The Company Cassiopeia Consulting, a.s., ID: 25174576, Based in Czech Republic, Thámova 7/221, Praha 8, ZIP: 186 00 (“Data Controller”), the operator of the webstore www.mastrant.com, declares that all personal data (hereinafter also referred to as “data”) is treated as strictly confidential and is handled in accordance with applicable legal provisions in the area of personal data protection.
The security of your personal data is our priority. We therefore pay due attention to personal data and its protection. In the Personal Data Processing Policy (the “Policy”), we would like to inform you about how we collect personal data about you and how we then use it.
1. Personal data categories
If you shop with us, we collect your:
- Name and contact details. First name and surname, email address, delivery address, billing address, phone number
- Data as a result of the duration of the agreement – products bought, customer segment, volume of services provided
2. Purpose of processing personal data:
- Provision of services and their improvement. In order to provide the services offered and improve them to your satisfaction, we process your personal data. This means specifically processing orders for products or services, ordered via our website. The legal reason is the need to fulfil the purchase agreement for selected data, to meet legal obligations (e.g. accounting documents).
3. Transfer of personal data to third parties
Your personal information will be passed on to third parties or otherwise arranged only if it is necessary to fulfil a purchase agreement, is based on legitimate interest, or if you have given your consent to this in advance, as follows:
- to companies issuing credit cards, to providers of payment services to process payments and to banks on the basis of your order, to fulfil a purchase agreement;
- to carriers to deliver your order or services and to resolve complaints, including withdrawal from an agreement;
- to other service providers and third parties involved in data processing;
- to third parties, e.g. legal representatives or courts for enforcement purposes, or entering into any agreement with you;
- public authorities (e.g. the police);
4. Personal data security
- Your personal data is transmitted to us in encrypted form. We use the SSL (secure socket layer) technology. We secure our websites and other systems using technical and organisational measures against the loss and destruction of your data, unauthorised access to your data or its modification or dissemination.
- We require our processors to prove compliance of their systems with the GDPR.
- Access to your customer account is only possible after entering your personal password. In this context, we would like to draw your attention to the fact that you must not share your access data with third parties and after finishing your activity in your customer account, always close the window of your web browser, especially if you are using a public computer. Data Controller is not liable for the misuse of passwords used, unless caused directly by Data Controller.
5. Duration of processing
We process and store personal data
- for the period necessary to ensure all rights and obligations arising from the purchase agreement, i.e. for the duration of the order and warranty period
- 3 years after the end of the warranty period to resolve potential disputes
- for the period in which Data Controller is obliged as the controller to store it in accordance with generally binding legislation. Accounting documents, such as invoices issued by Data Controller, are archived according to law for 10 years from being issued.
In other cases, the processing of data arises from the purpose of the processing or is determined by data protection legislation.
- a) If we process your personal data, you may request free information about the processing of your personal data at any time.
- b) If you believe that we are processing your personal data in a manner contrary to the protection of your personal data and legal conditions for the protection of personal data, you may ask for an explanation and ask for us to remedy the situation that has arisen and, in particular, you may ask for corrections or supplementations to be made, the disposal of your personal data, or the blocking of your personal data.
- c) You also have the right to contact the data protection officer or the Information Commissioner’s Office.
- d) You may withdraw your consent to the processing of your personal data at any time. If you withdraw your consent to the processing of your personal data, your personal data will be deleted or anonymised; however, this does not apply to the personal data Notino needs to fulfil its statutory obligations (e.g. handling orders already submitted) or to protect its legitimate interests. Personal data is also disposed of if the personal data is not necessary for the designated purpose or if the storage of your data is not permissible for other reasons as specified by the law.
Our website contains links to other websites which are practical and contain information. Please note that these sites may be owned and operated by other companies and organisations and have different security and personal data protection policies. Our company has no control over, and nor does it bear any liability for, any information, material, products or services contained on or accessible via these websites.
If you have any questions, comments or requests regarding this Policy, please do not hesitate to contact us at the address or customer hotline listed in the footer of this Policy.
Address: Cassiopeia Consulting, a.s., ID: 25174576, Based in Czech Republic, Thámova 7/221, Praha 8, ZIP: 186 00
This Personal Data Protection Policy is valid from 25 May 2018.