Principles of Processing Personal Data

 

  1. Information about Personal Data Processing

The company Darfon Electronics Czech s.r.o., business ID No: 27679268, registered office at Turanka 1315/112, 627 00 Brno, Czech Republic, in the position of controller of personal data (the “Controller”) has issued, for the purpose of informing its customers, fans and friends (together the “Customers”) about the processing of the personal data they provide, these Principles of Processing Personal Data (the “Principles”).

The aim of these Principles is to provide Customers with information primarily about the method, scope and purposes of the processing of their personal data, and which entities may process them. These Principles apply in particular, however not exclusively, to the following procedures relating to the processing of personal data:

  1. a purchase through the e-shop of the Controller
  2. the establishment of a user account with the Controller
  3. ensuring the function of the website of the Controller and the services provided through it
  4. the provision of customer support by the Controller
  5. the sending of newsletters and commercial communications in connection with the activity of the Controller and the products it sells (marketing purposes).

Customers will have, thanks to these Principles, a comprehensive overview of the processing of the personal data they provide. Last but not least, Customers will be informed in these Principles about their rights arising from the processing of personal data, and how to exercise them.

The Controller, within the framework of the above procedures, emphasizes the transparent, expectable and sufficiently informed processing of personal data. The Controller further declares that the processing of the personal data of Customers will take place pursuant to the applicable legislation governing the protection of personal data and also pursuant to the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).

The Controller will process the personal data primarily only in order to ensure the proper function of the website, its content, and to ensure performances implemented through this website, for example properly performed registration, services related to the selection, purchase and payment of the goods, and also for the sending of newsletters.

If, as a person whose personal data are or may be processed by the Controller, after reading these Principles you have any questions regarding the processing of your personal data, do not hesitate to contact us by e-mail at: infoqpad@qpad.com.

 

 

 

 

  1. Personal Data Security

To secure the personal data and protect them from loss, destruction, damage, abuse or other threat, the Controller has implemented technical and organizational measures to ensure that the provided personal data are sufficiently protected and secured during the procedures indicated in these Principles.

For this purpose, the personal data will be processed by employees of the Controller subject to a confidentiality obligation. If the personal data are processed by a third party, this will be based on a contract for the processing of personal data with sufficient guarantees and under the condition of the adoption of sufficient technical and organizational measures for the protection of the personal data.

If personal data are transferred they will be encrypted. To ensure a permanently high level of security for the personal data, the Controller will carry out regular inspections of the technical and organizational measures to secure the personal data both in its own organization and also in the organizations of the other personal data processors indicated in Art. 6 of these Principles.

The Controller declares that it will treat all the personal data it obtains from Customers as strictly confidential in accordance with the legal regulations governing the protection of personal data.

 

 

  1. Legal Reasons, Purpose and Scope of the Personal Data Processing

 

  • Performance of a Purchase Contract

The Controller will process the personal data of Customers if the Customers perform a purchase goods at the e-shop of the Controller on the website: www.qpad.com and the related delivery of the goods or the handover of the goods for transport, or perform other acts for the purpose of the conclusion of a purchase contract, meaning queries about goods, the implementation and execution of orders.

The legal reason for the processing of the personal data is the conclusion of a purchase contract.

The following personal data about Customers are processed for the above reasons:

  • name and surname
  • e-mail address
  • telephone number (optional)
  • address, including state
  • alternatively, the address and identification data of a different entity to whose address the goods should be delivered, if the invoicing data differ from the delivery data.

The personal data about Customers are processed for the above purposes by the Controller for the duration of the commitments arising from a concluded purchase contract, statutory obligations for the Controller as seller, and also for the protection and preservation of the rights of the Customers and the Controller.

In this case Customers have an obligation to provide the personal data. If the Customers did not provide the personal data, it would not be possible to perform addressed queries for goods or implement and execute orders, meaning that the goods could not be delivered or collected. If Customers do not provide personal data to the Controller for the above purposes, they cannot purchase goods in the e-shop.

  • Performance of Legal Obligations, Protection of the Contracting Parties

The Controller will further process personal data of Customers within a scope essential to perform obligations applying to the Controller, in particular for the performance of tax obligations. The legal reason for the processing of personal data is the performance of legal obligations applying to the Controller.

Another reason for the processing of personal data by the Controller is the protection of the Contracting Parties, both the Controller and the Customer. In this case this means primarily the preservation of rights during the exercise of claims arising from the relationship between the Controller and the Customer, alternatively the Controller and a third party. The legal reason for the processing of personal data is the justified interests of the Controller, the Customer and potentially a third party.

