GDPR | PRIVACY POLICY

PROCESSING AND PROTECTING YOUR PERSONAL DATA

1/ BASIC PROVISIONS The administrator of personal data according to Article 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons in connection with the processing of personal data and on the free movement of such data (hereinafter: "GDPR") is the company Cosmoincentive s.r.o., ID 26167832, with registered office at Charvatova 3, 11000 Prague 1 (hereinafter: "administrator"). The administrator's contact details are: info@anavieshop.com

2/ SOURCES AND CATEGORIES OF PROCESSED PERSONAL DATA The administrator processes your personal data: name, surname, email address, telephone number, residential address, bank account for the purpose of processing an electronic order, making a delivery, to the extent specified in the contract, in the order, or in the complaint protocol , relevant email correspondence and also data that you knowingly and voluntarily provide as part of the fulfillment of individual orders (e.g. data on family members or close people)

3/ PURPOSES OF PERSONAL DATA PROCESSING To preserve your transaction history and the results of the complaint procedure, receiving and processing and fulfilling orders, sales, creating accounting documents and invoicing the customer, business communication, fulfilling all rights and obligations arising from the contract concluded between the Administrator and you , processing of complaints, Protection of the Administrator's rights (e.g. recovery of owed amounts), Accounting, direct marketing including basic profiling and sending commercial messages (e.g. sending news, discount offers or invitations to marketing events) by electronic means (e.g. e-mail) , SMS), if you do not reject this method of marketing communication in advance Personal data are processed electronically as well as on paper form. A contract cannot be concluded without providing personal data. By submitting an electronic order on the anavieshop.com website, the buyer confirms that he has been familiar with the terms of personal data protection and that he accepts them in their entirety.

4/ LEGAL AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA The legal reason for the processing of personal data is the fulfillment of the contract between you and the administrator according to Article 6, paragraph 1 letter b) GDPR, the administrator's legitimate interest in providing direct marketing (especially for sending business communications and newsletters) pursuant to Article 6, paragraph 1 letter f) GDPR. Your consent to processing for the purposes of providing direct marketing (in particular for sending business communications and newsletters) pursuant to Article 6, paragraph 1 letter a) GDPR in connection with § 7 paragraph 2 of Act No. 480/2004 Coll., on certain information society services in the event that no goods or services have been ordered. The administrator is authorized to process your personal data, which is necessary for the fulfillment of the contract concluded with you and the fulfillment of legal obligations. The provision of personal data is a legal or contractual requirement and without this data it will not be possible to accept/deal with your order or complaint. The administrator is also entitled to process your personal data due to the legitimate interests of the administrator (e.g. recovery of claims from customers, defense in legal disputes).

5/ TO WHOM MAY YOUR PERSONAL DATA BE PROVIDED OR MADE ACCESSIBLE? In addition to the Administrator, the Administrator can also authorize third parties based on a contract for the processing of personal data (e.g. IT company, marketing agency), Czech Post, DHL courier service, Webnode AG eshop system, Google Analytics, recipient's bank, Stripe payment gateway. Your personal data may be provided to other third parties in the event that disclosure is an obligation established by law (e.g. law enforcement authorities, courts) or personal data is disclosed for the purpose of protecting the controller's rights (e.g. lawyers), or when delivering written communication e.g. Czech Post.                                                  Can personal data be transferred to countries outside the European Union? We will never  transferr/give/sell your data outside the European Union, or European Economic Area.

6/ HOW LONG WILL YOUR DATA BE KEPT? Personal data (contacts, purchase history, business and marketing communications) will be kept for the duration of the Administrator's activity, unless you object to the processing for direct marketing purposes. If you object to direct marketing, we will keep your personal data for a maximum of 5 calendar years from the last business contact with you. Tax documents and accounting records will be kept for the period determined by the relevant legal regulations (no longer than 10 years from the end of the accounting period).

