Railsformers s.r.o. is the owner of all rights and permissions to:
("Systems").
Railsformers s.r.o. processes the personal data of all users of the Systems who are natural persons ("data subjects"), regardless of whether or not such users use the Systems for their business ("data subjects"). Thus, all personal data is processed by Railsformers s.r.o. primarily for the purpose of providing the services of the Systems and purposes related thereto.
Railsformers s.r.o. ensures that the processing of personal data is lawful, fair, transparent, accurate, confidential and that personal data is processed only to the extent necessary.
Railsformers s.r.o. also makes sure that personal data is properly secured and that all the rules set out in the General Data Protection Regulation (hereinafter referred to as "GDPR") as well as other legal regulations in the field of personal data handling and protection are observed when processing personal data, and at the same time that all the rules from the perspective of cybersecurity are observed, both the general regulations and recommendations and the specific requirements of the users of the Systems arising from their obligations.
Further information on the scope and manner of processing of personal data is provided in other articles of this Policy.
Railsformers s.r.o. processes, in particular, identification and contact data of data subjects (name, surname, title, name, identification number, tax identification number, residence, registered office, telephone, e-mail) and other personal data that data subjects enter into the Systems. The scope of the data processed is always determined by the data controller.
In addition, Railsformers s.r.o. may in some cases also process personal data of a technical nature, such as cookies, IP address or other online identifiers, GPS location, etc. Further information regarding cookies can be found in this document below in the section on information about cookies.
In order to inform personal data subjects in a transparent manner, it is necessary to distinguish the specific situation of Railsformers s.r.o. in relation to personal data subjects. Namely, whether it is the position of a data controller or a data processor (or another data processor in the case of so-called chaining).
Identification data of Railsformers s.r.o., ID No.: 24704440, with registered office at Technologická 372/2, Pustkovec, 708 00 Ostrava Pustkovec, Czech Republic, a company registered in the Commercial Register maintained by the Regional Court in Ostrava, Section C, Insert 36254..
Representatives of Railsformers s.r.o. can be contacted in particular as follows:
On 1 May 2018, Railsformers s.r.o. appointed its Data Protection Officer (DPO), hereinafter referred to as "DPO". As of 1 August 2022, he is:
Name and surname of the Data Protection Officer Ing. Soňa Macíčková
Contact details of the Data Protection Officer e-mail: gdpr@railsformers.com
Railsformers s.r.o. may be in the following positions in terms of personal data protection, always in relation to the purpose and legal basis for processing personal data.
A detailed distinction of this position is given in the following chapters, the basic division of the position is therefore:
Railsformers s.r.o. processes personal data mainly for the purpose of providing the Systems services.
Railsformers s.r.o. provides the Systems on the basis of a license agreement. Thus, the processing of personal data for the purpose of providing the Services of the Systems is processing of personal data for the purpose of entering into a license agreement and the performance of the rights and obligations arising from the license agreement. This processing is a necessary condition for the provision of the Systems services, where the specific specification of the purpose of the processing is determined by the controller (the system subscriber). Without such processing, Railsformers s.r.o. would not be able to provide the Systems services to the users. In this case, Railsformers s.r.o. is in the position of a processor (or further processor - depending on the parameters of the specific license agreement).
The processing of personal data for the aforementioned purpose may be carried out by Railsformers s.r.o. without any consent of the data subjects. The legal basis for this processing is the processing necessary for the performance of a contract to which the data subject is a party, or for the adoption of measures taken before the conclusion of the contract at the request of the data subject (see Article 6(1)(b) GDPR).
A user account is a prerequisite for using the services of the Account System, Win Auction System, Redmine and unalan. Railsformers s.r.o. therefore assumes that every data subject who creates a user account is interested in using the services of the Systems at least temporarily. Even when using the services of the Systems free of charge or on a trial basis, a licence agreement is concluded.
General Terms and Conditions for the Systems:
In view of the above, Railsformers s.r.o. will also process personal data for the purpose of setting up and maintaining a user account.
The legal basis for this processing is the processing necessary for the performance of a contract to which the data subject is a party, or for the adoption of measures taken before the conclusion of the contract at the request of the data subject (see Article 6(1)(b) GDPR).
Railsformers s.r.o. also processes personal data for the purpose of fulfilling its legal obligations.
This includes legal obligations arising for Railsformers s.r.o. in particular from accounting and tax laws (e.g. VAT Act). In addition, Railsformers s.r.o. is obliged to be able to demonstrate that it processes personal data in accordance with generally binding legislation, in particular the GDPR. This purpose of processing personal data also falls under the legal obligations of Railsformers s.r.o.
The processing of personal data for the aforementioned purposes may also be carried out by Railsformers s.r.o. without any consent from the data subject. The legal basis for this processing is the fulfilment of a legal obligation to which Railsformers s.r.o. is subject as a data controller (see Article 6(1)(c) GDPR).
Railsformers s.r.o. is also entitled to process personal data for the following purposes:
The processing of personal data for any of the above purposes may also be carried out by Railsformers s.r.o. without any consent of the data subjects. The legal basis for this processing is the legitimate interest of Railsformers s.r.o. (see Article 6(1)(f) GDPR).
