I. General Provisions
- Pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as 'the GDPR'), the controller is Gais, s.r.o., Company ID No 27709647, with its registered office at Velké náměstí 47, Kroměříž 767 01 (hereinafter referred to as: 'the Controller').
- The Controller can be contacted at firstname.lastname@example.org.
- 'Personal data' shall mean any information relating to an identified or identifiable natural person; an identifiable natural person is any natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
- The Controller has not appointed a data protection officer.
II. Legal Grounds for Processing Personal Data
- Legal grounds for processing personal data are as follows:
- The performance of a contract between you and the Controller pursuant to Article 6(1) of the GDPR (hereinafter referred to as 'the Contract Performance').
- Legitimate interests pursued by the Controller for providing direct marketing (particularly sending commercial communications and newsletters) pursuant to Article 6(1)(f) of the GDPR (hereinafter referred to as 'Legitimate Interests').
- Your consent to processing for the purpose of providing direct marketing (particularly sending commercial communications and newsletters) pursuant to Article 6(1)(a) of the GDPR in conjunction with Article 7(2) of Act No 480/2004 Coll., on certain information society services, if no order for goods or services has been given (hereinafter referred to as the 'Consent').
- The Controller does not engage in any automatic individual decision-making within the meaning of Article 22 of the GDPR. You have granted your express Consent to such processing.
III. Purpose of Processing, Categories, Sources, and Recipients of Personal Data
|Legal grounds||Purpose||Data||Data source||Personal data recipients (processors)|
|Contract Performance||Reply to a query sent via a contact form||Clients’ personal data (email)||Contact form||Subcontractors, mailing services, cloud repositories|
|Legitimate interest||Provision of direct marketing (particularly sending commercial communications and newsletters)||Clients’ contact data||Order information||Mailing services, cloud repositories, subcontractors|
|Legitimate interest||Regular traffic analysis, server error detection and server fraud and attack prevention||For 50 months: IP addresses and web browsing data, pages viewed and page activity.||User activity on the website, pages displayed with an error||Google Analytics, web hosting services, and any other analytics services|
|Consent||Targeted advertising (retargeting)||For a maximum of 13 months: Third-party cookies, IP addresses, browser data, and web browsing data||Views of certain web pages||Retargeting ad platforms (AdWords, Sklik, Facebook)|
|Consent||Gathering demographic reports in traffic statistics||Third-party cookies, demographic data (age, gender, interests, interest in purchases, and other categories)||DoubleClick cookies, Android Ad ID, iOS ID for advertisers||Google Analytics|
|Consent||Web marketing and promotion||Emails, names of potential customers, IP addresses, and other technical identifiers||Newsletter form||Web hosting company and email distribution services|
IV. Data Retention Periods
- Unless stipulated otherwise above, the Controller shall retain personal data:
- for the period necessary for exercising rights and obligations under the contractual relationship between you and the Controller, and for enforcing any claims under the contractual relationship (for 15 years after the termination of the contractual relationship);
- for the period until Consent to personal data processing for marketing purposes is withdrawn, provided that the personal data are processed on the basis of your Consent.
- After the lapse of the data retention period, the Controller will erase the personal data.
- If cookies are specified as personal data under Article III, the following rules apply to the processing thereof.
- Each user may set the rules for enabling or disabling cookies in their web browser, thus indicating their Consent to the processing of cookies.
- The user may opt to enable or disable all or some of the cookies (e.g. third-party cookies). Disabling cookies may affect the usability of the website and services.
- On this website, information from the following companies is displayed to visitors who consent to cookies being placed in their browsers through the appropriate cookie settings:
- If you object to the processing of technical cookies necessary for the operation of website, the full functionality and compatibility of such websites cannot be guaranteed.
VI. Personal Data Recipients (Controller’s Subcontractors)
- The Controller intends to transmit your personal data to a third country (a country outside the EU) or to an international organisation. Personal data recipients in third countries are providers of mailing services, data and file repositories, analysis tools, and direct marketing services.
VII. Your Rights
- Under the GDPR, you have the right:
- of access your personal data pursuant to Article 15 of the GDPR;
- to rectify your personal data pursuant to Article 16 of the GDPR, or restriction of processing pursuant to Article 18 of the GDPR;
- to the erasure of your personal data pursuant to Article 17 of the GDPR;
- to object to the processing of your personal data pursuant to Article 21 of the GDPR;
- to data portability pursuant to Article 20 of the GDPR;
- to withdraw your Consent to processing by post or by email sent to the postal address or email address of the Controller provided in Article III of this Policy.
- You also have the right to file a complaint with the Office for Personal Data Protection if you believe that any of your rights to protect your personal data has been violated.
VIII. Personal Data Security
- The Controller declares that it has taken all appropriate technical and organisational measures to ensure the security of personal data.
- The Controller has taken measures to secure any repositories of personal data in electronic or paper form, in particular…
- The Controller declares that only persons authorised by the Controller shall have access to personal data.
IX. Final Provisions
The Policy takes effect on 25 May 2018.