AV-SECURED Solutions

Where Aviation Expertise Meets Innovation

Personal Data Processing Rules

Personal Data Processing Rules

The processing of personal data is primarily governed by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”). These personal data processing rules apply to the website “avsecured.com”.

I.
BASIC PROVISIONS

  1. The controller of personal data pursuant to Article 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: “GDPR”) is AV-SECURED Solutions, s.r.o., Aviatická 1092/8, 161 00 Prague 6, Identification Number: 21668132, Data Box: hwhph3x, File Number: C 404807/MSPH Municipal Court in Prague (hereinafter: “Controller”).
  2. The contact details of the Controller are:
    1. Address: Aviatická 1092/8, 161 00 Praha 6, Czech Republic
    2. Email: info@avsecured.com
    3. Phone: (+420) 732 370 277
  3. Personal data means any information about an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  4. The Controller has not appointed a Data Protection Officer.
  5. Consent for marketing is obtained in several specific situations, such as:
    1. Pop-up for discount and/or email address collection: When a visitor to our website fills in their name and/or email in a pop-up window (e.g., offering a discount on the first purchase), we use this data to send or continue sending email(s). At this point, the visitor is informed that by submitting the form, they agree to receive further marketing communications and the processing of personal data according to these rules.
    2. Registration or order: During the registration process or when placing an order, the visitor/customer is informed that by submitting the form/order, they consent to the processing of personal data according to these rules.
    3. Contact forms: If a visitor provides their data through contact forms, this data will be used solely for processing the query or request and not for marketing purposes unless explicit consent is given.

This process is in accordance with Article 6(1)(a) of Regulation (EU) 2016/679 (GDPR) and Section 7(2) of Act No. 480/2004 Coll., on Certain Information Society Services. To ensure that your consent is freely given, we provide clear information about the purpose and methods of processing your data directly at the point where this consent is required. Your personal data will be used only for sending personalized marketing communications that match your interests and purchase history. Consent can be withdrawn at any time using the unsubscribe link included in each marketing email or by contacting the Controller at the provided address.

II.
SOURCES AND CATEGORIES OF PROCESSED PERSONAL DATA

  1. The Controller processes personal data that you have provided or personal data that the Controller has obtained based on the fulfillment of your order.
  2. The Controller processes your identification and contact details and data necessary for the performance of the contract.
  3. Identification data includes information that allows the unambiguous identification of an individual. This data is used for the conclusion and execution of the contract as well as for the proper processing of orders and compliance with legal obligations. Identification data includes:
    1. Name and surname,
    2. Business name of the company,
    3. Billing address,
    4. Identification number (IČO),
    5. Tax identification number (DIČ),
    6. Data about purchased products (as part of orders).
  4. Contact details are information that allows communication between the Controller and the individual. This data is used for communication regarding orders, providing information about products and services, as well as for marketing purposes if consent has been given. Contact details include:
    1. Email address,
    2. Phone number,
    3. Delivery address (if different from the billing address).
  5. Financial data includes information needed to process payments and financial transactions between the customer and our company. This data allows not only the execution of payments but also the management of accounting records and compliance with legal and tax regulations. Financial data includes:
    1. Bank account number,
    2. Bank name,
    3. Date and amount of the transaction.
  6. Network identifiers include technical data collected during the user’s interaction with our website avsecured.com. This includes:
    1. IP address,
    2. Cookie identifiers,
    3. Information about the user’s device (device type, operating system).
  7. Behavioral data on the website provides information about how customers interact with our website. This tracking allows us to optimize the user experience and target marketing communications. Behavioral data on the website includes:
    1. Visited pages,
    2. Duration of visits to individual pages,
    3. Interactions on the website.
  8. Order data includes information directly associated with transactions and customers’ purchasing behavior. This data is necessary for order management and inventory control as well as for the personalization of marketing campaigns. Order data includes:
    1. Details of purchased products,
    2. Product prices,
    3. Product categories,
    4. Date and time of order placement,
    5. Information about abandoned carts.
  9. On our website, we use a number of external tools and services that help us improve the user experience and the efficiency of our marketing campaigns. These tools include, for example:
    1. Google Analytics 4 and Google Tag Manager for collecting statistics about the use of our website and the effectiveness of ads.
    2. Facebook Pixel, Glami Pixel, and Biano Pixel for tracking conversions from ad campaigns and optimizing advertising activities.
    3. Microsoft Clarity for analyzing user interactions on our website.