  • Establishment of a User Account

The Controller will enable Customers to register on the website of the Controller www.qpad.com without the condition of the purchase of products from the e-shop of the Controller or granting consent to the processing of personal data for marketing purposes for the purpose of preparation for the conclusion of a purchase contract, the identification of the Customer as buyer and to facilitate a purchase by the Customer in such a way that the purchase of the goods by a logged-in Customer will be more convenient and quicker thanks to the automated completion of invoicing and delivery data and, last but not least, to increase the quality of the services offered to Customers.

The legal reason for the processing of personal data is the conclusion of a purchase contract, respectively the process directed towards its conclusion, and the justified interest of the Controller.

The following personal data about Customers are processed for the above reasons:

  • name and surname
  • e-mail address
  • telephone number (optional)
  • address, including state
  • alternatively, the address and identification data of a different entity to whose address the goods should be delivered, if the invoicing data differ from the delivery data.

The personal data about Customers are processed, for the above purposes, by the Controller for the duration of the account opened on the website of the Controller: www.qpad.com .

If Customers want to create an account on the website of the Controller, they must provide the above personal data to the Controller. An account cannot be opened without their provision. The purchase of products from the e-shop of the Controller can be made through the created account only.

  • Operation of the Website

In order to ensure the proper function of the website of the Controller: www.qpad.com , its content, and to ensure the performance of the services offered by the website, for example the creation of user accounts, the display of the offer and other services connected with the selection, purchase and payment of the goods, and to ensure sufficient security for the website, log files are temporarily stored on the server. These log files may contain the personal data of Customers.

Such temporarily stored log files are further used, in connection with automatic protocols, by the software responsible for the operation and security of the above processes.

The following data may be temporarily stored in connection with the above:

  • the frequency of visits to the website, including dates and times
  • the quantity of data sent
  • the internet browser type and version
  • the operating system used by the Customer
  • the IP address allocated to the Customer by their internet service provider.

The legal reason for the processing of personal data is the justified interest of the Controller, namely ensuring the proper operation of the website it operates, including the services offered thereby and to ensure cyber security for Customers.

The personal data for the above purposes of processing of personal data are stored for at most 100 days as a technical security measure.

  • Marketing Purposes

The legal reason for the processing of personal data of Customers for marketing purposes is based on consent to the processing of personal data, except in cases under letter b) below. Only such personal data about Customers that the Customers provided to the Controller for marketing purposes (see below) or will provide in the future are processed.

Marketing purposes include the processing of personal data for the purposes of sending commercial communications connected with the goods and services offered by the Controller and with the sending of newsletters and commercial offers connected with the Controller, respectively with its products or products and services offered by it (together the “Marketing Purposes”).

The processing of personal data for Marketing Purposes includes the direct e-mail contacting of Customers. These purposes include also profiling for the selection of relevant commercial communications, specifically from the Customer’s behavior on the website of the Controller: www.qpad.com.

  1. Newsletter – Subscription

On the website www.qpad.com the Controller provides Customers with the possibility to order a free newsletter containing information within the framework of the above Marketing Purposes. Before subscribing, the Customer confirms that they have read these Principles of Processing of Personal Data and that they consent to the processing of their personal data for Marketing Purposes. 

The Customer may also grant consent to the processing of personal data for Marketing Purposes in connection with the creation of a user account.

  1. Shipping Based on the Purpose of Goods

If a Customer orders goods on the website www.qpad.com, the Controller is authorized to send information and offers to the Customer relating to similar goods without special consent to the processing of personal data for Marketing Purposes.

The Customer is authorized to cancel this sending based on the purchase of goods at any time through the procedure indicated in such sent information and offer.

The following personal data about Customers are processed for the above reasons:

  • e-mail address in the case of the processing of personal data for Marketing Purposes in electronic form by e-mail.
  • name and surname in the case of the processing of personal data for Marketing Purposes by e-mail.

Personal data for Marketing Purposes are processed by the Controller until the withdrawal of consent to the processing of personal data because Marketing Purposes also include information about the Controller itself and about its activities. It is thus purposeful that the Customers have this information available if they do not indicate their desire to not receive such information beforehand by withdrawing their consent to the processing of personal data.

For the Controller the processing of personal data for Marketing Purposes is of significant importance in its efforts to improve the provision of its services to Customers, and for this reason the Controller will, within the framework of Marketing Purposes, only send to Customers such information that might interest the Customer.

As the processing of personal data for Marketing Purposes is tied to consent to the processing of personal data, the provision of personal data by Customers is not compulsory and their non-provision does not have any influence e.g. on the implementation and execution of orders.

It is a matter of course that a Customer may withdraw their consent to the processing of personal data at any time through the procedure pursuant to Art. 8 of these Principles.

