Data protection and operation of the e-shop

JUDr. Ondřej Preuss, Ph.D.
4. August 2016
4 minutes of reading
4 minutes of reading
Tradesmen and companies

Have you set up or want to set up an e-shop? Do you collect email addresses, contacts or other data about your customers? Then you need to think about data protection.

E-shopy a spotřebitelské spory

The protection of individuals’ personal data is an often neglected area of regulation. It can bring many unpleasant surprises to start-ups and established businesses alike. What are the most important requirements imposed by this regulation? And how to effectively prevent problems with the authorities, but also with “data subjects” (i.e. customers or prospective customers)?

Consent to the processing of personal data

If you use your website users’ personal data for purposes other than purely to supply them with the goods or service you offer, you will most likely need consent to process their data for those purposes.

Consent must include the purpose of the processing and information about what personal data it is given for, as well as to which controller and for what period. The processor must be able to demonstrate the existence of consent throughout the processing of the personal data.

The user’s consent is commonly obtained for the dissemination of commercial communications (sending newsletters), telemarketing, transferring personal data to other entities (e.g. sharing client databases), etc. Although there is a not very broad exception in the law for these purposes as well, and it is therefore possible to do without the user’s consent in certain circumstances, it is certainly always better and legally safer for the e-shop operator to obtain consent from the user.

If an e-shop operator obtains a customer’s contact details by, for example, providing a service to the customer in the past or obtaining them from a public list, it may send the customer a newsletter by email without the consent of that user to the processing of the data. However, the operator must allow the user to easily unsubscribe from receiving the email.

Are you solving a similar problem?

Solutions Tailored for You

Our team of experienced attorneys will help you solve any legal issue. Within 24 hours we’ll evaluate your situation and suggest a step-by-step solution, including all costs. The price for this proposal is only CZK 690, and this is refunded to you when you order service from us.

I Need help

  • When you order, you know what you will get and how much it will cost.
  • We handle everything online or in person at one of our 5 offices.
  • We handle 8 out of 10 requests within 2 working days.
  • We have specialists for every field of law.

If the operator decides to obtain the user’s consent, it is advisable to obtain it by an active step on the part of the user. For example, by clicking on a website button or by ticking the appropriate box. This functionality can then be linked to a database, which will directly include those users who have given their consent and with whom the e-shop operator will be able to continue marketing.

Information obligation

Consent to the processing of personal data must also be accompanied by appropriate information on the purpose and method of such processing.

The instruction must include the following information: (i) the scope and purpose of the processing of the personal data, (ii) who will process the personal data and how, and (iii) to whom the personal data may be disclosed. The user must also be informed of the right of access to the personal data, the right to rectification and other rights granted by the Data Protection Act.

It is strongly recommended that the required information is clearly listed in one place or linked (e.g. by a link) to the text of the consent to the processing of personal data.

Registration with the DPOA

If an e-shop operator intends to use the personal data collected from users beyond the mere performance of a contract with a client, it must register as a data controller with the Data Protection Authority. It must register before it starts processing personal data. Registration can be done online using the form available on the website of the Authority. There are a few exceptions to the registration obligation, as with consent. However, even with registration, it is better to carry it out and not rely on exceptions. This is doubly true in the case of large or dynamic e-shops that collect large amounts of personal data.

Cookies

Do you intend to use cookies? A cookie is a small piece of data that is stored on your computer, tablet or mobile device after you visit a website. “Cookies” are used, among other things, to distinguish user preferences and to help the website remember certain information about you the next time you visit. If you intend to use cookies on your website, you should put special measures in place for them. These measures include a typical bar that alerts the user to the use of cookies and obtains consent from the user. It will also link to information where the user can read how your website works with cookies and what it uses them for.

Technical and organisational measures

Last but not least, the e-shop operator should think about technical and organisational measures when managing personal data. These measures include in particular: (i) securing users’ personal data (physically – e.g. bars, software – firewall), (ii) developing security guidelines, (iii) using backup technologies and many others.

Sdílejte článek


Are you solving a similar problem?

Solutions Tailored for You

Our team of experienced attorneys will help you solve any legal issue. Within 24 hours we’ll evaluate your situation and suggest a step-by-step solution, including all costs. The price for this proposal is only CZK 690, and this is refunded to you when you order service from us.

I Need help

Author of the article

JUDr. Ondřej Preuss, Ph.D.

Ondřej is the attorney who came up with the idea of providing legal services online. He's been earning his living through legal services for more than 10 years. He especially likes to help clients who may have given up hope in solving their legal issues at work, for example with real estate transfers or copyright licenses.

Education
  • Law, Ph.D, Pf UK in Prague
  • Law, L’université Nancy-II, Nancy
  • Law, Master’s degree (Mgr.), Pf UK in Prague
  • International Territorial Studies (Bc.), FSV UK in Prague

You could also be interested in

We can also solve your legal problem

In person and online. Just choose the appropriate service or opt for an independent consultation when you are unsure.

Google reviews
4.9
Facebook reviews
5.0
5 200+ people follow our Facebook
140+ people follow our X account (Twitter)
140+ people follow our LinkedIn
 
We can discuss your problem online and in person

You can find us in 4 regional towns

Quick contacts

+420 775 420 436
(Mo–Fri: 8–18)
We regularly comment on events and news for the media