Privacy Policy

The e-shop Organisational Information Security Strategy on the website based in Australia processes personal data provided by Customers to fulfil and to process electronic orders and shipments during a period required by law.

General provisions

1. Personal data controller, in compliance with GDPR (hereinafter referred to as "Regulation“) is Organisational Information Security Strategy, based in Australia (hereinafter referred to as "Controller“);

2. The contact details of the Controller are: e-mail:, tel.: 0409135088;

3. Personal data is any information that relates to an identified or identifiable natural person.

The source of personal data

1. The Controller processes personal data obtained with consent from Customers and collected through the contract for purchase and fulfilment of electronic orders created in the e-shop Organisational Information Security Strategy.;

2. The Controller processes only the identifying and contact details of Customers which are necessary for the fulfilment of the contract to purchase;

3. The Controller processes personal data for shipping and accounting purposes and for any necessary communication between the contracting parties for the duration required by law. Personal data will not be made public and will not be transferred to other countries.

Purpose of data processing

The Controller processes personal data of the Customer for following purposes:

1. Registration on the website in compliance with Chapter 4, Section 2 of GDPR;

2. For fulfilment of electronic orders created by Customers (name, address, e-mail, telephone number);

3. To observe the law and regulations arising from the contractual relationship between Customer and Controller;

4. Personal data are necessary for the fulfilment of contracts to purchase. Contracts cannot be concluded without personal data.

Duration of personal data storage

1. The Controller stores personal data for the period necessary for fulfilment of rights and obligations arising from the contractual relationship between the Controller and Customer and for the duration of 3 years following the conclusion of the contractual relationship;

2. The Controller must delete all personal data after the expiration of the period required for the storage of personal data.

Recipients and processors of personal data

Third parties processing personal data of the Customer are subcontractors of the Controller. The Services of these subcontractors are indispensable for the successful fulfilment of the contract to purchase and processing of the electronic order between Controller and Customer.

Subcontractors of the Controller are:

  • Webnode AG (e-shop system);
  • Shipping company;
  • Google Analytics (website analytics);

Rights of Customer

In compliance with the Regulation, the Customer is entitled to:

1. The right of access to personal data;

2. The right to rectification of personal data;

3. The right to erasure of personal data;

4. The right to object to processing of personal data;

5. The right to data portability;

6. The right to withdraw consent to the processing of personal data in writing or by e-mail sent to:;

7. The right to lodge a complaint with the supervisory authority in case of suspected breach of the Regulation.

Security of personal data

1. The Controller declares to that all technical and organisational precautions necessary for the protection of personal data have been taken;

2. The Controller has taken technical precautions to secure data storage spaces, in particular securing access to computer with a password, using antivirus software and performing regular maintenance of computers.

Final provisions

1. By placing an electronic order on the website the Customer confirms being informed about all the conditions of personal data protection and accepts them;

2. The Customer accepts these rules by ticking the checkbox in the order purchase form;

3. The Controller can update these Rules at any time. New, updated versions have to be published on his website.

These Rules come into effect on 1st January 2018.