Processing of personal data before establishing a business relationship
This communication is provided on the basis of § 5 (2) a) of Act No. 101/2000 Sb., on personal data protection and on amendments to certain laws, as amended, with effect as of 25 May 2018 according to Art. 6, (1) c) of the Regulation (EU) 2016/679, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
About us
-
The GOPAY company (hereinafter referred to as “Data controller”) is a business entity called GOPAY s.r.o., with its registered office in Planá 67, 370 01 České Budějovice, Company identification number: 260 467 68, incorporated in the Commercial Register kept by the Regional Court in České Budějovice, Section C, Insert 11030. The GOPAY company is an electronic money institution which issues electronic money within the meaning of § 4 of the Czech Act No. 370/2017 Sb., on Payment System, and it operates the GoPay Payment System.
General provisions
-
This communication defines the manner in which we treat the processing of personal data and the manner in which we ensure its protection before establishing a business relationship. To do so, we act in accordance with the Czech Act No. 101/2000 Sb., on personal data protection and on amendments to certain laws, as amended (hereinafter referred to as “ZOOÚ”), and with effect as of 25 May 2018 with the Regulation (EU) 2016/679, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ES (hereinafter reffered to as “GDPR”).
-
When processing personal data, we ensure that no harm comes to the rights of natural persons with regard to processing of personal data. At the same time we are obliged to comply with the provisions stipulated by particular legislation and take appropriate measures to protect a legal order and legitimate interests of our company, as stated below.
The scope and purpose of the data processing
-
Data processing for the purpose of this consent means a preparation of a business offer for products or services provided by the Data controller. The processing means any operation or set of operations which is performed on personal data or on sets of personal data, based on which the financial conditions of a potential contract with you is specified.
-
Within the meaning of ZOOÚ and with effect as of 25 May 2018 within the meaning of GDPR we are authorized to process the following personal data of yours:
-
name, surname, phone number, e-mail
-
identification number of a business entity
-
commercial purpose of the e-commerce site (e-shop)
-
ownership and management structure
-
if necessary, identification data pursuant to § 5 of AML rules
-
or other data according to requirements of the data controller (hereinafter reffered to as “personal data”)
-
-
The purpose of personal data processing in the above-mentioned scope is:
-
Specification of a binding business offer
-
Storage of information about a processed business offer.
-
-
The period for which the data will be stored is 12 months from the day the business offer is processed. You are fully aware of the fact that as a data subject you cannot withdraw from this consent.
-
The consent with the data processing is given to the Data controller only.
-
As a data subject, please pay attention to the text above and to the following instructions on your rights.
Guide to your rights
-
If the data subject requests information on processing of his or her personal data, the data controller shall provide the data subject with such information without undue delay, as stipulated in § 12 of ZOOÚ. The content of such information is always a message about the purpose of the personal data processing, personal data, or categories of personal data, which are subject to the processing, including all the information available about the source of data; the character of the automated processing in relation to its use for decision-making, if the acts and decisions are taken on the basis of this processing, the content of which interferes with law and legitimate interests of the data subject; the recipients or categories of recipients. The controller has the right to require an appropriate compensation for providing the information, not exceeding costs necessary for providing the information. The processor may perform the data controller’s duty of providing the data subject with the information pursuant to § 12 of ZOOÚ.
-
Should any data subject assume that the data controller or data processor processes personal data of the subject in a manner which is in breach of the protection of a private and personal life of the data subject, or in breach of law, especially if his or her personal data are inaccurate regarding to their purpose of processing, the data subject has the right to a) ask the data controller or processor to produce an explanation, b) ask the data controller or processor to remove such a state of affairs; in particular data blocking, rectification, supplementing or erasure of personal data. If the request of the data subject is found legitimate, data controller or processor shall remove the state of affairs without undue delay. If the data subject incurred other than property damage as a result of the personal data processing, the procedure pursuant to a special Act shall be followed when lodging a claim. If a breach of obligations provided by law occurs in the course of processing of personal data by the controller or by the processor, both the data controller and the data processor shall be liable jointly and severally.
-
You are aware of the fact that apart from the above-mentioned rights amended by ZOOÚ there are other rights for you. When GDPR comes into effect, your rights as stipulated in articles 15 to 23 are: you have the right to ask the data controller for access to your data (including information whether the personal data concerning you is or is not being processed), the right to ask for its rectification or its erasure, the right to lodge a complaint as well as the right to data portability. Furthermore you are aware of the fact that you have the right to lodge a complaint with a supervisory authority, which is The Office for Personal Data Protection (in Czech Úřad pro ochranu osobních údajů), Pplk. Sochora 27, 170 00 Praha 7.
-
The data protection officer contact information is:
-
Ing. Zbyněk Eiselt, e-mail: zbynek.eiselt@gopay.cz,
phone number: +420 602 122 401
-
-
You are aware of the fact that this communication contains every piece of information provided to the data subject, pursuant to article 13 of GDPR.
Final provisions
-
By requesting a business offer for you to be provided with the service of the GoPay Payment system you express your free, specific, informed and explicit manifestation of will and you also express that you are well acquainted with processing of your personal data according to this communication and that you have been properly instructed and informed about the processing of your personal data.