Information on Personal Data Processing

  1. 1. Identification and Contact Details of the Controller:
    1. 1.1. The controller of personal data under Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to personal data processing and on the free movement of such data (General Data Protection Regulation) ("GDPR") is Vinograf s. r. o., Senovážné náměstí 978/23, 110 00 Prague 1, Company Registration No. 017 70 837, VAT No. CZ01770837, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 266704, telephone: +420 734 492 160, email:, as the Seller ("Controller"). 
    2. 1.2. According to Article 4(1) of the GDPR, personal data means any information about an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  2. 2. Purpose of Processing, Scope of Personal Data and Legal Basis for Processing
    1. 2.1. The Buyer acknowledges that for the purposes of:
      1. 2.1.1. The conclusion of the purchase agreement or its subsequent performance (processing of the order, ensuring the dispatch and delivery of goods), the potential resolution of rights arising from defective performance (complaints), the Controller processes and stores the Buyer’s personal data in accordance with the GDPR in the following extent: name, surname, address, email address and telephone number;
      2. 2.1.2. Sending commercial communications and other marketing activities, the Controller processes and stores the Buyer’s personal data in accordance with the GDPR in the following extent: email address.
    2. 2.2. The legal basis for personal data processing is in accordance with: 
      1. 2.2.1. Article 6(1)(a) of the GDPR, the Buyer’s consent to processing for the purpose of providing direct marketing, in particular sending newsletters;
      2. 2.2.2. Article 6(1)(b) GDPR, the performance of a contract the Controller and the Buyer are parties thereto;
      3. 2.2.3. Article 6(1)(f) of the GDPR, the legitimate interests of the Controller where processing is necessary for the purposes of legitimate interests of the Controller or of a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring personal data protection, in particular where the data subject is a child.
    3. 2.3. No automated individual decision-making within the meaning of Article 22 of the GDPR is carried out by the Controller. 
  3. 3. Categories of Recipients/Recipients of Personal Data
    1. 3.1. The Controller undertakes not to disclose the Buyer’s personal data to any entities other than the following processors, which are:
  1. (i) companies within the Vinograf group;
  2. (ii) contractual carriers of the Controller, postal service providers or payment gateway operators.
    1. 3.2. The Controller will not transfer personal data to countries outside the European Union or the European Economic Area.
  1. 4. Storage Period
    1. 4.1. Personal data will be stored by the Controller for the time necessary to fulfill the purpose of processing, i.e. primarily for the time necessary to fulfill the agreement (processing of the order, dispatch and delivery of the goods) and for the statutory warranty period or for the period of the provided contractual guarantee.
    2. 4.2. The Buyer acknowledges that the Controller is obliged under Section 31 of Act No. 563/1991 Coll., on Accountancy, as amended, to keep accounting documents and accounting records (invoices) for a period of 5 years beginning from the end of the accounting period to which they relate (i.e. if the Buyer purchases goods during 2021, the invoice must be kept until the end of 2026). 
    3. 4.3. The Buyer acknowledges that for VAT payers, the Controller is obliged under Section 35 of Act No. 235/2004 Coll. on Value Added Tax, as amended, to keep tax documents for 10 years from the end of the tax period in which the fulfillment took place (i.e. if you purchase goods during 2021, the invoice must be kept until the end of 2031). The tax document contains the following personal details: name, last name and address.
  2. 5. Buyer's Rights in Relation to Personal Data
    1. 5.1. The Buyer acknowledges that under the GDPR s/he has the right:
      1. 5.1.1. To withdraw consent to processing in writing or electronically to the address or email of the Controller;
      2. 5.1.2. To access to personal data, which consists of the right to obtain from the Controller confirmation as to whether or not personal data concerning to him/her is being processed and, where that is the case, the right to obtain access to the personal data and the information defined under Article 15 of the GDPR;
      3. 5.1.3. To obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement under Article 16 of the GDPR;
      4. 5.1.4. To erasure (“right to be forgotten”), i.e. the Controller shall erase without undue delay personal data pertaining to the Buyer as soon as it is no longer necessary for the purposes of the fulfillment of the agreement, except for compliance with a legal obligation which requires processing under Article 16 of the GDPR;
      5. 5.1.5. To obtain from the controller restriction of processing under Article 18 of the GDPR;
      6. 5.1.6. To data portability under Article 20 of the GDPR;
      7. 5.1.7. To object to personal data processing under Article 21 of the GDPR;
    2. 5.2. Upon request, the Controller shall provide the Buyer with information on the measures taken in each case within one month of receipt of the request. 
    3. 5.3. In case of doubts about the processing of personal data, the Buyer has the right to contact the Office for Personal Data Protection (Pplk. Sochora 27, 170 00 Prague 7), which is the supervisory authority in this area, and file a complaint therewith under Article 77 of the GDPR..
  3. 6. Podmínky zabezpečení osobních údajů 
    1. 6.1. The Controller declares that he has taken all appropriate technical and organizational measures to secure personal data.
    2. 6.2. The Controller has taken technical measures to secure data storage and storage of personal data in paper form. 
    3. 6.3. The Controller declares that only persons authorized by him have access to personal data.
  4. 7. Final Provisions 
    1. 7.1. By submitting an order via the online order form, the Buyer confirms that s/he has been informed of the terms and conditions of personal data processing and that s/he fully understands them.
    2. 7.2. By submitting the newsletter subscription form, the Buyer confirms that s/he has been informed of the terms and conditions of personal data processing and that s/he accepts them in their entirety. 
    3. 7.3. The controller is entitled to unilaterally change this information on personal data processing. He shall publish the new version on his website. 
    4. 7.4. This document shall take effect on 1. 1. 2022

New Account Register

Already have an account?
Log in instead Or Reset password