1. Basic information
We recommend that you get acquainted with these Personal Data Processing Principles thoroughly. In case you have any questions, do not hesitate to contact us via the contact details below.
Personal data controller
The personal data controller is company Luciferlights, sro. , Služská 779, Prague 8, 18200, VAT identification number: CZ05495482
Contact details are:
- Address: Lucifer headlamps, Spořická 1135, Prague 8, 18400, Czech Republic
- Email address: petr at luciferlights.net
- Telephone: +420 776371214
The data controller appointed a manager of personal data protection, Petr Dvorak, to whom you can turn if you have any questions concerning personal data protection.
2. What data do we collect?
- Personal data you provide us
- Personal data automatically collected:
We, or our hosting provider, collect data on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. of the GDPR regarding each access to the server on which this service is located (known as server log files). Access data includes the name of the requested website, file, date and time of access, amount of data transferred, notification of successful retrieval, browser type along with version, the operating system of the user, referrer URL (previously visited), IP address, and the requesting provider. Log file information is stored for a maximum of seven days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidence purposes are excluded from deletion until the relevant incident has been finally clarified.
2. Why do we collect your data?
We process your personal data for these reasons:
- Sale of goods and related services: We process personal data when selling goods to customers and providing related services. For these purposes, we process the data on the lawful basis of the performance of a contract and/or our legitimate interest. We keep your personal data either for the duration of the contract or for the duration of warranty periods of the goods and periods of limitation unless it is necessary to keep it for a longer period due to other purposes of processing.
- Customer support: If you contact us via our contact form, phone or another way, we will keep the personal data you have provided until we deal with your requirement or for the duration necessary to defend ourselves or to exercise our legal claims. However, we do not record your phone calls.
- Customer account: If you decide to create your customer account, we also use your personal data for the purposes of the loyalty club. You become a member after creating a customer account on-line. If you no longer wish to be a member of our loyalty club, please, let us know. We will cancel your customer account and we will not process your personal data for this purpose anymore.
- E-mail marketing: Based on you consent, we can use your personal data to send you marketing offers and other business messages, particularly to send news about our goods and services and other business messages related to our goods and services. These are particularly the news and offers which might be relevant based on your previous purchases and selected preferences. We might also send other messages related to your purchase (e.g. an assembly manual) or reminders of purchases which have not been completed. We will send you news and other messages via your contact details. The lawful basis of such processing is your consent which is consensual, can be withdrawn at any time and which you grant to us when registering your customer account. For this purpose, we process the data for the duration of the consent validity or until you withdraw your consent. If you do so, we will immediately stop processing your personal data for the purposes of sending marketing messages..
- Marketing competitions: We can organize consumer’s competitions within a selling season. In case you enrol for a competition, we will process your personal data in order to enable you to attend and for the purpose of evaluation, including data which is essential for the competition (e.g. information about purchases, answers to knowledge-based questions, etc…) Processing of your data when organizing competitions is done based on your consent which you have granted by enrolling for a competition. You can withdraw your consent to participate in competitions at any time and unsubscribe from a competition and we will stop processing your data.
- Making our services better:We use Google Analytics tool monitoring website activities to futher define and target our products or optimize our e-shop.
- User reviews and customer surveys: After your purchase you may be asked to fill customer satisfaction survey.
- Establishment, exercise and defence of legal claims: After the contract has finished, we can, on the basis of our legitimate interest, keep some of your personal data for the duration of periods of limitation as the processing is necessary to protect our rights or defend legal claims, including collection of sums owed.
3. Applicable legal bases
- Contract fulfilment: We process the data of our customers in the context of the order processes in our online shop to enable them to select and order the selected products and services, as well as their payment and delivery, or execution. The processed data includes inventory data, communication data, contract data, payment data and the persons affected by the processing include our customers, interested parties and other business partners. The processing takes place for the purpose of providing contractual services in the context of operating an online shop, billing, delivery and customer services.
4. Personal data sharing
In these cases we provide your data to third parties:
- Delivery of goods: we share your personal data with companies providing goods delivery, as Zasilkovna.cz (Packeta), Česká pošta and internationl couriers.
- Public authorities: we are obliged to make this data available to public authorities up to the necessary extent on the basis of law or other legal acts if they refer to us when exercising their powers and they ask us to provide information which can contain your personal data.
- External auditors, tax advisors, layers: external auditors, tax advisors or lawyers can access some of your personal data on rare occasions, e.g. if it is necessary to collect or book sums owed or to protect our legitimate interests or an insurance company in case of insured events
5. How long do we collect your personal data?
The data may be used for business and marketing purposes, i.e. to maintain a database of website customers and to offer goods and services for the duration of the legal reason for such method of processing and use of personal and other data. In other words, we collect your personal data for you to be able to use our services and to inform you about new products. We also need your personal data for warranty and after-warranty services.
We use and store personal data for fulfilment of legal obligations that arise for us from the generally binding legal regulations. For example we must archive all tax documents at least 10 years from date they were issued.
6. How is my personal data protected?
We try to secure all personal data that we process against leakage or theft. For this reason, we restrict its handling, copying, transfer or access to it just for strictly necessary purposes, for which you have granted your consent, or where the purpose is defined by law.
Our website has HTTPS protocol (valid SSL certificate), TLS 1.3 and PHP 7.3 or higher for encrypted connection between the website and the user, which minimises the possibility of personal data theft during data transfer (registration, login, sending in the form, etc.).
7. What are your data protection rights?
In compliance with the law, you have the right to require information about the ways your personal data is processed and the right to have the data we keep about you – data subject corrected. In certain cases, you have the right to require deleting your personal data, to access your personal data or to transfer your personal data (for example to transfer it to a different service provider). In some cases, you have the right to raise objections and the right to require restriction of your personal data processing. In case you have provided us with your consent to process your personal data, you can withdraw it at any time. Individual rights and ways how to exercise them are described below.
You may also lodge a complaint with the supervisory authority at any time regarding the personal data processing or the failure of the controller to perform the obligations resulting from GDPR. The supervisory authority in the Czech Republic is the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.
- Changing your data
You can change your personal data when logged into your user account. You can delete, change basic personal data.
- Correction of your personal data
According to Art. 16 GDPR, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you.
- Disclosure of your personal data
You have the right to require information whether we process your personal data and to what extent. You also have the right to require us to disclose your personal data and other personal details you have provided us with to you.
- Erasing your personal data
You can withdraw your consent to process your personal data at any time and without giving reasons. In that case, we will immediately erase your personal data and ensure our data processors do the same.
Please, be aware that withdrawing your consent doesn’t influence the lawfulness of any processing which had been done before you withdrew your consent.
You can ask us to erase your personal data at any time. If you contact us with such a request, we will immediately erase all your personal data we have at our disposal in case we don’t need it to perform contractual or legal obligations anymore or to protect our legitimate interests described above.
- Right to object
In case we process your personal data on the basis of our legitimate interest (e.g. when we process personal data of you as a contact person of our customer) you have the right to object to such processing at any time, concerning your particular situation. If we fail to prove legitimate grounds for processing which would override your interests or rights and freedoms or to prove this data is necessary to establishment, exercise and defence of our legal claims, we will not process the data any longer and erase it immediately.If we process your personal data for direct marketing purposes on the basis of our legitimate interest and you object to processing of your personal data for such marketing, we will immediately stop processing your personal data for this purpose.