By completing an order, registering or browsing our website, you allow CAFÉ LIGHT s.r.o., with registered office at U Vinné révy 1776/11, 106 00 Prague 10, Czech republic, identification number: 08621624, registered in the Commercial Register kept by the Municipal Court in Prague, Section C, Insert 322168, Phone number: +420 776 151 272, email: [email protected], (hereinafter referred to as “Administrator” or “Personal Data Administrator”) to use your personal data. This page is intended to inform you, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (GDPR), what information we collect about you, for what reason and how we use your information, what your rights are regarding the use of personal data by us and how you can exercise them with us in accordance with the GDPR Regulation.
What information do we collect about you?
In the order register we process your personal data in the following scope: e-mail, full name, telephone, address and also price data. We first need the data to process the order, i.e. to fulfil the contract (i.e. to fulfil our contractual obligations to the customer). After we have fulfilled our contractual obligations, we use the personal data from the order register for further purposes. It is in our legitimate interest to maintain the entire order record for legal protection against future disputes. Due to the statutory warranty period for the quality of the goods, the statute of limitations and the setup and systematics of the court system, including the time limits for the limitation of claims, we have to process your order record data for a period of 6 years. We then also use the data from the order register to fulfil our legal obligation to archive documentation for possible financial control for a period of 10 years.
We process your personal data in the user register to the extent that you provide it to us when you register or edit your profile, create an order or link your account to social networks. It is in our legitimate interest to maintain a user database. The database will also allow individual customers to maintain and manage their profiles as part of their registration on the website. In addition to registration purposes, we also use this database to identify individuals, to handle complaints, to process orders or for marketing purposes (more on these below). We also use the data for processing for marketing purposes. We describe these personal data in detail below. We hold personal data for user records for a period of 5 years from your last order.
We also use your personal data for the purpose of arranging transport (fulfilling our obligations under the contract). We forward this data to the transport companies and create a log of the forwarding upon forwarding, which serves as a backup in case of a forwarding error via the information system. Due to possible claims by both the customer and the carrier, we process this data for the purpose of ensuring transport for a period of 5 years from the creation of the order.
The storage of the personal data from your order allows us to facilitate your next purchase and you can therefore pre-fill the data previously used in the electronic basket. In order to facilitate your purchase, we process the personal data on the basis of a legal title of legitimate interest and keep it in databases together with other data, i.e. for a period of 5 years from the date of your last order.
In order to provide you with appropriate technical support with the use of our website, we store technical data about the device you use to access our website (the browser you use, the device from which you access our website and the operating system you use). The provision of technical support is in our and your legitimate interest. This information is part of our internal logs and we do not use it for any purpose other than providing technical support, but for technical reasons we must keep it for the lifetime of the personal data we process. The latest we will delete this data about you is 5 years after your last order.
During your visit to our site we will keep track of:
- products already viewed: we may use this information to display products already viewed,
- location, IP address and browser type: we use this information, for example, to calculate shipping charges,
- shipping address: we ask you to enter this information in order to pre-calculate the shipping cost before you create an order and the goods are sent to you.
If you purchase from us, we will ask for information such as your name, billing address, shipping address, email address, phone number, credit card/payment information, as well as optional account information such as username and password. This information will be used for purposes such as:
- send your account and order information
- respond to your requests, including refunds and complaints
- process payment and prevent fraud
- set up your account in our store
- comply with any legal requirements we have, such as calculating taxes
- improve our store offerings
- send you marketing messages if you choose to receive them.
If you create an account we will store your name, address, email and phone number to be used in the future to complete the checkout page.
We will usually store your information for as long as we use it for the purposes for which it was requested, after which it is no longer legally necessary to retain it. For example, we keep order information for 10 years for tax and accounting purposes. This information includes your name, email, billing and shipping address.
When visitors post comments on this site, the information displayed on the comment form is collected, as well as the visitor’s IP address and the user agent string defining the browser, which helps to detect spam.
If you upload images to this site, you should avoid uploading images with embedded location data (EXIF GPS). Visitors to the site can download and view arbitrary location data from images on the site.
If you post a comment on our site, you can allow your name, email address and website to be stored in cookies. This is our way of trying to improve your experience. When you post a new comment you will then not have to fill in this information again. These cookies will have a lifetime of one year.
If you have an account and log in to this site, we will set temporary cookies to verify that your browser accepts cookies. This cookie does not contain any personal data and will be discarded when you close your browser.
We will also set a number of cookies when you log in to store your login details and for screen display settings. The login cookies have a lifetime of two days and the display settings cookies have a lifetime of one year. If you confirm the “Remember me” option, your login will last for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, another cookie will be stored in your browser. This cookie does not contain any personal data and simply indicates the ID of the post you have just edited. It expires after 1 day.
Embedded content from other websites
Posts on this site may contain embedded content (such as videos, images, articles, etc.). Embedded content from other websites behaves in the same way as if the visitor had visited another website.
How do we use the data for marketing purposes?
For marketing purposes, we process your contact details that you fill in when ordering, registering or subscribing to commercial communications, which we use to send you commercial communications and to make the communications we send you more relevant. Of course, you can unsubscribe from our commercial communications at any time. Once you have unsubscribed completely, we will no longer use your contact personal data to send you commercial communications.
We use all personal data used in marketing on the basis of legitimate interest and retain it for marketing purposes for a period of 5 years from your last order. As we are aware that data about what specifically interests you, what you like about us and your feedback on sending commercial communications may be perceived as more sensitive data, we only store this data for 2 years from the time we receive it.
