Personal Data Protection by Jihostroj a.s.
I. Personal Data Controller
- In compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”, General Data Protection Regulation), we process your personal data.
- The Controller of your personal data is:
Jihostroj a.s.
Company Identification No.: 466 78 212
Tax Identification No.: CZ46678212
with the registered office: Budějovická 148, 382 32 Velešín
incorporated in the Companies Register kept by the Regional Court in České Budějovice, Section C, Insert 502.
Responsible person: Marcela Wiltschko, e-mail: Wiltschko.marcela@jihostroj.cz
II. Personal Data Processed
- Personal data means any and all the information concerning a natural/legal person (hereinafter referred to as the “Data Subject”), by means of which it is possible to identify directly or indirectly a given person, especially by reference to a certain identifier, identification No., location data, network identifier, etc.
- Personal data is processed within the scope in which the relevant Data Subject has provided the data to the Controller.
- In connection with the operation of the website https://www.jihostroj.com, the Controller processes the following data:
- Identification data: Name, surname, academic degree, eventually commercial company, Company Identification No., Tax Identification No., legal form
- Contact data: Postal address, permanent residence address, phone No., e-mail
- Contractual data: Offers, inquiries, orders, data concerning the type and quantity of goods, delivery method, payment method, electronic communication, warranty claims, complaints, other legal claims of customers
- Information concerning the Internet behaviour: we process the information concerning your behaviour on our website - especially the time you spend on our website, goods you view, links you click on, method of viewing our website and scrolling the screen, data about a device which you view our website on, such as IP address and derived location, device identification, such as technical parameters, operating system and its version, address of the website which you are redirected from (if you are not redirected directly), screen resolution, used browser and its version, data obtained from cookies and similar technologies for the device identification.
- Within our website we use the cookies especially to monitor the visit rate and improve our services.
- In case you order/buy goods from the catalogue on our website, we use your data to process your order and meet the resulting statutory obligations.
- The Controller processes the personal data in its registered office in an automated (by using the computer technology) as well as manual way.
- The method of personal data securing is specified in Article XI.
III. Reason of Personal Data Processing
- 1. The following legal reasons entitle us to process your personal data:
- Article 6 (1) a) of GDPR - Data Subject has given a consent to process his/her personal data,
- Article 6 (1) b) of GDPR - processing is necessary to perform an agreement/contract,
- Article 6 (1) c) of GDPR - processing is necessary to meet a legal obligation,
- Article 6 (1) f) of GDPR - processing is necessary for the Controller´s legitimate interests.
- We process your personal data in the following cases:
- When Viewing Our Website:
- If you visit our website https://www.jihostroj.com, we process your personal data by means of cookies - see details in Article XII.
- We process the personal data obtained in this way based on our legitimate interest which we do not need to obtain your consent for.
- When meeting the obligations resulting from contracts with business partners:
- We process the personal data also when performing the contracts with our business partners. In such case we process the personal data within the following scope: name, surname, commercial company, legal form, Company Identification No., Tax Identification No., phone No., e-mail, contact person. Furthermore, we process offers, inquiries and orders of our business partners, concluded contracts, including the handover certificates and invoices as well as planning and shipment of goods from the warehouse.
- We process the personal data obtained in this way based on our legitimate interest and to perform an agreement/Contract, which we do not need to obtain your consent for.
- In case of purchase from the online catalogue of goods:
- We process your personal data due to the purchase of goods on our website.
- If you order the goods from our catalogue, we process your personal data within the following scope: name, surname, address, e-mail, phone No., commercial company, Company Identification No., Tax Identification No., postal address (if different).
- Processing of your personal data is necessary to process the order and deliver the goods to your postal address.
- We process the personal data obtained in this way based on our legitimate interest and to perform an agreement/Contract, which we do not need to obtain your consent for.
- When Viewing Our Website:
IV. Consent to personal data processing
- We may process your personal data based on a consent you give us. In such case we process the affected personal data only for the predefined purpose.
- The given consent may be withdrawn anytime.
V. Personal data processing to perform an agreement/contract
- In case you order/buy goods from the catalogue on our website, we process your personal data to process your order.
- We will use the provided personal data:
- To communicate with you - we use your personal data especially to send a confirmation or order acceptance, answer the questions, send the notices concerning shipments, etc.
- For deliveries of goods - we provide your personal data also to a forwarder to be able to deliver your order to your address.
VI. Personal data processing to meet the legal obligation
- We process your personal data because the relevant legal regulations require it, especially:
- Act No. 89/2012 Coll., Civil Code - personal data processing is necessary especially to conclude and perform the agreements/contracts as well as to meet the legal rights and obligations resulting from a contractual relationship;
- Act No. 634/1992 Coll., on Consumer Protection - personal data processing is necessary to meet the legal rights and obligations resulting from a contractual relationship with a consumer as to provide the increased level of protection to a consumer;
- Act No. 235/2004 Coll., on Value Added Tax - personal data processing is necessary for tax purposes;
- Act No. 563/1991 Coll., on Accounting - personal data processing is necessary for bookkeeping purposes;
VII. Personal data processing for purposes of the Controller´s legitimate interests
- In case you order/buy goods from the catalogue on our website, we process your personal data relating to the order for purposes of internal records and subsequent inspection. We process your personal data also to ensure the protection of legal claims (rights and obligations from defect liability, withdrawal from a Purchase Agreement, etc.).
- You are entitled to raise an objection against such processing pursuant to Article 21 of GDPR.
VIII. Period of Personal Data Processing
- We process your personal data only for a period which is necessary with respect to the purposes of processing your personal data.
