Privacy protection regulations
ZooControl s.r.o. – GoSMS
PRIVACY PROTECTION REGULATIONS USING THE GOSMS SERVICES AND COOKIES USAGE STATEMENT
We consider privacy and personal data protection our duty number one. In this document, you’ll learn about the basic principles of personal data processing and protection in the ZooControl s.r.o. company, considering GoSMS services and the webpages and app.gosms.eu.
The ZooControl company delivers a wide array of services and associated webpages. There are separate rules of privacy protection for each such webpage / service, which you may always find directly on the particular page.
1. I want to use the GoSMS services. Who will be processing my personal data?
The GoSMS service is supplied by ZooControl s.r.o., ID: 05766656, based in Planá 67, 370 01 Planá, Czech republic written in Business register maintained by County Court in České Budějovice, under a special sign C 25800 (hereafter „ZooControl s.r.o.“), phone number + 420 380 422 242, e-mail: firstname.lastname@example.org . To support our business activity, we process your personal data and thus become their administrators.
2. Why, and on what legal grounds do you process the personal data?
We process your personal data during entering and fulfilling a contract about the GoSMS services. The contract is the legal ground for processing your data. We process customers’ personal data for the following purposes:
- customer identification when entering the contract
- customer support and complaints handling
- maintaining the customer account in the Administration
- billing and sending invoices for the services
- pairing incoming payments with a particular customer
Besides fulfilling the contract, we may also need your data for legal obligations, especially:
- following tax regulations;
- following the billing law;
- filling our duty to provide cooperation to law enforcement authorities, including the Police of Czech Republic and other public authorities or bureaus;
- communcation with customer regarding our legal duties
We may also require your personal data for our legitimate interest:
- addressing our current clients via direct marketing, at most 1 year after the contract termination
- debtor evidence
- collecting evidence, should we require enforcing our claims and rights as ZooControl, s. r. o.
- clients’ debt collection and further disagreement with clients
In this aspect, it is mandatory for you to share your personal information, as the contract couldn’t be closed without them. Of course your agreement is required for processing your personal data. You can raise an objection against processing your personal data on the grounds of our legitimate interest, more on that in section 7.7 of this document.
Apart from the above, we also process personal data of people who gave consent to be addressed for marketing (calls, e-mails, SMS etc.), within the range and time period the consent was given. If the consent was given via our web www.gosms.eu , cookies data are also processed together with personal data, within the range of given consent.
More about cookies and how we use them in the article 9.
3. What personal data do you process for the GoSMS brand?
Within our GoSMS services, we,as the personal data administrators, process the following:
- identification data: name, surname, permanent residence address, in case of a person doing business a company name, address, IR, VAT number, optionally a signature.
- contact data: meaning phone number and e-mail address.
- GoSMS usage data and other data allowing us to perform monthly billing: especially payer identification, billing address, bank account number, payment method and chosen currency.
- data allowing us to take care about our customers: especially chosen language, data of chosen contact person and your personal ID you share in all our systems. Also our communication history and personal data within (written or electronic communication, phone records, chat history).
- access data: Our systemms process your login data to your administration section. We protect them carefully and only authorized personnel can access them.
- data processed according to your approval: There are some personal data that we don’t neccessarily need to fulfill your contract or our law obligations. However, we may use them to inform you about interesting offers or to improve our services. We process them based on zour approval. Those include, but are not limited to:
- identification and contact data of another person (not our client), that were given to us in order to send them a marketing offer. Together with those, we also process cookies in the context of given consent.
- your link-following history on www.gosms.eu gained from cookies in the context of cookies consent.
- further data for ZooControl s. r. o. business purposes, in the context of given consent.
4. For how long do we save the sensitive data?
We address our clients and send them business information regarding our products and services, based on our legitimate interest. We do so for the whole time of active contract and up to 1 (one) year after its termination. You can raise an objection against such messages, in each one there is a link to unsubscribe.
In our database, we also process identification and contact data of our customers, data about delivered services and communication history for the period of 4 (four) years since the contract termination; unless there is still debt to be collected, in that case it might be longer.
We store personal data obtained with a consent for the period the consent lasts, or up until the consent withdrawal, unless we stand a legal ground to keep them afterwards.
Invoices issued by ZooControl s.r.o. in accordance with Section 35 (2) of Act No. 235/2004 Coll., on Value Added Tax, shall be archived for a period of 10 (ten) years from their issuing. We are required to prove the legal reason for issuing invoices, and therefore we keep customer contracts for 10 (ten) years after their termination.
As stated in Section 90 (3) and (4) of Act No. 127/2005 Coll., On Electronic Communications, ZooControl s.r.o. is obliged to retain the operational data of the service provided to the customer until the end of the period during which the billing of the price or provision of the electronic communications service may be legally challenged by a complaint. For this purpose, ZooControl s.r.o. processes the service's operational data for up to 6 (six) months after delivering the service, unless a longer period is required. ZooControl s.r.o. is further entitled to process the service's operational data until the dispute is resolved to settle the claim or until the claim can be legally enforced.
