Data Processing Agreement
Data Processing Agreement
This Data Processing Agreement (hereinafter referred to as the “Agreement”) is entered into between:
1.1. The Controller engages the Processor to process personal data of users of the website https://dilevriero.tilda.ws/ (hereinafter referred to as the “Website”) for the purpose of providing services related to the sale of women’s clothing.
1.2. Processing includes the collection, storage, transfer, use, and deletion of personal data in accordance with the Controller’s instructions and this Agreement.
2. Categories of Personal Data and Data Subjects
2.1. Personal data includes:
3.1. Personal data is processed for:
4.1. The Processor undertakes to:
5.1. The Processor may engage subprocessors (e.g., delivery services, payment systems) only with the Controller’s written consent.
5.2. The Processor shall enter into agreements with subprocessors ensuring the same level of data protection as this Agreement.
6. Cross-Border Data Transfers
6.1. If data is transferred outside the EEA (e.g., to Ukraine), the Processor shall use Standard Contractual Clauses (SCC) or other GDPR-compliant mechanisms.
7. Duration and Data Deletion
7.1. This Agreement remains in effect until the completion of data processing or termination of the contract between the Controller and Processor.
7.2. Upon completion of processing, the Processor shall delete or return personal data to the Controller, unless retention is required by law (e.g., 5 years for tax purposes in the Czech Republic).
8. Liability
8.1. The Processor is liable for GDPR violations caused by non-compliance with this Agreement.
8.2. The Controller and Processor shall cooperate to address breaches and fulfill data subject requests.
9. Contact Information
For questions related to data processing, contact the Controller:
This Data Processing Agreement (hereinafter referred to as the “Agreement”) is entered into between:
- Data Controller: Borzenets Diana, OSVČ, Identifikační číslo osoby: 21220697, registered at U Mlýnského kanálu 687/7, 186 00, Praha, Czech Republic (hereinafter referred to as the “Controller”),
- and Data Processor: [specific processor, e.g., Tilda or other service, to be specified],
- in accordance with Regulation (EU) 2016/679 (GDPR) and the laws of the Czech Republic.
1.1. The Controller engages the Processor to process personal data of users of the website https://dilevriero.tilda.ws/ (hereinafter referred to as the “Website”) for the purpose of providing services related to the sale of women’s clothing.
1.2. Processing includes the collection, storage, transfer, use, and deletion of personal data in accordance with the Controller’s instructions and this Agreement.
2. Categories of Personal Data and Data Subjects
2.1. Personal data includes:
- Name, delivery address, billing address, email address, phone number.
- Technical data: IP address, browser version, time zone, cookie information, Website usage data.
- Payment information: transaction details (excluding storage of card numbers).
- 2.2. Data subjects: Website users, including buyers of women’s clothing and individuals contacting customer support.
3.1. Personal data is processed for:
- Fulfilling orders (processing, delivery, invoicing).
- Conducting Website usage analytics (e.g., via Google Analytics).
- Providing marketing communications (with data subject consent).
- Preventing fraud and ensuring security.
4.1. The Processor undertakes to:
- Process data only in accordance with the Controller’s instructions.
- Ensure data confidentiality and implement technical and organizational security measures (e.g., encryption, access controls).
- Not disclose data to third parties without the Controller’s written consent, except as required by law.
- Notify the Controller of any data subject requests or data breaches within 72 hours.
- 4.2. The Processor grants the Controller the right to audit its data processing activities.
5.1. The Processor may engage subprocessors (e.g., delivery services, payment systems) only with the Controller’s written consent.
5.2. The Processor shall enter into agreements with subprocessors ensuring the same level of data protection as this Agreement.
6. Cross-Border Data Transfers
6.1. If data is transferred outside the EEA (e.g., to Ukraine), the Processor shall use Standard Contractual Clauses (SCC) or other GDPR-compliant mechanisms.
7. Duration and Data Deletion
7.1. This Agreement remains in effect until the completion of data processing or termination of the contract between the Controller and Processor.
7.2. Upon completion of processing, the Processor shall delete or return personal data to the Controller, unless retention is required by law (e.g., 5 years for tax purposes in the Czech Republic).
8. Liability
8.1. The Processor is liable for GDPR violations caused by non-compliance with this Agreement.
8.2. The Controller and Processor shall cooperate to address breaches and fulfill data subject requests.
9. Contact Information
For questions related to data processing, contact the Controller:
- Email: info@dilevriero.cz
- Address: Borzenets Diana, OSVČ, Identifikační číslo osoby: 21220697, U Mlýnského kanálu 687/7, 186 00, Praha, Czech Republic
