Who we are and how to contact us?
The website https://dilnastore.cz is operated by Dilnastore s.r.o., Identification Number (IČO): 14245639, with registered office at Bořivojova 235/1, Lazce, 779 00 Olomouc (hereinafter referred to as “DILNA”). In accordance with the applicable personal data protection laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), “DILNA” is the controller of your personal data. The controller of personal data is the one who determines the purposes and means of the processing, in simplified terms, the one who decides why and how personal data are processed.
Below are our contact details in case you cannot find the answers to your questions in this document or if you do not understand any of the provided information.
Adress: Hněvotín 9, 78347 Hněvotín
What personal data do we process?
At DILNA, we process the following categories of personal data:
Identification data, which primarily includes name, surname, date of birth, and gender (optional);
Contact data, which includes email address, billing address, delivery address, phone number, membership number in our loyalty program;
Financial data, which primarily includes information about payment card and bank account;
Purchase data, which mainly includes details about the purchase and processing of orders (e.g., basket number, order number, amount to be paid, currency, any discount, shipping method, number of items, product number, etc.);
Records of payments we have received from you (or payments you have received from us) and details of other products you have received from us, as well as communication related to your orders;
Technical data, which primarily includes details about the devices you use to access our websites, IP address, login details, username and password, browser type and version, timezone and location settings, and information about the operating system you use;
Preference data, which primarily includes information about your purchases, orders, interests related to our products, and any feedback you have provided to us.
In addition to the above, we also collect, use, and share aggregated data, such as statistical or demographic data. Aggregated data may be derived from your personal data, but it is not considered personal data as it cannot identify you. Aggregated data helps us, for example, determine the percentage of users accessing a specific feature on our websites.
How do we obtain your personal data?
We primarily obtain your personal data from you when you enter your personal data on our websites (e.g., when you fill out a form) or when you communicate with us electronically, by mail, phone, or any other means. This includes cases when you:
- create an account or make a purchase on our websites;
- subscribe to our newsletter;
- fill out a form to obtain a discount on goods;
- become a member of our loyalty program;
- contact us with a question or to report a problem (e.g., by phone or email).
We also obtain some data about you automatically. This includes technical data about your device, data about how you use our websites (“website usage data”), and data about when you do not complete certain actions on our websites (e.g., when you leave items in your basket or do not complete your order). We obtain this data through cookies, server logs, and similar technologies.
Your personal information is sometimes provided to us by third parties. This primarily includes technical data from analytics providers (such as Google), contact and financial information, and purchase history data from payment and delivery service providers.
How do we process your personal information?
We process your personal information only to the extent necessary for the specified purpose and for the duration required to fulfill that purpose. For each processing purpose, we must have a legal basis as the data controller. At Dilna, we process personal information when:
- You give us consent for it.
- It is necessary for the performance of a contract (e.g., to process your order and deliver the requested goods, as well as to provide customer support).
- We have a legitimate interest for the processing.
- We are legally obliged to process personal information for a specific purpose.
For what purposes do we process your personal information?
Categories of processed data |
Legal basis for processing
Creating a user account for a new customer | – Identification – Contact | – Necessity for the performance of a contract
Processing and delivering your order (including order status updates, payment processing, and fraud prevention) | – Identification – Contact – Financial – Technical | – Necessity for the performance of a contract
Communication with you (including sending any requested information, updates regarding our terms and conditions, and information about personal data processing) | – Identification – Contact – Data about your preferences | – Necessity for the performance of a contract – Legitimate interest
Management and improvement of our business activities and websites (e.g., troubleshooting, data analysis, system testing, and maintenance) | – Identification – Contact – Financial – Technical – Data about how you use our websites | – Legitimate interest (in developing our business activities, ensuring proper organizational measures and IT, and preventing fraud)
Personalization of content displayed on our websites and online advertisements (including measuring the effectiveness of such advertisements) | – Identification – Contact – Financial – Technical – Data about how you use our websites | – Legitimate interest (in understanding how customers use our websites, being able to improve them, develop our business activities, and marketing strategies)
Using analytical software tools to improve our websites, marketing, and customer satisfaction | – Technical – Data about how you use our websites | – Legitimate interest (in being able to differentiate customer types based on their interest in our products, improving our websites, and enhancing our marketing strategies)
Sending information about offers that may interest you (direct marketing), including newsletters and notifications of promotional events (via email) | – Identification – Contact – Financial – Technical – Data about how you use our websites | – Legitimate interest (in developing our business activities)
Sending reminders about unfinished activities on our websites (e.g., regarding an incomplete order or items left in the cart) | – Identification – Contact – Data about how you use our websites | – Legitimate interest (in increasing customer satisfaction)
For how long do we process and store your personal information?