Pursuant to Section 97 (3) of Act No. 127/2005 Coll., On Electronic Communications, ZooControl s.r.o. required to store, for a period of 6 (six) months, operational and location data that is generated or processed during the service by its publicly available electronic communications services. Upon request and upon fulfillment of the statutory conditions, we are obliged to pass these data on to law enforcement authorities.
5. Whom do we deliver the personal data to?
We carefully select the partners to whom we entrust your personal data and who are able to ensure the technical and organizational security of your personal data, so that unauthorized, accidental access or other misuse of the data does not occur. Company ZooControl s.r.o. transfers personal data to the following categories of recipients:
- those providing the technical background of the services or the technology operators we use;
- people who provide us IT security services;
- our business partners through which you purchase our products and services;
- payment gateway providers (payment card providers);
- bank houses to collect our payments;
- legal advisors to recover our claims;
- the people we provide data for statistical analysis, marketing research, and ad campaign management;
- advertising system operators in relation to targeted advertising;
- technical solution providers that allow us to show you only relevant content and advertising.
The processors are companies with registered offices in the Czech Republic, as well as registered offices in a European Union member state, or the so-called safe states. The transfer and processing of personal data in countries outside the European Union always takes place in accordance with applicable legislation.
We are also obliged to pass some of your personal data to public authorities. For example, we are obliged to provide traffic and location data to law enforcement authorities, the Police of the Czech Republic for the purpose of initiating searches for a specific wanted or missing person, ascertaining the identity of a person of unknown identity, preventing or detecting specific terrorist threats or screening a protected person. For the purposes and subject to the conditions specified by a special legal regulation, we are obliged to pass some of your personal data also to the Security Information Service, Military Intelligence or the Czech National Bank.
6. How do we ensure the security of your personal data?
We have taken all the technical and organizational measures necessary to ensure adequate protection of the personal data we process, taking into account the nature, extent, context and purposes of the processing, as well as the differently likely and differently serious risks to the rights and freedoms of individuals.
We apply a system of management and control procedures to prevent unauthorized or accidental access to, alteration, destruction or loss of data, unauthorized transmission, other unauthorized processing, and other misuse of data.
All persons, who come into contact with the personal data of customers or potential customers in the course of their work or contractual obligations, are bound by a legal or contractual obligation of confidentiality.
All internet communication through our website is secured by SSL technology with a high level of encryption.
However, please note that 100% security cannot be guaranteed for any data transmission via the internet or storage technologies.
7. What are my rights regarding processing of my personal data?
Regarding the processing of personal data, you have all the rights under the applicable legislation (since 25 May 2018 this is in especially the General Data Protection Regulation No. 2016/679, ie the GDPR). You have the following rights under this Regulation:
- the right to withdraw your consent with data processing at any time;
- the right to correct and add details to your data;
- the right to have your data deleted;
- the right to access your data;
- the right to restrict the processing;
- the right to raise an objection;
- the right not to be subject to a decision based solely on automated processing;
- the right to transferability.
7.1. The right to withdraw your consent
You have the right to withdraw your consent to the processing of personal data at any time. Withdrawal of consent is free of charge.
Withdrawal of consent does not change the fact that until the withdrawal of consent, the provided personal data were processed lawfully and in accordance with legal regulations. Withdrawal of consent does not affect the processing of personal data that we process on a legal basis other than consent (ie, if processing is necessary, for example, to fulfill a contract or fulfill a legal obligation, we will process your personal data further).
7.2. The right to correct and add details to your data
You can ask us to correct inaccurate data concerning you. You also have the right to provide us with additional personal information, if necessary.
Send us a request for correction or completion of personal data to email@example.com.
7.3. The right to have your data deleted
Our systems are designed to automatically delete or anonymize personal information we no longer need for the purpose for which it was processed.
However, if you believe that the deletion has not yet taken place, or that we are processing your personal data in an unauthorized manner, you can contact us to have your personal data deleted. However, we are not obliged to delete your personal information if we need it to identify, exercise or defend our legal claims, or if the processing of such data is imposed by law. There are more such exceptions and you can find them all in Article 17 (3) of the GDPR.
You can exercise the right of data deletion at firstname.lastname@example.org.
7.4. The right to access your data
Upon request, we will tell you whether we are processing any personal data concerning you. If so, we will tell you in particular the purpose of such processing, the category of personal data concerned, the category of recipients, or the planned storage period. Provided that the rights and freedoms of others are not affected, we will provide you with a copy of the processed personal data concerning you free of charge. However, we may charge a reasonable fee for additional copies covering our administrative costs with such act.
The right to confirm personal data processing and provide other information can be exercised at email@example.com.
Please note that in the case of exercising the right to access zour personal data, we may require you to prove your identity to us in an appropriate manner in order to verify your identity. This is a precautionary measure to prevent unauthorized persons to access your personal information.
