Information on personal data protection
If you are our customer or a visitor o the site, you are giving us your personal information. We are responsible for their protection and security. Please be aware of the protection of personal data, principles and rights you have in connection with GDPR (General Data Protection Regulation of European Parliament and EU Council nr. 2016/679).
I. Who is the Data Controller?
The company GONAEXPORT-CZ, sro, registered office at Drahobejlova 1072/10, 190 00 Prague 9, Czech Republic, ID: 29381410, Lípová 1128, 737 01 Český Těšín, headed by the Municipal Court in Prague under file number C 205877 and web site operator www.gonaexport.cz.
We declare that, as the Data Controller of your personal data, we comply with all legal obligations required by applicable law, in particular the Privacy Act and the GDPR, and that:
- we will process your personal data only on the basis of a valid legal reason, namely the legitimate interest, the performance of the contract, the legal obligation or the consent
- we will comply with the obligation to provide information prior to the processing of personal data under Article 13 of the GDPR
- we will allow and encourage you to exercise and enforce your rights under the Personal Data Protection Act and the GDPR
II. Contact details of Data Controllers
III. Who is the Data Processor?
The processing of personal data is carried out by the Data controllers, but the personal data can be processed by these processors:
- WEDOS – domain and webhosting provider; WEDOS Internet, a.s., Masarykova 1230, 373 41 Hluboká nad Vltavou, IČ: 28115708
- DAINPO, s.r.o. – accountancy, Novákových 970/41, 180 00 Praha 8, Libeň, IČ: 25351192. Facility: DAINPO, s.r.o., Mánesova 535/29, 737 01 Český Těšín
- ROAD Group v.o.s. , Facility: Tovární 1030/41, 737 01 Český Těšín
- Google Analytics - a tool from Google that allows publishers to get statistical data about their site users; 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
It is possible that in the future we will decide to use other applications or processors to make it easier and better to process personal data. We guarantee that in this case we will, at the choice of the processors, put at least the same security and processing requirements as ourselves.
We do not provide any personal data to any third parties.
IV. Scope of personal data and processing purposes
We process personal information you entrust to us for the following reasons (to fulfill these purposes):
1. Provision of trade and services, performance of the contract
Your personal information in the scope of: e-mail, name, telephone number, postal address, Registration numer, VAT number, we need to fulfill the contract (eg for delivery ordered goods). We keep this information for our company for 5 years from contact.
2. Billing and accounting
Your personal information in the scope of: name, postal address, Registration number, VAT number, we need to be able to fulfill its legal obligation to compile and record tax invoices - invoicing. We keep this information for 10 years from getting a contact.
www.gonaexport.com does not use any of its own cookies. The site is a "Google Analytics" code that uses "cookies" to analyze the traffic on our site.
You agree to collect "Cookies" in the info bar by clicking "I understand!" By doing so, you grant the consent for the period specified for each cookie. You can find this by right-clicking the "i" icon on leftside of the web page address- "Viewing Site Information".
You can recall your consent for data collection at any time by changing settings of our Internet browser.
VI. Security and Privacy of personal data
We protect your personal data to the fullest extent possible using modern technologies. We have accepted and maintained all possible (currently known) technical and organizational measures that prevent the misuse, damage or destruction of your personal information.
VII. Providing data outside the European Union
We process data only in the European Union or in countries that provide a responsible level of protection on the basis of a European Commission decision. Outside the EU, only Google (Google Analytics) processes your data and its privacy is in line with the applicable GDPR.
VIII: Disclosure of personal data to other persons
Certain contractual or statutory obligations are assured by other people who are in the position of processors. In particular, it is a provider of data storage and software applications. We have written agreements with them, in which we have agreed to fulfill our privacy obligations to keep your data safe. You can find the list of processors in Section III.
Personal data will also be made available to the appropriate administrative authorities if such a duty is imposed by law (ie in particular in the case of an inspection where the authority is entitled to request the disclosure of personal data).
IX. Your rights in connection with the protection of personal data
1. You have the right to information that is already provided by this information page with the principles of processing your personal data.
2. You have the right to ask us for providing you with information how we process your personal data and why and we will do so within the 14-day time limit.
5. You may restrict the scope of personal data or purposes of processing according to Article 18. (for example, by dropping out of the newsletter, you limit the purpose of processing for sending business messages).
Other rights in relation to the protection of personal data:
6. Right of portability:
Under the conditions set out in Article 20 of the GDPR, you have the right to obtain your personal data and pass it on to another Administrator. If you would like to take your personal information and transfer it to someone else, we will proceed as you would with the right of access - except that we will send you the information in machine-readable form. If technically feasible, you have the right to request direct delivery to another administrator. We need at least 14 days to complete.
7. Right to delete (be forgotten):
Your next right is the right to erase (be forgotten). In this case, we will delete all your personal data from your system and the system of all partial processors and backups. We need 30 days to secure the right to erase.
In some cases, we are bound by a statutory obligation and, for example, we must record the tax documents issued after the statutory time. In this case, we will delete all such personal data that is not bound by any other law. We will notify you of the completion of the deletion by email (in the GDPR, the reasons given in Article 17, including exceptions when deletion is not made).
8. Right to object
In cases where we process personal data for purposes of legitimate interests, you have the right to object to such processing, and then we will not process the data unless our legitimate interest outweighs your interests or rights and freedoms. If direct marketing is legitimate interest then the objection always results in the termination of further processing for direct marketing purposes.
9. Right to complain to the Data Collector or the Personal Data Protection Authority
If you feel that we do not comply with the law with your data, you have the right to appeal at any time to the Office for Personal Data Protection. We will be glad if you first inform us of this suspicion, so we can do something about it and correct any mistakes.
It must be clear from the complaint who is giving it and what its subject is. If this is not the case, or if it is necessary to do so, we will ask you to fill in the missing information within the specified time. If the complaint is not completed, it can not be resolved. The deadline for processing a complaint is 30 calendar days and begins on the first business day after delivery or completion.
As an Data Controller, you may file a complaint with the Office for Personal Data Protection at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, https://www.uoou.cz.
We would like to assure you that we and our associates who process your personal data are required to maintain confidentiality about personal data and security measures whose disclosure would compromise the security of your personal information. This confidentiality persists even after the end of our engagement with us. Without your consent, your personal data will not be released to any third party.