This processing is not possible unless the interests or fundamental rights and freedoms of the data subjects override the interests of Railsformers s.r.o., which require the protection of personal data.
The data subject may object to processing of personal data based on a legitimate interest of Railsformers s.r.o. at any time (see Article 21 of the GDPR).
Based on the consent to the processing of personal data, Railsformers s.r.o. is entitled to process personal data for any purpose specified in the respective consent. The legal basis for this processing is the data subjects' consent to the processing of personal data (see Article 6(1)(a) GDPR).
Consent to the processing of personal data is entirely voluntary. Any failure to give consent will have no adverse consequences for the data subject.
Each data subject has the right to withdraw consent to the processing of personal data at any time, in particular:
Withdrawal of consent does not affect the lawfulness of the processing of personal data in the period before the withdrawal of consent, on the basis of which the processing of personal data was carried out.
Processing of personal data for direct marketing purposes means processing of personal data for the purpose of sending commercial communications within the meaning of Act No. 480/2004 Coll., on certain information society services, as amended (hereinafter referred to as "Act No. 480/2004 Coll.").
Commercial communication means any form of communication, including advertising and encouragement to visit the website of the online shop, intended to directly or indirectly promote the goods or services or the image of Railsformers s.r.o. (hereinafter referred to as "Communication").
The ability to send commercial communications may be governed (limited) by a specific license agreement between Railsformers s.r.o. and the service provider using the System under that license agreement.
The processing of personal data for the purpose of sending the Communication may be carried out by Railsformers s.r.o. on the basis of the existence of a legitimate interest (see recital 47 of the GDPR). Also, the actual sending of the Communication may be carried out by Railsformers s.r.o. without consent (in accordance with Section 7(3) of Act No. 480/2004 Coll.), unless the data subject has initially refused it (e.g. by ticking the box "I do not wish to receive any emails from Railsformers").
Railsformers s.r.o. shall terminate the processing of personal data for direct marketing purposes without delay after the data subject has expressed his or her opposition to such processing. The objection may be made, for example, in one of the following ways:
Notwithstanding the foregoing, the Operator shall cease processing personal data for direct marketing purposes no later than 2 years after the last active use of the System or logging into a user account (whichever is later). With each active use of the System or login to the user account, the processing period is extended for another 2 years.
The recipient of personal data is anyone to whom Railsformers s.r.o. provides personal data in connection with the above-mentioned purposes of processing personal data.
Railsformers s.r.o. may provide personal data to recipients whose services are used primarily in the operation and maintenance of the System. These include, in particular, entities providing accounting, printing and mailing services, legal services, IT services, cloud services, messaging services or operators of payment gateways and systems, etc.
These recipients will process personal data either as independent controllers (i.e. as entities that determine the purposes and means of processing personal data themselves, independently of Railsformers s.r.o.) or as processors (i.e. as entities that process personal data for Railsformers s.r.o. on its instructions).
In addition, Railsformers s.r.o. will provide personal data to public authorities if it is or will be obliged to do so by generally binding legislation. However, public authorities in the exercise of their investigative powers are not considered recipients.
Among the specific other data processors and third parties to whom personal data is transferred, whose services are provided by Railsformers s.r.o. within the systems (or which are used directly by the subject when using the product of the systems), are in particular the following recipients of personal data:
Railsformers s.r.o. will process personal data only for the period necessary for the purpose of processing, but generally for a maximum of 2 years. The termination of one of the legal bases for processing personal data does not affect the processing of personal data (to the extent necessary) on the basis of another legal basis (and for the relevant purpose).
The duration of the processing of personal data may be governed by a specific licence agreement between Railsformers s.r.o. and the service provider using the System under that licence agreement.
Railsformers s.r.o. will process personal data for the purpose of providing the Services of the Systems (performance of the License Agreement) for at least the duration of the obligation under the License Agreement.
The User Account may be cancelled at any time at the same time as the termination of the use of the System services, based on a request for cancellation of the User Account sent to any of the contact addresses listed in Article 3 above (in particular, the e-mail addresses gdpr@railsformers.com and info@railsformers.com). In the event of termination of the use of the services in any of the System, Railsformers s.r.o. shall terminate the processing of the personal data entered in the user account no later than 2 years from the termination of the obligation under the license agreement (termination of the use of the System) or from the last login to the user account, if the data subject no longer uses the System.
If the data subject has never started to use the System services (e.g. has only set up a user account), Railsformers s.r.o. shall cancel the user account and cease processing the personal data entered into the user account immediately upon receipt and confirmation of an e-mail request sent to one of the contact addresses listed in Article 3 above, or at the latest within 2 years from the last login to the user account.
For the purpose of fulfilling legal obligations, Railsformers s.r.o. will process personal data for the duration of the relevant legal obligation set by generally binding legal regulations (e.g. tax documents containing personal data must be kept by Railsformers s.r.o. for 2 years).
For the purpose of direct marketing (sending of the Communication), Railsformers s.r.o. will process personal data until the time of expressing opposition to such processing, but no longer than for a period of 2 years from the last termination of the obligations under the license agreement (termination of use of the System) or logging into the customer account, if the data subject does not use the System.