  • Customer Support

If a Customer contacts the Controller by e-mail the personal data provided by the Customer in this manner will be processed according to the content of the communication resulting in the legal reason and purpose of the processing of the personal data, and this always in such a way that the question, notification, offer or wish of the Customer is always fulfilled if possible. In the majority of cases this will be the processing of personal data for the following legal reasons: contract performance, the performance of legal obligations relating to the Controller, the justified interests of the Controller and consent to the processing of personal data. 

The personal data processed based on the above point will be deleted as soon as the conversation in question is completed, and the thing that is the subject of processing of the personal data has been resolved.

 

  1. Method of Processing Personal Data

In the majority of cases, personal data are processed on an automated basis in electronic form. Personal data may also be processed manually in written form.

The Controller processes personal data within the smallest possible scope to ensure that the purpose of the processing of the personal data indicated in Art. 3 of these Principles is performed.

During processing, the Customers will be also the subjects of profiling under the conditions set out in these Principles.

 

Customers provide the Controller with personal data for processing on a completely voluntary basis. If, of course, in some cases Customers do not provide the Controller with personal data, for example for the purpose of concluding a purchase contract or for simple registration, a purchase contract cannot be concluded or services provided for the indicated purpose.

This non-provision of consent to the processing of personal data for Marketing Purposes to the Controller has no influence on the conclusion of a purchase contract.

Customers can determine the full scope of the processed personal data through a request made in the manner pursuant to Art. 10 of these Principles.

 

  1. Cookies

 

The website of the Controller www.qpad.com also uses cookies. Cookies are small text files containing small amounts of data that can be stored when visiting the website on the server of the Controller. Cookies may only contain information sent to the Customer’s computer.  Cookies are not used to link to any other data (including personal data), unless the Customer explicitly consents to such a procedure.

Consent to the use of cookies is not a prerequisite to visit the website of the Controller.

The storage period of cookies on a Customer’s computer is determined by their nature. Some cookies are limited to the duration of the session (“session cookies”). These cookies only exist as long as the browser is running and they are deleted after it is closed.

Other cookies are not deleted (“persistent cookies”). These cookies remain in the browser even after it is closed until a determined date, which is not over 13 months from the last use of the cookies, or until they are manually deleted by the Customer, if this takes place earlier. These cookies are used to identify the computer when the browser is opened again and the internet is used. Cookies do not affect the technical use of a computer and do not contain any viruses or other threats.

The following cookies are used on the website of the Controller:

WordPress cookies – these cookies improve the user experience and facilitate website browsing.

Google Analytics cookies – these cookies are used to evaluate the activity of Customers on the internet

Google – these cookies are used for advertising purposes.

The storage of cookies can be prohibited through settings in the browser. If however the Customer does so, some functions of the website might not be available or the rejection of cookies storage might reduce the function and user-friendliness of the website

 

  1. List of Processors of Personal Data

Personal data of Customers will be transferred to third parties only if this is essential for the performance of the services provided by the Controller to Customers, the performance of a contract, or if the Customers consent to this in advance. As regards the processing of the personal data by different entities than the Controller, the Controller will ensure the maximum possible protection of the personal data during their transfer to such other processors and their processing by such entities.

Other processors are carefully selected by the Controller with a guarantee that sufficient technical and organizational measures will be used.

As part of the implementation and execution of an order and also in the case of the sending of newsletters, the Controller will receive from selected entities such as logistics companies, forwarders and agencies for sending newsletters, the necessary personal data so that the service in question can be performed for Customers.

These commercial companies may only use such obtained personal data to perform the tasks imposed on them by the Controller.

The following processors participate in the processing of personal data in addition to the Controller:

  • Web Maintenance & Marketing Controller
  • com owner – Main Controller
  • Web designer & server Controller
  • Logistics Company & Forwarder.

 

In addition to the indicated entities, other entities providing technical administration, delivery, IT services, and accounting, taxation and legal advice may also participate in the processing of the personal data.

In compliance with applicable data protection requirements, the Controller may also use third-party – data processors and may share your personal data with such third party – data processors to provide services in connection with the Controller (especially in the e-shop of the Controller). Where such third party – data processors are located outside the European Union respectively the European Economic Area, such third party processors are either located in a third country where the European Commission has decided that this country ensures an adequate level or appropriate safeguards for an adequate level of data protection are provided for by standard data protection clauses that have been adopted by the European Commission and that have been entered into between the Controller and the third party data processor.

The Controller is responsible for the secure processing of the personal data performed by processors.

