Privacy Policy

I. Basic provisions

1. Pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – "GDPR"), personal data are controlled by JARLU spol. s r.o., company ID: 50 764 276, registered office: Sv. Martina 1360/67, 013 06 Terchová (the "Controller").
2. Controller's contact details:
   Address: Sv. Martina 1360/67, 013 06 Terchová
   Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
   Telephone: +421 911 953 484
3. Controller-appointed privacy policy compliance officer:
   PharmDr. Lukáš Jaroščiak, This email address is being protected from spambots. You need JavaScript enabled to view it., +421 911 953 484
4. Privacy policy compliance officer's contact details:
   PharmDr. Lukáš Jaroščiak, This email address is being protected from spambots. You need JavaScript enabled to view it., +421 911 953 484
5. Personal data are data relating to an identified or identifiable natural person who can be identified directly or indirectly, especially on the basis of a generally applicable identifier, other identifier such as a first name, last name, identification number, location data, or online identifier, or on the basis of one or more characteristics or signs that make up that person's physical, physiological, genetic, psychological, mental, economic, cultural or social identity.
6. The Controller of personal data has not appointed a processor for the protection of personal data.

II. Sources and categories of personal data processed

1. The Controller processes personal data that you have provided to it or personal data that it has obtained while processing your order.
2. The Controller processes your identification and contact data and the data necessary for the performance of a contract.

III. Legal basis and purpose of processing of personal data

1. The legal basis of processing of personal data is
   • the performance of a contract between you and the Controller under Article 6(1)(b) GDPR,
   • the Controller's legitimate interest in providing direct marketing (especially for sending business offers and newsletters) under Article 6(1)(f) GDPR,
   • the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
2. The purpose of personal data processing is to:
   • process your order and exercise the rights and obligations arising from the contractual relationship between you and the Controller; when placing an order, we require personal data which are necessary for the successful processing of the order (name and address, contact details). The provision of personal data is a necessary requirement for the conclusion and performance of the contract. Without the provision of personal data, it is not possible to conclude the contract or for the Controller to perform it;
   • send business offers and perform other marketing activities.
3. On the part of the Controller, there is no automated individual decision-making within the meaning of Article 22 GDPR. You have given your express consent to such processing.

IV. Data retention period

1. The Controller retains personal data
   • for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the Controller, and to exercise claims from these contractual relationships (for a period of 10 years from the termination of the contractual relationship);
   • until the consent to the processing of personal data for marketing purposes is withdrawn (for a maximum period of 5 years if personal data are processed on the basis of consent).
   
   
2. The Controller will delete the personal data once the personal data retention period expires.

V. Recipients of personal data (Controller's subcontractors)

1. Recipients of personal data are persons
   • participating in the delivery of goods or services, the facilitation of payments under a contract,
   • the provision of services for the operation of our online shop and other services related thereto,
   • and the provision of marketing services.
2. The Controller does not intend to provide personal data to a third country (a country outside the EU) or an international organisation.
3. Marketing and support services provided
   • Google Analytics – records cookies and website use
   • Google Adwords – records cookies and website use
   • Heureka – records completed purchases and email addresses for its "Verified by Customers" service

VI. Your rights

1. Under the conditions set forth in the GDPR, you have
   
   • the right of access to personal data under Article 15 GDPR,
   • the right to rectification of personal data under Article 16 GDPR or to restriction of processing under Article 18 GDPR,
   • the right to erasure of personal data under Article 17 GDPR,
   • the right to object to processing under Article 21 GDPR,
   • the right to data portability under Article 20 GDPR,
   • and the right to withdraw consent to processing in writing or electronically to the address or email address of the Controller provided in Article III hereof. You may withdraw consent at any time in your customer account.
2. You have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to privacy has been violated.

VII. Conditions for securing personal data

1. The Controller represents that it has taken all appropriate technical and organisational measures to secure personal data.
2. The Controller has taken technical measures to ensure electronic and paper personal data storage, secure/encrypted access to the website, encryption of customer passwords in the database, regular system updates, and regular system backups.
3. The Controller represents that only persons authorised by it have access to personal data.

VIII. Final provisions

1. By submitting an order from the online order form, you confirm that you are familiar with this Privacy Policy and that you accept its terms in their entirety.
2. You consent to this Privacy Policy by ticking the consent box in the online form. By ticking the consent box, you confirm that you are familiar with this Privacy Policy and that you accept its terms in their entirety.
3. The Controller may amend this Privacy Policy. The Controller will publish the new version of this Privacy Policy on its website and will also send it to you to the email address that you provided to it.

This Privacy Policy takes effect on 25 May 2018.