top of page

Ppersonal protection awardsh data

CompanyStamed s.r.o.

with registered office Vřesová 667, 330 08 Zruč - Senec 

ID: 29161941
VAT number: CZ29161941

company registered in the commercial register kept at the Regional Court in Pilsen, section C, insert 27962

Phone: +420 725 323 111

Email: obchod@stamed.cz


I. Protection of personal data
1.1. By submitting an order from the online order form for the delivery of services, ordering by telephone or by using the services itself, the user confirms that he understands the terms of personal data protection, that he expresses his agreement with their wording, and that he accepts them in their entirety.
1.2 The provider is the administrator of users' personal data in accordance with Article 4 point 7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (general regulation on the protection of personal data) (hereinafter: "GDPR"). The provider undertakes to process personal data in accordance with legal regulations, in particular GDPR.
1.3. Personal data is any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be directly or indirectly identified, in particular by reference to a certain identifier, for example a name, identification number, location data, network identifier or to one or more special elements of physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
1.4 When placing an order, personal data is required, which is necessary for the successful processing of the order (invoicing data, email, telephone number). The purpose of processing personal data is to process the user's order and exercise the rights and obligations arising from the contractual relationship between the Provider and the User. The purpose of processing personal data is to send commercial messages and carry out other marketing activities. Legal reason for processing personal data
data is the fulfillment of the contract according to Article 6 paragraph 1 letter b) GDPR, fulfillment of the administrator's legal obligations according to Article 6, paragraph 1 letter c) GDPR and the legitimate interest of the Provider pursuant to Article 6 paragraph 1 letter f) GDPR. The legitimate interest of the Provider is the processing of personal data for the purposes of direct marketing.
1.5 The provider uses the services of subcontractors, especially mailing service providers (personal data are not stored in 3rd countries) and web hosting providers for the fulfillment of the license agreement. Subcontractors are screened in terms of secure processing of personal data. The web hosting provider and subcontractor have entered into an agreement on the processing of personal data, according to which the subcontractor is responsible for the proper security of physical, hardware and
software perimeter, but is not directly responsible to the user for any leakage or violation of personal data.
1.6 The provider stores the user's personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between the provider and the user and to assert claims from these contractual relationships (for a period of 15 years from the termination of the contractual relationship). After it expires, the data will be deleted.
1.7 The user has the right to request from the provider access to his personal data according to Article 15 GDPR, correction of personal data according to Article 16 GDPR, or restriction of processing according to Article 18 GDPR. The user has the right to delete personal data according to Article 17 paragraph 1 letter a), and c) to f) GDPR. In addition, the user has the right to object to processing according to Article 21 of the GDPR and the right to data portability according to Article 20 of the GDPR.
1.8 The user has the right to file a complaint with the Office for the Protection of Personal Data if he believes that his right to the protection of personal data has been violated.
1.9 The user is not obliged to provide personal data. However, the provision of personal data is a necessary requirement for the conclusion and fulfillment of the contract, and without the provision of personal data it is not possible to conclude the contract or fulfill it on the part of the provider.
1.10 The Provider does not make automatic individual decisions in the sense of No. 22 GDPR.
1.11 By bindingly confirming the order, the User:
1.11.1 agrees to the use of his personal data also for the purposes of electronic sending of business communications, advertising materials, direct sales, market research and direct product offers by the Provider and third parties, but not more often than once a week, and at the same time
1.11.2 declares that it does not consider the sending of information according to paragraph 7.11.1 to be unsolicited advertising within the meaning of Act. No. 40/1995 Coll. as amended, since the user is sending information according to paragraph 7.4.1 in conjunction with § 7 of Act. No. 480/2004 Coll. He expressly agrees.
1.11.3 The consent according to this paragraph can be revoked by the user at any time in writing at obchod@stamed.cz.
1.12 The provider uses so-called cookies in the framework of improving the quality of services, personalizing the offer, collecting anonymous data and for analytical purposes in its presentation. By using the website, the User agrees to the use of the mentioned technology.


