I. Protection of personal data

1.1. By entering personal data, the user confirms that he / she understands the terms of the protection of personal data, that he / she agrees with their wording and that he / she accepts it in its entirety.

1.2. The provider is the controller of users’ personal data pursuant to Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC Data Protection Regulation) (hereinafter referred to as “GDPR”). The Provider undertakes to process personal data in accordance with legal regulations, especially GDPR.

1.3. Personal data are all information about an identified or identifiable natural person; an identifiable natural person is a natural person that can be identified, directly or indirectly, in particular by reference to a particular identifier, such as name, identification number, location information, network identifier or one or more specific physical, physiological, genetic, psychological, economic, cultural or the social identity of this natural person.

1.4 When ordering, personal information required for successful order processing (name and address, contact) is required. The purpose of processing personal data is to execute the user’s order and to exercise the rights and obligations arising from the contractual relationship between the Provider and the User. The purpose of the processing of personal data is also to send business messages and to do other marketing activities. The legal reason for the processing of personal data is the fulfillment of the contract pursuant to Art. b) GDPR, fulfillment of the legal obligation of the trustee pursuant to Article 6 (1) (b). c) GDPR and the legitimate interest of the Provider according to Art. (f) GDPR. The Provider’s legitimate interest is to process personal data for direct marketing purposes.

1.5 The provider uses the services of subcontractors to fulfill the license agreement, especially the provider of mailing services (personal data are stored in third countries) and the web hosting provider. Subcontractors are verified for the safe processing of personal data. The provider and the subcontractor of the web host have concluded a contract on processing of personal data under which the subcontractor is responsible for properly securing the physical, hardware and software perimeter and thus bears direct responsibility to the user for any leakage or breach of personal data.

1.6 The Provider shall store the User’s personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between the Provider and the User and to assert claims arising from these contractual relations (for a period of 30 days from the termination of the contractual relationship). After this time, the data will be deleted.

1.7 The User has the right to request from the Provider access to his / her personal data according to Article 15 GDPR, correction of personal data according to Article 16 GDPR, or restriction of processing according to Article 18 GDPR. The user has the right to delete personal data according to Art. and (c) to (f) of the GDPR. Furthermore, the user has the right to object to processing under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR.

1.8 The user has the right to file a complaint with the Office for Personal Data Protection if he / she believes that his / her right to personal data protection has been violated.

1.9 The user is not obliged to provide personal data. However, the provision of personal data is a necessary requirement for the conclusion and performance of the contract and without the provision of personal data it is not possible to conclude the contract or fulfill it by the provider.

1.10 The Provider does not make automatic individual decisions within the meaning of No. 22 GDPR.

1.11 Interested in using the Provider’s services by filling in the contact form:
1. agree to use their personal data for the purpose of sending commercial messages, advertising materials, direct sales, market research and direct product offers by the Provider and third parties, but not more than once a week, and at the same time
2. declares that it does not consider the sending of information pursuant to point 1.11.1 to be unsolicited advertising within the meaning of Act no. No. 40/1995 Coll. as amended, because the user is sent information pursuant to point 1.11.1 in conjunction with § 7 of Act no. No. 480/2004 Coll. explicitly agrees.
3. The user may revoke his consent under this paragraph at any time in writing to info@goodtea.eu.

1.12 In order to improve the quality of services, personalize the offer, collect anonymous data and for analytical purposes, the Provider uses so-called cookies in its presentation. By using the Website, the User agrees to the use of the technology.


II. Rights and Obligations Between Administrator and Processor (Processing Contract)

2.1 The Provider is a processor according to Article 28 of the GDPR in relation to the personal data of users of users. The user is the administrator of this data.

2.2 These Terms and Conditions govern mutual rights and obligations in the processing of personal data to which the Provider has accessed under the license agreement concluded in the form of agreeing to the General Terms and Conditions at www.goodtea.eu (hereinafter referred to as the “license agreement”) concluded with setting up a user account.

2.3. The Provider undertakes to process personal data for the User to the extent and for the purposes set forth in Articles 2.4 – 2.7 hereof. Processing resources will be automated. The Provider will collect, store, store, block and dispose of personal data in the course of processing. The Provider is not entitled to process personal data in contradiction to or beyond the limits set by these conditions.

