Data Protection Declaration

Declaration on the processing of personal data under Regulation (EC) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and the training of data subjects (GDPR)

1. Data Data Controller
Aviator Custom Guitars s.r.o., headquarters at Komenského 889, 753 01 Hranice, Czech Republic, ID: 089 35 491, registrated by County Court at Ostrava under insertion C 81355, Tax ID: CZ08935491 (hereinafter referred to as the "Administrator")
You hereby inform, in accordance with Article 12 of the GDPR, the processing of your personal data and your rights.

2. Scope of personal data processing

Personal data is processed to the extent that the data subject has provided the data to Data Controller in connection with the conclusion of a contractual or other legal relationship with the Data Controller or which the Data Controller has collected otherwise and processes them in accordance with the applicable legal regulations or to fulfill the statutory obligations of the Data Controller.

3. Sources of personal data

4. Categories of personal data that are being processed

5. Categories of data subjects

6. Categories of recipients of personal data

7. Purpose of personal data processing

8. Method of personal data processing and protection

Processing of personal data is done by the Data Controller. The processing is carried out at its premises and the headquarters of the Data Controller by the individual authorized employees of theData Controller, or by processor. The processing takes place via computer technology, and manually to personal data in paper form, with all the security policies for managing and processing your personal information.

For this purpose, the Data Controller has adopted technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, alteration, destruction or loss, unauthorized transmission, unauthorized processing, and other misuse of personal data. All entities to which personal data may be made available respect the privacy rights of data protection entities and are required to comply with applicable privacy laws.

9. Time of processing of personal data

In accordance with the deadlines specified in the relevant contracts or in the relevant legislation, it is the time necessary to ensure the rights and obligations flowing both from the obligation relationship and from the relevant legal regulations.

10. Edification

The Data Controller processes the data with the consent of the data subject, except in cases where the processing of personal data does not require the consent of the data subject.

In accordance with Article 6 (1) of the GDPR, the Data Controller may, without the consent of the data subject, process the following data:

11. Rights of data subjects

  1. In accordance with Article 12 of the GDPR, the Data Controller shall, at the request of the data subject, inform the data subject of the right of access to personal data and the following information:
    • the purpose of processing,
    • the category of personal data concerned,
    • the recipients or categories of recipients whose personal data have been or will be made available,
    • the planned time for which personal data will be stored,
    • all available information about the personal data source,
    • if they are not obtained from the data subject, the fact that automated decision making, including profiling, occurs.
  2. Any data subject who discovers or considers that the Data Controller or processor processes his or her personal data in a way that is contrary to the privacy or privacy of the data subject, or in violation of law, in particular if personal data are inaccurate with regard to the purpose of processing, may:
    • Ask the Data Controller for an explanation.
    • Require the Data Controller to remove the resulting state. In particular, it may be blocking, repairing, adding or deleting personal information.
    • If the data subject's request under paragraph 1 is found to be justified, the Data Controller shall immediately remove the malfunction.
    • If the Data Controller does not satisfy the data subject's request under paragraph 1, the data subject has the right to contact the supervisory authority, the Personal Data Protection Authority directly.
    • The procedure provided for in paragraph 1 shall not prevent the data subject from contacting the supervisory authority directly.
    • The Data Controller is entitled to require reasonable compensation for the provision of the information, not exceeding the costs necessary to provide the information.

This statement is publicly accessible on the Data Controller's website.

Updated 2020, April 25th