Principles of Personal Data Processing
- As a personal data controller pursuant to Article 4 (7) of the Regulation (EU) No. 2016/679 of the European Parliament and of the Council, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also known as the GDPR (hereinafter only the “GDPR”), SizeID s.r.o., Business Registration: 03577775, Registered Office: Prague 5 – Smíchov, 3324/4a Křížová Street, 150 00, would like to explain to you how your personal data is processed by our company and what your rights you have with regard to this processing. These principles should also make it clear how we ensure confidentiality and security of your personal data.
- We would like to let you know that we handle your personal data with proper care and pursuant to applicable legal regulations. Your personal data is protected to the maximum extent possible.
- Please, be aware that this document might be further updated in the future
What Does Personal Data Processing Mean?
- The processing means essentially any handling of personal data we carry out. This includes particularly gathering, storage on information media, editing, amending, searching, usage, transmitting, dissemination, publishing, persisting, sorting, blocking, or disposing of personal data.
What Personal Data Do We Process?
- We only process such personal data, which you provide in connection with usage of our services, or with signing of a contract for usage of this service.
- If you register with SizeID, we will process your e-mail address and password, which is encrypted and inaccessible to us. While you may enter your first and last name and/or add a profile picture to your profile, this is optional.
- For the purposes of providing our services, we also process the measurements you enter in your profile, specifically your height, head circumference, neck circumference, arm length, chest circumference, circumference underneath your breasts, waist line, drop waist, hipline, inseam, outseam, and foot length, and/or additional data to further improve our services.
- We process your personal data for the duration of your SizeID registration. If you no longer wish to be our registered user, you may cancel your account at any time. If this is the case, please send your request to our e-mail address: firstname.lastname@example.org.
What is the Purpose of Our Personal Data Processing?
- We process your personal data in order to provide our services properly, specifically to find and recommend suitable clothing sizes based on the data you provide, so that any piece of clothing you choose fits as it should.
- We also strive to continuously improve the quality of our services and for that purpose we perform analysis and gather metrics at our website, analysing your preferences, sending you marketing commercial communications, answering your questions, etc.
- Your personal data is processed automatically. We perform no profiling or automated decisionmaking.
Security of Your Personal Data
- We strive to protect your personal data as much as we can. We regularly test the quality of our security, adopting measures to prevent any unauthorised or accidental access to personal data, its change, destruction or loss, unauthorised transmission(s), unauthorised processing, and/or any other misuse of personal data. The data is protected from known types of external attacks by usual means.
- Your personal data is processed by our employees or by other people, with whom we have signed a personal data processing agreement. Such an agreement guarantees that your personal data is processed securely and pursuant to applicable legal regulations. All employees have undergone personal data protection and processing training in order to process your personal data in accordance with our internal rules.
- We also take care that all workers processing personal data sign a confidentiality agreement with us, undertaking to maintain confidentiality of any information obtained in connection with personal data processing.
- All data is processed in the Czech Republic (CR) or in other countries of the EU. At no point is your data passed outside member states of the EU. No data entered by users is duplicated, checked, or altered.
Cookies at Our Websites
- Furthermore, there are third-party cookies (such as Google Analytics cookies for analysis of visit rates of particular websites or specific services, or cookies of operators of advertising systems running on our website). Such cookies are managed by third parties and we have no read or write access to this data. You may read Google’s personal data protection statement here (clickable link to https://policies.google.com/technologies/partner-sites).
What Are Your Rights?
As a data subject, you have the following rights, which are granted pursuant to applicable legal regulations and which you may exert at any time. These include the following:
- Right of access – you may ask for the information on which of your personal data we process. We shall provide this information within 30 days from delivery of your request.
- Right to rectification or amendment – if you find out the personal data we keep on you is inaccurate, you are entitled to ask us to correct or amend the personal data without undue delay.
- Right to erasure – you may ask us to erase your personal data, where one of the following grounds applies:
- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed,
- you have withdrawn your consent on which the processing is based and there is no other legal ground for the processing,
- you object to being subject of decision-making based on automated processing of your personal data and there are no overriding legitimate grounds for the processing, or you object to the processing of your personal data for direct marketing purposes,
- your personal data has been unlawfully processed,
- your personal data has to be erased for compliance with a legal obligation in Union or Member State law to which our company as the controller is subject.
- Right to restriction of processing – you have the right to obtain from us restriction of personal data processing.
- Right to data portability – if we process your data based on an agreement or consent and we do this by automatic means, you have the right to receive the personal data concerning you which you have provided to our company, in a structured, commonly used, and machine-readable format, provided this right will not adversely affect the rights and freedoms of other person or persons.
- Right to object – you have the right to object at any time to processing of your personal data based on our legitimate interest.
- Right to withdraw consent – if you give us your consent with personal data processing, you may withdraw this consent at any time.
- Right to lodge a complaint – you have the right to lodge a complaint against processing of your personal data with the supervisory authority, which is The Office for Personal Data Protection, 27 Pplk. Sochora Street, 170 00 Prague 7.
If you decide to exert any of the above-mentioned rights, please contact us, preferably by email at the following address: email@example.com
These Principles of Personal Data Processing come into effect on August 1st 2018.