2.4 The Provider undertakes to process personal data in the following extent: ordinary personal information, a special category of data pursuant to Article 9 of the GDPR which the User has acquired in connection with its own business.

2.5. The Provider undertakes to process personal data for the user in order to process requests and requests of clients obtained from the contact form.

2.6. Personal data may only be processed at the workplaces of the Provider or its subcontractors pursuant to Article 2.8 hereof, in the territory of the European Union.

2.7. The Provider undertakes to process for the User the personal data of the users of the User, all for the time necessary to exercise the rights and obligations arising from the contractual relationship between the Provider and the User and from the assertion of claims arising from these contractual relations (for 30 days from termination).

2.8 The user grants permission to involve a subcontractor as a further processor under Article 28 (2) of the GDPR, which is the application hosting provider. The User further grants the Provider a general authorization to involve another processor of personal data in the processing, but the Provider must inform the User in writing of any intended changes to the acceptance or replacement of the other processors and give the User the opportunity to object to these changes. The provider must impose the same data protection obligations on its subcontractors as set out in these conditions.

2.9. The Provider undertakes that the processing of personal data will be ensured in particular as follows:
1. Personal data is processed in accordance with legal regulations and based on the User’s instructions, ie for performing all activities necessary for providing the web platform.
2. The Provider undertakes to provide technical and organizational protection for the processed personal data in such a way that unauthorized or accidental access to, alteration, destruction or loss of data, unauthorized transmission, other unauthorized processing as well as other misuse is prevented and all personal and organizational obligations of the processor of personal data ensuing from legal regulations are ensured continually in terms of personnel and organization.
3. The technical and organizational measures taken are commensurate with the level of risk. Through them, the Provider ensures the continued confidentiality, integrity, availability and resilience of processing systems and services, and restores the availability and access to personal data in a timely manner in the event of physical or technical incidents.
4. The Provider hereby declares that the protection of personal data is subject to the Provider’s internal security regulations.
5. Personal data will be accessible only to authorized persons of the Provider and subcontractors pursuant to Article 2.8 hereof, which will have the Provider set the conditions and scope of data processing and each such person will access personal data under their unique identifier.
6. Authorized persons of the Provider processing personal data according to these conditions are obliged to keep confidential about personal data and about security measures, the disclosure of which would compromise their security. The Provider shall ensure their demonstrable commitment to this obligation. The Provider shall ensure that this obligation for the Provider and the Authorized Person shall continue even after the termination of employment or other relationship with the Provider.
7. The Provider shall assist the User through appropriate technical and organizational measures, as far as possible to meet the User’s obligation to respond to requests for exercise of data subject rights set out in the GDPR; as well as ensuring compliance with the obligations under Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to the Provider.
8. Upon termination of the performance of the processing, pursuant to Article 2.7 hereof, the Provider is obliged to delete all personal data or return it to the User, unless he is obliged to store personal data on the basis of a special law.
9. The Provider shall provide the User with all information necessary to demonstrate that the obligations under this Agreement and the GDPR have been fulfilled, shall enable audits, including inspections, performed by the User or any other auditor authorized by the User.

2.10 The User undertakes to promptly report all facts known to him which could adversely affect the proper and timely fulfillment of obligations arising from these Terms and Conditions and to provide the Provider with the cooperation necessary for the fulfillment of these Terms and Conditions.

III. Final Provisions

3.1 These Terms and Conditions shall expire upon expiry of the period referred to in Articles 1.6 and 2.7 hereof.
3.2 The user agrees to these terms by ticking the consent via the online form. By checking the consent, the user expresses that he / she has read these terms, agrees with them and accepts them in full.
3.3 The Provider is entitled to change these conditions. The Provider is obliged without undue delay to publish a new version of the Terms and Conditions on its website. send the new version to the user’s email address.
3.4. Contact details of the Provider regarding the following conditions: +420 775 277 261, info@goodtea.eu.
3.5 Relations not expressly regulated by these terms and conditions are governed by GDPR and the legal order of the Czech Republic, in particular Act No. 89/2012 Coll., The Civil Code, as amended.

These conditions come into effect on 01.06.2020.