Need Help?
(+420) 608 039 951
Terms of protection and processing of personal data
Personal data manager
The personal data administrator processes personal data in accordance with the valid and effective legislation of the Czech Republic and the European Union, in particular on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in connection with the processing of personal data and the free movement of such data and the repeal of Directive 95/46/EC (hereinafter referred to as "GDPR") and Act No. 110/2019 Coll., on the processing of personal data, as amended (hereinafter referred to as the "Act on Personal Data Processing" ).
The administrator of personal data within the meaning of Article 4 point 7) GDPR is:
Rekha Trading Co. Ltd
ID: 10874372
registered office at Pejevová 3118/8, Modřany, 143 00 Prague 4
registered in the commercial register kept at the Municipal Court in Prague, section C, insert 349960
(hereinafter referred to as "Administrator")
Administrator contact details
The administrator can be contacted via the contact details below:
address: Pejevové 3118/8, Modřany, 143 00 Prague 4
databox identifier: jxmwbq5
telephone: +420 605 419 086
e-mail: shop@biovatika.cz
Commissioner for the protection of personal data
The administrator has not appointed a personal data protection officer.
Personal data and categories of processed personal data
Personal data means all information about an identified or identifiable natural person. An identifiable natural person is a natural person who can be directly or indirectly identified, in particular by reference to a certain identifier, for example name, identification number, location data, network identifier, or to one or more special elements of physical, physiological, genetic, psychological, economic, cultural or social identities.
The administrator processes the following personal data:
- Identification data : These must be understood in particular as first and last name, in some cases they can also be identification number and tax and tax identification number. As a rule, this will be data necessary to identify the buyer or the person to whom the goods are to be delivered.
- Contact information : This means the delivery address, billing address, email address, phone number, or contact information on social networks or other applications used for communication.
- Data related to maintaining a customer account : In particular, it will be about the settings of your customer account and your chosen preferences (delivery and payment method, delivery address).
- Data on your orders : In particular, this will be data on the number of orders placed, data on the ordered goods and services, data on the chosen delivery method, data on the type of payment method used, data on the account number in the case of payment by transfer, data on the return of goods, complaints or other rights asserted by you in connection with the ordered goods or services.
- Data about your behavior on the Administrator website : In particular, this will be data about the way you move on the website, data about the device from which you view the website, including the IP address and technical parameters of this device, data about the web browser used, its version and language settings and data obtained through cookies.
- Other data : The Administrator may also process other personal data that is directly related to the fulfillment of the contract concluded between you and the Administrator (order processing).
The administrator mainly processes personal data provided by you. The administrator can also process data obtained in a different way than from you. The Administrator usually obtains this data in connection with the fulfillment of the contract (order processing). After that, the Administrator may also obtain some data as part of automated data processing, usually this will be data about your behavior on the Administrator's website, which the Administrator can collect in connection with your visit to the Administrator's website.
Cookies
The administrator uses cookies on his website. Cookies are small text files that are stored in your browser or in the memory of your device when you visit the website. Data obtained through cookies is processed automatically by the Administrator. Some cookies are necessary for the website to function, others modify or adapt the content of the website to your specific preferences. The administrator uses the following categories of cookies:
- Technical cookies : They are necessary files without which the website cannot function properly. Consent is not required to use them.
- Functional cookies : Used to remember your preferences on the website. Thanks to these cookies, the Administrator's website can offer additional functions and personal settings.
- Analytical and statistical cookies : They enable the collection of analytical data regarding the website, in particular for the purpose of detecting traffic and the use of various functions of the website.
- Cookies for targeted advertising and marketing : They enable the display of targeted advertising following the detection of your preferences according to your previous activities.
