Terms of personal data protection at ShipEx Logistic s.r.o.

ShipEx Logistic s.r.o. proceeds in the processing of personal data particularly in accordance with Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), in accordance with Act No 101/2000 Coll., on the protection of personal data, as amended, and subsequently in accordance with the Act which replaces this Act in the sense of the above regulation, further in accordance with Act No 480/2004 Coll., on certain information society services and on amendments to certain acts (Act on Certain Information Society Services), as amended, in accordance with Act No 127/2005 Coll., on electronic communications and on amendments to certain related acts (Act on Electronic Communications), as amended.

Given that ShipEx Logistic s.r.o., which provides shipping services, acts as the controller of personal data when working with data, who alone or together with others determines the purposes and means of personal data processing and is also the processor of personal data, it is not necessary to enter into an Agreement on Personal Data Processing.

Contact information of the controller:

Zelný trh 293/10, Brno-město, 602 00 Brno

E-mail address: info@balikdozahranici.cz

Phone No.: (+420) 608 380 388

To provide the service within the order, ShipEx Logistic s.r.o. is authorized to process the customer’s personal data or personal data provided or entered by the customer during registration. Such processing of personal data is legal, as it is necessary for the performance of the contract with the subject.

Introduction

This privacy policy informs the data subject about the processing of personal data that is provided to us to fulfil the order.

Definition of basic terms according to GDPR

What is the General Data Protection Regulation (GDPR) - in its entirety, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter also referred to as “GDPR”), is new EU legislation introducing a European reform of personal data protection. It enters into force throughout the EU on 25 May 2018, is directly binding and takes precedence over national legislation.

Data subject  any identified or identifiable natural person - holder of personal data.

Data controller – a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

Data recipient – natural or legal person, public authority, agency or other body to which personal data is provided. If the recipient further processes the data of his or her own free will, he or she becomes another controller, but this is irrelevant from the point of view of the original controller. However, the recipient is not a public authority which may obtain data in the course of its activities.

Personal data – any information on the data subject who can be identified, directly or indirectly, in particular by reference to a specific identifier such as name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alternation, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Processed personal data

The personal data we process includes:

personal data which allow us to contact you, in other words, contact details: e-mail address, telephone number, pickup address and delivery, billing address,

identification data, name and surname, username and password, in the case of entrepreneurs ID and VAT number,

details of the ordered service containing the details and shipments you ordered from us, the method of payment, including the bank account or payment card details, and details of complaints,

data related to the use of the call center,

information about your behaviour on the website, such as your IP address, device identification as well as data obtained from cookies and similar technologies (by using the website, the user agrees with the use of the mentioned technology).

Purpose of the personal data processing

When ordering, it is required to enter personal data that is necessary for the successful completion of the order (name and surname, address, telephone contact).

The purpose of personal data processing is the settlement of the customer’s order (i.e. the data subject), or the complaint procedure and the exercise of rights and obligations arising from the contractual relationship between the commission agent and the client.

The legal reason for the processing of personal data is the performance of a contract pursuant to Art. 6 (1)(b) of the GDPR, the fulfilment of the legal obligation of the controller pursuant to Art. 6 (1c) of the GDPR and the legitimate interest of the controller pursuant to Art. 6 (1f) of the GDPR.

Retention period of personal data

The controller shall store the customer’s personal data for the time necessary to exercise the rights and obligations arising from the contractual relationship between the commission agent and the client and the assertion of claims under these contractual relationships. For the purposes of fulfilling the legal obligations arising from contractual relationships and especially from valid legal regulations, we store personal data for a period of 10 years.

Personal data shall be processed in accordance with the GDPR in a manner that ensures the proper security and confidentiality of such data, inter alia, in order to prevent unauthorized access to personal data and to the equipment used for their processing or unauthorized use. The security of personal data processing is carried out in accordance with Article 32 of the GDPR.

Recipients of personal data to whom personal data may be disclosed

The recipient of personal data is a natural or legal person, public authority, agency or other body to which personal data are disclosed by the controller.

BGA group, s.r.o. transmits the given data to the recipients who are part of the service performance for the customer, who are listed on the website, especially the contractual carriers involved in the implementation of shipments, their branches and franchises. By ordering the service at our company, you also agree to provide your personal data to the recipients listed herein.

In addition, these recipients include:

operators of marketing tools and marketing agencies,

recipients of personal data who ensure the execution of payments on the basis of a contract, web application operation services and other services in connection with the company’s activities,

IT companies, lawyers, tax advisors.

List of specific recipients of personal data that we use:

UNITED PARCEL SERVICE CZECH REPUBLIC,

TNT Express N. V., FedEx,

TOPTRANS EU,

DPD, PPL CZ s.r.o.,

GOPAY s.r.o, a.s.,

Facebook,

Google LLC (Google Adwords, Google Analytics, Google Disk),

Seznam.cz, a.s., or other providers of processing software, services and applications, which are not currently used by the company.

Transfer of personal data abroad

In the event that the customer orders transport with a place of delivery abroad, the transfer of personal data abroad is necessary to fulfil the ordered service.

Personal data is also passed on to authorized transport companies and customs authorities for customs purposes, in the country specified by the customer.

BGA group, s.r.o. may be required to pass on your information to local or foreign government agencies to comply with the applicable laws or to deliver your shipment to its destination. Please note that foreign countries may not apply the same data protection laws as the country where you originally provided the information.

If the place of delivery is outside the EU, you agree to the transfer of personal data to a processor established outside the EU.

Rights of the data subject

To require from the controller access to his or her personal data according to Article 15 of the GDPR.

To rectification, or completion - according to Article 16 of the GDPR, the data subject has the right to obtain from the controller without delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

To the restriction of processing under Article 18 of the GDPR. The data subject has the right to the erasure of personal data pursuant to Article 17 (1)(a) and (c to f) of the GDPR. He or she also has the right to object to the processing under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR.

The data subject has the right to lodge a complaint with the Office for Personal Data Protection if he or she considers that his or her right to personal data protection has been violated.

We declare that the data are processed correctly and collected for certain and legitimate purposes and at the same time processed in a way that ensures their proper security against unauthorized or illegal processing.

By submitting an order from the online order form, you confirm that you have become acquainted with the terms of personal data protection and that you accept them in full and without reservation and agree to the use of your personal data for performance purposes necessary to exercise rights and obligations arising from the contractual relationship between the commission agent and the client.

The user may revoke the consent pursuant to this paragraph at any time in writing at info@balikdozahranici.cz.

These GTCs enter into force on the day of their issue, i.e. 25 November 2018.