Who do we pass the data to?
Your personal data is used solely for our internal purposes, and only for the reasons stated above. However, we do not provide all necessary services regarding personal data only by our own means, we also use third parties (specialized companies).
As part of your order, personal data may therefore be passed on to transport companies such as:
- Czech Post s.p., with registered office at Prague 1, Politických vězňů 909/4,
- Zásilkovna s.r.o., Českomoravská 2408/1a, 190 00 Prague 9,
- DHL Express (Czech Republic) s.r.o., Bucharova 2641/14, 158 00 Prague 5, Czech Republic.
Outside of the order, we process your personal data in information, analytical and marketing systems of third parties, which we necessarily need for our business, such as:
- accounting program Money operated by spol. Solitea česká republika, a.s., based in Drobného 49, Brno.
We do not transfer personal data to any third party for further processing.
Visitor comments may be screened through an automated spam detection service that may be located offshore.
Where do we store the data?
The data is stored on CAFÉ LIGHT s.r.o. back-up servers and at the Wedos data centre, where the website servers are hosted.
Access to the systems mediating our customers’ personal data is only granted to a limited number of internal users for whom this is necessary due to the nature of their work. This may include, for example, employees working on order processing, etc. Individual employees always have access to only the amount of personal data that they strictly need for their work. Access to all critical systems that process our customers’ personal data is restricted to the internal network only and the aforementioned persons will automatically lose access to your personal data in the event of termination of the legal relationship with us.
If you post a comment, the comment and its metadata will be retained indefinitely. The data is retained for the purpose of automatically recognizing and approving all subsequent comments, rather than holding them in the moderation queue.
For users who register on this site (if they have the option), we also store the personal data they provide in their user profile. All users can see, edit or delete their personal information at any time (except that they cannot change their username). Site administrators can also view and edit this information.
What rights the GDPR gives you and how to exercise them with us
The right to access and correct information
If we process personal data about you inaccurately, you may notify us of this by sending a message to [email protected], and we will then correct the inaccurate personal data without undue delay. After registering on our website, you will have the opportunity to correct your personal data yourself by editing your profile. If you would like to complete some personal data that you have not previously provided to us, and this personal data is necessary for the provision of the services we provide, simply fill it in again in the appropriate place in the profile editing. You can request the removal of your user account and personal data that is not necessary for further processing by writing to our customer service department.
Right to object to the processing of personal data
Even if we process your personal data on the basis of our legitimate interest, you have the right to object to such processing, including objections to the processing of personal data that we process for direct marketing purposes. You can do this by sending a message to [email protected]. If you submit such an objection, we will assess without undue delay the extent to which we can claim the legitimacy of our reasons for processing your personal data in accordance with the law despite your objection and how we will handle your personal data in the meantime. Until we have demonstrated to you our legitimate grounds for processing, we will no longer process your personal data.
Right to restriction of processing of personal data
You have the right to request that we restrict any processing of your personal data, including erasure, i.e. that we stop handling it:
- If you let us know that the personal data we have collected is inaccurate, pending verification of its accuracy.
- If the processing of your personal data is unlawful and you, instead of requesting its deletion, request by sending a message to [email protected] to restrict its use.
- If we no longer need your personal data to provide our services but you need it to exercise your rights.
- If you object to the processing as set out in the paragraph above, until we have verified that our reasons for processing outweigh your interests.
Right to be forgotten (right to erasure of personal data)
In the event that you become aware that we are processing your personal data:
- although the processing is no longer necessary for the purposes for which we obtained it; and/or
- You object in accordance with the paragraph above and we are unable to demonstrate to you legitimate grounds for processing it which override your interests, your rights and freedoms or the exercise or defence of legal claims; and/or
- we are processing the data for any other unlawful reason, you have the right to request that we delete the personal data processed in this way without undue delay after you notify us of such facts by sending a message to [email protected]. However, we may not delete the data even at your request if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of one of our legal obligations or for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims.
The right to receive data in machine-readable form
If you ask us to provide you with your personal data processed by us by sending a message to [email protected], we will send it to you in a structured, commonly used and machine-readable format (e.g. *.xls, *.csv or similar format). If you ask us to send your personal data to another data controller, we will of course comply with your request.
Right to unsubscribe from receiving commercial communications at any time
In the event that you no longer wish to receive commercial communications from us, you may opt-out of receiving them either by clicking on the link included in each commercial communication or by editing the subscription in your profile created by registering on our website.
Right to withdraw consent to receive commercial communications at any time
In the event that we ask for your consent to the processing of your personal data as part of our special promotions, you may withdraw this consent at any time, even without giving reasons. You can withdraw your consent either in the manner more precisely described in the rules of the consumer competition or by always sending a withdrawal of consent to the email address [email protected].
Contact us and our Data Protection Officer
Our Data Protection Officer is Tomáš Sousedík, who can be contacted at the following email address: [email protected].
Right to lodge a complaint with the DPO
If, in your opinion, we are not fulfilling all of our legal obligations arising in connection with the processing of your personal data, you are of course entitled to contact the Data Protection Office, either at the office of the Office: Pplk. Sochora 27, Prague 7, Postal Code 170 00, by e-mail at [email protected] or by any other means accepted by the Data Protection Authority. Further information about the Authority can be found on its website www.uoou.cz.