GDPR

I. General provisions

1. The personal data controller according to Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”) is TGS nástroje-stroje-technologické služby spol. s r.o., Reg. No.: 64833500, registered in the Commercial Register maintained by the Municipal Court in Plzeň, Section C, Entry 7514, having its registered office at Plzeňská 610, 338 05 Mýto (hereinafter referred to as the “Controller”).
2. Controller’s contact details:
   Address: Plzeňská 610, 338 05 Mýto
   E-mail: tgs@tgs.cz
   Tel: +420 296 826 441
3. Personal data are all information about an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
4. The Controller has not appointed a personal data protection officer.

II. Sources and categories of processed personal data

1. The Controller processes personal data which you have provided or personal data which the Controller has obtained based on the fulfillment of your order or inquiry form:
   • first name and surname
   • E-mail address
   • telephone number
2. The Controller processes your identification and contact details and the data necessary for performance of the contract.

III. Legal basis and purpose for processing personal data

1. The legal basis for processing personal data is:
   • the performance of the contract between you and the Controller according to Article 6 (1) (b) of the GDPR,
   • the fulfillment of the Controller’s legal obligations according to Article 6 (1) (c) of the GDPR,
   • the legitimate interest of the Controller for providing direct marketing (in particular for sending commercial communications and newsletters) according to Article 6 (1) (f) of the GDPR,
   • your consent to processing for direct marketing, in particular for sending commercial communications and newsletters according to Article 6 (1) (a) of GDPR in conjunction with Article 7 (2) of the Act No. 480/2004 Coll., on certain information society services, in the event that no goods or services have been ordered.
2. The purpose of personal data processing is:
   • to process your order and to exercise the rights and obligations arising from the contractual relationship between you and the Controller; when ordering, personal data necessary for successfully processing of the order (name, address, contact details) are required; the provision of personal data is essential for the conclusion and performance of the contract: without personal data, the contract cannot be concluded or fulfilled by the Controller,
   • to fulfill legal obligations towards the state,
   • to send commercial communications and perform other marketing activities.

IV. Data retention period

1. The Controller retains personal data:
   • for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the Controller and to exercise claims from these contractual relationships (for a period of 15 years from the termination of the contractual relationship),
   • until consent to personal data processing for marketing purposes is revoked; however, for a maximum of 3 years if the personal data are processed based on your consent.
2. After the personal data retention period has expired, the Controller will delete the personal data.

V. Personal data processors

1. Personal data are processed by the Controller; however, personal data can be processed on their behalf by the following processors:
   • Mailchimp service provider,
   • or any other provider of processing software, services and applications which, however, are not currently used by the Controller.

VI. Your rights

1. Under the terms and conditions of the GDPR you have:
   • the right to access your personal data under Article 15 of the GDPR,
   • the right for rectification of personal data under Article 16 of the GDPR, or restriction of processing according to Article 18 of the GDPR,
   • the right to have personal data deleted pursuant to Article 17 of the GDPR,
   • the right to object to processing under Article 21 of the GDPR,
   • the right to data portability under Article 20 of the GDPR, and
2. you also have the right to file a complaint with the Office for the Protection of Personal Data if you believe that your right to the protection of personal data has been violated, or to apply to the courts.

VII. Terms and conditions of securing personal data

1. The Controller declares that they have taken all appropriate technical and organisational measures to secure personal data.
2. The Controller has taken technical measures to secure data repositories and repositories for personal data recorded on paper.
3. The Controller declares that only authorised persons have access to personal data.

VIII. Final provisions

1. By submitting an order using the online order form, you confirm that you are familiar with the terms and conditions of personal data protection and that you accept them in their entirety.
2. The Controller is entitled to modify these terms and conditions. The Controller will publish any new version of the terms and conditions related to personal data protection on their website, and will also send this new version to your e-mail address that you provided to the Controller.
    

These terms and conditions become effective on 1 November 2022.