7/ WHAT ARE YOUR RIGHTS? *For information on the processing of your personal data. *To access personal data, including the right to a copy of your personal data and to the transferability of your personal data to another administrator *To correct personal data *To delete (if an objection is raised against direct marketing or the period for keeping personal data expires) The right to limit processing (if question the accuracy of processed personal data, request restriction of processing instead of erasure of personal data, or object to processing due to legitimate interests of the controller)

YOU CAN OBJECT TO THE PROCESSING OF PERSONAL DATA FOR DIRECT MARKETING PURPOSES AND THE PERSONAL DATA WILL BE DELETED AND SHREDDED YOU CAN ALSO OBJECT TO THE PROCESSING OF PERSONAL DATA FOR OTHER LEGITIMATE INTERESTS OF THE CONTROLLER AND THE PERSONAL DATA WILL BE DELETED. (unless it conflicts with applicable laws). Send all your requests to the email: cosmoincentive@cosmoincentive.cz You also have the right to contact the Office for the Protection of Personal Data at any time with your initiative or complaint

8/ Security of personal data 1. The administrator declares that he has taken all appropriate technical and organizational measures necessary to secure the buyer's personal data; 2. The administrator has taken technical measures to secure data stores of personal data, in particular securing computer access with a password, using an anti-virus program and regular computer maintenance. 3. For mandatory long-term storage of necessary data, an external disk is used, protected by a password, locked and protected by several layers of security. In paper form, the documents are stored in a safe place, physically protected by safe-type locks and no people, except the administrator, have access to them.

9/ FINAL PROVISIONS By submitting an order from the online order form, you confirm that you are familiar with the terms of personal data protection and that you accept them in their entirety. You agree to these terms and conditions by ticking your consent via the online form. By checking consent, you confirm that you are familiar with the terms of personal data protection and that you accept them in their entirety. The Administrator is entitled to change these Rules at any time. He is obliged to publish the new version of the Rules on his website. 20/10/2022

COOKIES AND OTHER TOOLS                                                                            What are Cookies? Cookies are short text files generated by a web server and stored on a computer via a browser.

What are Cookies for? Cookies are used to enable the website to more simply and quickly identify the same website visitor, his behavior, the duration of the visit, what he is most interested in, etc. These data are collected by Cookies so that the website already remembers you and makes everything faster and easier for you on your next visit. you return later, the browser will send the stored cookie back and the server will thus retrieve all the information it previously stored with you. Cookies therefore facilitate personalization and also authentication. Cookies also serve as a measurement, statistical and analytical tool.

What cookies are used? Third-party cookies - Webnode, Google Analytics, Facebook, Instagram Third-party cookies are mainly used for: *improving functionality *advertising and marketing *monitoring and saving your behavior on the pages, i.e. - how long and what you view, links you click on, information about your browser, location and type of web connection, IP address, especially for advertising personalization

Third-party Cookies are also functional on the anavieshop.com website, which may use various Cookies and other diagnostic and analytical tools. These third parties are: Webnode, Google Analytics, Facebook, Instagram. Each of these companies has its own data protection and storage policy, I recommend that you familiarize yourself with them on their websites.

Webnode: https://www.webnode.cz/pravidla-ochrany-soukromi/           Google: https://www.google.it/analytics/learn/privacy.html                  Facebook: https://www.facebook.com                                                     Instagram: https://www.instagram.com                                   https://www.dhl.com/cz-cs/home/paticka/mistni-oznameni-o-ochrane-soukromi.html                                                                https://www.ceskaposta.cz/informace- about-web-and-cookies

How you can influence/disable/delete cookies *On your web browser - in the web settings - you can block cookies, which may have an impact on some functions of the browser or web pages *On the website (browser), set which cookies you allow *Delete cookies by manually deleting history including Cookies and cache.

Please note that deleting the history, cookies, and cache will also delete some website settings and your login information. Email questions to:    info@anavieshop.com                             Status as of 10/20/2022