The administrator uses the following cookies on his website:
Technical and functional cookies
Cookies |
Publisher |
Function |
Duration |
_Brochure_session |
biovatika.cz |
Necessary for the website to function - used in connection with browsing the website. |
- |
checkout |
biovatika.cz |
Necessary for the website to function - used in connection with order creation and payment (checkout). |
3 weeks |
signed_in |
biovatika.cz |
Necessary for the operation of the website - used in connection with the user's login to his account on the website. |
1 year |
user |
biovatika.cz |
Necessary for the operation of the website - used in connection with the user's login to his account on the website. |
1 year |
_ab |
biovatika.cz |
Used in conjunction with website administration access. |
2 years |
_customer_account_shop_sessions |
biovatika.cz |
Used in combination with the _secure_account_session_id cookie to track a user's session for new customer accounts. |
30 days |
_secure_account_session_id |
biovatika.cz |
Used to track the user session for new customer accounts. |
30 days |
_secure_session_id |
biovatika.cz |
It is used to save data when the user visits the website within the individual steps of the order process, so that the data entered by the customer, i.e. data about the ordered goods, payment and delivery data, is saved for the duration of the order creation. |
24 hours |
_shopify_country |
biovatika.cz |
It stores data about the user's country and currency, which it detects using GeoIP. |
until the end of the visit |
_shopify_m |
biovatika.cz |
Used to manage customer privacy settings. |
1 year |
_shopify_tm |
biovatika.cz |
Used to manage customer privacy settings. |
30 minutes |
_shopify_tw |
biovatika.cz |
Used to manage customer privacy settings. |
2 weeks |
_storefront_u |
biovatika.cz |
Used to facilitate updating customer account information. |
1 minute |
_tracking_consent |
biovatika.cz |
Used to store the user's privacy preferences. |
1 year |
_cmp_a |
biovatika.cz |
Used to manage customer privacy settings. |
1 day |
C |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
1 year |
cart |
biovatika.cz |
Used in conjunction with the shopping cart. |
2 weeks |
cart_currency |
biovatika.cz |
It is used to remember the currency settings so that after sending the order, the given currency settings are preserved for the customer for subsequent orders as well. |
2 weeks |
cart_sig |
biovatika.cz |
It is used to verify the integrity of the shopping cart and to ensure the execution of certain operations within the shopping cart. |
2 weeks |
cart_ts |
biovatika.cz |
It is used in conjunction with the cash register. |
2 weeks |
cart_ver |
biovatika.cz |
Used in conjunction with the shopping cart. |
2 weeks |
checkout |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
4 weeks |
checkout_token |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
1 year |
customer_account_locale |
biovatika.cz |
Used in connection with new customer accounts. |
1 year |
dynamic_checkout_ shown_on_cart |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
30 minutes |
hide_shopify_pay_for_checkout |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
until the end of the visit |
keep_alive |
biovatika.cz |
It is used in conjunction with locating buyers. |
2 weeks |
master_device_id |
biovatika.cz |
Used in conjunction with merchant login. |
2 years |
previous_step |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
1 year |
discount_code |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
until the end of the visit |
remember_me |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
1 year |
secure_customer_sig |
biovatika.cz |
It is used to identify the user after they log in to the store as a customer, so they don't have to log in again. |
1 year |
shopify_pay |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
1 year |
shopify_pay_redirect |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
1 hour, 3 weeks or 1 year depending on the value |
shop_pay_accelerated |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
1 year |
source_name |
biovatika.cz |
Used in combination with mobile apps, it adjusts a different checkout and store browsing process that better suits a compatible mobile app. |
until the end of the visit |
storefront_digest |
biovatika.cz |
It ensures the protection of passwords in case they are displayed (revealed) by the user. |
2 years |
tracked_start_checkout |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
1 year |
checkout_session_lookup |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
3 weeks |
checkout_prefill |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
5 months |
checkout_queue_token |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
1 year |
checkout_queue_checkout_token |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
1 year |
checkout_worker_session |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
3 days |
checkout_session_token |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
3 weeks |
checkout_session_token _<<token>> |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
3 weeks |
cookie test |
biovatika.cz |
It serves to ensure the proper functioning of our systems. |
1 month |
order |
biovatika.cz |
Used in conjunction with the order status page. |
3 weeks |
identity-state |
biovatika.cz |
Used in conjunction with customer authentication. |
24 hours |
identity-state-<<token>> |
biovatika.cz |
Used in conjunction with customer authentication. |
24 hours |
identity_customer_account_number |
biovatika.cz |
Used in conjunction with customer authentication. |
12 weeks |
card_update_verification_id |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
