CONDITIONS OF PERSONAL DATA PROTECTION

I. BASIC PROVISIONS

1. The personal data controller referred to in Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and Council on the Protection of Individuals with regard to the Processing of Personal
Data, and on the free movement of such data (hereinafter "GDPR") is LIFT OFF EUROPE s.r.o. ID 03436497 with its registered office at Zelenky-Hajského 1826/1, 130 00 Praha (hereinafter referred to as the "Administrator").

2. The contact details of the Administrator are Filip Nguyen
Address: Zelenky-Hajského 1826/1, 130 00 Praha
Email: filip@carrynaut.com
Phone: +420 608 769 244

3. Personal information is understood as any information about an identified or identifiable natural person; an identifiable natural person is a natural person that can be identified directly or indirectly, in particular by reference to a specific identifier such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, psychological, economic, cultural or social identity of this individual.

4. The Administrator did not appoint a Data Protection Officer.

II. RESOURCES AND CATEGORIES OF PROCESSED PERSONAL

DATA

1. The Administrator handles the personal data you have provided or the personal data that the Administrator has received on the basis of your order.

2. The Administrator handles your identification and contact information, and the data necessary for the execution of the contract.

III. LEGAL REASON AND PURPOSE OF PERSONAL DATA

PROCESSING

1. The legal reason for the processing of personal data is

• the execution of the contract between you and the trustee under Article 6 (1) b) GDPR,

• the legitimate interest of the controller in providing direct marketing (in particular sending business messages and newsletters) under Article 6 (1) f) GDPR,

• your consent to data processing for the purpose of providing direct marketing (in particular sending business messages and newsletters) under Article 6 (1) a) GDPR in conjunction with Section 7 (2) of Act No. 480/2004 Coll., on certain services of the Information Society in the event of non-order of goods or services.

2. The purpose of the processing of personal data is

• the execution of your order and the exercise of rights and obligations arising from the contractual relationship between you and the trustee; the provision of personal data (name, address, contact) is a necessary requirement for the successful execution and conclusion of the contract; without the provision of personal data, it is not possible to conclude the contract or to fulfill it by the Administrator,

• sending business messages and performing other marketing activities.

3. There is no automatic, individual decision-making in context of Article 22 of the GDPR. Explicit consent is given to such processing of personal data.

IV. DATA RETENTION PERIOD

1. The Administrator keeps personal data

• for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the trustee and the enforcement of the claims under these contractual relationships (for 15 years from the termination of the contractual relationship).

• until consent to the processing of personal data for marketing purposes is withdrawn, up to 15 years if personal data is processed on the basis of consent.

2. At the end of the retention period, the Administrator deletes the personal information records.

V. RECIPIENTS OF PERSONAL DATA (SUB-CONTRACTORS OF THE ADMINISTRATOR)

1. The recipients of personal data are persons

• contributing to the delivery of goods / services / mediating payments on the basis of a contract,

• providing e-shop services and other services related to the operation of an e-shop,

• providing marketing services.

2. The Administrator does not intend to pass personal data to a third country (to a non-EU country) or an international organization.

3. Provided services, providing marketing and support services

• Google analytics - records cookies and web usage

• Google Adwords - records cookies and web usage

• Google Purchases – mediates review request, records email if you agree in the order process

VI. YOUR RIGHTS

1. Under the terms of the GDPR you have

• the right of access to your personal data under Article 15 of the GDPR,

• the right to correct personal data under Article 16 of the GDPR, or the restriction of processing under Article 18 GDPR,

• the right to delete personal data under Article 17 of the GDPR,

• the right to object to processing under Article 21 GDPR,

• the right to data portability under Article 20 GDPR,

• the right to withdraw consent to processing in writing or electronically to the physical or email address of the Administrator referred in Article 1 of these terms. You can revoke your consent at any time in your own customer account.

2. You also have the right to file a complaint with the Personal Data Protection Office, should you believe your rights to privacy have been violated.

VII. CONDITIONS OF PERSONAL DATA SECURITY

1. The Administrator declares that they have taken all appropriate technical and organizational measures to safeguard all personal data.

2. The Administrator has taken technical measures to secure electronic data storage and personal data repositories, especially secure /encrypted web access, password encryption of customers in the database, regular system updates, regular system backups.

3. The Administrator declares that personal data can only be accessed by authorized persons.

VIII. FINAL PROVISIONS

1. By placing an order through the online order form, you acknowledge that you understand the privacy policy and you accept it in its entirety.

2. You agree with these terms by marking off your consent in the online form. By marking off your consent, you acknowledge that you understand the privacy policy and you accept it in its entirety.

3. The Administrator is entitled to change these terms. A new version of the privacy policy will be published on the website, and a new version of these terms and conditions will be sent to your email address that you have provided to the Administrator.

These terms come into effect on May 25, 2018.