for the website („Website“) operated by Wish-Platform s.r.o., ID no.: 06243711, with its seat at Kostelec u Křížků no. 205, 251 68, registered with the Commercial Register maintained by the Municipal Court in Prague Insert 278776, Section C, e-mail: („Controller“), who is the controller of personal data in accordance with Art. 4 par. 7 of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of the personal data and on the free movement of such data („GDPR”).

    1. These Privacy Protection Rules („Rules“) inform on the on the manner and extent of the processing of personal data, incl. the rights of data subjects, personal data of which is processed by the Controller.
    2. The Controller processes only accurate personal data acquired in accordance with GDPR, whereas this personal data is collected and processed solely in accordance with the Rules. The Controller processes personal data of the data subjects in lawful and transparent manner while minimizing the personal data to the minimal extent necessary for fulfilling the given purpose of their processing.
    1. The Controller processes only personal data of the data subjects (users) acquired through the Website by filling out the registration from for opening a user account.
    2. The Controller processes the following personal data of data subjects:
      1. name
      2. surname
      3. e-mail address
      4. history of requests and their realization
      5. ID No. of natural persons
    1. The Controller processes personal data for the following lawful reasons:
      1. performance of a contract in accordance with Art. 6 par. 1 lett. b) GDPR,
      2. legitimate interests of the Controller in accordance with Art. 6 par. 1 lett. f) GDPR (direct marketing),
      3. compliance with legal obligation in accordance with Art. 6 par. 1 lett. c) GDPR.
    2. The Controller processes personal data for the following purposes:
      1. maintaining a user account – the following data is required: (i) name, (ii) surname, (iii) phone number, (iv) e-mail address and (v) ID No. of natural persons;
      2. individualization of offers offered through the Website – the following data is required: (i) name, (ii) surname, (iii) e-mail address, and (iv) history of request and their realization;
      3. sending newsletters (commercial messages) – the following data is required: (i) name, (ii) surname and (iii) e-mail address; and
      4. record keeping by the Controller – personal data in accordance with Art. 2.b of the Rules.
    1. The Controller keeps the personal data processed for purposes stated in the Art 3.2 (i), (ii) and (iv) of the Rules for the period of ten (10) years since realization (finishing) the last part of the contractual relationship, provided applicable legislature does not state a longer period of time.
    2. The Controller keeps the personal data processed for the purposes stated in the Art. 3.2 (iii) of the Rules for an indefinite period of time until it will be revoked or the newsletter will be unsubscribed.
    3. Following the end of the record-keeping period (retention time), the personal data is destroyed.
    1. Personal data is not disclosed to any recipient (Art. 4 par. 9 GDPR) with the exception of disclosing the personal data according to legal obligations stipulated by the Czech Law.
    2. Personal data will be not transferred to a third country outside of EU or to international organizations.
    1. The Controller declares that he undertook all the necessary technical, organizational and security measures in order to duly secure the personal data with respect to their confidentiality, integrity and accessibility.
    2. Only persons authorized by the Controller have access to the personal data.
    1. The Controller is entitled to send news and other commercial messages relating to the Website and his services to e-mail addresses of data subject registered through the Website. Sending of commercial messages is regulated by the Section 7 Par. 3 of the Act no. 480/2004 Coll., on certain information society services, as amended. Data subject is entitled to reject the reception of any further commercial messages – e.g. by clicking an unsubscribe button embodied into the commercial message.
    1. Remember that you have the following rights: (i) Right of access to your personal data (Art. 15 GDPR), (ii) Right on rectification of your personal data (Art. 16 GDPR), (iii) Right to have your personal data erased (Art. 17 GDPR), (iv) Right to restrict the processing of your personal data (Art. 18 GDPR), (v) Right to data portability (Art. 20 GDPR), and (vi) Right to object against the processing of your personal data (Art. 21 GDPR)..
    2. In case of a request for your personal data erasure, your user account will have to be erased, whereas the request will be granted only if our interests as the Controller shall not prevail over your interests.
    3. You have also the right to revoke your consent (should it be the lawful reason for processing) with processing of your personal data at any given time in writing or electronically on the e-mail address of the Controller.
    4. Should you have any reasonable doubt about compliance with the Controller ‘s obligation to duly process your personal data, you can file a complaint to the Office for Personal Data Protection. Eventually, you can file a court motion to the competent court.
    1. Web files cookies are used to store user configuration (prefered language of user inteface).
    1. By submitting the registration on the Website (creating a user account) you confirm having read the Rules and that you do not have any objections to its content.
    2. The Rules can be subject to a one-sided change by the Controller. The most current version of the Rules will be available on the Website. Data subject will be informed on changes of the Rules by means of an e-mail message.

Rules will come into effect on 25.5.2018.