Information on personal data processing – e-shop
Sophomer s.r.o., ID no.: 17828431, with is registered offices at: Radiová 1285/7, Hostivař, 102 00 Praha 106 (“Sophomer” or “us”) would like to provide you, our customer, with information regarding your personal data. We are the controller of your personal data, and we are responsible for processing of your personal data.
In this document, you will find which of your personal data we collect, the purpose of their collection and how we use and what entitles us to do so and for how long we keep your personal data. Furthermore, you can find out who else can access your personal data and find out more about your rights and ways of exercising them.
This document was drafted in compliance with the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and in accordance with the Data Processing Act No. 110/2019 Coll. We process your data in accordance with the legislation, comply to the principles of personal data processing, adhere to the instructions of relevant authorities, and regularly review our policies.
- Personal data we collect
We need to process your personal data mainly for the purpose of contacting you and concluding a contract with you and for the purpose of performing our duties under said contract. Furthermore, we require your personal data to safeguard our legitimate interests, as well as for the purpose of fulfilling our legal obligations.
The types of personal data we collect are following:
- Identification details (e.g. name, surname),
- Contact and address details (e.g. address, e-mail, telephone),
- Information about the contract (e.g. the content of our communication, the object of the contract, performance of the contract, date of conclusion of the contract, duration, date and reason for termination of the contract),
- Data necessary for the execution of payment transactions and the accounting of payments (e.g. bank account number, IBAN, SWIFT, credit card details, billing name and address associated with your form of payment).
For the purposes specified above, we process following personal data:
What type of personal data we collect? | What is the purpose of collecting your personal data? | What is the legal basis for processing your data? | How long do we store your personal data? |
– Identification details – Contact and address details | Answering customers inquiries | Legitimate interest in answering the inquiry | For a period of 1 year from answering the inquiry, or for a period of 1 year from the last communication |
– Identification details – Contact and address details | Registration of the customer in the internal database | Processing is necessary for the purposes of the legitimate interests pursued by Sophomer or by a third party | Up to 3 years from the registration but no less than 3 years from fulfilment or termination of the last contract |
– Identification details – Contact and address details – Data necessary for the execution of payment transactions and accounting of payments – Information about the contract | Order processing, including payment, delivery of goods, and related communication with consumers and processing warranty or claims regarding defective goods | Processing is necessary for the performance of a contract | Up to 3 years from the fulfilment or termination of the contract; fundamental information about the legal relationship and its existence (contracting parties, subject of the contract etc.) for a period of up to 10 years after the fulfilment or termination of the contract. |
– Identification details – Contact and address details – Information about the contract | Fulfilment of legal obligations in the areas of consumer protection, accounting, tax law, and criminal law regulations | Processing is necessary for compliance with a legal obligation to which Sophomer is subjected | For the period specified by relevant laws, especially: – Act No. 235/2004 Coll., on value-added tax – Act No. 563/1991 Coll., on accounting. |
– Identification details – Contact and address details – Information about the contract | Processing of personal data necessary for potential legal or other disputes and the enforcement of claims | Processing is necessary for the purposes of the legitimate interests pursued by Sophomer or by a third party | Up to 10 years from the fulfilment or termination of the contract. |
We process your personal data only for the necessary duration. In the event that we determine your personal data is no longer needed for any of the specified purposes, it is our obligation to dispose of this data.
- How do we collect personal data
Majority of the personal data we process are provided to us directly by you through our e-shop available at https://sophomer.com/ or via e-mail or phone. We may also collect data from public sources, such as the Commercial Register, Trade Register or similar registers.
- How do we process and store personal data
Personal data are processed manually in our information systems by our employees and processed by third parties if necessary (for more information see the part 4 below). We do not use personal data for any automated decision-making.
We store your personal data in our secure servers, servers of webhosting or cloud services providers. In case you provide us with personal data in written form, we store such documents on our premises in locked cabinets with access limited to a restricted group of authorized individuals.
- Who do we disclose personal data to
In case we need to disclose any of your personal data to third parties, we enter into a written agreement beforehand, bounding them to same obligations regarding your personal data as we are bound by.
