Privacy protection

TONAK a.s., with its registered office at Zborovská 823/65, 741 01 Nový Jičín, has Personal Data Processing Policy in place, the aim of which is to provide information about what personal data is processed on natural persons in providing services and selling goods to our company, for what purposes and for how long our company processes the personal data in accordance with the applicable legal regulations, to whom and for what reason it may be transferred, as well as to inform what rights the natural persons have in relation to processing of their personal data. The Policy is effective from 25 May 2018, and has been issued in accordance with the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”).

Personal data processed to perform an order

We process your personal data when recording your orders consisting of e-mail address, full name, telephone number, correspondence address and information about the price. The said data is necessary for dealing with the order, i.e. for performance of the contract. The order is archived along with the invoice. Under the statutory obligation to archive documentation for possible financial inspections, orders are archived for 10 years. Our customer database is kept encrypted on an Amazon cloud storage facility that declares their processes to be in accordance with GDPR safety directives. Your personal data is exclusively processed for the internal needs of TONAK a.s. solely for the aforementioned purposes.

In the registry of registered users who have already placed an order or have registered with us, we process personal data to the extent that you provide it to us upon registering or editing your profile. It is in our legitimate interest to maintain a database of users for possible complaints procedure. Saving the personal data from your order will allow us to facilitate your next purchase, and to pre-fill your data in the electronic shopping cart. We process the personal data to facilitate the purchase on the basis of a legal title of legitimate interest.'

Your personal data is also processed for the purpose of securing transport in order to perform the contract. We transfer the data to the following carriers:

• Česká pošta s.p., with its registered office in Prague 1, Politických vězňů 909/4

• PPL CZ s.r.o., with its registered office at K Borovému 99, 251 01 Říčany – Jažlovice.

We do not transfer the personal data from the order to any third party for the purpose of further processing, and TONAK a.s. does not make use of services of a so-called officer either.'

Personal data processed for marketing purposes

For marketing purposes, your personal data is processed, filled in as part of your order, voluntary registration or when subscribing to the newsletter that we use to send business messages. For both ordering and subscription purposes, we need your explicit consent, and therefore we have Double Opt-In technology implemented, i.e. double verification of your actual interest. For distributing newsletters, we also use third-party software such as MailChimp, which declares fulfilment of GDPR conditions. You can unsubscribe from the commercial messages at any time. After you completely unsubscribe from the newsletter, we will no longer use your personal data to send you commercial messages, and your personal data shall be immediately deleted from our records.'

For re-marketing purposes, cookie files information is stored for 30 days at maximum; a cookie is a short text file that the server places in your web browser upon loading a website. Cookies make records of user behaviour information (i.e. the pages the user has visited) and send them back to the respective server. Cookies allow us to customise the content of our website, e-shop, and marketing communications according to your needs as well as our needs. Cookies are not directly linked to your name or e-mail address, and thus they do not reveal any personal data, which therefore remains completely anonymous. Information about retention of cookie files information is not officially provided as this data is used based on the legal title of legitimate interest.

The data obtained with your consent and based on the title of a legitimate interest may be further transferred to the following third parties, if necessary for marketing purposes: Marketing agency Tell me your story s.r.o., Tržiště 372/1, 118 00 Prague 1 – Malá Strana, and self-employed marketing consultant Martin Klega, or Facebook.

Personal data processed for evaluation of a contest

By your participation in contests organised by TONAK a.s. on social networks, you give your consent to process your personal data such as name, surname, and photograph in order to evaluate the contest results. This data is not further processed by TONAK a.s. or transferred to any third parties. Photographs are not stored by our company or used for further promotion without the written consent of the photograph owner, and may be published on social media sites of TONAK a.s., however no later than 5 years after the end of the contest.

In the case of a win, the winner is contacted through the published post or by a personal message, and is asked to send the their address solely for the purpose of sending the prize. If necessary, the winner’s address is handed over to a shipping company (Česká pošta s.p., with its registered office in Prague 1, Politických vězňů 909/4, PPL CZ s.r.o., with its registered office at K Borovému 99, 251 01 Říčany – Jažlovice) and shall not be processed or archived on our side in any manner whatsoever.

Rights and obligations resulting from GDPR

TONAK a.s. is obliged to provide you upon request with all personal data concerning your person processed by it. The maximum period for providing the required information is 30 days.

Furthermore, TONAK a.s. is obliged to delete the personal data required for execution of orders in the case that the statutory periods have expired (accounting, archiving, etc.)

The entity that provided its personal data to TONAK a.s. has the following rights:

• Right to object to personal data processing

Even if your personal data is processed based on legitimate interest, you have the right to file objections against the respective processing. If you file such objection through our official e-mail, it shall be assessed in compliance with the law and legitimacy.

• Right to restriction of work with personal data

You have the right to require us to restrict any processing of your personal data if you inform us that the personal data we collected is inaccurate, until the data correctness is verified.

• Right to be forgotten (right to deletion of personal data)

You have the right to file an objection if you find out that we process your personal data without authorisation and for other purposes than we collected the data for. You may report such situation to e-mail address

The statutory body of TONAK a.s. is responsible for specification of security measures corresponding to classification of the personal data, and may delegate its powers to Office for Personal Data Protection. The security measures are defined based on analysis of the personal data risks, proposal of which is prepared by OPDP along with the head of the IT Department (safety of personal data in electronic form) and heads of the individual departments for their sections (safety of personal data in written form).

All communications through the application is safe for the user for reason of encrypting by SSL certificate.

To identify the information security risk you may send e-mail or mail to TONAK a.s., with its registered office Zborovská 823/65, 741 01 Nový Jičín.