Nexo Trading s.r.o., with its registered office at Bezručova 204/21, 737 01 Český Těšín, Czech Republic, Company ID No.: 23521589, registered in the Commercial Register maintained by the Regional Court in Ostrava, Section C, File No. 100270 (hereinafter referred to as the “Controller”), acting as a data controller within the meaning of Article 4(7) of the GDPR, hereby informs natural persons whose personal data are processed about the manner, scope, purposes and legal grounds of the processing of their personal data, as well as about their rights related thereto.
Contact details of the Controller are as follows:
E-mail: ekopyro@gmail.cz
Telephone: +420 210 012 004
This Privacy Policy governs the processing of personal data of customers of the Controller’s e-shop and of other individuals who enter into legal relations with the Controller or otherwise communicate with the Controller.
The Controller processes personal data provided by the data subject when placing an order, creating a customer account, subscribing to commercial communications, or otherwise communicating with the Controller.
Such data include, in particular, identification data such as first name and surname, business name where applicable, Company ID number (IČO) and Tax Identification Number (DIČ) in the case of self-employed individuals. The Controller further processes contact details, including permanent address or registered office address, delivery address, e-mail address and telephone number.
The Controller also processes data relating to orders, in particular information about ordered goods, price, method of payment, method of delivery, order history, complaints and mutual communication.
In connection with visits to the website, technical data may also be processed, such as IP address, information about the device used, operating system, internet browser and data obtained through cookies or similar technologies.
Personal data are primarily processed for the purpose of concluding and performing a purchase contract, in particular for receiving and processing orders, processing payments, delivering goods, communicating with customers and handling complaints or claims arising from defective performance. The legal basis for such processing is the performance of a contract pursuant to Article 6(1)(b) GDPR.
Personal data are further processed for the purpose of complying with legal obligations to which the Controller is subject under the laws of the Czech Republic, especially in the field of accounting and taxation. The legal basis for such processing is compliance with a legal obligation pursuant to Article 6(1)(c) GDPR.
The Controller may also process personal data on the basis of its legitimate interest, in particular for the purpose of protecting its legal claims, preventing fraudulent conduct, ensuring the security of its information systems and conducting direct marketing towards existing customers. The legal basis in this case is the legitimate interest of the Controller pursuant to Article 6(1)(f) GDPR.
In the case of sending commercial communications to persons who are not existing customers, or in the case of the use of non-essential cookies, the legal basis for processing is the consent of the data subject pursuant to Article 6(1)(a) GDPR. Consent is voluntary and may be withdrawn at any time.
Personal data are retained for the period necessary to fulfil the purpose for which they were collected and processed.
Data processed for the performance of a contract are retained for the duration of the contractual relationship and subsequently for the duration of the applicable statutory limitation periods for the purpose of protecting the Controller’s legal claims.
Data processed for compliance with legal obligations are retained for the period stipulated by the relevant legal regulations of the Czech Republic, in particular accounting and tax documents for a period of ten years following the end of the relevant accounting period.
Data processed on the basis of consent are retained for the period for which consent was granted or until such consent is withdrawn.
Personal data may be disclosed to third parties that provide supporting services to the Controller. These include, in particular, providers of accounting and tax services, IT and hosting service providers, payment gateway operators, transport companies ensuring delivery of goods, and marketing service providers.
The Controller has concluded data processing agreements with all processors in accordance with Article 28 GDPR, ensuring an adequate level of protection of personal data.
Personal data may be transferred outside the European Union or the European Economic Area only where necessary in connection with the use of certain services, such as analytical or marketing tools. In such cases, the Controller ensures appropriate safeguards in accordance with Chapter V GDPR, in particular through the use of standard contractual clauses or other lawful transfer mechanisms.
The data subject has the right to request access to his or her personal data, the right to rectification of inaccurate or incomplete data, the right to erasure of personal data where the conditions laid down by law are met, and the right to restriction of processing.
The data subject further has the right to data portability, the right to object to processing based on the Controller’s legitimate interest, and the right to withdraw consent at any time.
The data subject also has the right to lodge a complaint with the supervisory authority, which in the Czech Republic is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), with its registered office at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic.
The Controller has adopted appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction or misuse. These measures include, in particular, encrypted data transmission via secure connections, restriction of access rights, regular updates of information systems and internal control mechanisms.
This Privacy Policy becomes effective on the date of its publication on the Controller’s website. The Controller reserves the right to amend this Privacy Policy to a reasonable extent, in particular in the event of changes in applicable legislation or changes in the manner of processing personal data. The current version of this Privacy Policy is always available on the Controller’s website.