Fundamentals of Processing Personal Data

published on the bases of the binding regulation EU 2016/679 (General Data Protection Regulation), which, with effect from 25 May 2018, uniformly regulates the protection of personal data and the conditions of their processing in all EU Member States.

IP CAS, v. v. i., treats personal data exclusively in accordance with the valid legislation. We are presenting to you the fundamentals, which clarify what we are doing in order to ensure the confidentiality and safety of personal data.

I. Types of personal data that we process

1. identification data – personal data serving the unambiguous and unmistakable identification of persons (in particular name, surname, title, date of birth, address of permanent residence, bank account number)

2. contact details – personal data making contact possible with persons (especially contact address, telephone number, e-mail address)


II. Processing personal data

At the e-shop of IP CAS, v. v. i., we process personal data on the basis of the legal title of the contract. It concerns the customers purchasing at the e-shop. In view of the contractual nature of the relationship between the IP and the persons mentioned, the provision of personal data is entirely voluntary.


III. Method of treatment of personal data

Personal data of individuals are never sold, exchanged, transferred or provided to third parties without their consent. Access to personal data is granted only to collaborators who need it to perform their activities (such as billing, sending orders, etc.).

The personal data of the customers are preserved in the electronic database of personal data. We implement a wide range of measures with the aim to ensure the safety of the personal data. We use state-of-the-art encryption to protect sensitive information transmitted online. The computers and servers for storing personal data are kept in a secure environment.

To implement an order in the e-shop, it is necessary to support cookies in the user’s web browser. The system stores only a session cookie for the duration of the user’s login.


IV. Period of processing

We keep personal data only for as long as necessary and we archive them according to the statutory time limits as imposed by the legal regulations. After the point of the legal reason is lost, we delete the relevant personal information. The personal data, which we process with the consent of the customer, are kept only for the duration of the purpose for which the consent was granted.


V. Rights of the customers, whose personal data we process

We process the personal data transparently, correctly and in accordance with the legislative requirements. At the same time, however, customers have the right to contact us at any time requesting information about the procedure of processing personal data or for the purpose of exercising the following rights related to personal information:

1. The right of access to personal data

2. The right to the correction of personal data

3. The right to the deletion of personal data (the right “to be forgotten”)

4. The right to restrict the processing of personal data

5. The right to the portability of personal data

The customer also has the following rights:

i. The right to raise an objection to the processing of personal data

ii. The right to withdraw consent to the processing of personal data

iii. The right to file a complaint with the Supervisory Authority (the Office for Personal Data Protection)

The right of access (1), the correction (2), the restriction of processing (4) and the right to withdraw the consent (ii) is implemented through the e-shop’s administration, where the customer himself/herself updates the data in his/her account settings. The deletion or transfer of personal data can be requested via an email sent to