Principles of protection and processing of personal data
We are aware that everyone has the right to privacy and protection of personal data. We respect and preserve these rights to the maximum extent possible. We will only protect and process the information that has been and will be provided to us in accordance with applicable law. All personal data is the property of HAST GROUP s.r.o. and will not be misused.
I. Basic Provisions
The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") is HAST GROUP s.r.o., company ID 27835731, with registered office at Kopt'ovo 503, 739 34 Václavovice (hereinafter referred to as "the controller").
The contact details of the administrator are as follows:
Address: 2064/5E Novoveská Street, Ostrava - Mariánské Hory
e-mail: info@hastgroup.cz
Personal data is any information on the basis of which a specific natural person can be identified, directly or indirectly.
The controller applies this policy to all persons who visit the company's website, specifically www.hastgroup.cz, and to all customers, external collaborators and business partners of HAST GROUP s.r.o.
The controller has not appointed a data protection officer as it has no legal basis to do so.
1. II. Sources and categories of personal data processed
The controller does not accept your personal data from "third parties" as a matter of principle.
The Controller processes personal data that you have provided to it in written, telephone or other business communications, or personal data that the Controller has obtained as a result of processing your order or creating your customer account. This includes in particular the following personal data:
the name and surname or the name of the legal entity on whose behalf you are acting:
e-mail address
postal and billing address
phone number
payment details
The controller processes your identification, contact and contact details necessary to answer your business enquiries and requests, to create business offers or to create and fulfil orders or business contracts. It also processes the data necessary to protect the rights of the controller, in particular its right to payment for services provided.
Some personal data may also come from publicly available sources (commercial register, debtors' register, etc.).
The Controller uses cookies to ensure the full functionality of the company website referred to in Article I and for statistical and marketing purposes. We consider such processing of personal data to be in our legitimate interest. You can restrict or block their use in your browser settings.
2. III. Legal basis and purpose of the processing of personal data
The legal basis for processing personal data is:
performance of the contract between you and the controller pursuant to Article 6(1)(b) GDPR
compliance with the legal obligation of the controller pursuant to Article 6(1)(c) GDPR.
the controller's legitimate interest in providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(f) of the GDPR where a product or service has been ordered
Your consent to processing for the purpose of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll. on certain information society services, in the event that no product or service has been ordered
The purpose of processing personal data is:
handling your business enquiry, your request, your order and the exercise of the rights and obligations arising from the contractual relationship between you and the controller; maintaining your customer account; when placing an order, personal data is required that is necessary for the successful execution of the order (name and address, contact), the provision of personal data is a necessary requirement for the conclusion and performance of the contract, the controller may, if necessary, transfer the necessary personal data to carriers and couriers who may arrange delivery of the shipment or to workers who arrange construction work
compliance with legal obligations towards the state
sending commercial communications and carrying out other marketing activities
There is no automatic individual decision-making by the controller within the meaning of Article 22 of the GDPR.
3. IV. Data retention period
The controller shall store personal data:
for the period necessary for the exercise of the rights and obligations arising from the contractual relationship between you and the controller and for the exercise of claims arising from that contractual relationship (for a period of 20 years from the termination of the contractual relationship).
for the period for which the controller is obliged to retain personal data under applicable law
for the period of withdrawal of consent to the processing of personal data for marketing purposes or for a maximum of 3 years if the personal data is processed on the basis of a valid consent to processing.
After the retention period has expired, the controller shall delete the personal data.
V. Recipients of personal data / subcontractors of the controller
The recipients of the necessary personal data are
Authorized employees whose job is to answer business inquiries, process inquiries and orders, prepare business proposals
4. persons involved in: delivery of goods, provision of works related to the ongoing implementation, making payments according to the contract, control of contract performancepersons involved in ensuring the operation of the website.
The controller does not intend to transfer personal data to a third country (non-EU country) or to international organisations.
VI. Your rights
Under the conditions set out in the GDPR you have:
You have the right to access your personal data in accordance with Article 15 of the GDPR,
the right to rectification of your personal data pursuant to Article 16 GDPR or to restriction of processing pursuant to Article 18 GDPR,
the right to erasure of personal data under Article 17 of the GDPR,
the right to object to processing under Article 21 of the GDPR,
the right to data portability under Article 20 of the GDPR,
the right to withdraw consent to the processing of personal data, in writing or electronically to the address or e-mail of the controller specified in Article I of this Policy.
You have the right to request a copy of the personal data we hold about you. If you ask us for copies of your personal data repeatedly, we may charge a reasonable fee. If you choose to exercise any of the above rights, please send us a clear description of your request, including the relevant personal data, and include your name or the name of the legal entity you represent. We may request additional information from you to protect your personal information from unauthorised access.
If you have any concerns about how we process your personal data or if you wish to make a complaint about how we have processed your personal data, you can contact us at info@hastgroup.cz. If you are not satisfied with our response or believe that we are processing your personal data in breach of the law, you have the right to lodge a complaint with the Data Protection Authority (https://www.uoou.cz).
VII. Personal Data Security Terms and Conditions
The controller declares that it has taken all appropriate technical and organisational measures to safeguard personal data.
The controller has taken technical measures to secure the storage of the data. All devices are protected by a secure password, use anti-virus software and can only be accessed by authorised persons. Personal data is consistently backed up. Storage of personal data in paper form is secure. They are located in offices that are locked after hours. The Controller declares that only persons authorised by him who need access to personal data for the performance of their work have access to personal data.
VIII. Final Provisions
All legal relations arising in connection with the processing of personal data are governed by the laws of the Czech Republic, regardless of where the personal data was accessed. The courts of the Czech Republic are competent to resolve disputes arising in connection with the protection of privacy between the subject of personal data and the controller.
By submitting an enquiry, business enquiry or order from the online order form on the website www.hastgroup.cz, you confirm that you have read this Privacy Policy and accept it in full.
The administrator is entitled to change these conditions. The Controller will post the new version of the Privacy Policy on its website or send you the new version of this Policy to the email address you provided to the Controller as part of the business contact.