7.5. The right to restrict the data processing
Upon your request we will restrict processing of your personal data, if:
- you believe that the data we process about you is inaccurate. We will then restrict such processing until we verify the accuracy of this personal data;
- processing is unlawful, but you refuse to delete personal data and instead ask for restrictions on their use;
- we will no longer need personal information for our purposes, but you will require it to identify, exercise or defend legal claims;
- for personal reasons (that is, for reasons specific to your particular situation), you object to processing based on our legitimate interest. We are then obliged to restrictsuch processing of personal data until it is verified that our legitimate interest outweighs your personal reasons (ie. reasons arising from your particular situation).
In the event of processing restrictions, we may only:
- save your data,
- further process with your consent,
- further process for the purpose of determining, enforcing or defending legal claims,
- process them for the protection of the rights of another natural or legal person or for important public interest of the EU or a EU member state.
You can exercise the right to restrict your data processing at firstname.lastname@example.org.
7.6 The right not to be subject to automated decision making
You have the right not to be a subject of a decision based solely on automated processing, if such a decision would have legal effects on you or otherwise affect you significantly.
ZooControl s.r.o. does not make any automated decision-making without attribution of human judgment, which could have legal or otherwise significant effects on the data subjects.
7.7 What does it mean I have the right to raise an objection?
If, in a particular case, the processing of personal data is necessary for the purposes of our legitimate interest (ie not processing based on your consent, filling up contract tc.), you may object to such processing for reasons specific to your particular situation. If we do not prove that our legitimate interest in a particular processing exceeds your interests or rights and freedoms, we will terminate such processing.
You may also object to the processing of your personal data for direct marketing purposes. In this case, we will no longer process your personal data for these purposes.
You can raise such objection at email@example.com.
7.8. The right to transferability
You have the right to transferability of your personal data. If processing is based on your consent or is necessary for the execution of the concluded contract and is carried out automatically, under Article 20 of the GDPR you have the right to obtain your personal data from us, related to you, in a structured, commonly used and machine readable format. However, the request cannot be granted if the exercise of this right could adversely affect the rights and freedoms of third parties.
You can exercise your transferability right on firstname.lastname@example.org.
7.9. The right to file a complaint
You have the right to file a complaint at The Office for Personal Data Protection www.uoou.cz.
8. Sending business messages
Commercial communication sent by as are marked by the abbreviation OS, which stands for “commercial communication” in Czech, or any other appropriate indication making it clear that such messages are a commercial communications within the meaning of applicable law. It is always clear from our commercial communications who the sender is.
We send business communications to our clients regarding similar products and services they have already purchased from us, based on our legitimate interest. We may send you commercial communications for the duration of the contract and for a period of 1 (one) year after the contract has been terminated. Each such message contains instructions how to unsubscribe from further messages.
We may send business communications even if you are not yet our customer, based on your consent. Alternatively, you can withdraw your consent at email@example.com.
9. Cookies declaration
Cookies are small text files stored on your computer or mobile device when you visit a website. They do not take up much space and are automatically deleted when they expire. Some cookies will expire after the end of the Internet session, while others will be stored for a certain period of time.
We use different types of cookies:
Necessary cookies help make the website usable by enabling basic features such as page navigation and access to authenticated sections of the website. The website cannot function properly without these cookies.
Preferential cookies allow the website to remember information that changes how the website behaves or looks like for you. For example, your preferred language or region where you live.
Statistical cookies help us understand how visitors use the website. They anonymously collect and communicate information.
Marketing cookies are used to track visitors to the website. The intent is to show ads that are relevant and interesting to an individual user, and therefore more valuable to third-party publishers and advertisers.
Unclassified cookies are cookies that we have in the process of classification together with the providers of individual cookies.
In accordance with applicable law, we may store cookies on your device if it is strictly necessary for the operation of the website. We need your permission for all other types of cookies.
In the footer of the website you will find a link for the current list of cookies used at www.gosms.eu and how long we will use them. There you can also set the range of cookies we use. You can also change your browser settings to remove or prevent cookies from being stored on your computer or mobile device without your explicit consent.
10. Social network icons on www.gosms.eu
By clicking (or tapping) at social network and platform icons placed on our webpage, you’ll be redirected to the respecitve netwroks, or their webpages. This works in the same manner as a normal internet link.
11. Privacy protection and children
Our services are not aimed at clients under 18 years of age. We do not intentionally collect personal information from persons under 18 years. Should the child's legal guardian learn that we are processing personal data of a person under the age of 18, he or she should contact us regarding this concern.
It is only possible to subscribe to a newsletter or any other business communication after your 16 years of age.
12. Where can I send my questions?
Should you have any questions, don’t hesitate to contact us.
You can contact our privacy protection expert at anytime at firstname.lastname@example.org, or send him a mail letter at ZooControl s.r.o., commissioner of personal data, Planá 67, 370 01 Planá, Czech republic.
Please note that in the case of exercising the right of access to personal data or other rights, we may require you to prove your identity to us in an appropriate manner ,in order to verify your identity. This is a precautionary measure to prevent unauthorized persons from accessing your personal information.
In order to keep records of compliance with our legal obligations, all communications with you are monitored and archived.
13. Change of privacy protection rules
The privacy protection rules stated above are in effect starting May 18, 2018. We are authorized to change the rules unilaterally. Should that happen, we are obliged to inform you about such change in advance.