PERSONAL DATA PROTECTION TERMS

• Privacy Policy

  
  

  I. Basic provisions

  The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as: “GDPR”) is ORACULUM Company sro, with its registered office at Příčná 1892/4, Nové Město, 110 00 Prague 1, identification number: 10905081, entered in the Commercial Register kept by the Regional Court in Brno, Section C, File 123550 (hereinafter referred to as: “ Controller ”).

  
  

  The contact details of the administrator are:

  phone +420 725 605 801

  email: info@oraculum.store

  address: Příčná 1892/4, New Town, 110 00 Prague 1

  
  

  Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  
  

  The administrator has not appointed a data protection officer.

  
  

  II. Data subjects, scope, duration and legal basis for processing

  1. CUSTOMERS - CONSUMERS

  The Administrator processes customers' personal data for the purpose, to the extent, on the legal grounds and for the following period:

  
  

  1. Purpose: Providing performance to customers in accordance with the purchase contract (concluding the purchase contract, delivering goods and handling complaints).

  Scope of data : Name, surname, email address, telephone number, delivery address.

  Legal reason: Necessity of processing personal data for the performance of the contract.

  Duration : For the period necessary for the performance of the contract and for the duration of the limitation periods.

  
  

  1. Purpose : Customer account management.

  Data scope : Name, surname, email address, delivery address, telephone number.

  Legal reason: Consent.

  Period : From registration until the account is deleted by the customer or until the account is deleted by the Administrator due to customer inactivity (at the earliest after 1 year from the customer's last login to the customer account).

  
  

  1. Purpose: Accounting and tax purposes and fulfillment of archiving obligations.

  Data scope : Name, surname, address.

  Legal reason: Necessity of processing to fulfill legal obligations imposed on the Administrator by law.

  Duration : For the necessary period of 10 years, unless longer periods are provided for by law.

  
  

  1. Purpose: Sending commercial communications for marketing and advertising purposes.

  Scope of data : Name, surname and email address.

  Legal reason: Consent.

  Duration : For a necessary and reasonable period of time, at the latest until the consent is revoked.

  
  

  1. Purpose: Sending unsolicited commercial communications.

  Scope of data : Name, surname and email address.

  Legal reason: Legitimate interest (direct marketing).

  Duration : For a necessary and reasonable period of time.

  
  

  1. CUSTOMERS – ENTREPRENEURIAL INDIVIDUALS (SPECIAL ENTITIES)

  
  

  The Administrator processes personal data of customers who are natural persons (SVČ) for the purpose, to the extent, for the legal reason and for the following period:

  
  

  1. Purpose: Providing performance to customers in accordance with the purchase contract (concluding the purchase contract, delivering goods and handling complaints).

  Scope of data : Name, surname, e-mail address, telephone number, delivery address, company ID, registered office.

  Legal reason: Necessity of processing personal data for the performance of the contract.

  Duration : For the period necessary for the performance of the contract and for the duration of the limitation periods.

  
  

  1. Purpose : Customer account management.

  Scope of data : Name, surname, e-mail address, delivery address, ID number, registered office, telephone number.

  Legal basis: Consent.

  Period : From registration until the account is deleted by the customer or until the account is deleted by the Administrator due to customer inactivity (at the earliest after 1 year from the customer's last login to the customer account).

  
  

  1. Purpose: Accounting and tax purposes and fulfillment of archiving obligations.

  Scope of data : Name, surname, company ID, registered office.

  Legal reason: Necessity of processing to fulfill legal obligations imposed on the Administrator by law.

  Duration : For the necessary period of 10 years, unless longer periods are provided for by law.

  
  

  1. Purpose: Sending commercial communications for marketing and advertising purposes.

  Scope of data : Name, surname and email address.

  Legal reason: Consent.

  Duration : For a necessary and reasonable period of time, at the latest until the consent is revoked.

  
  

  1. Purpose: Sending unsolicited commercial communications.

  Scope of data : Name, surname and email address.

  Legal reason: Legitimate interest (direct marketing).

  Duration : For a necessary and reasonable period of time.

  
  

  1. CONTACT PERSONS OF CUSTOMERS – LEGAL ENTITIES

  The Administrator processes personal data of contact persons of customers-legal entities (in particular members of their statutory bodies or other persons authorized to negotiate with the Administrator) for the purpose, to the extent, for a legal reason and for the following period:

  
  

  1. Purpose: Providing performance to customers in accordance with the purchase contract (concluding the purchase contract, delivering goods and handling complaints).

