Privacy notice

dated 1 June 2021

Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter referred to as the “GDPR” or the “general data protection regulation”) and Act No. 110/2019 Coll. on personal data processing, as amended, GATE4AD s.r.o. (hereinafter referred to as “GATE4AD” or the “data controller”) presents to you the following information about the processing of your personal data when using the www.gate4ad.com website (hereinafter referred to as the “Website”).

 

1. Identity and Contact Details of the Data Controller

The data controller is GATE4AD s.r.o., registered office Jindřišská 937/16, Nové Město, 110 00 Prague 1, Company ID No.: 09657584, VAT No.: CZ09657584 registered in the Commercial Register kept by the Municipal Court in Prague, under file No. C 339843, email: info@gate4ad.com, phone: 603 915 664.

 

2. Purpose and Legal Basis for Processing

All personal data that you provide shall be processed in accordance with legal regulations, appropriately and transparently for the purposes stated below, on the basis of these legitimate conditions (legal basis for processing).

i. User Account

Purpose of processing: registration of a user account on the Website leading to the conclusion and performance of a contract in the process of making an order.

Legal basis for processing: processing is necessary to enable the user to subsequently conclude a potential contract (Article 6(1)(b) of the GDPR).

Scope of personal data processing: name and surname, address, Company ID No., VAT ID. No., phone number, email address.

Reason for providing data: if GATE4AD is not provided with this personal data, a user account cannot be created, and as a result a potential future order for services cannot be placed.

Period of processing: while the user remains registered on the Website.

ii. Order

Purpose of processing: processing your order and performing the ordered service by the provider.

Legal basis for processing: processing is necessary to conclude and perform a contract, including the delivery of the ordered service (Article 6(1)(b) of the GDPR).

Scope of personal data processing: name and surname, address, Company ID No., VAT ID. No., phone number, email address.

Reason for providing data: if GATE4AD is not provided with this personal data, the order cannot be fulfilled based on the contract.

Period of processing: for the duration of the contract, and for 3 years subsequently for the purpose of potential claims arising from the contract.

iii. Marketing Communications

Purpose of processing: transmission of marketing communications of GATE4AD or its business partners.

Legal basis for processing:

a) consent (Article 6(1)(a) of the GDPR) if you subscribed to receiving marketing communications by checking the “News” checkbox during the process of user account creation on the Website;

b) legitimate interest of GATE4AD (Article 6(1)(f) GDPR) if you have become a customer of GATE4AD through a past order of services on the Website.

Scope of personal data processing: name and surname, email address.

Reason for providing data: if GATE4AD is not provided with these personal data (b), or if GATE4AD is not given consent (a), marketing communications cannot be transmitted to the user.

Period of processing: 5 years or until revocation of consent.

The user may terminate the transmission of commercial communications by GATE4AD at any time within their user account by unchecking the “News” checkbox, which the user had previously checked in their user account, or by clicking a link present in every commercial communication sent to the user.

iv. Contact Form

Purpose of processing: answering questions, processing and handling the requests of Website visitors.

Legal basis for processing: handling requests/questions on the basis of a legitimate interest of GATE4AD (Article 6(1)(f) of the GDPR)

Scope of personal data processing: name and surname, email address, potentially other personal data voluntarily communicated by the data subject in the contact form.

Reason for providing data: GATE4AD cannot process questions/requests without being provided contact personal data.

Period of processing: as necessary for final processing of the question/requests, and 3 months subsequently for the purposes of record-keeping and evaluation of questions and subsequent related communications concerning the matter in question.

3. Data Sources

The data controller shall obtain your personal data directly from you while using the Website (when registering a user account, placing an order or filling out the contact form).

4. Processing Methods

Data is processed using both automatic and non-automatic tools, and the logic of processing is strictly tied to the purposes of processing and in any event to methods and processes that ensure the security and confidential nature of the data.

5. Categories of Personal Data Recipients

For reasons stated above (in Section 2), your personal data may be communicated to:

  • persons authorised by the data controller to process personal data (employees and associates of the data controller);
  • data processors appointed by the data controller (providers of computer, technological, and telematics services, providers of services relating to the administration and storage of tax and accounting documents);
  • providers of media space, which you select for your advertising placement in your order.

