Statement of Personal Data Processing

according to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and instructing the data subjects (hereinafter referred to as „GDPR“)

I. Personal Data Administrator

The company Hitex s.r.o., with its registered seat: Městečko Trnávka 265, 569 41 Městečko Trnávka, company ID: 25934457, Tax ID: CZ25934457, registered in the Commercial register kept by the Regional Court in Hradec Králové, section C, file 15776, (hereinafter referred to as the „Administrator“) herewith informs you in compliance with article 12 GDPR about your data processing and about your rights.

II. Range of Personal Data Processing

The personal data are processed within the range as provided by the relevant data subject to the Administrator in connection with conclusion of contractual or other relation with the Administrator, or otherwise collected by the Administrator and processed in compliance with valid legal regulations or for the purpose of fulfilment of statutory obligations of the Administrator.

III. Personal Data Sources

• Directly from the data subjects (sending an order via the web application “měřenka” - configurator of shooting jackets, respectively contact form on web sites, etc.)

IV. Categories pf Personal Data Being a Subject of Processing

• address and identification data used for unambiguous and unmistakable identification of the data subject (e.g. name, surname, permanent residence address) and data allowing contact with the data subject (contact data – e.g. contact address, telephone number, e-mail address and other similar information)
• descriptive data (e.g. banking connection)
• other data necessary for contract fulfilment
• data provided above the frame of relevant acts, processed within the consent granted by the data subject (use of personal data for the purpose of HR proceedings, etc.)

V. Data Subjects Categories

• Administrator’s client (only in case of subjects, making orders through “měřenka” - configurator of shooting jackets)
• Administrator’s employee
• carrier
• other person being in contractual relation with the Administrator
• job applicant

VI. Categories of Personal Data Recipients

• wholesalers
• financial institutions
• processor
• government and other authorities within the scope of fulfilment of statutory obligations set by relevant legal regulations

VII. Purpose of Personal Data Processing

• purposes contained in the consent of the data subject
• negotiations on contractual relations
• contract fulfilment
• protection of rights of the Administrator, recipient or other persons concerned (e.g. Administrator’s debts recovery)
• archiving kept on the basis of law
• selection proceedings for free job positions
• fulfilment of statutory obligations from the Administrator’s side
• protection of crucial interests of the data subject

When ordering at the e-shop, the personal information required for successful order execution (name, surname, address, telephone, e-mail) is required. The purpose of personal data processing is to execute the data subject's order and to exercise the rights and obligations arising from the contractual relationship between the data subject (customer) and the Administrator. The purpose of personal information processing is to send business communication and do other marketing activities. The legal reason for the processing of personal data is the fulfilment of the contract pursuant to Article 6 (1) b) GDPR, fulfilment of the statutory obligation of the Administrator pursuant to Article 6 (1) (c) GDPR and the legitimate interest of the Administrator under Article 6 (1) f) GDPR. The legitimate interest of the Administrator is the processing of personal data for the purposes of direct marketing.

VIII. Way of Personal Data Processing and Protection

Processing of personal data is done by the Administrator. The processing is carried out at its/his premises and the headquarters of the Administrator by the individual authorized employees of the Administrator, respectively by the Processor. The processing takes place via computer technology, and possibly also manually in case of personal data in paper form, while meeting all and any security policies for administration and processing of personal data.

To that end, the Administrator has taken appropriate technical and organizational measures (in accordance with Article 25 GDPR) to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, their alteration, destruction or loss, unauthorized transmissions, their unauthorized processing, as well as any other misuse of personal data. All entities to which personal data may be made available respect the privacy protection rights of data subjects and they are required to comply with applicable laws related to personal data protection.

The Provider does not automatically make individual decision-making (including profiling) within the meaning of GDPR No. 22.

IX. Time of Personal Data Processing

In accordance with the deadlines specified in relevant contracts, the Administrator's record and documents destruction rules, or relevant legislation, it is the time necessary to ensure the rights and obligations emerging from both the obligation relationship and the applicable legal regulations.

X. Advice

The Administrator processes the data with the consent of the data subject, except in cases where the processing of personal data does not require the consent of the data subject.

In accordance with Article 6 (1) of the GDPR, the Administrator may, without the consent of the data subject, process the following data:

1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
2. processing is necessary for the performance of the contract to which the data subject is a party, or for the implementation of measures taken before the conclusion of the contract at the request of that data subject;
3. processing is necessary to meet the legal obligation, which applies to the Administrator;
4. processing is necessary to protect the crucial interests of the data subject or other natural person;
5. processing is necessary for fulfilment of a task carried out in the public interest or in the exercise of public authority entrusted to the Administrator;
6. processing is necessary for purposes of legitimate interests of the relevant Administrator or a third party, except where the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, are preferred to those interests, in particular in cases where the data subject is a child.

Rights of Data Subjects

In accordance with Article 12 of the GDPR, the Administrator shall, at the request of the data subject, inform the data subject of the right of access to personal data and the following information:

1. the purpose of processing,
2. the category of personal data concerned,
3. the recipient or categories of recipients to whom personal data has been or will be made available,
4. the planned time for which personal data will be stored,
5. any available information about the personal data source,
6. if it is not obtained from the data subject, then the fact whether automated decision making, including profiling, occurs.

The data subject has also the right to request from the Administrator:

1. access to its personal data under Article 15 of the GDPR,
2. correction of personal data pursuant to Article 16 GDPR,
3. right of cancellation, right to be forgotten under Article 17 of the GDPR,
4. right to limit processing under Article 18 of the GDPR,
5. right to transferability of data under Article 20 of the GDPR,
6. right to object to processing under Article 21 GDPR,
7. right not to be the subject of any decision based exclusively on automated processing including profiling under Article 22 GDPR.

Any data subject who discovers or considers that the Administrator or processor processes his or her personal data in a way that is contrary to the protection of private and personal life of the data subject, or in violation of law, in particular if personal data are inaccurate with regard to the purpose of processing, may:

1. Ask the Administrator for an explanation.
2. Require the Administrator to eliminate such conditions. In particular, it may concern blocking, repairing, adding or deleting personal data.
3. If the data subject's request under paragraph 1 is found to be justified, the Administrator shall immediately remove the faulty conditions.
4. If the Administrator fails to comply with the request of the data subject pursuant to paragraph 1, the data subject has the right to contact the supervisory authority, i.e. the Personal Data Protection Authority.
5. The procedure in paragraph 1 does not exclude the data subject from contacting the supervising authority directly.
6. The Administrator shall have the right to require adequate remuneration for the provision of the information, the remuneration must not exceed the costs necessary for the information provision.

XII. Change of Rules on Personal Data Protection

In case of any changes in rules on personal data protection we will communicate such changes at our web sites. That is why we recommend you to regularly check the web sites.

XIII. Contact Us

Should you have any questions or requests regarding the rules on personal data protection do not hesitate to contact us at:

HITEX s.r.o.
Městečko Trnávka 265
569 41 Městečko Trnávka
E-mail: blazek@hitex.cz

You can use the contact data even in case of being interested in displaying, correcting, blocking or deletion of information gathered about you through the web sites.