1. Data Controller
The controller of personal data pursuant to Regulation (EU) 2016/679 (GDPR) is
WAKESTONE LOGISTICS s.r.o., Company ID No.: 27648591, with its registered office at U Špejcharu 409, 252 67 Tuchoměřice (hereinafter referred to as the “Controller”).

Contact details::
e-mail: logistics@wakestone.eu
telefon: +420 602 107 077

Správce nejmenoval pověřence pro ochranu osobních údajů.

2. Scope of processed personal data
2.1. The Controller processes in particular the following personal data:first name and last name, e-mail address, telephone number, delivery and billing address, company details (company name, registered office, Company IDNo., VAT ID), data related to orders and payments, and technical data necessary for the operation of the website.

3.Purpose and legal basis of processing
3.1. Personal data are processed for the following purposes:
• processing orders and performance of contractual obligations
• communication with customers
• compliance with legal obligations (especially accounting and tax obligations)
• protection of the Controller’s rights and legitimate interests
• sending commercial communications in accordance with applicable legal regulations.

The legal basis for processing personal data is the performance of a contract, compliance with a legal obligation, the legitimate interest of the Controller, orthe data subject’s consent pursuant to GDPR.

4.Recipients of personal data
4.1. Personal data may be transferred only to the extent necessary to:
• carriers (e.g. DHL Express (Czech Republic) s.r.o., Zásilkovna s.r.o.)
• payment gateway providers• accounting and tax advisors
 • IT, hosting, and cloud service providers

4.2 In justified cases, personal data may be transferred outside the EU, always with an adequate level of data protection ensured.

5. Data retention period
5.1. Personal data are stored for the duration of the contractual relationship and subsequently for up to 10 years, where required by legal regulations or for theprotection of the Controller’s legitimate interests.
5.2. Personal data processed for marketing purposes are stored for a maximum period of 5 years or until the consent is withdrawn.

6. Rights of the data subject
6.1. The data subject has the right to access their personal data, to rectification, restriction of processing, erasure, to object to processing, to data portability,and to lodge a complaint with the Office for Personal Data Protection.

7. Security of personal data
7.1. The Controller has adopted appropriate technical and organizational measures to secure personal data. Access to personal data is granted only toauthorized persons.

8. Final provisions
8.1. These personal data protection principles are valid from the date of publication and may be updated by the Controller. The current version is alwaysavailable on the website.