Home / Privacy Policy

Privacy Policy

I. Basic Provisions

  1. The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, “GDPR”) is the University of Economics, Prague, with its registered office at nám. W. Churchilla 1938/4, 130 67 Prague 3, Company ID: 61384399 (hereinafter referred to as the “Controller”).

  2. Contact details of the Controller:

University of Economics, Prague
nám. W. Churchilla 1938/4
130 67 Prague 3 – Žižkov

  1. Personal data means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier, or one or more specific elements of physical, physiological, genetic, mental, economic, cultural or social identity of that person.

II. Sources and Categories of Processed Personal Data

  1. The Controller processes personal data you have provided or data obtained in connection with the fulfilment of your order.

  2. The Controller processes your identification and contact data, as well as data necessary for the performance of the contract.

III. Legal Grounds and Purpose of Processing

  1. The legal grounds for processing your personal data are:

    • Performance of a contract between you and the Controller under Article 6(1)(b) GDPR;

    • The legitimate interest of the Controller in direct marketing (particularly for sending commercial communications and newsletters) under Article 6(1)(f) GDPR;

    • Your consent for processing for the purpose of direct marketing (particularly for sending commercial communications and newsletters) under Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on Certain Information Society Services, if no order has been placed.

  2. The purpose of processing personal data is:

    • To process your order and exercise rights and obligations arising from the contractual relationship between you and the Controller; personal data is required for successful processing of your order (name, address, contact details), and without providing personal data, it is not possible to conclude or perform the contract;

    • To send commercial communications and carry out other marketing activities.

  3. The Controller does not engage in automated individual decision-making within the meaning of Article 22 GDPR. You have given explicit consent for such processing.

IV. Data Retention Period

  1. The Controller retains personal data:

    • For the period necessary to exercise rights and fulfil obligations arising from the contractual relationship and for claims arising from such relationships (up to 15 years from contract termination);

    • Until consent for marketing purposes is withdrawn, but no longer than 15 years, if processing is based on consent.

  2. After the retention period expires, the Controller deletes the personal data.

V. Recipients of Personal Data (Processor Subcontractors)

  1. Recipients of your personal data include:

    • Parties involved in the delivery of goods/services or processing of payments under the contract;

    • Service providers operating the e-shop (e.g. Shoptet) and other related services;

    • Marketing service providers.

  2. The Controller does not intend to transfer personal data to third countries (outside the EU) or international organizations. However, some recipients of data in third countries may include providers of mailing or cloud services.

VI. Your Rights

Under the conditions set out in the GDPR, you have the right to:

  • Access your personal data (Article 15 GDPR),

  • Rectification of personal data (Article 16 GDPR), or restriction of processing (Article 18 GDPR),

  • Erasure of personal data (Article 17 GDPR),

  • Object to processing (Article 21 GDPR),

  • Data portability (Article 20 GDPR),

  • Withdraw consent to processing, either in writing or electronically, via the contact details specified in Article III.

Additionally, you have the right to lodge a complaint with the Office for Personal Data Protection if you believe your rights have been infringed.

VII. Data Security Measures

  1. The Controller declares that all appropriate technical and organizational measures have been taken to safeguard personal data.

  2. Technical measures have been implemented to secure data storage and physical records, particularly...

  3. Only persons authorized by the Controller have access to personal data.

VIII. Final Provisions

  1. By submitting an order via the online form, you confirm that you are familiar with and accept these data protection terms in full.

  2. You agree to these terms by ticking the consent checkbox in the online form. By doing so, you confirm you have read and accept these terms in full.

  3. The Controller reserves the right to amend these terms. The new version will be published on the website and sent to your email address provided to the Controller.

These terms are effective as of June 1, 2025.

 

What are you looking for?

We recommend