PERSONAL DATA PROTECTION
If you are one of our customers, a subscriber to our newsletter, or a visitor to our website, you entrust us with your personal data.
We are responsible for its protection and security. Please familiarise yourself with the personal data protection principles and the rights that you have in connection with the GDPR (General Data Protection Regulation).
Who is the controller of your personal data?
Utukutu s.r.o., with its registered seat at Dlážděná 1491/3, Prague 1, Company ID No.: 07146370, Tax ID No.: CZ07146370, entered in the Commercial Register maintained by the Municipal Court of Prague, Section C, File No. 295407, for the manufacture and sale of goods via an e-shop located at the www.utukutu.eu website, represented by Viktor and Gabriela Hrdina, executive officers of the Company.
We process your personal data as a Controller, which means that we determine how your personal data will be processed, for what purpose and for how long, and selection of potential further processors.
We declare that, as the Controller of your personal data, we will meet all legal obligations required by applicable legislation, in particular the Personal Data Protection Act and the GDPR, and therefore that: we will only process your personal data on valid legal grounds, above all, on the grounds of a legitimate interest, the performance of a contract, a statutory obligation or granted consent. Pursuant to Article 13 of the GDPR, we will fulfil the obligation to provide information before commencing personal data processing. We are able to support you in applying and enforcing your rights pursuant to the Personal Data Protection Act and the GDPR.
Scope of Personal Data and Purposes of Processing
We process data which you provide us with yourself, and we do so for the following reasons (purposes):
- provision of services and performance of a contract
we will require your personal data in the following scope: e-mail address, name, surname, phone number, postal address in order to perform a contract (e.g. to deliver goods, etc.)
If you are a customer, we will require your personal data (billing data) in order to meet the statutory obligation to issue and record tax documents.
- marketing – sending newsletters
We will make use of your personal data: e-mail address and name, gender, what you click on in an e-mail and when you most often open it, for the purpose of direct marketing – sending commercial communications. If you are a customer, we will do so on the grounds of a legitimate interest, since we can reasonably assume that our news will interest you. We will send communications for a period of 5 years from your last order. If you are not a customer, we will only send you newsletters if you grant your consent, and will do so for a period of 5 years thereafter. In both cases, you can withdraw your consent by using the unsubscribe link in any sent e-mail.
- advanced marketing with consent
Provided that you grant your consent, we can also send you inspiring offers from third parties or use your e-mail address, for example, for remarketing and targeted advertising on Facebook, for a period of 5 years after consent is granted. Of course, you can contact us to withdraw your consent at any time.
- photographic documentation – with your written consent
We will keep your personal data for the duration of limitation periods, unless the law establishes a longer period for their retention or we state otherwise in specific cases.
Handover of personal data to third parties
Our collaborators have access to your personal data. In order to ensure specific processing operations that we are unable to provide from our own resources, we use the services and applications of processors who are capable of protecting data better than we are and who specialise in the particular kind of processing. They are providers of the following platforms:
Shop Store, Facebook, Google, and an accounting company. It is possible that, in the future, we will decide to make use of other applications or processors in order to facilitate and enhance processing. However, when choosing such a processor we promise you that we will at least place the same demands on the processor for the security and quality of processing as we place on ourselves.
Transferring data outside the European Union
We process data exclusively within the European Union or in countries which ensure a corresponding degree of protection based on a decision of the European Commission.
Your rights in connection with personal data protection
You have a number of rights in relation to the protection of your personal data. If you wish to enforce any of these rights, please contact us at the e-mail address: firstname.lastname@example.org. You have the right to information that has already been provided in this information page containing personal data processing principles. Thanks to the right of access, you can call upon us at any time and, within 30 days, we will provide you with evidence as to what personal data we are processing and why. If any of your details change, or if you find your personal data to be outdated or incomplete, you have the right to supplement and alter your personal data.
Right to restrict processing
You can enforce your right to restrict processing if you suspect that any data we are processing is incorrect, if you believe we are carrying out said processing illegally, but do not wish to erase all of the data, or if you raise an objection against processing. You can restrict the scope of personal data or the purpose of processing. (For example, by unsubscribing from the newsletter, you restrict the purpose of processing for the intention of sending business communications).
Right to portability
If you wish to take your personal data and to transfer it to another person, we will proceed in the same manner as in the case of enforcement of the right of access – the sole difference being that we will supply you with the information in a machine-readable format. In such a case we will need at least 30 days.
Right to erasure (right to be forgotten)
Another of your rights is the right to erasure (right to be forgotten). We do not want to forget about you, but should you so wish, it is your right. In such a case we will erase all of your personal data from our system, as well as from the systems of all partial processors, and all backups. We will need 15 days to fulfil the right to erasure. In some cases, we are bound by statutory obligations. For example, we have to keep records of issued tax documents for the established statutory period. In such case we will erase all such personal data which is not bound by another law. We will inform you by e-mail once the erasure has been completed.
Complaints to the Office for Personal Data Protection
If you believe that we are not handling your data in compliance with the law, you are entitled to contact the Office for Personal Data Protection with a complaint at any time. We will be glad if you first inform us of such suspicion, so that we can do something about it and potentially correct any errors.
Unsubscribing from the newsletter and commercial communications
If you are a customer, we will send you e-mails containing inspirations, articles or products and services based on a legitimate interest. If you are not yet a customer, we will only send you such e-mails with your consent. In both cases, you can unsubscribe from our e-mails by clicking on the unsubscribe link in every sent e-mail.
On behalf of Utukutu, Viktor and Gabriela Hrdina, Company executives
In Prague on 25 May 2018