20 months |
customer_account_new_login |
biovatika.cz |
Used in conjunction with customer authentication. |
20 months |
customer_account_preview |
biovatika.cz |
Used in conjunction with customer authentication. |
7 days |
customer_payment_method |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
1 hour |
customer_shop_pay_agreement |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
20 months |
pay_update_intent_id |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
20 months |
localization |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
2 weeks |
profile_preview_token |
biovatika.cz |
It is used within the individual steps of the ordering process (checkout). |
5 months |
login_with_shop_finalize |
biovatika.cz |
Used in conjunction with customer authentication. |
5 months |
preview_theme |
biovatika.cz |
Used in conjunction with the theme editor. |
until the end of the visit |
shopify-editor-unconfirmed-settings |
biovatika.cz |
Used in conjunction with the theme editor. |
16 hours |
wpm-test-cookie |
biovatika.cz |
It serves to ensure the proper functioning of our systems. |
until the end of the visit |
Analytical cookies and reports
Cookies |
Publisher |
Function |
Duration |
_landing_page |
biovatika.cz |
Watch landing pages. |
2 weeks |
_orig_referrer |
biovatika.cz |
Watch landing pages. |
2 weeks |
_with |
biovatika.cz |
Shopify analytics. |
30 minutes |
_shopify_d |
biovatika.cz |
Shopify analytics. |
until the end of the visit |
_shopify_fs |
biovatika.cz |
Shopify analytics. |
30 minutes |
_shopify_s |
biovatika.cz |
Shopify analytics. |
30 minutes |
_shopify_sa_p |
biovatika.cz |
Shopify marketing and referral analytics. |
30 minutes |
_shopify_sa_t |
biovatika.cz |
Shopify marketing and referral analytics. |
30 minutes |
_shopify_y |
biovatika.cz |
Shopify analytics. |
1 year |
_y |
biovatika.cz |
Shopify analytics. |
1 year |
_shopify_ga |
biovatika.cz |
Shopify and Google Analytics. |
until the end of the visit |
customer_auth_provider |
biovatika.cz |
Shopify analytics. |
until the end of the visit |
customer_auth_session _created_at |
biovatika.cz |
Shopify analytics. |
until the end of the visit |
unique_interaction_id |
biovatika.cz |
Shopify analytics. |
10 minutes |
_session_id |
biovatika.cz |
Shopify analytics. |
|
_shopify_uniq |
biovatika.cz |
Shopify analytics. |
|
*_assignment |
biovatika.cz |
Shopify analytics. |
|
ab_test_* |
biovatika.cz |
Shopify analytics. |
|
cart_sig |
biovatika.cz |
Shopify analytics. |
|
ki_r |
biovatika.cz |
Shopify analytics. |
|
ki_t |
biovatika.cz |
Shopify analytics. |
Third party cookies:
Third side: |
Function: |
Privacy Policy: |
Cloudflare |
Necessary for the operation of the website - it is used as a service for routing (edge routing) |
https://www.cloudflare.com/privacypolicy/ |
Google Analytics |
Analytical cookies – serve to measure how users use the Administrator's website. |
https://policies.google.com/privacy |
The administrator also uses third-party cookies. The Administrator points out that third parties (including external service providers) may also use cookies and possibly also access data collected by cookies on the Administrator's website (especially Google).
The administrator uses an e-shop solution from Shopify, more information about the cookies used can therefore also be found on the website of the e-shop solution provider: https://www.shopify.com/legal/cookies
The use of cookies, with the exception of the necessary ones (mainly technical cookies), is subject to your consent through the so-called cookies bar. You can revoke your consent to the use of cookies at any time within the cookie settings on the Administrator website (at the bottom of the homepage of the Administrator website, click on the round cookies icon and reset your preferences here). You can also manage cookies in your web browser.
Legal basis for processing personal data
The processing of personal data by the Administrator always takes place on the basis of one of the reasons according to Article 6 of the GDPR. The administrator processes personal data based on the following reasons (conditions):
- granting your consent to the processing of personal data for one or more specific purposes in the sense of Article 6 paragraph 1 letter a) GDPR,
- the processing of personal data is necessary for the fulfillment of the contract between you and the Administrator in the sense of Article 6 paragraph 1 letter b) GDPR,
- processing is necessary for the fulfillment of a legal obligation that applies to the Controller in the sense of Article 6 paragraph 1 letter c) GDPR,
- processing is necessary for the purposes of the legitimate interests of the relevant administrator or a third party in the sense of Article 6 paragraph 1 letter f) GDPR.
The purpose of personal data processing
The administrator processes personal data for the following purposes:
- Realization of the contractual relationship with the data subject (fulfilment of the contract with the customer) : The administrator processes personal data in particular in connection with orders placed. In order to process and deliver the order properly, the provision and processing of some personal data is absolutely necessary, such as identification data, contact data and data about your order. Without providing this personal data, it is not possible to place an order (a contract will not be concluded). The Administrator also processes your personal data in connection with the fulfillment of the Administrator's obligations arising from these contractual relationships, especially in the case of handling complaints and for accounting and tax purposes. Personal data is processed on the basis of Article 6 paragraph 1 letter b), c) GDPR.
