I. Data Controller
The controller of personal data is the natural person:
Jarmila Lučanová
Identification No.: 73059439
Registered address: U Žlábku 174, 155 31 Prague 5 – Lipence, Czech Republic
(hereinafter referred to as the “Controller”)
The Controller processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
II. Personal Data We Process
The Controller processes in particular the following personal data:
- first name and last name
- email address
- telephone number
- billing and delivery address
- company name (if provided)
III. Legal Grounds and Purposes of Processing
1️⃣ Performance of a Contract
(Article 6(1)(b) GDPR)
- processing orders
- delivery of digital products and services
- communication with customers
2️⃣ Compliance with Legal Obligations
(Article 6(1)(c) GDPR)
- accounting and tax obligations
- statutory archiving of documents
3️⃣ Legitimate Interests
(Article 6(1)(f) GDPR)
- protection of legal claims
- basic website traffic analysis
- direct marketing to existing customers
4️⃣ Consent of the Data Subject
(Article 6(1)(a) GDPR)
- sending newsletters
- marketing communications
- remarketing campaigns
Consent may be withdrawn at any time by clicking the unsubscribe link in an email or by contacting:
info@healingsoundsbyjami.com
IV. Data Retention Period
- Contractual and accounting data: for the period required by law (up to 10 years)
- Marketing data: until consent is withdrawn, but no longer than 3 years
- Technical data: according to cookie settings
After the retention period expires, personal data are securely deleted.
V. Recipients of Personal Data
Personal data may be disclosed to:
- payment service providers
- accounting and tax advisors
- website hosting providers
- providers of marketing and email distribution tools
VI. Transfers to Third Countries
Some services used by the Controller may be based outside the European Union (e.g. in the United States).
Personal data are transferred only:
- on the basis of Standard Contractual Clauses (SCCs), or
- under the EU–US Data Privacy Framework, where applicable
VII. Rights of the Data Subject
Under the GDPR, you have the right to:
- access your personal data
- rectification of inaccurate data
- erasure (“right to be forgotten”)
- restriction of processing
- data portability
- object to processing
- lodge a complaint with the supervisory authority
In the Czech Republic, the supervisory authority is the Office for Personal Data Protection (ÚOOÚ).
VIII. Personal Data Security
The Controller has implemented appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or destruction.
These Privacy Policy are effective as of 28 February 2024.