Customer support:+420 774 737 781objednavky@5mfencing.com
    Currency
    EUR
    Language
    English
    Home / GDPR

    GDPR

    Personal Data Protection Policy - excerpt from Terms and Conditions

    ARTICLE 12 – PERSONAL DATA PROTECTION CONDITIONS

     

    12.1 - Basic Provisions

    12.1.1  The controller of personal data pursuant to Art. 4, point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data is the business corporation 5M spol. s r.o., with registered office at Praha 18 – Letňany, Rösslera-Ořovského 710/9, ZIP 199 00, Czech Republic, ID No.: 427 40 941 (hereinafter referred to as the „controller").

    The controller is, in accordance with the provisions of Act No. 110/2019 Coll., on the processing of personal data (hereinafter referred to as the „Personal Data Processing Act") and in accordance with Art. 6(1)(a) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as „GDPR"), which entered into force on 25 May 2018, entitled to collect, store and process personal data specified in more detail in para. 12.1.3 of this article.

     

    12.1.2  The contact details of the controller are:

    5M spol. s r.o., with registered office at Praha 18 – Letňany, Rösslera-Ořovského 710/9, ZIP 199 00, Czech Republic, ID No.: 427 40 941, VAT No.: CZ42740941

    Postal address: Praha 18 – Letňany, Rösslera-Ořovského 710/9, ZIP 199 00

    Data mailbox ID: zsm9zrj

    E-mail address: info@5mfencing.com

    Phone: +420 774 737 710

    Contact person: Ing. Jiří Beran ml., Managing Director, phone: +420 774 737 710, e-mail: info@5mfencing.com.

     

    12.1.3  Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

     

    12.1.4  The controller has appointed a Data Protection Officer. The contact details of the Data Protection Officer are: Ing. Jiří Beran ml., phone: +420 774 737 710, e-mail: info@5mfencing.com.

     

    12.2 - Sources and Categories of Personal Data Processed

    12.2.1  The controller processes personal data provided by the natural person or personal data obtained by the controller in connection with the fulfilment of an order placed in the seller's/controller's online store.

    12.2.2  The controller processes first name and surname, date of birth, permanent residence address, e-mail, phone number, bank account number, as well as other data necessary for the fulfilment of the contract.

    12.2.3  For the purpose of evaluating customer satisfaction, the controller also processes: first name and surname, e-mail address, phone number, date of transaction, order ID and information about purchased products or services used.

     

    12.3 - Legal Basis and Purpose of Personal Data Processing

    12.3.1  The legal basis for the processing of personal data is:

    1. performance of a purchase contract between the buyer and the controller pursuant to Art. 6(1)(b) GDPR,
    2. the legitimate interest of the controller in providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Art. 6(1)(f) GDPR,
    3. the buyer's consent to processing for the purposes of direct marketing (in particular for sending commercial communications and newsletters) pursuant to Art. 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services, in the event that no order for goods or services has been placed,
    4. the legitimate interest of the controller in continuously improving customer satisfaction and the quality of services provided pursuant to Art. 6(1)(f) GDPR.

    12.3.2  The purpose of personal data processing is in particular:

    1. processing the buyer's order and exercising rights and obligations arising from the contractual relationship (purchase contract and contract for work) between the buyer and the controller; when placing an order, personal data necessary for the successful processing of the order are required (name and address, contact details); the provision of personal data is a necessary requirement for the conclusion and performance of the purchase contract; without the provision of personal data, it is not possible to conclude the contract or for the controller to perform it,
    2. sending commercial communications and carrying out other marketing activities,
    3. sending customer satisfaction surveys and evaluating customer experience after the purchase of products or use of the controller's services.

    12.3.3  The controller carries out automated individual decision-making within the meaning of Art. 22 GDPR. You have given your explicit consent to such processing.

     

    12.4 - Data Retention Period

    12.4.1  The controller retains personal data:

    1. for the period necessary for the exercise of rights and obligations arising from the contractual relationship between the buyer and the controller and for asserting claims arising from such contractual relationships (for a period of 15 years from the termination of the contractual relationship),
    2. until the consent to the processing of personal data for marketing purposes is withdrawn, for a maximum of 10 years, if personal data are processed on the basis of consent,
    3. personal data processed for the purpose of sending customer satisfaction surveys are retained for the period strictly necessary for the fulfilment of this purpose, but for no longer than 3 years from the date of the transaction, or until the buyer objects to such processing.

