Processing of personal data before establishing a business relationship

This communication is provided according to Art. 6, (1) c) of the Regulation (EU) 2016/679, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

About us

  1. The GOPAY company (hereinafter referred to as “Data controller”) is a business entity called GOPAY s.r.o., with its registered office in Planá 67, 370 01 České Budějovice, Company identification number: 260 467 68, incorporated in the Commercial Register kept by the Regional Court in České Budějovice, Section C, Insert 11030. The GOPAY company is an electronic money institution which issues electronic money within the meaning of § 4 of the Czech Act No. 370/2017 Sb., on Payment System, and it operates the GoPay Payment System.


General provisions

  1. This communication defines the manner in which we treat the processing of personal data and the manner in which we ensure its protection before establishing a business relationship. To do so, we act in accordance with the Czech Act No. 101/2000 Sb., on personal data protection and on amendments to certain laws, as amended (hereinafter referred to as “ZOOÚ”), with the Regulation (EU) 2016/679, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ES (hereinafter reffered to as “GDPR”).

  2. When processing personal data, we ensure that no harm comes to the rights of natural persons with regard to processing of personal data. At the same time we are obliged to comply with the provisions stipulated by particular legislation and take appropriate measures to protect a legal order and legitimate interests of our company, as stated below.


The scope and purpose of the data processing

  1. Data processing for the purpose of this consent means a preparation of a business offer for products or services provided by the Data controller. The processing means any operation or set of operations which is performed on personal data or on sets of personal data, based on which the financial conditions of a potential contract with you is specified.

  2. Within the meaning of ZOOÚ and within the meaning of GDPR we are authorized to process the following personal data of yours:

    • name, surname, phone number, e-mail

    • identification number of a business entity

    • commercial purpose of the e-commerce site (e-shop)

    • ownership and management structure

    • if necessary, identification data pursuant to § 5 of AML rules

    • or other data according to requirements of the data controller (hereinafter reffered to as “personal data”)

  3. The purpose of personal data processing in the above-mentioned scope is:

    • Specification of a binding business offer

    • Storage of information about a processed business offer.

  4. The period for which the data will be stored is 12 months from the day the business offer is processed. You are fully aware of the fact that as a data subject you cannot withdraw from this consent.

  5. The consent with the data processing is given to the Data controller only.

  6. As a data subject, please pay attention to the text above and to the following instructions on your rights.


Guide to your rights

  1. If the data subject requests information about the processing of his or her personal data, pursuant to S. 12 of the Personal Data Protection Act the Data Controller is obliged to provide this information to him or her without undue delay. There always needs to be information about the purpose of the processing of personal data, about the personal data or categories of personal data that are processed including all available information about their source, nature of automated processing with respect to its use for decision-making if tasks or decisions are made on the basis of this processing whose content infringes upon the rights and justified interests of the data subject, the recipient or categories of recipients. The Data Controller has a right to request a reasonable payment for the provision of information that does not exceed the costs necessary to provide the information. The Data Controller’s duty to provide information to the data subject governed by S. 12 of the Personal Data Protection Act may be fulfilled for the Data Controller by the processor.

  2. Pursuant to S. 21 of the Personal Data Protection Act, each data subject who establishes or believes that the Data Controller or the processor processes his or her personal data that is contrary to the protection of private and personal life of data subjects or contrary to law, in particular if personal data are inaccurate, having regard to the purposes for which they are processed, he or she may a) ask the Data Controller or the processor for explanation; b) ask that the Data Controller or the processor remedy the situation; this may in particular entail blocking, rectification, completion or erasure of personal data. If the data subject’s request pursuant to the previous sentence is found justified, the Data Controller or the processor shall immediately remedy this fault. If other than material damage has occurred as a result of the processing of the data subject’s personal data, the claim shall be enforced pursuant to special legislation. If a breach of statutory duties occurred when personal data were processed by the Data Controller or by the processor, they shall be jointly and severally liable for the breach.

  3. You acknowledge that from the date when the GDPR comes into effect you shall have other rights that follow from Articles 15 to 23 of the GDPR besides the above rights governed by the Personal Data Protection Act, namely the right to request access from the Data Controller to personal data concerning you (including confirmation as to whether or not personal data concerning you are or are not being processed), the right to request their rectification or erasure or restriction of processing and the right to object to processing as well as the right to data portability. Furthermore, you acknowledge that you have a right to file a complaint with the supervisory authority, namely the Office for Personal Data Protection, registered office Pplk. Sochora 27, 170 00 Prague 7.

  4. You acknowledge that the Privacy Policy contains all information provided to the data subject pursuant to Article 13 of the GDPR.

  5. The contact details of the Customer Help-Desk are as follows:
    email:, phone: +420 387 685 123

  6. In case of your disappointment with level of our services you can contact by written form the Complaints Department on:

  7. The contact details of the Data Controller’s representative in charge of personal data protection are as follows:
    Mr. Zbyněk Eiselt, e-mail:, GSM: +420 602 468 240.


Final provisions

  1. By requesting a business offer for you to be provided with the service of the GoPay Payment system you express your free, specific, informed and explicit manifestation of will and you also express that you are well acquainted with processing of your personal data according to this communication and that you have been properly instructed and informed about the processing of your personal data.

Was this article helpful?:

Are you looking for something else?

Contact support specialist