The Controller does not rule out the possibility that in the future such personal data of Customers will be provided to other processors. An up-to-date list of processors can be obtained by Customers through the procedure pursuant to Art. 10 of these Principles.

If Customers pay for goods using the payment gateway of a payment card (credit or debit), the Controller will not save information about this payment card or the account number or any similar bank details. These data are only accessible by the direct providers of the payment services.

 

  1. Period of Processing Personal Data

The personal data of Customers are processed for a period essential for the performance of the individual purposes of the processing of personal data pursuant to Art. 3 of these Principles. As soon as the purposes for the processing of the personal data no longer exist or are performed and the Controller does not see any purpose for the processing of the personal data, it must delete such processed personal data or otherwise prevent their further processing.

Before the expiration of this period, the processing of the personal data will be halted or suspended within the greatest possible scope as soon as the Customer in question withdraws their consent to the processing of the personal data or exercises any of their rights indicated in Art. 9 of these Principles, if such exercise results in the restriction, suspension or halting of the processing of the personal data.

If an event occurs that results in the restriction, suspension or halting of the processing of the personal data, the Controller will only process the personal data of the given Customer in the necessary extent, for the required length of time and only for the purpose of protecting the rights and legally-protected interests of the Controller. As soon as this purpose for the processing of the personal data has passed, the Controller will delete them.

 

  1. Withdrawal of Consent

A Customer may easily withdraw their consent granted for Marketing Purposes by sending an e-mail to the address: infoqpad@qpad.com indicating the information that the Customer is withdrawing their consent to the processing of the personal data.

The withdrawal of consent does not affect the lawfulness of processing based on consent which was given before its withdrawal.

 

  1. Rights of Customers

Right of Access. A Customer has the right to obtain confirmation from the Controller as to whether their personal data is being processed and, if so, they have the right to access such information and also request, in particular, identification of the beneficiaries to whom this personal data has been or will be provided in relation to this.

 

Right to a Copy. If the rights and freedoms of third parties will not be adversely affected, a Customer has the right to ask the Controller for a copy of the processed personal data that relates to them.

 

Right to Correction and Supplementation. A Customer has the right to request the Controller to correct any inaccurate personal data that relates to them without undue delay, based on their notification or another credible finding by the Controller. In addition to the right to the correction of personal data that relates to them, a Customer also has the right to supplement personal data that has already been provided and processed if it is incomplete.

 

Right to Erasure. At the moment the Controller no longer needs the processed personal data concerning a Customer for the aforementioned reasons and there is no further legitimate reason for its processing by the Controller, when this personal data is being processed illegally, when consent to its processing was withdrawn or after an objection that there are no reasons for their further processing, a Customer  has the right to ask the Controller to delete such data or to ensure that it is sufficiently secured against its processing or made inaccessible. The Controller has the right to reject such request if there is still a reason for their processing. The data will not be deleted if the personal data relating to the Customer must be processed by the Controller for the purpose of identifying, performing or defending rights, or for compliance with the Controller’s legal obligations.

Right to Restricted Processing. If a Customer discovers that their personal data processed by the Controller are inaccurate, or their processing is illegal or unnecessary, or an objection has been submitted, the Customer may, until the performance of a properly justified procedure by the Controller or a decision on the objection, request that the Controller limit the processing of this personal data within the indicated scope, however only within the minimum scope permitted.

Right to Portability. A Customer has the right to receive personal data that they provided to the Controller in a structured, regularly used and machine-readable format, and the right to transfer such data to a different controller. Similarly, a Customer has the right to request the Controller to transfer such personal data directly to such other controller, if technically possible.

Right to Submit an Objection. The Controller hereby explicitly informs the Customer about the possibility to object to the processing of personal data that relates to them, however only if the processing of the personal data in question is due to a legitimate interest of the Controller or in the public interest. A Customer also has the right to submit an objection if their personal data are processed for the purpose of direct marketing and for this marketing, which also includes profiling. Such an objection shall be submitted directly to the Controller. In the objection, the Customer shall explain the negative impact the processing of the personal data has on them.

Right to Not be the Subject of Automated Decision-Making including profiling. A Customer has the right to not be the subject of any decision based solely on automated processing, including profiling, that has legal effects for them or significantly affects them in a similar way.

Right to File a Complaint. A Customer has the right to submit a complaint to the Office for Personal Data Protection if they feel that legal regulations on the protection of personal data were breached during the processing of the personal data that applies to them.

 

  1. Exercise of Rights

A Customer can exercise all the rights of a Customer specified herein and also ensuing from the processing of the personal data that concerns them by sending an e-mail to the address: infoqpad@qpad.com.

 

 

Darfon Electronics Czech s.r.o.