Privacy and Data Protection Policy

I. Basic Provisions

  1. The data controller pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as: “GDPR“) is the business company MOSAIC spol. s r.o., with its registered office at Kunčice 20, Bělotín, 753 64, Identification Number: 47678470, registered in the Commercial Register maintained by the Regional Court in Ostrava, Section C, Insert 4242 (hereinafter referred to as: the “controller“).

  2. The contact details of the controller are:

    • Address: Kunčice 20, Bělotín, 753 64

    • Email: info@mosaic.cz

    • Phone: 608 002 545

  3. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  4. The controller has not appointed a data protection officer.

II. Sources and Categories of Processed Personal Data

  1. The controller processes personal data that you have provided to them or personal data that the controller has obtained based on the fulfillment of your order.

  2. The controller processes your identification and contact details and data necessary for the performance of the contract.

III. Lawful Basis and Purpose of Personal Data Processing

  1. The lawful basis for processing personal data is the performance of a contract between you and the controller pursuant to Article 6(1)(b) of the GDPR.

  2. The purpose of processing personal data is the processing of your order and the exercise of rights and obligations arising from the contractual relationship between you and the controller; when placing an order, personal data required for successful order processing (name and address, contact info) are requested. The provision of personal data is a necessary requirement for the conclusion and performance of the contract; without the provision of personal data, it is not possible to conclude the contract or for the controller to perform it.

  3. There is no automated individual decision-making by the controller within the meaning of Article 22 of the GDPR. You have provided your explicit consent to such processing.

IV. Data Retention Period

  1. The controller retains personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller and to assert claims from these contractual relationships (for a period of 15 years from the termination of the contractual relationship).

  2. After the retention period expires, the controller shall erase the personal data.

V. Recipients of Personal Data (Subcontractors of the Controller)

  1. Recipients of personal data are persons:

    • involved in the delivery of goods / services / execution of payments based on a contract,

    • providing e-shop operation services and other services in connection with the operation of the e-shop.

  2. For sending questionnaires, evaluating your feedback, and analyzing our market position, we use a processor who is the operator of the Heureka.cz portal; for these purposes, we may transfer information about the purchased goods and your email address to them.

  3. The controller does not intend to transfer personal data to a third country (a country outside the EU) or an international organization.

VI. Your Rights

Under the conditions set out in the GDPR, you have:

  • the right to access your personal data pursuant to Article 15 of the GDPR,

  • the right to rectification of personal data pursuant to Article 16 of the GDPR, or restriction of processing pursuant to Article 18 of the GDPR,

  • the right to erasure of personal data pursuant to Article 17 of the GDPR,

  • the right to object to processing pursuant to Article 21 of the GDPR,

  • the right to data portability pursuant to Article 20 of the GDPR,

  • the right to withdraw consent to processing in writing or electronically to the address or email of the controller specified in Article I of this Policy.

Furthermore, you have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.

VII. Personal Data Security Conditions

  1. The controller declares that they have adopted all appropriate technical and organizational measures to secure personal data.

  2. The controller has adopted technical measures to secure data storage facilities and personal data repositories in paper form.

  3. The controller declares that only persons authorized by them have access to personal data.

VIII. Cookies

  1. In accordance with Section 89 of Act No. 127/2005 Coll., on Electronic Communications, we inform you that our website requires so-called cookies for its proper operation. These are small data files that our servers store in your browser to maintain information about your settings and preferences.

  2. Cookies are small files created by the server and automatically stored on your computer. They contain information about the website settings of the remote server and serve primarily to remember certain user choices.

  3. Cookies are used to fully utilize the content and personalized functions of the website. The provision of certain personalized functions of this website is conditional upon their use, and therefore, you need to enable the use of cookies on your computer, tablet, or mobile device. The cookies we use cannot harm your computer and do not store confidential information such as your name, address, or payment details.

  4. If you wish to disable, block, or delete cookies from our website, you can do so in your browser. Since every browser is different, please look at your browser’s “Help” menu (or your mobile phone manual) to learn how to change your cookie settings.

IX. Final Provisions

  1. By submitting an order from the online order form, you confirm that you are familiar with the privacy policy and that you accept it in its entirety.

  2. You agree to this policy by checking the consent box via the online form. By checking the consent box, you confirm that you are familiar with the privacy policy and that you accept it in its entirety.

  3. The controller is entitled to change this policy. The controller will publish the new version of the privacy policy on their website and, at the same time, send you the new version of this policy to the email address you provided to the controller.

This policy comes into effect on March 1, 2021.