These tools collect various data, including, but not limited to, IP addresses, cookie identifiers, and interactions with the website. The collection of this data is in accordance with our privacy rules and data protection laws and is based on your explicit consent, which you can withdraw at any time. Users have the option to manage their consents to the use of cookies and tracking technologies through the “Modify cookie settings” option located in the website footer or directly in their web browser. More about Cookies.

III.
LEGAL BASIS AND PURPOSE OF PROCESSING PERSONAL DATA

  1. The legal basis for processing personal data is:
    1. The performance of the contract between you and the Controller pursuant to Article 6(1)(b) GDPR,
    2. The legitimate interest of the Controller in providing direct marketing (especially for sending commercial communications and newsletters) pursuant to Article 6(1)(f) GDPR,
    3. Your consent to processing for the purpose of providing direct marketing (especially for sending commercial communications and newsletters) pursuant to Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on Certain Information Society Services, if no goods or services have been ordered.
  2. The purpose of processing personal data is:
    1. Processing your order and performing rights and obligations arising from the contractual relationship between you and the Controller; when ordering, personal data required for successful processing of the order (name and address, contact) are requested, providing personal data is a necessary requirement for the conclusion and performance of the contract, without providing personal data, it is not possible to conclude the contract or fulfill it by the Controller,
    2. Complying with legal obligations towards the state,
    3. Sending commercial communications and conducting other marketing activities.
  3. Consent to processing for marketing purposes (especially for sending commercial communications and newsletters) is required only if no goods or services have been ordered. If you have ordered goods or services from us, we may process your personal data for marketing purposes without your explicit consent, based on legitimate interest.
  4. The Controller engages in automated individual decision-making in the sense of Article 22 GDPR. This process includes, for example, the following types of decisions made without human intervention:
    1. Segmentation and personalization of newsletters: Our systems automatically analyze your previous purchases, interactions with email campaigns, and overall activity on the website to provide you with personalized content. This analysis may include how much you have spent with us, when you last placed an order, or when you last opened our email campaign, etc.
    You have given your explicit consent to such processing. You have the right to object to any decision based solely on automated processing, which has legal effects or significantly affects your interests. To do so, you can exercise your rights under the GDPR at any time, including the right to access information about the processing of your personal data and the right to request human intervention by the Controller to express your opinion and revoke consent.

IV.
DATA RETENTION PERIOD

  1. The Controller retains personal data:
    1. Necessary for the performance of the contract (e.g., name, company name, billing address, contact details, order details): This category of data is retained for the duration of the contractual relationship and subsequently for 10 years after the termination of the contractual relationship. This retention period is set based on general statutory limitation periods for claims (according to the Civil Code), which may arise from contractual relationships. This way, we ensure that we can protect our legal claims and respond to possible legal requests or inquiries.
    2. Used for marketing purposes (e.g., email and name for sending newsletters): This data is retained for the duration of the consent to processing, but no longer than 10 years. This time limit reflects our need to respond to customer preferences while allowing us to maintain effective marketing communication with those who have shown interest in our services and products. Withdrawal of consent can be done at any time, which not only stops processing immediately but also means that after the expiration of the specified period, the data will be permanently deleted.
    3. For automated decision-making (e.g., profiling for marketing, loyalty systems, etc.): This data is retained only for the time necessary for the given marketing cycle, usually not longer than 1 year, which is sufficient time to evaluate the effectiveness of campaigns and adjust further marketing activities. After this period, the data is anonymized or deleted if no longer needed for specified purposes.
    Each of these retention periods is set with regard to legal requirements, legitimate interests, and the protection of the rights of both our customers and our company. These practices are regularly reviewed and updated to comply with the latest legal standards and best practices in data protection.
  2. After the expiry of the retention period, the Controller deletes or anonymizes personal data.

V.
RECIPIENTS OF PERSONAL DATA (CONTROLLER’S SUBCONTRACTORS)

  1. The recipients of personal data are individuals:
    1. Involved in the delivery of goods/services/processing payments based on the contract (carriers, payment gateways),
    2. Providing services for the operation of the website and other services related to the operation of the website,
    3. Providing marketing services. 
  2. The Controller intends to transfer personal data to a third country (outside the EU) or an international organization. Recipients of personal data in third countries are primarily providers of analytical services.

VI.
PROCESSORS OF PERSONAL DATA

  1. The processing of personal data is carried out by the Controller, but personal data may also be processed for the Controller by:
    1. Seznam.cz, a.s., IČO: 26168685, provider of the Email Profi service (data about customers, their communication, and documents),
    2. WEDOS Internet, a.s., IČO: 28115708, provider of hosting services (data about customers),
    3. Microsoft Corporation, provider of cloud services (data about customers and documents),
    4. Google LLC, provider of cloud services (data about customers and documents),
    5. Apple Inc., provider of cloud services (data about customers and documents),
    6. STORMWARE s.r.o., IČO: 25313142, provider of economic and accounting software services (data about customers and documents),
    7. iPodnik Cloud s.r.o., IČO: 29004349, provider of cloud services (data about customers and documents),
    8. or other providers of processing software, services, and applications that the Controller does not currently use.

