Terms of personal data protection at BGA group, s.r.o.
BGA group, s.r.o. proceeds in the processing of personal data, particularly in accordance with Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), in accordance with Act No 101/2000 Coll., on the protection of personal data, as amended, and subsequently in accordance with the Act which replaces this Act in the sense of the above regulation, further in accordance with Act No 480/2004 Coll., on certain information society services and on amendments to certain acts (Act on Certain Information Society Services), as amended, in accordance with Act No 127/2005 Coll., on electronic communications and on amendments to certain related acts (Act on Electronic Communications), as amended.
Given that BGA group, s.r.o., which provides shipping services, acts as the controller of personal data when working with data, who alone or together with others determines the purposes and means of personal data processing and is also the processor of personal data, it is not necessary to enter into an Agreement on Personal Data Processing.
Contact information of the controller:
Zelný trh 293/10, Brno-město, 602 00 Brno
E-mail address: email@example.com
Phone No.: (+420) 608 380 388
To provide the service within the order, BGA group, s.r.o. is authorized to process the customer’s personal data or personal data provided or entered by the customer during registration. Such processing of personal data is legal, as it is necessary for the performance of the contract with the subject.
Definition of basic terms according to GDPR
What is the General Data Protection Regulation (GDPR) - in its entirety, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter also referred to as “GDPR”), is new EU legislation introducing a European reform of personal data protection. It enters into force throughout the EU on 25 May 2018, is directly binding, and takes precedence over national legislation.
Data subject – any identified or identifiable natural person - holder of personal data.
Data controller – a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
Data recipient – natural or legal person, public authority, agency, or other body to which personal data is provided. If the recipient further processes the data of his or her own free will, he or she becomes another controller, but this is irrelevant from the point of view of the original controller. However, the recipient is not a public authority that may obtain data in the course of its activities.
Personal data – any information on the data subject, which can be identified, directly or indirectly, in particular by reference to a specific identifier such as name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Processed personal data
The personal data we process includes:
personal data which allow us to contact you, in other words, contact details: e-mail address, telephone number, pickup address, and delivery, billing address,
identification data, name and surname, username and password, in the case of entrepreneurs ID and VAT number,
details of the ordered service containing the details and shipments you ordered from us, the method of payment, including the bank account or payment card details, and details of complaints,
data related to the use of the call center,
information about your behavior on the website, such as your IP address, device identification, and data obtained from cookies and similar technologies (by using the website, the user agrees with the use of the mentioned technology).
Purpose of the personal data processing
When ordering, it is required to enter personal data that is necessary for the successful completion of the order (name and surname, address, telephone contact).
The purpose of personal data processing is the settlement of the customer’s order (i.e. the data subject), or the complaint procedure and the exercise of rights and obligations arising from the contractual relationship between the commission agent and the client.
The legal reason for the processing of personal data is the performance of a contract pursuant to Art. 6 (1)(b) of the GDPR, the fulfillment of the legal obligation of the controller pursuant to Art. 6 (1c) of the GDPR and the legitimate interest of the controller pursuant to Art. 6 (1f) of the GDPR.
Retention period of personal data
The controller shall store the customer’s personal data for the time necessary to exercise the rights and obligations arising from the contractual relationship between the commission agent and the client and the assertion of claims under these contractual relationships. To fulfill the legal obligations arising from contractual relationships and especially from valid legal regulations, we store personal data for ten years.
Personal data shall be processed in accordance with the GDPR to ensure the proper security and confidentiality of such data, among other things, to prevent unauthorized access to personal data and the equipment used for their processing or unauthorized use. The security of personal data processing is carried out in accordance with Article 32 of the GDPR.
Recipients of personal data to whom personal data may be disclosed
The recipient of personal data is a natural or legal person, public authority, agency, or other body to which personal data are disclosed by the controller.
BGA group, s.r.o. Transmits the given data to the recipients who are part of the service performance for the customer, who is listed on the website, especially the contractual carriers involved in the implementation of shipments, their branches, and franchises. By ordering the service at our company, you also agree to provide your personal data to the recipients listed herein.
In addition, these recipients include:
operators of marketing tools and marketing agencies,
recipients of personal data who ensure the execution of payments based on a contract, web application operation services, and other services in connection with the company’s activities,
IT companies, lawyers, tax advisors.
List of specific recipients of personal data that we use:
UNITED PARCEL SERVICE CZECH REPUBLIC,
TNT Express N. V., FedEx,
DPD, PPL CZ s.r.o.,
GOPAY s.r.o, a.s.,
Google LLC (Google Adwords, Google Analytics, Google Disk),
Seznam.cz, a.s., or other providers of processing software, services and applications, which are not currently used by the company.
Transfer of personal data abroad
In the event that the customer orders transport with a place of delivery abroad, the transfer of personal data abroad is necessary to fulfill the requested service.
Personal data is also passed on to authorized transport companies and customs authorities for customs purposes in the country specified by the customer.
BGA group, s.r.o. may be required to pass on your information to local or foreign government agencies to comply with the applicable laws or to deliver your shipment to its destination. Please note that foreign countries may not apply the same data protection laws as the country where you originally provided the information.
If the place of delivery is outside the EU, you agree to the transfer of personal data to a processor established outside the EU.
Rights of the data subject
To require from the controller access to his or her personal data according to Article 15 of the GDPR.
To rectification or completion - according to Article 16 of the GDPR, the data subject has the right to obtain from the controller without delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
To the restriction of processing under Article 18 of the GDPR. The data subject has the right to the erasure of personal data pursuant to Article 17 (1)(a) and (c to f) of the GDPR. He or she also has the right to object to the processing under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR.
The data subject has the right to lodge a complaint with the Office for Personal Data Protection if he or she considers that his or her right to personal data protection has been violated.
We declare that the data are processed correctly and collected for certain and legitimate purposes and at the same time processed in a way that ensures their proper security against unauthorized or illegal processing.
By submitting an order from the online order form, you confirm that you have become acquainted with the terms of personal data protection and that you accept them in full and without reservation and agree to the use of your personal data for performance purposes necessary to exercise rights and obligations arising from the contractual relationship between the commission agent and the client.
The user may revoke the consent pursuant to this paragraph at any time in writing at firstname.lastname@example.org.
These GTCs enter into force on the day of their issue, i.e. 25 November 2018.
+420 608 380 388 Mon-Fri 8:00 a.m. – 5:00 p.m.