  Data scope : Name, surname, email address, telephone number.

  Legal reason: Necessity of processing personal data for the performance of the contract.

  Duration : For the period necessary for the performance of the contract and for the duration of the limitation periods.

  
  

  1. Purpose : Customer account management.

  Data scope : Name, surname, email address, telephone number.

  Legal reason: Consent.

  Period : From registration until the account is deleted by the customer or until the account is deleted by the Administrator due to customer inactivity (at the earliest after 1 year from the customer's last login to the customer account).

  
  

  1. Purpose: Accounting and tax purposes and fulfillment of archiving obligations.

  Data scope : Name, surname, address.

  Legal reason: Necessity of processing to fulfill legal obligations imposed on the Administrator by law.

  Duration : For the necessary period of 10 years, unless longer periods are provided for by law.

  
  

  1. Purpose: Sending commercial communications for marketing and advertising purposes.

  Scope of data : Name, surname and email address.

  Legal reason: Consent.

  Duration : For a necessary and reasonable period of time, at the latest until the consent is revoked.

  
  

  1. Purpose: Sending unsolicited commercial communications.

  Scope of data : Name, surname and email address.

  Legal reason: Legitimate interest (direct marketing).

  Duration : For a necessary and reasonable period of time.

  
  

  1. ONLINE STORE VISITORS

  The administrator processes cookies in relation to visitors to the online store.

  
  

  Cookies are text files containing a small amount of information that are downloaded to the mobile phone, computer or other device of the online store visitor when visiting the website. With each subsequent visit to the online store, the cookie files are then sent back to the original website of the online store or to another site that recognizes cookies. Simply put - the online store uses cookies to store information about its visit.

   

  The online store uses different categories of cookies for different purposes. Necessary cookies are necessary for the basic functionality of the online store. In order for the online store to perform its basic function, the Administrator cannot do without these cookies. The Administrator may process necessary cookies without the consent of the online store visitor. The Administrator may process all other cookies only with the consent of the online store visitor, which the online store visitor may revoke (reject) at any time in the cookie settings. However, revocation or failure to grant consent may affect browsing the online store.

   

  The administrator of the online store uses the Google Analytics service and possibly other services provided by Google Ireland Limited, the Facebook Pixel service provided by Met Platforms Ltd., and possibly other services specified in the cookie settings.

   

  These services work with information obtained through cookies. More information about the processing of personal data through these services can be found on the websites of their individual providers.

  
  

  1. PERSON WHOM THE ADMINISTRATOR CONTACTS

  The Administrator processes personal data of persons who contact the Administrator by e-mail or telephone for the purpose, to the extent, for the legal reason and for the following period:

  
  

  1. Purpose: Answering the inquirer's questions.

  Data scope : Name, surname, email address, telephone number.

  Legal reason: Legitimate interest in providing a response.

  Time : Necessary to answer the question.

  
  

  III. Voluntary provision of data

  The data subject provides his/her personal data to the Controller voluntarily. Failure to provide personal data may affect the Controller's ability to conclude a contract or provide the data subject with performance that is based on the necessary knowledge of information about the data subject, including personal data.

  
  

  IV. Right to withdraw consent

  If the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw his or her consent to the processing at any time by sending an electronic message to info@oraculum.store or via the link provided in the commercial communication. The withdrawal of consent does not affect the processing of personal data carried out by the Controller on the basis of another legal title, in particular for the purpose of fulfilling a purchase contract, providing a service or processing that was based on consent until the moment of its withdrawal.

  
  

  V. Personal data processors

  
  

  The processors of personal data are the following persons:

  • involved in the delivery of goods ( please specify ),
  • providing e-shop operation services (Shopify) and other services related to e-shop operation: Shopify International Limited
  • providing marketing services ( please fill in specifically )
  • cookie processing service providers (Google Ireland Limited, Meta Platforms Ltd).

  
  

  Please note, however, that due to the changing nature of the providers of certain services, it is not possible to list all current and future processors of personal data by name. The above list of processors may therefore change over time.

  
  

  The controller intends to transfer personal data to a third country (a country outside the EU) or to an international organization. The recipients of personal data in third countries are providers of mailing services and cloud services.