VII.
YOUR RIGHTS

  1. Under the conditions set out in the GDPR, you have:
    1. The right to access your personal data under Article 15 GDPR (you have the right to request a copy of the personal data we hold about you; you can also request information on how your data is processed),
    2. The right to rectify personal data under Article 16 GDPR (you have the right to request the correction or adjustment of your personal data if they are incomplete or inaccurate),
    3. The right to restrict processing under Article 18 GDPR (you can request the restriction of processing your personal data in certain situations),
    4. The right to erase personal data under Article 17 GDPR (you can request the deletion of your personal data if there is no reason for further processing),
    5. The right to object to processing under Article 21 GDPR (you can object to the processing of your personal data for reasons relating to your particular situation),
    6. The right to data portability under Article 20 GDPR (you have the right to obtain personal data you have provided to us in a structured, commonly used, and machine-readable format, and transfer these data to another controller),
    7. The right to withdraw consent to processing in writing or electronically to the address or email of the Controller specified in Article III of these terms.
  2. Furthermore, you have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated, or to contact the court.
  3. Your rights may be limited if it is necessary and justified in the interest of complying with legal obligations, protecting national security, defense, and public safety. In such cases, you will be provided with reasons for any restriction of the exercise of your rights.
  4. To exercise these rights, you can contact us by email (at info@avsecured.com), by phone (at (+420) 732 370 277), or in writing (at AV-SECURED Solutions, s.r.o., Aviatická 1092/8, 16100 Prague 6, Czech Republic). Upon receiving your request, we will proceed in accordance with the GDPR and other relevant legal regulations; we have a 30-day period to respond. We may require additional information to verify your identity to prevent unauthorized disclosure of data.

VIII.
PERSONAL DATA SECURITY CONDITIONS

  1. The Controller declares that the following technical and organizational measures have been taken to secure personal data:
    1. Security software and passwords: We use high-quality antivirus software and cryptographically strong passwords for all our systems and devices.
    2. Multi-factor authentication (MFA): All our systems, where technically possible, are secured with multi-factor authentication, which enhances protection against unauthorized access.
    3. Regular backups and encryption: Data is regularly backed up and encrypted, both in our own environment and in the environment of our subcontractors. Encryption is used not only for stored data but also for data transferred between our systems and servers, ensuring that our clients’ personal data is protected against unauthorized access and misuse.
    4. Physical security: We ensure that all premises where personal data are processed are protected by security locks, detection systems (movement, opening, smoke, water), and camera systems.
    5. Securing printed documents: All printed documents containing personal data are stored in locked and secure premises.
  2. These measures are regularly reviewed and updated to comply with the latest security standards and technologies. We strive to ensure that all entities involved in the processing of personal data adhere to the same high standards of data protection.
  3. The Controller declares that only authorized persons have access to personal data.

IX.
FINAL PROVISIONS

  1. By submitting any forms on the website (contact form, etc.) with these terms, you agree to them. By submitting, you confirm that you are familiar with the terms of personal data protection and that you accept them in their entirety.
  2. The Controller reserves the right to change these personal data protection rules at any time. In the event of any changes, we will publish the new version of these rules on our website. At the same time, we will send you the new version of the rules in PDF format by email (this is not marketing communication). If you do not agree with the updated rules, you have the following options:
    1. Withdrawal of consent: You can withdraw your consent to the processing of your personal data at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Withdrawal of consent can be done in writing or electronically to the address or email of the Controller specified in Article III of these terms.
    2. Exercise other GDPR rights: You also have the right to exercise all rights under the GDPR, including the right to access data, rectification, erasure (“right to be forgotten”), restriction of processing, and the right to data portability. You also have the right to object to the processing of your personal data.
    3. Account deactivation: If you do not agree with the new terms and do not want your data to be further processed, you can request the deactivation of your account. Your personal data will be deleted or anonymized, except for data that we are required to retain by law.
    4. Lodging a complaint: If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Office for Personal Data Protection or to contact the relevant court.

Changes to the rules take effect on the date they are published on our website unless otherwise stated. We recommend that you regularly review the rules to stay informed of any updates.

These Rules come into effect on June 1, 2024.

Scroll to top