We process and store your personal information only for as long as necessary for the purposes mentioned above or as required by law. After this period, personal data will be deleted or anonymized.
If we process your personal information based on a legitimate interest, the processing will continue as long as our legitimate interest persists. You have the right to object to the processing of your personal data carried out on the basis of a legitimate interest. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for that purpose.
Whom do we disclose your personal information to?
We share your personal information with the following recipients:
- Our suppliers, especially transportation companies, IT providers, hosting and marketing service providers, providers of statistical and database software tools, and potentially other entities that provide services to us.
Based on legal regulations, we may be obligated under certain conditions to share your personal data with third parties (such as public authorities, etc.). This is our legal obligation.
Cookies
We use so-called cookies on our website, cookies, which are short text files that are stored on your computer when you load our web pages. Thanks to cookies, we can identify how you interact with the content of the web pages and personalize our communication towards you.
Consent to the placement of cookies is voluntary. You can block or delete some or all cookies that have already been set. Detailed information about cookies and options for blocking them in different types of web browsers can be found, for example, on the website http://www.aboutcookies.org, or on the websites of individual browsers. Please note that if you block or delete cookies sent from our website that are necessary or ensure functionality and performance, it may not be possible to use the website.
How do we process your personal data and how are they secured?
The processing of personal data takes place manually and automatically in electronic information systems, in electronic or paper form. Your personal data is primarily processed by our employees and processors. We have implemented appropriate security measures (particularly technical and organizational) to protect your personal data against any accidental loss, destruction, misuse, damage, unauthorized or unlawful access. We have concluded relevant contracts with processors who process your personal data on our behalf as data controllers to ensure adequate protection of your personal data. Employees and processors involved in the processing of your personal data are bound by confidentiality. We process your personal data in the territory of the Czech Republic and possibly in other countries of the European Union. We do not transfer your personal data to other countries.
What are your rights in the field of personal data protection?
At any time during the processing of your personal data, you can exercise the following rights:
- Right of access. You have the right to obtain confirmation as to whether and what personal data we process about you, including the right to obtain a copy of the personal data we process.
- Right to rectification and completion. If you find that your personal data processed by us is inaccurate or incomplete, you have the right to request their correction and update.
- Right to erasure. In certain cases, you have the right to request the erasure of your personal data processed by us. Please note that the erasure of personal data cannot be carried out if their processing is necessary.
- Right to restriction of processing. In certain cases, such as when you dispute the accuracy, lawfulness, or our need to process your personal data, you have the right to request the restriction of processing your personal data. If we comply with your request, we will limit the processing of personal data to the necessary minimum (and generally will not actively process the data further). We will record in our systems that the data is subject to restriction. If the restriction is lifted and we intend to continue processing your personal data, we will inform you in advance.
- Right to data portability. You have the right to request that we transmit your personal data, which you have provided to us and which we process, to a third party (another data controller) specified in your request, in a commonly used and machine-readable format. Please note that you can exercise this right only if we process your personal data based on your consent or for the purpose of fulfilling a contract, and the processing is automated.
- Right to lodge a complaint with a supervisory authority. If you believe that there has been a violation of obligations set by legal regulations for the protection of personal data, you have the right to lodge a complaint with the Office for Personal Data Protection or with another supervisory authority of an EU member state responsible for supervising compliance with obligations in the field of personal data protection.
Right to Object to the Processing of Personal Data
In addition to the rights mentioned above, you also have the right to object to the processing of your personal data. You can exercise this right when the legal basis for processing personal data is the legitimate interest of the controller or a third party (or when the legal basis for processing is the performance of a task carried out in the public interest or in the exercise of official authority).
You can also object to the processing of your data for direct marketing purposes (based on the legal basis of legitimate interest), including profiling to find the most suitable and interesting offers for you.
If you object to the processing, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for this purpose.
How to Exercise Your Rights ?
If you decide to exercise any of the rights mentioned above, please write to us at the email or postal address provided above. Please note that if you exercise your rights, we need to verify your identity. Therefore, in some cases, we may ask you to provide proof of your identity.
Upon exercising any of the above-mentioned rights, we will inform you in writing, without undue delay, about the handling of your request.
Changes to Personal Data Processing Information
We may modify or update this information on the processing of personal data in the future. If we make changes, you will be notified, among other things, by updating the date of the last modification stated at the beginning of this information. If we make changes that could have a significant impact on your privacy, we will also inform you by other appropriate means (e.g., email). We recommend that you regularly read the information on the processing of personal data to stay informed about how we process your personal data and how you can protect your privacy.
