Within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); (hereinafter referred to as the "Regulation") 

1. Who will process your personal data (i.e. who is the personal data controller)

GDP Service s.r.o., VAT: 22005251, based 
nám. T. G. Masaryka 1281
CZ-760 01 Zlín 

The company is registered in the Commercial Register maintained by the Regional Court in Brno, Section C, File 141029 
hereinafter referred to as the "Controller"

The representative of the personal data controller is: Eduard Štimel

E-mail: info@gdpservice.cz

Telephone connection: +420 774 861 888 

2. What personal data will be processed about you? 

• Identification and invoicing data (e.g. name, surname, company registration number, tax identification number), contact details (e.g. address of residence or registered office, telephone number, identifiers for electronic communication), bank details (e.g. account number) and transport and other services used, including the above-mentioned data about your (sales) representative or authorized employee or other contact person 

3. For what purposes will your personal data be processed without your consent? 

• To perform the controller's obligations arising from the contract concluded between you and the controller (e.g. transport contract, transport brokerage contract)
• For the performance of the controller's obligations under applicable legislation, in particular in connection with its activities, e.g. in the area of consumer protection, liability for defects or compliance with accounting, tax or customs obligations, including obligations related to inspections by competent authorities 
• For the exercise of the rights and legitimate interests of the administrator, including when exercising his rights and enforcing claims against you 

4. What is the legal basis for processing your personal data? 

• The right of the controller to process personal data for the above purposes (see question 3) even without your consent arises from Article 6 para. 1 lit. b), c) and f) of the Regulation 

5. For how long will your personal data be processed? 

• Your personal data will be processed for the entire duration of the contractual relationship between you and the administrator and after its termination for the duration of the limitation periods and periods for archiving under legal regulations, but no longer than five years from the end of the accounting period in which the last contractual relationship was terminated, unless a longer period is stipulated by law and any of the purposes persists after the expiry of this period,  for which the personal data may continue to be processed (e.g. ongoing court or enforcement proceedings)
• After the expiry of the above periods, your personal data will be irreversibly deleted or destroyed 

6. Who will or can be the recipient of your personal data? 

• Public authorities, tax advisors, accountants, auditors, lawyers, courts and other relevant control and financial authorities, postal service providers or carriers, and in the case of international transport, also domestic and foreign customs authorities; with your consent, other persons; Your personal data may also be transferred to recipients abroad for the purpose of fulfilling contractual or legal obligations, but only under the conditions set out in Article 44 et seq. of the Regulation, provided that sufficient guarantees of the protection of your personal data are ensured) 

7. From what sources are or will the processed personal data be obtained and how is it updated? 

• Personal data are or will be obtained in particular from you and your (business) representatives or other authorized persons, as well as from publicly available information, the internet and social networks, public lists and registers, as well as from documents and communications submitted or delivered to the administrator.
• Updating of your personal data will be carried out mainly on the basis of information received from you or your (business) representatives or other authorized persons, as well as from publicly available information, the internet and social networks, public lists and registers.

8. What are your basic rights in relation to the processing of personal data and how can you exercise them? 

• You have the right to have your personal data processed fairly and lawfully and transparently, for legitimate purposes, to the extent necessary and for the necessary period of time, and the data must be secured against unauthorized processing, accidental loss, destruction or damage, which is ensured in particular by their mechanical and electronic security (including encryption during their transmission) and by the appropriate measures and procedures that are in place,  including regular training of persons who have access to your personal data 
• You have the right to free access to your personal data and to confirmation as to whether your personal data is being processed 
• You have the right to complete missing data and to have inaccurate personal data corrected 
• You have the right to erasure of personal data that is no longer necessary for the purposes listed above (see paragraph 3); if you object to the processing and there are no overriding reasons for the processing; if the personal data have been unlawfully processed; or if the law of the European Union or its Member State so provides; However, you are not entitled to erasure if the processing of personal data is necessary, inter alia, for compliance with a legal obligation under the law of the European Union or its Member State, for archiving purposes or for the establishment, exercise or defence of legal claims
• You have the right to restrict the processing of personal data (i.e. the data will only be stored by the controller and will be processed only with your consent, or for the purpose of determining, exercising or defending legal claims or for the protection of the rights of another natural or legal person), if you contest their accuracy; if their processing is unlawful and you refuse their deletion; if the controller needs the data only for the establishment, exercise or defence of legal claims; or if you object to their processing 
• You have the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Prague 7 (www.uoou.cz) 
• You have the right not to be subject to any decision based solely on automated processing, including profiling (i.e. evaluation of personal aspects related to the analysis or estimation of aspects relating to your work performance, economic situation, health, your personal preferences, interests, reliability, behaviour or location); unless such a decision is necessary for the conclusion or performance of a contract between you and the Controller; is permitted by the law of the European Union or its Member State; or is based on your explicit consent (your personal data are not currently processed by the administrator in this way) 

You can exercise your rights (to access and confirm your personal data, to have them completed, corrected or deleted, or to restrict processing) in person or by e-mail sent to: info@gdpservice.cz , and your suggestions will be dealt with within the set deadlines (usually within one month) Pursuant to Article 21 of the Regulation, you have the RIGHT to raise an OBJECTION against the processing of personal data at any time,  which are processed for the purposes of the legitimate interests of the controller and for the purposes of so-called direct marketing.