(hereinafter referred to as the "Policy")
- Regulation (EU) 2016/679 (GDPR) represents the legal framework for personal data protection applicable throughout the EU, which defends the rights of its citizens against unauthorized handling of their data and personal information. GDPR adopts all existing principles of protection and data processing on which the EU personal data protection system is based and confirms that protection travels across borders along with personal data.
- In accordance with this, the General Regulation further develops and strengthens the rights of the people affected by the processing, in both components: to have (obtain) information about which of their data is being processed and why, and to enforce compliance with the rules, including remedying the situation. GDPR systematically emphasizes the enforceability of people's rights and the responsibilities of controllers (responsible for processing).
1. Introductory provisions
For the purposes of these Policies, the following is understood:
- Business name or title Gama-Pardubice s.r.o.
- Registered office or place of business Staré náměstí 3, Nemošice, 530 03 Pardubice
- Identification number 62026020
- Web application www.gama-pardubice.cz
- These Policies enter into force on 1.1.2023
- The Operator operates the above-mentioned Web application. Within the Web application, the Operator processes Personal data specified in section 3.2 for the purpose(s) specified below in section 3.3.
1.2 VALIDITY OF THE DATA AND ACTIVITIES STATED
The Policies indicate valid and invalid expressions. Expressions are structured into unnumbered lists.
The Controller is the person who manages, deletes, forgets, modifies, transfers, and ensures the deletion of data from all backups
Name: Martin Turek, Email address: email@example.com
The Operator, as the controller of Personal Data, hereby informs about the manner and extent of Personal Data processing, including the scope of the rights of the Data Subject (as defined below) related to the processing of his Personal Data.
2. Related documents
These Policies are the Operator's only public document on personal data protection
3. Personal data protection and information about processing
3.1 DATA SUBJECT
The Data Subject is a natural person to whom the personal data relates (hereinafter referred to as the "Data Subject"). The Data Subject is not a legal entity. Data related to a legal entity is not considered personal data.
3.2 PERSONAL DATA INCLUDES
For the purposes of these Policies, Personal Data includes:
- First and last name
3.3 PURPOSE OF PERSONAL DATA PROCESSING
The personal data of the data subjects are used for the following purposes (services):
- Business activities – communication about demand, order processing, and contract in terms of closing a deal: processing business activities (orders). If the Data Subject does not provide their Personal Data, it is not possible to conclude a contract with the Operator and/or provide the services resulting from it. Personal data is essential in this context for providing a specific service or product of the Operator. For the purpose of fulfilling the legal obligation to archive accounting documents based on Act No. 563/1991 Coll., on Accounting, as amended, Personal Data (except for email address and telephone number) will be further processed and stored for a period of 5 years starting from the year following the year in which the contract between the Operator and the Data Subject was concluded.
- Commercial communications, Newsletter - sending offers of goods or services and messages that lead to sales until the subject unsubscribes from receiving commercial communications. Storing Email addresses and Names is done by the processor Mailchimp for the purpose of potential future sending of newsletters related to the requested service and requested commercial communication for the duration: until the Subject requests deletion. Personal data will be processed for marketing and commercial communication purposes for a period of 5 years from the granting of consent.
- Remarketing - inclusion in the remarketing audience, the processor of Cookies is a third party, Google, Sklik, Facebook. Remarketing serves to display advertising messages to website visitors for a period of: 30 days.
- Improving our services and content of the Web application (e.g., for the design of the Web application amendment) for a period of: 2 years.
Who are the processors that administrators use to process personal data and third-party companies:
- Internal records of data in tools: information system, accounting system, and email mailbox of the Processor for the above purposes.
- Google LLC ("Google") headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States for data: Cookie for Remarketing purposes, which allows re-engaging the Subject who has visited the Website in the past. Ads may be displayed to them while browsing other websites in Google's Content Network. Remarketing. The Operator uses G Suite and Google Cloud Platform services, which operate in accordance with European personal data protection standards.
- Seznam.cz, ID: 26168685, for which data: Sklik is a Czech PPC system of Seznam.cz, which allows displaying ads in search on Seznam.cz and on the most visited websites on the Internet. A visitor coming through Sklik advertising is then recognized thanks to the stored record in their computer - a cookie file with a validity of 30 days. Remarketing. The Subject acknowledges that cookies from the company may be stored on their device.
