GDPR — Protection of personal data

1. Basic provisions

I. The controller of personal data pursuant to Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: “GDPR”) is JIZERSKÉ HORY - Turistický region Jizerské hory Liberecko, Jablonecko, Frýdlantsko a Tanvaldsko, z. s., ID: 75057760, with its registered office at Nitranská 410/10, 460 07 Liberec III - Jeřáb (hereinafter referred to as the “Administrator”).

II. The contact details of the administrator are:

  • address: Nitranská 410/10, 460 07 Liberec III - Jeřáb
  • E-mail: obchod@jizerky.cz
  • Phone: +420 606 077 440

III. Personal data within the meaning of the GDPR means all information about an identified or identifiable natural person.

2. Sources and purpose of processing personal data

The Controller processes personal data that you have provided to him/her or personal data obtained as a result of fulfilling your order.

The controller processes personal data on the basis of a lawful reason or legitimate interest, the purpose of which is the performance of the contract.

  • The legal ground is the performance of a contract between you and the controller pursuant to Art. 6 (1) (b) GDPR.
  • The purpose of processing personal data is the processing of your order and the exercise of the rights and obligations arising from the contractual relationship. The provision of personal data is a necessary requirement for the conclusion and performance of the contract.

3. Data Retention Period

I. The controller retains personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship and to assert claims arising from such relations.
II. After this period, the controller will delete the personal data.

4. Recipients of personal data (sub-contractors of the controller)

I. The recipients of personal data are persons:

  • parcel delivery service, accounting (invoice processing),
  • entities involved in the supply of goods/services/implementation of payments,
  • e-shop and web service providers,
  • marketing service providers.

II. The controller does not intend to transfer personal data to a third country or international organization.

5. Your rights

I. Under the conditions set out in the GDPR, you have the right to:

  • access to your personal data in accordance with Art. 15 GDPR,
  • rectification of personal data in accordance with Art. 16 GDPR, or restriction of processing pursuant to Art. 18 GDPR,
  • erasure of personal data pursuant to Art. 17 GDPR,
  • object to processing in accordance with Art. 21 GDPR,
  • data portability pursuant to Art. 20 GDPR,
  • withdraw consent to the processing in writing or electronically to the administrator's address or email.

II. You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to the protection of personal data has been violated.

6. Terms of security of personal data

I. The Controller has taken all appropriate technical and organizational measures to secure personal data.
II. Technical measures have been taken to secure data repositories and documentary documents.
III. Only authorized persons have access to personal data.

7. Final provisions

I. By submitting your order, you confirm that you are familiar with the terms and conditions of personal data protection and that you accept them in their entirety.
II. You confirm your consent by ticking the consent form on the Internet form.
III. The Administrator has the right to change these terms and conditions. It will publish the new version on the website and at the same time send it to your e-mail address.

These terms and conditions shall take effect on 1 August 2025.

to the eshop