Your data may also be lawfully handed over to tax authorities, the police, court and administrative bodies for the purpose of evaluation and prosecution of criminal offences, for prevention of and protection from threats to public security, in order to enable the data controller to assert, execute, or defend any right in a court of law, as well as for other reasons relating to the protection of the rights and freedoms of other persons.

6. Transfers of Personal Data Outside the EU/EEA

Your personal data may be transferred into countries outside of the European Union (EU) or the European Economic Area (EEA) that provide an adequate level of personal data protection as specified in the decisions of the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).

Your personal data will only be transferred into countries outside the EU/EEA that do not ensure an adequate level of personal data protection after the conclusion of specific contracts between the data controller and the data recipient, which contain security clauses and appropriate guarantees that your personal data is going to remain secure, the so-called “standard contractual clauses”, which are also approved by the European Commission, or if such a transfer is necessary for the conclusion and performance of a contract between you and the data controller, or to process your requests.

7. Rights of the Data Subject

The data subject, i.e. you, may exercise rights related to the processing of data stated in this notice as specified by relevant legal regulations about personal data protection, among others

  • the right to receive a confirmation stating whether or not your personal data is being processed, and if so, the right to access this data and related information (especially on the purpose of processing, on the categories of data being processed, on the recipients or categories of recipients that the data is or will be transferred to, on the period of data retention or the criteria of its determination, on the right to correct or erase the data or to limit or object to its processing, including profiling – in such case the right to important information about the method being used, the significance and expected consequences of such processing for the data subject may be exercised – and on the appropriate security measures in the case of transfer of data outside the EU/EEA), as well as the right to receive a copy of such personal data, if this does not infringe upon the rights and freedoms of other persons (the right of access);
  • the right to correct one’s personal data, i.e., to perform a correction, change, or update of the data, which is incorrect or outdated, to supplement incomplete personal data, among others via a supplementary declaration (the right to rectification);
  • the right to request an erasure of personal data, especially if (i) it is no longer necessary for the purposes for which it was collected or processed, or if (ii) it is being processed illegally, or if (iii) it must be erased in order to fulfil legal obligation, or if (iv) you have objected to its processing (see “right to object” below) and no prevailing legitimate reason exists that would enable the data controller to continue processing the data in each case (the right to be forgotten). Such an erasure cannot be performed especially if data processing is necessary to fulfil a legal obligation or for the determination, performance, or defence in court of any legal claim;
  • the right to restrict one’s personal data, which means that the data controller retains the data but may not use it. This right may only be exercised if (i) the data subject disputes the accuracy of the data, and only for as long as the data controller requires to verify the accuracy of the data, or if (ii) the data is being processed illegally, when a restriction on data use is demanded instead of erasure, or if (iii) the data controller no longer needs to process such personal data, but the data subject still requires the data to determine, perform or defend in court their rights, or if (iv) you have objected to its processing (see “right to object” below), until it can be determined whether legitimate reasons of the data controller prevail over the legitimate reasons of the data subject (the right to restriction of processing);
  • the right to receive from the data controller your personal data processed with your consent, in a standard format, and to have it handed over directly to a third party designated by you, if it is technically feasible (the right to data portability);
  • the right to lodge a complaint against violations of personal data rules with the oversight authority (Office for Personal Data Protection) in accordance with procedures and instructions stated on the official website of the authority: https://www.uoou.cz/stiznost.asp#obalhlava) (the right to object).

In addition, as the data subject you also have:

  • the right to object to the processing of your personal data due to your specific situation at any time. In such case, the data controller ceases processing the personal data unless it proves serious justified reasons to process it that prevail over the interests, rights and freedoms of the data subject, or for the determination, performance or defence of legal claims in court.

To exercise these rights, you may contact the data controller at any time in writing at GATE4AD s.r.o., Jindřišská 937/16, 110 00 Prague 1, or via email.

8. Changes to This Notice

Due to constant development of our activities, the nature of your personal data processing stated above may change. Therefore, this notice may be changed and amended over time, which may also be necessary due to new legislation on personal data protection.

We will notify you of any major changes in an appropriate way.