1. Introductory Provisions

1.1 This Privacy Policy describes how personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

1.2 Data Controller Identification

Sole Proprietor: Komal Arvindbhai Gohil
Business ID (IČO): 23960876

Registered Address:
Pujmanové 1583/52
140 00 Prague 4 – Nusle
Czech Republic

Email: info@iwera.eu
Phone: +420 770 420 277

2. Scope of Processed Personal Data

2.1 The controller processes in particular the following personal data:

• First and last name
• Billing and delivery address
• E-mail address
• Telephone number
• Order and payment information
• IP address

3. Purpose and Legal Basis of Processing

3.1 Personal data is processed for the purpose of performing a purchase contract.

3.2 The legal basis for processing is Article 6(1)(b) GDPR.

3.3 Personal data may also be processed for the purpose of fulfilling legal obligations (Article 6(1)(c) GDPR).

3.4 Based on legitimate interest, personal data may be processed for the protection of legal claims.

3.5 Personal data may also be processed through cookies in accordance with the Cookie Policy available on the website.

4. Data Retention Period

4.1 Personal data is stored for the period necessary to perform the purchase contract and process the order.

4.2 After completion of the contract, personal data may be stored for the period required by applicable legal regulations, in particular accounting and tax regulations, which may require retention for up to 10 years.

5. Recipients of Personal Data

5.1 Personal data may be disclosed to:

• Payment service providers
• Shipping and delivery companies
• Accounting and tax advisors
• IT service providers

5.2 Personal data is not transferred to third countries outside the European Union.

6. Rights of Data Subjects

6.1 The data subject has the right to access personal data.

6.2 The data subject has the right to rectification of inaccurate personal data or to erasure (“right to be forgotten”), or to restriction of processing.

6.3 The data subject has the right to object to the processing of personal data.

6.4 The data subject has the right to data portability.

6.5 Where processing is based on consent, the data subject has the right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

6.6 The data subject has the right to lodge a complaint with a supervisory authority.

6.7 Providing personal data is a requirement for concluding and performing the purchase contract. Without providing personal data, it is not possible to conclude the contract or process the order.

6.8 The controller does not carry out automated individual decision-making or profiling within the meaning of Article 22 GDPR.

7. Supervisory Authority

7.1 The supervisory authority is:

Office for Personal Data Protection (ÚOOÚ)

Pplk. Sochora 27, 170 00 Prague 7, Czech Republic

Website: https://www.uoou.cz

8. Data Security

The controller has implemented appropriate technical and organisational measures to protect personal data against unauthorized access, alteration, disclosure, loss, destruction, or misuse.