Personal Data Protection

I. Personal Data Controller

1. The Controller of personal data is the company Nobacco Brands s.r.o., CRN: 09063200, based Jana Masaryka 252/6, 120 00 Praha 2 (hereinafter the Controller). All personal data processed by the Controller are strictly confidential. Personal data are processed in accordance with national and European Union regulations on personal data protection.

2. The Controller collects, stores and uses your personal data in terms of the Act no. 110/2019 Coll., on Personal Data Protection (hereinafter the Act on Personal Data Protection) or the Regulation (EU) 2016/679 of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the GDPR). The purposes of the processing of personal data are further defined in Art. II.

         Contact details of the Controller:

         Address: Jana Masaryka 252/6, 120 00 Praha 2

         Email: info@fitcann.cz

         Phone number: +420770111407

3. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

4. The Controller did not designate the data protection officer.

II. Lawfulness of Personal Data Processing

1. Personal data processing is lawful if one of the following applies:

-Processing is necessary for the purpose of the legitimate interests pursued by the Controller to provide direct marketing (especially commercial communication and newsletters) in accordance with Article 6(1)(f) of GDPR.

-You have given consent to the processing of your personal data for the purpose of direct marketing (especially commercial communication and newsletters) in accordance with Article 6(1)(a) of GDPR in conjunction with Section 7 Article 2 of the Act no. 480/2004 Coll., on certain Information Society Services, provided that no order of goods or services has been placed.

2. The purpose of personal data processing is

–Providing commercial communication and other marketing activities.

III. Time Limit for Personal Data Storing

1. The Controller stores personal data

-until the consent to the processing of personal data for the purpose of marketing is withdrawn, no more than 15 years, provided that the personal data are processed on the basis of consent.

2. After the expiry of the limit for personal data storing, the personal data shall be deleted by the Controller.

IV. Recipients of the Personal Data (Controller’s Subproviders)

1. The recipients of the personal data are persons

-providing marketing services.

2. The Controller does not intend to transfer personal data to a third country (a country outside the EU) or to an international organization.

V. Your Rights

1. Under the conditions stated in GDPR you have

-the right of access to your personal data in accordance with Art. 15 of GDPR.

-the right to have your personal data rectified in accordance with Art. 16 of GDPR, and where necessary to the restriction of processing in accordance with Art. 18 of GDPR.

-the right to erasure of your personal data in accordance with Art. 17 of GDPR.

-the right to object to the processing in accordance with Art. 21 of GDPR.

-the right to data portability in accordance with Art. 20 of GDPR.

-the right to withdraw your consent to the processing orally or electronically on the address or e-mail of the Controller stated in Art. I of these Conditions.

2. Furthermore, you have the right to lodge a complaint with Personal Data Protection Authority in the case you believe that your right to the protection of personal data has been infringed.

VI. Conditions of Personal Data Security

1. The Controller declares that they have taken all appropriate technical and organisational measures to protect personal data.

2. The Controller has taken technical measures to safeguard the security of data storage and personal data storage in paper form.

3. The Controller declares that the access to personal data is given only to persons authorised by the Controller.

VII. Final Provisions

1. You agree with these Conditions by marking the consent via the online form. By marking the consent, you declare that you have read the Personal Data Protection Conditions and that you accept them in their entirety.

2. The Controller has the right to amend these Conditions. The amended Conditions shall be published on the Controller’s website and sent to the e-mail address which you have given to the Controller.

3. These Conditions are the translation of Czech conditions. In case of any legal discrepancies, the Czech original shall be valid.

These Conditions come into effect on September 1, 2020.c