Privacy Policy - GDPR

The General Data Protection Regulation is a binding EU regulation that has been in effect since May 25, 2018, and harmonizes the rules governing the protection of natural persons' personal data.

Contact us

I. Personal Data Protection

1.1 By ordering goods or using services, the data subject confirms that they have read these Privacy Policy conditions, agree with them, and fully accept them.

1.2 The Provider is the data controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, hereinafter referred to as the “GDPR”). The Provider undertakes to process personal data in accordance with all applicable data protection laws.

1.3 Personal data means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

1.4 When placing an order, personal data necessary for its successful processing are required (such as name, address, contact details, etc.). Personal data are processed for the purpose of fulfilling a specific order and performing rights and obligations arising from the contractual relationship between the Provider and the data subject. With the data subject’s consent, personal data may also be processed for sending commercial communications and other marketing activities. The legal basis for processing personal data is:

  • consent of the data subject pursuant to Article 6(1)(a) GDPR,

  • performance of a contract pursuant to Article 6(1)(b) GDPR,

  • compliance with a legal obligation pursuant to Article 6(1)(c) GDPR, or

  • legitimate interest of the Provider pursuant to Article 6(1)(f) GDPR (in particular for direct or indirect marketing purposes).

1.5 The Provider uses subcontractors to fulfill the above contractual relationships and services, particularly providers of mailing services (data may be stored in third countries), web hosting providers, and website administrators. These subcontractors have been verified for secure personal data processing, and data processing agreements have been concluded with them. They are responsible for securing hardware and software infrastructure and bear direct responsibility for any data breach.

1.6 The Provider stores personal data only for the period necessary to exercise rights and obligations arising from the contractual relationship and for asserting claims (for a maximum of 15 years after termination of the contractual relationship or until consent is withdrawn). After this period, personal data will be deleted, except where retention is required by law.

1.7 The data subject has the right to:

  • access personal data (Article 15 GDPR),

  • rectification (Article 16 GDPR),

  • restriction of processing (Article 18 GDPR),

  • erasure (Article 17 GDPR),

  • object to processing (Article 21 GDPR),

  • data portability (Article 20 GDPR).

1.8 If the data subject believes their data protection rights have been violated, they may lodge a complaint with the competent supervisory authority.

1.9 Providing personal data is voluntary; however, it is necessary for the conclusion and performance of a contract and for providing services and marketing activities.

1.10 The Provider does not carry out automated individual decision-making within the meaning of Article 22 GDPR.

1.11 By submitting a contact form, the data subject:

1.12 To improve service quality, personalize offers, collect anonymous data, and for analytical purposes, the Provider uses cookies. By using the website, the data subject agrees to their use.

II. Rights and Obligations Between Controller and Processor

2.1 The Provider acts as a data processor under Article 28 GDPR in relation to the Client’s personal data, while the Client is the data controller.

2.2 These terms govern mutual rights and obligations when processing personal data obtained during the performance of a contract between the Provider and the Client.

2.3 The Provider undertakes to process personal data for the Client within the scope and for the purposes defined in Sections 2.4–2.7. Processing is carried out in an automated manner and includes collection, storage, archiving, blocking, and deletion.

2.4 The Provider processes personal data in the following scope:

2.5 Personal data are processed for the purpose of providing services under the contract concluded with the Client.

2.6 Personal data are processed only at the Provider’s premises or those of its subcontractors within the EU.

2.7 Personal data are processed for the duration necessary to fulfill contractual obligations (maximum 15 years or until consent is withdrawn), unless legal retention obligations apply.

2.8 The Client consents to the involvement of subcontractors as additional processors under Article 28(2) GDPR (e.g. hosting providers). The Provider must inform the Client of any changes and allow objections.

2.9 The Provider ensures that personal data processing is secured by:

2.10 The Client shall promptly inform the Provider of any circumstances affecting contractual performance and provide necessary cooperation.

III. Final Provisions

3.1 The Client agrees to these terms upon concluding a contract with the Provider and confirms that they have read and accepted them.

3.2 The Provider may amend these terms and will publish the updated version on its website or send it to the Client via email.

3.3 Contact details for matters related to this policy:
info@gmmedia.cz

3.4 Relationships not explicitly governed by these terms are subject to GDPR and the legal order of the Czech Republic, in particular Act No. 89/2012 Coll., the Civil Code.

These terms are effective from 24 May 2018.