- Marketing activity : Based on the consent granted, the Administrator sends business messages (newsletter) via email to registered persons. For the purpose of sending commercial messages, the administrator processes only your email address, without providing an email address it is not possible to send commercial messages. The Administrator may also process personal data in connection with personalized advertising and other marketing activities, in this case the Administrator mainly processes data obtained through cookie files. Personal data is processed on the basis of Article 6 paragraph 1 letter a) GDPR, i.e. on the basis of your consent (consent granted to send commercial communications, or consent to the processing of cookie files granted through the so-called cookies bar). You can withdraw your consent at any time.
- Managing a customer account : In the case of establishing a customer account, the Administrator processes your identification data, contact data, data related to the management of the customer account and data about your orders. It is not possible to create a customer account without providing your name and email address. The customer account is mainly intended to facilitate the process of ordering goods through the online store and to ensure a greater overview of the orders made. The order history is part of the customer account ("My Orders" section). In the customer account, you can also save delivery and billing addresses and your preferences related to the method of delivery of goods and methods of payment, which will make it easier for you to fill out the order form in case of repeated ordering of goods. In the given case, the administrator processes personal data on the basis of Article 6 paragraph 1 letter b) GDPR.
- Customer care : In the case of communication with customers or future customers, personal data may be processed. Identification and contact data are usually processed in connection with answering questions or solving customer requests. However, depending on the nature of the matter, other categories of personal data processed by the administrator may also be processed, usually at the request of the customer. Personal data is processed on the basis of Article 6 paragraph 1 letter f) GDPR. In the given case, the legitimate interest for the processing of personal data is the provision of high-quality customer service (dealing with customer inquiries or requests).
- Evaluation of goods and services by customers : After placing an order, the Administrator may ask you to give an evaluation of the Administrator and the goods, in the event of an evaluation, personal data is processed. Assessment is voluntary. Personal data is processed on the basis of Article 6 paragraph 1 letter a) GDPR, i.e. based on your consent. You can withdraw your consent at any time.
- Optimization and improvement of website content and their proper functioning: The administrator uses cookies on his website. In relation to the necessary cookies that ensure the proper functioning of the website, it is not necessary to grant your consent. In cases where personal data is processed through these cookies, it is processed on the basis of Article 6 paragraph 1 letter f) GDPR. The legitimate interest for the processing of personal data in the event that the Administrator does not need your consent for this processing is to ensure the proper functioning of the Administrator's website. The collection of personal data through analytical and profiling cookies is subject to your consent granted within the so-called cookies bar. You can revoke your consent to the use of cookies at any time within the cookie settings on the Administrator's website. The processing of personal data based on your consent takes place in accordance with Article 6 paragraph 1 letter a) GDPR.
- Fulfillment of obligations arising from binding legal regulations: If the Administrator has an obligation arising from binding legal regulations, which implies, albeit indirectly, the necessity to preserve personal data (e.g. the obligation to preserve documents related to business), the Administrator will retain personal data for the period thus determined by legal regulations . These are mainly obligations arising from tax and accounting regulations. In the given case, personal data is processed on the basis of Article 6 paragraph 1 letter c) GDPR.
- Exercising and exercising rights and asserting legal claims: This will primarily concern cases of the Administrator's claims arising from purchase contracts concluded with customers. These may be claims related to the payment of the purchase price, complaints or damages. In this context, the administrator will usually process identification data, contact data, data related to maintaining a customer account and data about your orders. Personal data is processed on the basis of Article 6 paragraph 1 letter b), f) GDPR. In the given case, the legitimate interest for the processing of personal data is the protection of the Administrator's legal claims, including their enforcement.
Personal data retention period
The administrator only keeps your personal data for as long as necessary. The administrator keeps your personal data mainly for the period required by valid and effective legal regulations.
In the event of the implementation of a contractual relationship with the data subject (fulfilment of the contract with the customer), the Administrator stores your personal data for the entire duration of the contractual relationship between you and the Administrator.
For the purposes of applying and exercising rights and asserting legal claims, the Administrator stores personal data for the period necessary to exercise them. In the case of the implementation of a contractual relationship based on a contract for the purchase of goods in the Administrator's online store or another similar contract, personal data are stored for the duration of the period for exercising rights from defective performance and for the duration of the statute of limitations. If administrative, judicial or other similar proceedings are initiated, the Administrator also processes personal data for the entire duration of these proceedings.
