Information on the processing of personal data

Privacy notice under Regulation of the European Parliament and of the council (EU) no. 2016/679 on the protection of natural persons with regard to the processing of personal data and instruction to data subjects (hereinafter as “GDPR”)

Personal data controller

Danfil Jewellery s.r.o., registered office at Lomová 704, 46312 Liberec 25 (Vesec), ID no.: 27277844, Tax ID no.: CZ27277844, which has been incorporated since 20 May 2005 in the Companies Register kept by the Regional Court in Ústí nad Labem, file no. C 22160 (hereinafter the “Controller”), hereby informs you in accordance with Article 12 GDPR on the processing of your personal data and your rights.


Extent of personal data processing

Personal data are processed to the extent to which they were provided to the Controller by the relevant data subject in connection with the entry into a contractual or other legal relationship with the Controller or which the Controller has otherwise collected and processed in compliance with legal regulations or in order to perform the statutory obligations of a controller.

Sources of personal data

Categories of the personal data processed

Data subject categories

Personal data recipient categories

Purpose of personal data processing

Manner of processing and protecting personal data

The processing of personal data is performed by the Controller. The processing is carried out in the Controller’s establishments, branch offices and registered office by individual authorized employees of the Controller, or potentially by a processor. The processing is performed by computer technology or, as the case may be, manually in the case of personal data in the physical form in compliance with personal data management and processing security principles. To that end the Controller has adopted technical and organizational measures to ensure the protection of the personal data, including in particular measures preventing unauthorized or accidental access to, alteration, destruction or loss or unauthorized transfers or unauthorized processing as well as other misuse of the personal data. All entities to which the personal data may be made accessible respect the right of data subjects to the protection of privacy and have the obligation to proceed pursuant to the valid personal data protection legal regulations.

Personal data processing period

In accordance with the time limits specified in the relevant contracts, the Controller’s filing and shredding rules and in applicable legal regulations the data are processed for a period necessary to perform the rights and obligations ensuing from an obligational relationship as well as applicable legal regulations.


The Controller processes data with data subject’s consent with the exception of the cases defined by law where the processing of personal data does not require data subject's consent. In accordance with Article 6(1) GDPR a controller may process the following data without data subject’s consent:

Rights of data subjects

In accordance with Article 12 GDPR the Controller informs a data subject upon the data subject’s request on the right to access his or her personal data and to the following information:

Each data subject who finds out or considers that the Controller or a processor engages in the processing of his or her personal data which is in conflict with the protection of the data subject’s private and personal life or in conflict with law, in particular if the personal data are inaccurate with regard to the purpose of the processing, the data subject may:

Our certificates and payment methods