- Facebook Inc., Menlo Park, California, USA for which data: Stores Cookies to customize and measure ads and create a safer environment. More information: https://www.facebook.com/policies/cookies/
- Third-party email system: Rocket Science Group, LLC in the USA, operating the MailChimp service (http://mailchimp.com/legal/terms/) for data and purposes: sending emails.
3.5 ACCEPTANCE / CONSENT TO PERSONAL DATA PROCESSING
Acceptance / consent to the processing of personal data is expressed by Subjects in these ways:
- Consent is expressed by entering personal data and sending them (i.e., by clicking on the relevant button). There is information on the processing of personal data on the page. Consent is derived from the context and process. The Subject acknowledges that by sending the completed email form, the processing of Personal Data by the Operator begins.
If the Subject does not provide their Personal Data, it is not possible for the Operator to provide the services listed in Chapter 3.3. Personal data is necessary in this context to provide a specific service or product of the Operator.
3.6 NON-PERSONAL DATA
For clarity, we list the non-personal data we record, i.e., no consent of the Subject is required.
- Cookies necessary for the operation of the Web application
- Anonymous visits to pages (e.g., URL, browser, geolocation, visitor's operating system)
3.7 RIGHTS AND OBLIGATIONS
- The Operator will make every effort to prevent unauthorized processing of Personal Data.
- The Subject is obliged to provide the Operator with only truthful and accurate Personal Data.
- The subject has the right to withdraw their consent (in cases where the processing of Personal Data is based on consent) to the processing of provided Personal Data at any time by sending an email to the Administrator's email address. However, it is not possible to withdraw consent to the processing of Personal Data to the extent and for the purposes of fulfilling the legal obligation by the Operator. Withdrawing consent does not affect the legality of processing based on consent given before its withdrawal. Withdrawing consent also does not affect the processing of Personal Data, which the administrator processes on the basis of another legal basis other than consent (i.e., in particular, if the processing is necessary for the performance of a contract, legal obligation, or other reasons specified in applicable legal regulations).
The subject also has the right to:
- access to Personal Data;
- correction of provided Personal Data;
- deletion of provided Personal Data;
- restriction of processing of Personal Data;
- file a complaint with the Personal Data Protection Office.
In case the Subject believes that the Operator carries out the processing of their Personal Data, which is in contradiction with the protection of their private and personal life or in contradiction with relevant legal regulations, especially if the Personal Data is inaccurate with regard to the purpose of their processing, they can:
- ask the Operator for an explanation by sending an email to the Administrator's email address;
- raise an objection against the processing and demand, by sending an email to the Administrator's email address, that the Operator rectifies the situation (e.g., by blocking, correcting, supplementing, or disposing of Personal Data). The Operator will decide on the objection immediately and inform the Subject. If the Operator does not comply with the objection, the Subject has the right to contact the Personal Data Protection Office directly. This provision does not affect the right of the Subject to address their suggestion to the Personal Data Protection Office directly.
- If the Subject requests information about the scope or manner of processing their Personal Data, the Operator is obliged to provide this information immediately, but no later than one month after receiving the request by the Operator at the Administrator's address.
- If the Subject exercises the right of access to Personal Data in electronic form, the Operator will also provide the requested information in electronic form, unless the Subject requests another method of providing information.
- The Operator is entitled to charge a reasonable fee for administrative costs associated with providing a physical copy of the processed Personal Data in case of repeated and unjustified requests.
4. Final Provisions
- All legal relationships arising in connection with the processing of Personal Data are governed by the laws of the Czech Republic, regardless of where access to them was carried out. Czech courts are competent to resolve any disputes arising in connection with privacy protection between the Subject and the Operato
- In relation to this Web application, Personal Data may be transferred across international borders to locations where servers supporting the Website are located.
- Subjects who provide their Personal Data through the registration form for the purpose of concluding a contract with the Operator or provide consent for the processing of Personal Data do so voluntarily, on their own behalf, and the Operator does not control their activities in any way.
- The Operator may change or supplement the wording of the Principles. The Operator will inform Subjects of any such changes by email at least 30 days before the changes take effect.
- These Principles become effective on the day stated in Chapter 1.