about you but if it is what you want, you have that right.
In such case, we will erase all your personal data from our system and from the systems of all sub-processors and backups. We need 30 days to secure the right to erasure.
In some cases, we are bound by a statutory obligation, and for example, we have to record issued tax documents for the statutory period. In this case, we will delete all such personal data that we are not obliged to keep under legal regulations. We will notify you by e-mail when the erasure has been completed.
Complaint to the Office for Personal Data Protection
If you feel that we are not handling your data in accordance with the law, you have the right
to complain at any time to the Office for Personal Data Protection. We will be glad if you first tell us about this suspicion so that we can do something about it and correct any mistakes.
Unsubscribing from newsletters and marketing messages
We send e-mails to you containing inspiration, articles or products and services, if you are our customer, based on our legitimate interest.
If you are not our customer yet, we will only send them to you with your consent. In both cases, you can unsubscribe from our emails by pressing the logout link in every e-mail that we send.
We are required to maintain confidentiality about personal data and security measures, the disclosure of which would compromise the security of your personal information. This confidentiality persists even after your contractual relationship with us ends. Also, without your consent, we will not release your data to any other third party unless instructed or permitted to do so by law.
These Principles of Personal Data Processing will come into force on 1st September 2018.