  
  

  VI. Rights of data subjects

  The data subject has the following rights:

  
  

  1. Right to access personal data

  The data subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, if so, the right to access those personal data and the following information:

  1. purposes of processing personal data;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed
  4. the planned period for which the personal data will be stored or, if this cannot be determined, the criteria used to determine this period;
  5. the existence of the right to request from the Administrator the correction or deletion of personal data concerning the data subject or the restriction of their processing or to object to such processing;
  6. the right to file a complaint with a supervisory authority;
  7. all available information about the source of the personal data, unless it is obtained from the data subject.

  The data subject shall also have the right to request from the Controller a copy of the personal data processed, provided that this does not adversely affect the rights and freedoms of other persons. For further copies, upon request by the data subject, the Controller may charge a reasonable fee based on administrative costs. If the data subject submits the request in electronic form, the information shall be provided in a commonly used electronic form, unless the data subject requests otherwise.

  
  

  b) Right to rectification

  The data subject shall have the right to obtain from the Controller, without undue delay, the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by providing a supplementary statement.

  
  

  c) Right to erasure (right to be forgotten)

  The data subject has the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay, and the Controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  2. the data subject withdraws the consent on the basis of which the personal data were processed and there is no other legal ground for the processing;
  3. the data subject raises legitimate objections to the processing of personal data;
  4. personal data has been processed unlawfully;
  5. personal data must be erased to comply with a legal obligation set out in European Union or Czech Republic law;
  6. the personal data were collected in connection with the offer of information society services based on the consent given by the child.

  
  

  d) Right to restriction of processing

  The data subject has the right to obtain from the Controller restriction of processing in any of the following cases:

  1. the data subject disputes the accuracy of the personal data, for a period necessary for the Controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the data subject refuses the erasure of the personal data and requests the restriction of their use instead;
  3. The controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims.

  
  

  e) Right to data portability

  The data subject has the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another Controller without hindrance from the Controller, where:

  1. the processing is based on consent to the processing of personal data or the processing of personal data for the purposes of concluding and performing a contract with the data subject; and at the same time
  2. processing is carried out automatically.

  
  

  When exercising his/her right to data portability, the data subject has the right to have the personal data transmitted by the Controller directly to another Controller, where technically feasible. The right to data portability must not adversely affect the rights and freedoms of other persons.

  
  

  f) Right to object

  The data subject has the right to object to the processing of personal data. If the data subject objects to the processing for direct marketing or profiling purposes, the personal data will no longer be processed for these purposes.

  
  

  The objection will be evaluated and the Controller will then inform the data subject whether the objection has been upheld and the Controller will no longer process the data or whether the objection was unfounded and the processing will continue. Processing will be restricted until the objection is resolved.

  
  

  g) The right not to be subject to automated decision-making, including profiling

  The data subject has the right not to be subject to any decision based solely on automated processing, including profiling (i.e. any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to the data subject), which produces legal effects concerning him or her or similarly significantly affects him or her. This right shall not apply where the automated decision is necessary for entering into, or the performance of, a contract between the data subject and the Controller or is based on the data subject's explicit consent; in such cases, however, the data subject shall have the right to human intervention in the automated decision-making process by the Controller, the right to express his or her point of view and the right to contest the automated decision.

  
  

  h) Right to lodge a complaint with a supervisory authority

  The data subject has the right to file a complaint against the processing of his or her personal data by the Controller with the supervisory authority, which for the Czech Republic is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7.

  
  

  VII. Method of processing personal data

  The controller and, where applicable, its processors process personal data manually (in electronic form) and electronically by automated means.

  
  

  VIII. Conditions for securing personal data

  The Administrator declares that it has taken all appropriate technical and organizational measures to secure personal data.

  
  

  The Administrator has taken technical measures to secure data storage and personal data storage in paper form, in particular: highly secure passwords, antivirus program, encryption using an HTTPS certificate.

  
  

  The administrator declares that only persons authorized by him have access to personal data.

  
  

  IX. Final provisions

  By submitting an order from the online order form, you confirm that you are familiar with the terms and conditions of personal data protection and that you accept them in their entirety.

  
  

  You agree to these terms and conditions by checking the consent box via the online form. By checking the consent box, you confirm that you are familiar with the terms and conditions of personal data protection and that you accept them in their entirety.

  
  

  The Administrator is entitled to change these terms and conditions. The Administrator will publish the new version of the personal data protection terms and conditions on its website and will also send you the new version of these terms and conditions to the email address you provided to the Administrator.

  
  

  These terms and conditions come into effect on 18. 2. 2025