    12.4.2  Upon expiry of the personal data retention period, the controller shall delete the personal data.

     

    12.5 - Recipients of Personal Data (Controller's Subcontractors)

    12.5.1  Recipients of personal data are persons:

    1. involved in the delivery of goods / services / processing of payments under contracts,
    2. providing e-shop operation services and other services related to the operation of the e-shop,
    3. providing marketing services,
    4. providing legal and economic services,
    5. providing customer satisfaction evaluation services, specifically:
      • Heureka Shopping s.r.o., operator of the web portal spolehliverecenze.cz, with registered office at Karolinská 650/1, 186 00 Prague 8, ID No.: 02387727,
      • eKomi Holding GmbH, with registered office at Markgrafenstraße 11, 10969 Berlin, Federal Republic of Germany.
      The above recipients shall receive personal data solely for the purpose of sending and evaluating customer satisfaction surveys and are bound by the obligation not to use such data for any other purpose.

    12.5.2  The controller intends to transfer personal data to a third country (a country outside the EU) or an international organisation. Recipients of personal data in third countries are providers of mailing services / cloud services. eKomi Holding GmbH is based in Germany, i.e. an EU/EEA member state – the transfer of personal data to this company therefore does not constitute a transfer to a third country and does not require specific safeguards under Art. 46 GDPR.

     

    12.6 - Your Rights

    12.6.1  Under the conditions set out in the GDPR, the buyer has:

    1. the right of access to their personal data pursuant to Art. 15 GDPR,
    2. the right to rectification of personal data pursuant to Art. 16 GDPR, or restriction of processing pursuant to Art. 18 GDPR,
    3. the right to erasure of personal data pursuant to Art. 17 GDPR,
    4. the right to object to processing pursuant to Art. 21 GDPR,
    5. the right to data portability pursuant to Art. 20 GDPR,
    6. the right to withdraw consent to processing in writing or electronically to the address or e-mail of the controller specified in Article 12, point 12.1 of these conditions.

    12.6.2  The buyer has the right to object at any time to the processing of personal data carried out for the purpose of sending customer satisfaction surveys (Art. 12.3.1 point 4 and Art. 12.3.2 point 3 of these conditions), either:

    • by e-mail to: info@5mfencing.com,
    • by following the procedure set out directly in the customer satisfaction survey sent.

    Upon receipt of the objection, the controller shall cease processing the buyer's personal data for this purpose.

    12.6.3  The buyer has the right to lodge a complaint with the Office for Personal Data Protection if they believe that their right to the protection and processing of personal data has been violated under the Personal Data Processing Act and the GDPR.

     

    12.7 - Personal Data Security Conditions

    12.7.1  The controller declares that it has taken all appropriate technical and organisational measures to secure personal data.

    12.7.2  The controller has taken technical measures to secure data storage facilities and personal data storage in paper form, in particular by securing all IT systems with passwords and up-to-date antivirus software.

    12.7.3  The controller declares that only persons authorised by the controller have access to personal data.

     

    12.8 - Final Provisions

    12.8.1  By submitting an order via the online order form on the controller's website, the buyer confirms that they have read the personal data protection and processing conditions and accept them in their entirety.

    12.8.2  The buyer agrees to these conditions by ticking the consent checkbox in the online form on the website. By ticking the consent checkbox, the buyer confirms that they are familiar with the personal data protection conditions and accept them in their entirety. The conditions are also sent to the buyer's e-mail address provided in the order for goods or in the registration on the website.

    12.8.3  The controller is entitled to change these conditions. The controller shall publish the new version of the personal data protection conditions on its website and shall simultaneously send the new version of these conditions to the buyer's e-mail address provided in the order for goods or in the registration on the website.

     

    The Terms and Conditions and the Personal Data Protection and Processing Conditions enter into force on 14 March 2026.