Privacy Policy


I.

Basic provisions

Personal information protection administrator, in accordance with Article 4, paragraph 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR"), is KIKKO CZ s.r.o., Štěpaňákova 6, Ostrava-Kunčice 719 00, Czech Republic (hereinafter referred to as the "Administrator").
The contact details of the Administrator are:

address: KIKKO CZ s.r.o., Štěpaňákova 6, Ostrava-Kunčice 719 00, Czech Republic

email: info@xkko.eu

phone: 00420 608 78 44 78, 00420 777 11 74 74


Personal information means any information about an identified or identifiable natural per-son; an identifiable natural person is a natural person that can be directly or indirectly identi-fied, in particular by reference to a particular identifier, such as name, identification number, location data, network identifier, or one or more specific elements of physical, physiological, genetic, psychological, economic, cultural or social identity of such a natural person.

The Administrator did not appoint a Data Protection Officer.
 


 
II.

Specific sources and categories of administrator's personal data processed


Based on the performance of the contract

1.

Purpose: Order execution and response to a request sent via the contact form

Details: Personal details of clients (contact details)
Source of details: Order via www.xkko.eu e-shop, e-mail communication, contact form
Recipients of personal data (processors): Corporate security of PC, GEIS, PayPal, Balikobot.cz, Comgate

2.

Purpose: Bookkeeping, payroll and negotiating contracts with external entities

Details: Personal details of employees, suppliers and purchasers (contact details, place of resi-dence, sometimes birth dates)
Source of details: Invoices and employment contracts
Recipients of personal data (processors): Corporate security of PC, External accounting com-pany, Printed contracts and invoices


Based on legitimate interest

1.

Purpose: Provision of direct marketing (especially for sending commercial messages and newsletters)
Details: Customer contact details
Source of details: Information from orders from www.xkko.eu e-shop
Recipients of personal data (processors): Corporate security of PC, Wedos


2.

Purpose: Common traffic analysis, server error detection, fraud and server attacks pre-vention
Details: Pseudoanonymized registered user identifiers, such as UserID, IP Addresses
Source of details: User's traffic on the web, registering and creating anonymized user ID, dis-playing an error page
Recipients of personal data (processors): Google Analytics, Wedos web hosting services, or other analytics services


Based on the customer's consent

1.

Purpose: Marketing and promotion of the website and the brands presented
Details: Pseudoanonymized registered user identifiers, such as UserID, IP Addresses
Source of details: Newsletter form
Recipients of personal data (processors): Corporate security of PC, Wedos




III.

Legitimate reason and purpose for personal data processing

Legitimate reason for personal data processing is
•        performance of the contract between you and the Administrator under Article 6, paragraph 1, point b) GDPR,
•        legitimate interest of the Administrator in providing direct marketing (in particular sending commercial messages and newsletters) under Article 6, paragraph 1, point f) GDPR,

    The purpose for personal data processing is
•        execution of your order and exercise of the rights and obligations arising from the contractual relationship between you and the Administrator; when ordering, personal data necessary for successful order execution (name and address, contact) are required; the provision of personal data is a necessary requirement for the conclusion and per-formance of the contract; without the provision of personal data, it is not possible to conclude the contract or to fulfil it by the Administrator,

    There is no automatic, individual decision-making process conducted by the Administrator within the meaning of Article 22 GDPR.
 
 


IV.

Data retention period

    The Administrator retains personal data
•        for a period necessary to exercise the rights and obligations arising from the contrac-tual relationship between you and the Administrator and to enforce the claims under these contractual relationships (for 15 years from the termination of the contractual re-lationship).
•        until the consent to personal data processing for marketing purposes is revoked, but at most 5 years, if the personal data is processed based on the consent.
•        At the end of the personal data retention period, the Administrator shall delete the personal data.
 


 

V.

Recipients of personal data (Administrator's subcontractors) - for detailed information see Section II.

    Recipients of personal data are persons
•        involved in the delivery of goods / services / making payments under the contract
•        providing e-shop services and other services related to the operation of the e-shop, email and accounting.
•        providing marketing services.
•        The Administrator does not intend to pass the personal data to a third country (to a non-EU country) or to an international organization.
 
 

 



VI.

Your rights

   Under the terms of the GDPR you have
•        the right to access your personal data under Article 15 GDPR,
•        the right to the correct the personal data under Article 16 GDPR, or to restrict the processing under Article 18 GDPR. (you can do so by administering your account at www.xkko.eu or ask the Administrator to edit the data at info@xkko.eu)
•        the right to delete your personal data under Article 17 GDPR, (you can do so by administering your account at www.xkko.eu or ask the Administrator to edit the data at info@xkko.eu)
•        the right to raise an objection to processing under Article 21 GDPR, and
•        the right to data portability under Article 20 GDPR,
•        the right to withdraw the consent to processing, in writing or electronically, and this withdrawal shall be sent to the Administrator's address or email address referred to in Article III of this Privacy Policy.
•        You also have the right to file a complaint with the Personal Data Protection Office if you believe that your privacy has been violated.
 

 


VII.

Privacy Policy

    The Administrator declares that they have taken all appropriate technical and organizational measures to secure the personal data.

    The Administrator has taken technical measures to secure the data storages and personal data storages in paper form, in particular     
•            corporate PCs and laptops (password protected, PIN protected, antivirus)
•            corporate mobile phones (PIN, password, antivirus)
•            printed orders and invoices (lockable registry)

    The Administrator declares that personal data can only be accessed by persons authorized by them.
 

 



VIII.

Final provisions

    By submitting an order from the online order form, you acknowledge that you are familiar with the privacy policy and that you accept it in its entirety.

    You agree with these terms by ticking your consent via the online form. By confirming your consent, you acknowledge that you are aware of the privacy policy and that you accept it in its entirety.

    The administrator is entitled to change these terms. The administrator shall publish a new version of the privacy policy on their websites and, at the same time, shall send you a new version of these terms to your e-mail address that you provided to the Administrator.


These terms come into effect on May 25, 2018.
 

 



The access to the shop by a registered customers and the ordering options are protected by an access password known only to the registered customer. Therefore, please do not leave this password freely accessible to others, so that it could not be misused, which could lead to subse-quent misuse of your registration and your data. The operator bears no responsibility for mis-use of the access password.