Here are the categories of possible recipients of personal data with a justification for why the disclosure of your personal data might occur:
Recipient | Reason for disclosure |
External accountants and auditors | We may entrust accounting and tax matters to specialists outside Sophomer. In such cases, we must provide them with your personal data to the extent necessary to fulfil the contract with you and comply with legal obligations. |
Person providing payment services (operators of payment gateways, banks, etc.) | To ensure proper payment processing (payment gateway functions, payment collection, payment blocking, SIPO payments, etc.), we must transfer your personal data to the person responsible for handling payment transactions. |
Legal and tax advisors | Occasionally, there may be a need for the company to allow legal or tax advisors to access information about legal relationships with you. These are individuals bound by a legal obligation of confidentiality. |
Your personal data may be also disclosed to other subjects in cases, when we are obliged to do so or when it is necessary for the purposes of our legitimate interests (such as courts, police etc.) Your personal data may be stored on third-party servers, including, but not limited to, servers of webhosting or cloud services providers.
- What are your rights and how you can exercise them
Because we process your personal data, you have certain rights that we’d like to outline for you here. You have the flexibility to assert all of your rights with us using any method that is convenient for you, however, we must be able identify you.
For the quickest way to process any of your request regarding your personal data, please contact us at e-mail address: info@sophomer.com. We will usually be able to process your request within one month from receiving your request.
- Right of access to personal data
You have the right to access the personal data we process about you and the right to be informed about what personal data we process about you, for how long, what the purposes of the processing are, to whom we disclose it and whether we use it for automated decision-making (or how this automated decision-making works).
We will give you a copy of your personal data free of charge. If you would like more copies, we may charge you the necessary costs.
- Right to rectification of personal data
If you discover that your personal data that we process are incorrect or incomplete, you have the right to have the personal data rectified or, if required by the purpose of processing the personal data, completed
- Right to erasure
You also have the right to have the personal data we hold about you deleted. For you to request erasure, one of the following reasons must be given:
- your personal data is no longer necessary for the purpose for which it was collected or processed;
- we process your personal data unlawfully;
- you have withdrawn the consent based on which your personal data was processed (if applicable), and we have no other authority to process your personal data further;
- you object to the processing of your personal data which we process based on legitimate interest and unless we can demonstrate that its legitimate interest overrides your right to erasure;
- there is some lawful reason that requires the erasure of that personal data.
Although you may withdraw your consent to the processing of your personal data or request that we delete your personal data, we may not always delete your data. Sometimes we are required by law to process your personal data. However, we will then inform you of the grounds on which your personal data cannot be erased.
- Right to restriction of processing
In case your personal data we process are inaccurate, you may request that we restrict the processing of your personal data for the time necessary to verify its accuracy and correct it, if necessary.
You have the right to request that we restrict the processing of personal data in following cases:
- the processing of your personal data is unlawful, but you do not wish your personal data to be erased;
- we no longer need your personal data for the purpose for which we processed it, but you insist on processing (especially retaining) it for the establishment, exercise, or defence of your legal claims;
- you have objected to the processing of your personal data based on our legitimate interest; in this case, we will restrict processing until we have assessed whether our legitimate interest outweighs your right not to have your personal data processed further.
- Right to object to the processing of your personal data based on legitimate interest
If we process your personal data on the basis of legitimate interest, you have the right to raise objections to such processing. We will evaluate whether it is genuinely in our legitimate interest to continue processing your personal data for that specific purpose, or whether your right to cease processing your personal data takes precedence. If your objection is deemed valid, we will stop the processing of your personal data.
- Right to data portability
If we process your personal data by automated means based on your consent or necessity for the performance of a contract, you may ask us to provide your personal data in a structured, commonly used, and machine-readable format. And to pass it on to another data controller of your choice where appropriate.
- Right to withdraw consent
If we process your personal data based on your consent, you have the right to withdraw your consent to personal data processing. If we cannot process such personal data on any other legal basis, we shall stop processing your personal data.
- Right to a complaint
If you believe that the abovementioned rights are insufficient or that we are violating your rights in any way, you can lodge a complaint with the supervisory authority. In the Czech Republic, you can file a complaint by contacting the Data Protection Authority available via https://www.uoou.cz/.
Sophomer s.r.o.