Information on personal data protection

If you are our customer or a visitor o the site, you are giving us your personal information. We are responsible for their protection and security. Please be aware of the protection of personal data, principles and rights you have in connection with GDPR (General Data Protection Regulation of European Parliament and EU Council nr. 2016/679).

I. Who is the Data Controller?

The company GONAEXPORT-CZ, sro, registered office at Drahobejlova 1072/10, 190 00 Prague 9, Czech Republic, ID: 29381410, Lípová 1128, 737 01 Český Těšín, headed by the Municipal Court in Prague under file number C 205877 and web site operator www.gonaexport.cz.

We declare that, as the Data Controller of your personal data, we comply with all legal obligations required by applicable law, in particular the Privacy Act and the GDPR, and that:

  • we will process your personal data only on the basis of a valid legal reason, namely the legitimate interest, the performance of the contract, the legal obligation or the consent
  • we will comply with the obligation to provide information prior to the processing of personal data under Article 13 of the GDPR
  • we will allow and encourage you to exercise and enforce your rights under the Personal Data Protection Act and the GDPR

II. Contact details of Data Controllers

Pavel Houdek; e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.; phone: +420 777 654 956

Věra Houdková; e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it. 

III. Who is the Data Processor?

The processing of personal data is carried out by the Data controllers, but the personal data can be processed by these processors:

  • WEDOS – domain and webhosting provider; WEDOS Internet, a.s., Masarykova 1230, 373 41 Hluboká nad Vltavou, IČ: 28115708
  • DAINPO, s.r.o. – accountancy, Novákových 970/41, 180 00 Praha 8, Libeň, IČ: 25351192. Facility: DAINPO, s.r.o., Mánesova 535/29, 737 01 Český Těšín
  • ROAD Group v.o.s. , Facility: Tovární 1030/41, 737 01 Český Těšín
  • Google Analytics - a tool from Google that allows publishers to get statistical data about their site users; 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

It is possible that in the future we will decide to use other applications or processors to make it easier and better to process personal data. We guarantee that in this case we will, at the choice of the processors, put at least the same security and processing requirements as ourselves.

We do not provide any personal data to any third parties.

IV. Scope of personal data and processing purposes

We process personal information you entrust to us for the following reasons (to fulfill these purposes):

1. Provision of trade and services, performance of the contract

Your personal information in the scope of: e-mail, name, telephone number, postal address, Registration numer, VAT number, we need to fulfill the contract (eg for delivery ordered goods). We keep this information for our company for 5 years from contact.

2. Billing and accounting

Your personal information in the scope of: name, postal address, Registration number, VAT number, we need to be able to fulfill its legal obligation to compile and record tax invoices - invoicing. We keep this information for 10 years from getting a contact.

V. Cookies

www.gonaexport.com does not use any of its own cookies. The site is a "Google Analytics" code that uses "cookies" to analyze the traffic on our site.

This means that when you browse our sites, we record your IP address, how long you stay on the page, which pages you are viewing, from which country and city. We view the use of cookies to track web site traffic and personalize our website views as a legitimate interest by the administrator because we believe we can offer you even better services.

Collected cookies are processed mainly through Google Analytics, operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Collected cookies are Google Inc. processed in accordance with the Privacy Policy available at www.google.com/intl/en/policies/privacy/#nosharing.

Our websites can also be browsed in a mode that does not allow the collection of personal data. You can disable the use of cookies on your computer in your browser settings.

You agree to collect "Cookies" in the info bar by clicking "I understand!" By doing so, you grant the consent for the period specified for each cookie. You can find this by right-clicking the "i" icon on leftside of the web page address- "Viewing Site Information".

You can recall your consent for data collection at any time by changing settings of our Internet browser.

VI. Security and Privacy of personal data

We protect your personal data to the fullest extent possible using modern technologies. We have accepted and maintained all possible (currently known) technical and organizational measures that prevent the misuse, damage or destruction of your personal information.

VII. Providing data outside the European Union

We process data only in the European Union or in countries that provide a responsible level of protection on the basis of a European Commission decision. Outside the EU, only Google (Google Analytics) processes your data and its privacy is in line with the applicable GDPR.

VIII: Disclosure of personal data to other persons

Certain contractual or statutory obligations are assured by other people who are in the position of processors. In particular, it is a provider of data storage and software applications. We have written agreements with them, in which we have agreed to fulfill our privacy obligations to keep your data safe. You can find the list of processors in Section III.

Personal data will also be made available to the appropriate administrative authorities if such a duty is imposed by law (ie in particular in the case of an inspection where the authority is entitled to request the disclosure of personal data).

IX. Your rights in connection with the protection of personal data

You have a number of rights in relation to the protection of your personal data. If you wish to use any of these rights, please contact us via e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

1. You have the right to information that is already provided by this information page with the principles of processing your personal data.

2. You have the right to ask us for providing you with information how we process your personal data and why and we will do so within the 14-day time limit.

3. If something changes or you find your personal information out of date, incomplete or incorrect, you have the right to supplement and change your personal information. In this case, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. and we will make the changes within 7 days of receipt of your request.

4. You may benefit from the right to limit the processing if you believe that we are processing your inaccurate data, you believe we are processing it illegally, but you do not want to delete all data or if you have objected to the processing. In this case, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. and we will make the changes within 7 days.

5. You may restrict the scope of personal data or purposes of processing according to Article 18. (for example, by dropping out of the newsletter, you limit the purpose of processing for sending business messages).

Other rights in relation to the protection of personal data:

6. Right of portability:

Under the conditions set out in Article 20 of the GDPR, you have the right to obtain your personal data and pass it on to another Administrator. If you would like to take your personal information and transfer it to someone else, we will proceed as you would with the right of access - except that we will send you the information in machine-readable form. If technically feasible, you have the right to request direct delivery to another administrator. We need at least 14 days to complete.

7. Right to delete (be forgotten):

Your next right is the right to erase (be forgotten). In this case, we will delete all your personal data from your system and the system of all partial processors and backups. We need 30 days to secure the right to erase.

In some cases, we are bound by a statutory obligation and, for example, we must record the tax documents issued after the statutory time. In this case, we will delete all such personal data that is not bound by any other law. We will notify you of the completion of the deletion by email (in the GDPR, the reasons given in Article 17, including exceptions when deletion is not made).

8. Right to object

In cases where we process personal data for purposes of legitimate interests, you have the right to object to such processing, and then we will not process the data unless our legitimate interest outweighs your interests or rights and freedoms. If direct marketing is legitimate interest then the objection always results in the termination of further processing for direct marketing purposes.

9. Right to complain to the Data Collector or the Personal Data Protection Authority

If you feel that we do not comply with the law with your data, you have the right to appeal at any time to the Office for Personal Data Protection. We will be glad if you first inform us of this suspicion, so we can do something about it and correct any mistakes.

It must be clear from the complaint who is giving it and what its subject is. If this is not the case, or if it is necessary to do so, we will ask you to fill in the missing information within the specified time. If the complaint is not completed, it can not be resolved. The deadline for processing a complaint is 30 calendar days and begins on the first business day after delivery or completion.

As an Data Controller, you may file a complaint with the Office for Personal Data Protection at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, https://www.uoou.cz.

X. Confidentiality

We would like to assure you that we and our associates who process your personal data are required to maintain confidentiality about personal data and security measures whose disclosure would compromise the security of your personal information. This confidentiality persists even after the end of our engagement with us. Without your consent, your personal data will not be released to any third party.

This Privacy Policy applies from May 25, 2018.

BACK