PERSONAL DATA PROCESSING DECLARATION

Declaration on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and the instruction of data subjects (hereinafter referred to as the GDPR).

1. Personal data controller

Infinity Icon represented by Matěj Doležel, based in Chelčického 693/7, Ostrava, 702 00, Czech Republic, CI No: 06238556, enrolled in the trade register maintained by CH Prostějov (hereinafter referred to as the “controller”) hereby informs you, in accordance with Article No. 12 of the GDPR, about the processing of your personal data and your rights.

Contacts:
Matěj Doležel
email: shop@testprintplatform.com
telefon: +420 722 900 934
www.testprintplatform.com
adress: Chelčického 693/7, Ostrava, 702 00, Česká republika

2. The scope of personal data processing

Personal data are processed to the extent in which the relevant data subject has provided them to the controller in connection with entering into a contractual or other legal relationship with the controller, or which the controller has collected otherwise and processes in accordance with applicable law, or to fulfil the controller’s obligations.

3. Sources of personal data

4. Categories of personal data that are subject of processing

Address and identification data used for unambiguous and unmistakable identification of the data subject (e.g. name, surname, title, birth certificate number, date of birth, permanent address, identification number, VAT number) and data enabling contact with the data subject (contact details – e.g. contact address, phone number, email address, and other similar information)
Descriptive data (e.g. bank account details)
Other data necessary for the performance of the contract
Data provided in excess of the relevant laws and processed within the consent of the data subject (processing of photographs).

5. Categories of data subject

6. Categories of recipients of personal data

7. Purpose of personal data processing

8. Method of processing and protection of personal data

The processing of personal data is carried out by the controller. The processing is carried out in the premises and headquarters of the controller or by the processor. The processing is done with the use of computer technology, or for personal data in paper form, it is done manually, and in compliance with all security principles for the management and processing of personal data. For this purpose, the controller has adopted technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to, alteration, destruction or loss of personal data, unauthorized transfers, unauthorized processing and other misuse of personal data. All subjects to whom personal data may be disclosed respect the right of data subjects to privacy and are required to comply with applicable data protection legislation.

9. Personal data processing period

In accordance with the deadlines specified in the relevant contracts, in the filing and shredding rules of the controller or in the relevant legislation, this is the period necessary to secure the rights and obligations arising from both the contractual relationship and the relevant legislation.

10. Instructions

The controller processes the data with the consent of the data subject, except in cases stipulated by law where the processing of personal data does not require the consent of the data subject. In accordance with Article 6 (1) of the GDPR, the controller may process the following data without the consent of the subject:

The data subject has given his consent for one or more specific purposes.
Processing is necessary for the performance of a contract to which the data subject is a contracting party or for the implementation of measures taken prior to the conclusion of the contract at the request of this data subject.
Processing is necessary to fulfil the legal obligation applicable to the controller.
Processing is necessary to protect the vital interests of the subject or another natural person.
Processing is necessary for the fulfilment of a task carried out in the public interest or during the exercise of public authority entrusted to the controller.
Processing is necessary for the purposes of the legitimate interests of the relevant controller or of a third party, except where the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data take precedence over those interests.

11. Data subjects’ rights

11.1.In accordance with Article 12 of the GDPR, the controller shall, at the request of the data subject, inform the data subject of the right of access to personal data and the following information:

The purpose of processing.
The category of personal data affected.
Recipients or categories of recipients to whom personal data have been or will be disclosed.
The planned period for which personal data will be stored.
Any available information on the source of the personal data, if not obtained from the data subject, and whether automated decision making, including profiling, is taking place.
11.2. Any data subject who discovers or assumes that the controller or processor is processing his personal data in a way that is contrary to the protection of the privacy and personal life of the data subject or to the law, in particular if the personal data are inaccurate for the purpose of their processing, can:

Ask the controller for an explanation.
Require the controller to remedy this situation. In particular, this may be blocking, correcting, supplementing or deleting personal data.
If, pursuant to Section 1, the data subject’s request is found justified, the controller shall immediately remedy the defective condition.
If the controller does not comply with the data subject’s request pursuant to Section 1, the data subject shall have the right to contact the supervisory authority directly, i.e. the Office for Personal Data Protection.
The procedure referred to in Section 1 shall not preclude the data subject from contacting the supervisory authority directly.
The controller shall have the right to request reasonable compensation not exceeding the costs necessary to provide the information.
This declaration is publicly available here on the controller’s website.

These declarations take effect on January 1, 2023