II. Rights and obligations between the administrator and the processor (processing contract)
2.1 The provider is a processor in relation to the personal data of users' clients in accordance with Article 28 of the GDPR. The user is the administrator of this data.
2.2 These conditions regulate mutual rights and obligations in the processing of personal data to which the Provider has gained access within the framework of the fulfillment of the license agreement concluded in the form of an agreement of general terms and conditions concluded with the User on the date of establishment of the user account.
2.3. The Provider undertakes to process personal data for the User to the extent and for the purpose specified in Article 1.4 of these terms and conditions. The means of processing will be automated. As part of the processing, the provider will collect, store, store, block and dispose of personal data. The provider is not authorized to process personal data contrary to or beyond the scope established by these terms and conditions.
2.4 The provider undertakes to process personal data for users to the following extent:
a) general personal data,
b) special category of data according to Article 9 GDPR, which the User obtained in connection with his own business activity (which includes passwords and accesses, data that may contain other personal data in order to fulfill the services
2.5. The provider undertakes to process personal data for users for the purpose of: informing about news and events, future telephone orders, tracing lost tax documents, etc. in the form of a license agreement.
2.6. Personal data can only be processed at the workplaces of the Provider or its subcontractors in accordance with Article of these conditions, namely in the territory of the European Union.
2.7. The Provider undertakes for the User to process the personal data of the User's clients, all for the period necessary to exercise the rights and obligations arising from the contractual relationship between the Provider and the User and from the exercise of claims from these contractual relationships (for a period of 15 years from the termination of the contractual relationship).
2.8 The user grants permission with the involvement of a subcontractor as an additional processor according to Article 28 paragraph 2 GDPR, which is the hosting provider of the Shop5 application. The User further grants the Provider general permission to involve another processor of personal data in the processing, but the Provider must inform the User in writing of all  intended changes regarding the acceptance of additional processors or their replacement and to provide the user with the possibility 
object to these changes. The provider must impose the same personal data protection obligations on its subcontractors as processors of personal data as set out in these terms and conditions.
2.9. The provider undertakes that the processing of personal data will be secured in particular in the following way:
1. Personal data is processed in accordance with legal regulations and on the basis of the User's instructions, i.e. for the performance of all activities required for the provision of Shop5 electronic commerce in the form of a license agreement.
2. The provider undertakes to technically and organizationally ensure the protection of processed personal data in such a way that there can be no unauthorized or accidental access to the data, their change, destruction or loss, unauthorized transmission, their other unauthorized processing, as well as other misuse and that all obligations of the processor of personal data resulting from legal regulations are ensured in a personnel and organizational manner continuously during the data processing period. 
3. The adopted technical and organizational measures correspond to the degree of risk. The provider uses them to ensure the continuous confidentiality, integrity, availability and resilience of processing systems and services, and to restore the availability of personal data and access to it in a timely manner in the event of physical or technical incidents.
4. The Provider hereby declares that the protection of personal data is subject to the Provider's internal security regulations.
5. Only authorized persons of the Provider and subcontractors according to Article 2.8 of these conditions will have access to personal data, who will have the terms and scope of data processing set by the Provider, and each such person will access personal data under their unique identifier. 
6. Authorized persons of the Provider who process personal data in accordance with these conditions are obliged to maintain the confidentiality of personal data and security measures, the disclosure of which would endanger their security. The provider will ensure their demonstrable commitment to this obligation. The Provider will ensure that this obligation for the Provider and the authorized persons will continue even after the end of the employment law or other relationship with the Provider. 
7. The provider will assist the user through appropriate technical and organizational measures, if possible, to fulfill the user's obligation to respond to requests for the exercise of data subject rights set forth in the GDPR; as well as in ensuring compliance with the obligations under Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to the Provider.
8. After completion of the performance that is connected with the processing, according to Article 1.6 of these terms and conditions, the Provider is obliged to delete all personal data or return them to the User, unless he is obliged to store personal data based on a special law.
9. The Provider will provide the User with all the information necessary to demonstrate that the obligations under this contract and the GDPR have been met, will enable audits, including inspections, carried out by the User or another auditor authorized by the User.
2.10 The User undertakes to immediately report all known facts that could adversely affect the proper and timely fulfillment of obligations arising from these conditions and to provide the Provider with the cooperation necessary for the fulfillment of these conditions.

III. Final Provisions
3.1 These terms and conditions expire upon the expiry of the period specified in Article 1.6 of these terms and conditions.
3.2 The user agrees to these terms and conditions by ticking the consent through the internet form. By checking consent, the user expresses that he has read these conditions, that he expresses his agreement with them and that he accepts them in their entirety.
3.3 The provider is entitled to change these conditions. The provider is obliged to publish a new version of the conditions on its website without undue delay, or sends the new version to the User's e-mail address.
3.4 The provider disclaims all responsibility for the loss or other misuse of the e-shop owner's personal data.
3.5 Contact details of the Provider in matters relating to these conditions: +420 725 323 111, obchod@stamed.cz
3.6 Relations not expressly regulated by these conditions are governed by the GDPR and the legal order of the Czech Republic, in particular Act No. 89/2012 Coll., Civil Code, as amended.
These terms and conditions take effect on 5/25/2022.

bottom of page