- Identity and contact data of the operator
All personal data processing activities performed through the website stealthpadlock.com (the „Website”) are performed by the company UrbanAlps s.r.o, with its registered office at Jáchymova 26/2, Prague, 110 00, Czech Republic, IČO 04868161, VAT no. CZ04868161, EORI no. CZ04868161, as the seller (the “Operator”).
Contact data for any personal data protection related requirement
Any complaints or requests related to the protection of personal data can be sent to the e-mail address [•] or through mail at the address [Jáchymova 26/2, Prague, 110 00, Czech Republic] in the attention of the data protection representative.
The purpose of data processing
The information that the Operator collects with respect to the Website’s users mainly consist of:
the identification details and contact data of actual and potential clients (including name, address, e-mail address, telephone number, etc.);
payment data, including those of debit cards (if applicable – includes credit card no. expiration date, CVV, PayPal ID where applicable);
information on any purchased products and unsubmitted orders, usage of the Website and Website browsing habits;
information on any product requests and/or warranty claims (including name, address, e-mail address, telephone number, query text etc.);
information on any other submitted claims, requests or questions (including name, address, e-mail address, telephone number, query text etc.).
The purposes for which personal data is collected include:
the remote conclusion of a contract (letters b) and c) above);
the delivery of products (letter b) above);
answering any support, return or warranty request (letters b), c), e) and f) above);
direct marketing (letter b) above);
statistics related to the user activity performed within the Website (letters a) and d) above);
accounting and reporting (letters b), c) d), and e) above).
The Operator processes personal data based on the following legal grounds:
the execution or conclusion of the contract with potential clients – letters (i), (ii) and (iii) above;
the legitimate commercial interests of the Operator, for example, preventing frauds, direct marketing and improving services and products; the Operator shall evaluate its commercial interests depending on the case, in order to ensure that they do not prevail over the rights of the data subject – letters (iv) and (v) above;
compliance with an imperative legal requirement, including, for example, accounting and legal requirements, which are subject to a strict internal policy (such as retention periods) – letter (vi) above;
the consent that data subjects give when the Operator does not rely on any other legal ground; the consent can be withdrawn at any moment.
Personal data recipients or recipient categories
The Operator may transfer the personal data belonging to data subjects towards partners and collaborators only for performing its commercial activity. Third parties and processors that can receive personal data include:
the manufacturers, importers and suppliers of the products and services distributed by the Operator;
payment operators (e.g. PayPal);
accounting firms, legal services suppliers;
e-mail marketing agencies and mass e-mail services (e.g. MailChimp);
website traffic monitoring services (e.g. [Google Analytics]);
The Operator will make sure that it concludes contracts with third parties that ensure an appropriate level of personal data protection.
The Operator shall may transfer the personal data to other EU member states or EEA states. If the Operator undertakes a reorganisation or sale procedure, it shall notify the data belonging to the data subject to that organisation.
The personal data storage period
The Operator shall store the information belonging to data subjects for as long as required by the applicable legal provisions. If there is no applicable regulation, or if the mandatory legal term has passed, the Operator shall store the data only for as long as necessary, depending on the purpose they were collected for.
Except when the law provides otherwise, data shall usually be processed until the delivery of the product, plus the applicable warranty period. The data collected for direct marketing purposes shall be processed until the exercise of the withdrawal right.
The rights of the data subject
The data subject shall have the right to request the Operator, in relation to the personal data regarding the data subject, to grant the data subject access to them, to rectify or delete them, or to restrict their processing, or the right to oppose the processing, in compliance with the applicable regulations. The Operator shall ensure the right to data portability.
When the processing is based on the consent of the data subject, the data subject shall have the right of withdrawing their consent at any moment, without affecting the legality of the processing performed based on the consent given before the respective withdrawal.
The data subject has the right of filling a complaint at the competent National Supervisory Authority for Personal Data Processing or at any other competent authority, in case the data subject considers that the data subject’s data processing related rights have been breached.
Mandatory supply of personal data
The supply of certain personal identification data, such as name, e-mail address, physical address and telephone number, as well as the data corresponding to payment instruments or requested by payment processors are essential for concluding a remote contract and for the delivery of products.
Modifications of the document
The present information on personal data processing is periodically updated; every time the Operator makes a change it shall be updated on the Website.
Date of the last updated: May 2018