- In case your personal data is processed to meet a legal obligation, we process your personal data for a period determined by the relevant legal regulations, especially by the tax and accounting regulations.
- In case your personal data is processed to perform an agreement/contract, we process your personal data for the entire term of the contractual relationship between you and our company and for 10 years following the termination of such contractual relationship.
- In case your personal data is processed based on the Controller´s legitimate interest, we process your personal data for the entire term of the contractual relationship between you and our company and for 10 years following the termination of such contractual relationship.
- In case a consent to personal data processing is given, we process your personal data for a period specified in the consent.
IX. Transfer of Personal Data to the Third Parties
- We transfer your personal data to the third parties only in necessary cases:
- Delivery of goods: to deliver the order it is necessary we transfer your personal data such as name, surname, postal address and phone No. (in case of an entrepreneur also the commercial company name) to a forwarder;
- State and other authorities: to meet the statutory obligations stipulated by the relevant legal regulations, we provide your personal data to state and other authorities (e.g. Tax Office, Police of the Czech Republic, courts, lawyers, distrainers, etc.);
- Insured events: to settle an insured event we transfer your personal data to MARSH, s.r.o, Company Identification No. 45306541, address: Atrium Flora, Vinohradská 2828/151, Praha 3;
- Credit cards: we do not have any data concerning the credit cards you use to pay on our website. The data concerning your credit cards are available only to GOPAY s.r.o., a company operating the secured payment gate - GOPAY. The Controller of this personal data is: GOPAY s.r.o., Company Identification No.: 26046768, Planá 67, 370 01 Planá, company incorporated in the Companies Register kept by the Regional Court in České Budějovice, File No. C/11030.
X. Transfer of Personal Data outside the EU
- We do not transfer your personal data to the non-EU countries.
- Within our website we use the Google Analytics service which is able to transfer the personal data outside the EU - see details in Article XII.
XI. Personal Data Security
- We protect your personal data against loss, destruction, manipulation or unauthorized intervention, by means of the technical and organizational security measures.
- All our employees are obliged to keep confidentiality about the personal data they come into contact with within their job. Your personal data is confidential for us and it is not provided to any third parties.
- Our security measures are continuously updated with respect to the technical development.
- We use a standard security measure, so-called SSL encryption, within our website. The user data is encrypted by means of the Sectigo RSA Domain Validation Secure Server CA 2 certificate.
XII. Cookies
- We use cookies within our website. We use this information mainly to monitor the visit rate and improve the services provided.
- Cookies are small text files created by a web server and saved on an end device (on your computer) by means of a browser. They are used mainly to save your preferences you made on our website and they ensure more comfortable usage of the website for you.
- By means of cookies we monitor the user behaviour and visit rate on our website (to create statistics and overviews).
- If you visit the website https://www.jihostroj.com, we process the data concerning your user behaviour on our website based on our legitimate interest.
- You can hinder from saving of cookies on your device by means of the corresponding setting of your browser. However, if your browser does not allow coolies, we cannot guarantee all the functions of our website.
- We use the Google Analytics tool within our website:
- Google Analytics is a tool used to gain statistic data about users of the website. This tool enables to monitor mainly the visit rate and user behaviour on the website. This tool uses cookies - collected information is usually sent to and saved on the Google server in the US.
- In this particular case your personal data can be transferred outside the EU. Due to the above-mentioned reasons we remind you of the fact that your personal data may be transferred outside the European Economic Area when using our website without no adequate level of personal data protection pursuant to GDPR (e.g. US). This service is provided by:
- Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, US.
XIII. Rights within personal data processing
- In compliance with GDPR you have the following rights:
- Right to access (Article 15 of GDPR)
- You have a right to obtain from us the information whether we process your personal data. If we process your personal data, you have a right to gain access to such personal data and information pursuant to Article 15 (1) of GDPR.
- Right to rectification (Article 16 of GDPR)
- You have a right to rectify or complete the inaccurate personal data concerning your person.
- Right to erasure (Article 17 of GDPR)
- You have a right to erase your personal data if:
- Your data is no more necessary for the contemplated purpose;
- The consent we asked you for has been withdrawn and we do not have any other legal reason to process your personal data;
- A justified objection against processing has been raised pursuant to Article 21 of GDPR;
- We process your personal data without any legal reason;
- Your personal data must be erased to meet the legal obligations stipulated by the EU law or by the member country law;
- Personal data has been collected in connection with the offer of services of an information company, within which the personal data of a child under 16 is processed.
- You have a right to erase your personal data if:
- Right to limit processing (Article 18 of GDPR)
- You have a right to limit the processing of your personal data in cases specified in Article 18 of GDPR.
- Right to portability (Article 20 of GDPR)
- You have a right to portability of your personal data you have provided to us, in a structured, commonly used and machine-readable format, and a right to transfer such data to another Controller in cases when your personal data is processed based on a consent or in an automated way.
- Right to raise an objection against processing (Article 21 of GDPR)
- You have a right to raise an objection against personal data processing due to the Controller´s illegitimate interest.
- Right to lodge a complaint (Article 77 of GDPR)
- You have a right to lodge a complaint at a supervisory body which is: The Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7, https://www.uoou.cz.
- Right to withdraw your consent (Article 7 (3) of GDPR)
- You have a right to withdraw anytime your consent to the personal data processing you have provided to us.
- Right to access (Article 15 of GDPR)
- You may apply your rights anytime in writing by means of electronic communication at a responsible person set forth in Article I or at the company´s address: Jihostroj a.s., Budějovická 148, 382 32 Velešín.