GDPR – Principles of Personal Data Processing

Privacy Policy

I. Basic Provisions

  1. The data controller within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”) is W4TCH Alfa s.r.o., Company ID No.: 08744289, with its registered office at Wenzigova 1858/13, Nové Město, 120 00 Prague 2 (hereinafter “Controller”).

  2. The Controller's contact details are:
    Address: Wenzigova 1858/13, Nové Město, 120 00 Prague 2
    Email: info@prague-watch-accessories.com

  3. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

  4. The Controller has/has not appointed a Data Protection Officer. Contact details of the Data Protection Officer (if applicable) are: …

II. Sources and Categories of Processed Personal Data

  1. The Controller processes personal data that you have provided or that the Controller has obtained based on fulfilling your order.

  2. The Controller processes your identification and contact details and data necessary for performance of the contract.

III. Legal Basis and Purpose of Personal Data Processing

  1. The legal basis for processing personal data is:
    • performance of the contract between you and the Controller pursuant to Article 6(1)(b) of the GDPR,
    • the legitimate interest of the Controller in direct marketing (especially for sending commercial messages and newsletters) under Article 6(1)(f) of the GDPR,
    • your consent to processing for the purposes of direct marketing (especially for sending commercial messages and newsletters) under Article 6(1)(a) of the GDPR in conjunction with § 7(2) of Act No. 480/2004 Coll., on certain information society services, if no goods or services have been ordered.

  2. The purpose of processing personal data is:
    • to process your order and to exercise the rights and obligations arising from the contractual relationship between you and the Controller; the provision of personal data is a necessary requirement for the conclusion and performance of the contract – without the provision of personal data, it is not possible to conclude or fulfil the contract,
    • to send commercial communications and carry out other marketing activities.
    The Controller does not engage in automated individual decision-making within the meaning of Article 22 of the GDPR. You have given your express consent to such processing.

IV. Data Retention Period
The Controller retains personal data:
• for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the Controller and to assert claims from these contractual relationships (for a period of 15 years after the end of the contractual relationship),
• until the consent to the processing of personal data for marketing purposes is withdrawn, for a maximum of 15 years if the data is processed based on consent.
After the expiration of the retention period, the Controller will delete the personal data.

V. Recipients of Personal Data (Controller’s Subcontractors)
Recipients of personal data are entities:
• involved in the delivery of goods/services/processing of payments under the contract,
• providing services related to the operation of the online store (Shoptet) and other related services,
• providing marketing services.
The Controller does not/does intend to transfer personal data to a third country (outside the EU) or an international organization. Recipients of personal data in third countries include providers of mailing services/cloud services.

VI. Your Rights
Under the conditions set out in the GDPR, you have:
• the right to access your personal data under Article 15 of the GDPR,
• the right to rectification of personal data under Article 16 of the GDPR or restriction of processing under Article 18 of the GDPR,
• the right to erasure of personal data under Article 17 of the GDPR,
• the right to object to processing under Article 21 of the GDPR,
• the right to data portability under Article 20 of the GDPR,
• the right to withdraw consent to processing in writing or electronically to the address or email of the Controller as specified in Article III of this Policy,
• the right to lodge a complaint with the Data Protection Authority if you believe that your data protection rights have been violated.

VII. Personal Data Security Measures

  1. The Controller declares that it has taken all appropriate technical and organizational measures to secure personal data.

  2. The Controller has taken technical measures to secure data storage and personal data repositories in paper form, in particular …

  3. The Controller declares that only authorized persons have access to personal data.

VIII. Final Provisions

  1. By submitting an order through the online order form, you confirm that you are familiar with the privacy policy and that you accept it in its entirety.

  2. You consent to this policy by ticking the appropriate box in the online form. By ticking the box, you confirm that you are familiar with the privacy policy and that you accept it in its entirety.

  3. The Controller reserves the right to amend this policy. The new version of the privacy policy will be published on the Controller’s website and sent to your email address provided to the Controller.

This policy takes effect on May 30, 2025.