The customer account is active for five years from the user's last login to the customer account. Subsequently, it is removed. Personal data stored within the customer account is disposed of together with the customer account. The Administrator may retain personal data relating to the customer account even after this period has expired, in cases where the Administrator also stores such data for purposes other than managing the customer account.
In the case of granting consent to the processing of personal data for marketing purposes, especially for the purpose of sending business communications, the Administrator stores personal data for the period until this consent is revoked, but no longer than for a period of five years from the granting of this consent. Consent to the sending of commercial communications can be revoked at any time, via a link in the email containing the commercial communications, or in writing or electronically via the contact details listed above.
Personal data obtained through mutual communication for the purposes of customer care, i.e. especially if you contact the Administrator with a question that is not related to the contractual relationship, is processed by the Administrator for a maximum period of 3 months from the last mutual communication.
Consent to the processing of cookies on the Administrator's website is stored for a period of one year, or until the cookie files are deleted in the browser, or until this consent is revoked through the cookie settings on the Administrator's website.
Security of personal data
With regard to the nature, scope and purposes of personal data processing, the administrator has taken adequate technical and organizational measures to secure personal data in order to ensure that personal data is processed in accordance with the GDPR. In particular, the Administrator has adopted such measures to ensure proper security of personal data against unauthorized or illegal processing and against accidental loss, destruction or damage.
Categories of recipients of personal data
The recipient of personal data is any entity to which personal data is communicated by the Administrator. However, the recipient is not an entity that processes personal data for the purpose of inspection, supervision and regulation related to the exercise of public authority.
As part of its activities, the Administrator processes your personal data in the role of personal data administrator. This means that he himself determines the purposes and means of personal data processing, as already mentioned above. In some cases, the Administrator may also transfer your personal data to other entities in the role of administrator. The administrator may transfer your personal data to the following categories of personal data administrators:
- Delivery service providers incl. cash on delivery (Carrier) : If the Administrator delivers your order from the online store, he will hand over to the carrier data related to the delivery of the ordered goods, in particular the name of the person to whom the ordered goods are to be delivered, his delivery address, telephone contact and email. In the case of payment by cash on delivery, information on the amount paid is also transmitted.
- Providers of advertising and marketing services, sending commercial messages : The administrator may use the services of a third party in connection with sending commercial messages, providing personalized advertising or other marketing services. The sending of commercial messages, the use of personalized advertising, as well as other marketing tools, is conditional on your consent, which you can revoke.
- Service providers related to the evaluation of products or services : In cases where you consent to the sending of a satisfaction questionnaire (purchase evaluation) by a third party, your data may be provided to this third party for the purpose of sending the questionnaire. In this case, the Administrator will provide a third party with your email address and information about the purchased goods.
In the case of making a payment via a payment gateway, Revolut Pay, Shop Pay or Google Pay, the Administrator does not store the payment card data. In this case, the payment data is transferred by the customer directly to the company managing the given payment system.
The Administrator may also transfer your personal data to personal data processors who process personal data for the Administrator in accordance with his instructions. Processors are not authorized to use personal data obtained from the Administrator for any other purpose, nor are they authorized to transfer or provide this data to anyone else. The following categories of processors may process personal data for the Administrator:
- providers of accounting services and accounting software,
- providers of cloud services, mailing services, web hosting and an e-shop solution provider.
The administrator can also transfer your personal data to another entity, if this obligation results from binding legal regulations.
Transfer of personal data to third countries or international organizations
In some cases, the administrator may also transfer personal data to third countries or an international organization. The administrator ensures that the binding rules of the GDPR for the transfer of personal data to a third country or an international organization are observed when transferring personal data. In such a case, the transfer of personal data is based on the European Commission's decision on the appropriate level of personal data protection in a given country, location or in a specific industry. And if such a decision has not been made, the transfer of personal data can only take place if the administrator or processor to whom the personal data is to be transferred provides appropriate guarantees, in particular, if it undertakes to comply with standard contractual clauses approved by the European Commission.
Your rights in connection with the protection of your personal data
As a data subject you have:
You can exercise all your rights with the Administrator in writing or electronically via the contact details listed above.
Validity and effectiveness
These Terms of Protection and Processing of Personal Data are valid and effective from September 19, 2023.
Thanks for subscribing!
This email has been registered!