For the purpose of customer registration, Railsformers s.r.o. will process personal data for a period of 2 years from the termination of the obligations under the license agreement (termination of use of the System) or login to the customer account, unless the data subject does not use the System.
For the purpose of analysing the use of the System by its users, Railsformers s.r.o. will process personal data for a period of 2 years from the last login of the user.
For the purpose of establishing, exercising or defending legal claims, Railsformers s.r.o. will process personal data for as long as the relevant legal claim exists, but for a maximum of 1 year after the expiry of the limitation period under generally binding legal regulations. In the event of the initiation and continuation of judicial, administrative or any other proceedings in which the rights or obligations arising from the relevant legal claim are addressed, the period of processing of personal data for this purpose shall not expire before the final conclusion of such proceedings.
For the purpose stated in the respective consent to the processing of personal data (if the data subject has given such consent to Railsformers s.r.o.), Railsformers s.r.o. will process the personal data until the consent is withdrawn, otherwise for a maximum of 2 years from the moment of giving consent to the processing of personal data.
Each data subject has, inter alia, the following rights:
We, the company Railsformers s.r.o., ID No.: 24704440, with its registered office at Technologická 372/2, 708 00 Ostrava Pustkovec, Czech Republic, registered in the Commercial Register kept by the Regional Court in Ostrava, Section C, Insert 36254, as the controller, processor or other processor (depending on the specific situation) of personal data, would like to inform you that for the purpose of:
we use small amounts of data that are stored on your end device ("cookies"). You can find out more about cookies, for example, by visiting the following sources of information:
Cookies are used by almost every website in the world, and are generally a useful service because they increase the user-friendliness of a website you visit repeatedly (they allow your computer to remember the pages you have visited and your preferred settings for each page).
Cookies are used to improve your user experience on the website by allowing the website to identify your browser, either for the duration of your visit (using session cookies) or for repeat visits (using persistent cookies). This is useful, for example, when displaying your shopping cart, browsing history, hiding commercial messages, logging in, etc.
Our website also uses cookies for behaviourally targeted advertising, which allows us to tailor advertising and ensure it is relevant to you, based on the areas you view on our website and the geographic location of your IP address. These cookies are placed by third party advertising networks with our consent.
We use the following cookies on our website:
The use of cookies can be set using your browser. Most internet browsers automatically accept cookies by default. However, you can refuse cookies by setting your internet browser. You can find more information on how to set this on the following pages:
At the same time, in accordance with the legislation in force, we allow you to approve the use of all cookies, or to select them (with the exception of necessary technical cookies) according to your preferences directly in the system.
However, technical cookies that are necessary for the functionality of our website will only be stored for the time necessary for the functioning of the website.
You can object to the processing of cookies under the terms of Article 21 GDPR. An objection can be sent to Railsformers s.r.o. or its Data Protection Officer via one of the contact addresses listed in Article 3 of this Policy. If you object to the processing of technical cookies, the full functionality and compatibility of our website cannot be guaranteed in this case.
The cookies that are collected for the purpose of measuring the traffic to our website and generating statistics concerning the website's traffic and the behaviour of visitors to the website are processed in a nearly anonymised form that, although it allows your identification, only with considerable and professional effort.
All cookies are stored for the period of time indicated below for each type of cookie.
The collected cookies may be processed by other processors:
In the context of the optional simplified registration or login to user systems, these processors may also (using the Single Sign-On system of the listed processors) create and handle additional cookies in accordance with their contractual terms available here:
In accordance with the GDPR, you have the following rights in terms of cookies - see Article 8 of this Privacy Policy - Data Subject Rights.
For other cookie arrangements, we follow our Privacy Policy set out in the previous sections of this document.
The list of cookies that may (but may not, depending on the functions of the System used by the personal data subject) be processed in the Systems are listed in the following subsections for each System.
You can change your settings for storing cookies at any time in the cookie settings in the footer or on the Systems' websites.
9.3.1 Cookies for the System https://railsformers.cz/
Necessary technical cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
cookie_consent_settings_set | 1 year | Custom | Cookies settings | - |
cookie_consent_performance | 1 year | Custom | Cookies settings | - |
cookie_consent_targeting | 1 year | Custom | Cookies settings | - |
Preference cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
_gat_* | Visit | Google Analytics | - | |
_ga | 2 years | Google Analytics | - | |
_gid | 1 day | Google Analytics | - | |
_ga_* | 2 years | Google Analytics | - |
Analytical cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
_fbp* | 1 day | Facebook Pixel | - | |
_gcl_au | 3 months | Google Ads | - |
Necessary technical cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
PHPSESSID | Session | Custom | Default site settings | - |
cc_cookie | 365 days | Custom | Saving cookie preferences | - |
Preference cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
- | - | - | - | - |
Analytical cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
_ga | 2 years | Google Analytics session marking | - |
Necessary technical cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
PHPSESSID | Session | Custom | Default site settings | - |
cc_cookie | 365 days | Custom | Saving cookie preferences | - |
Preference cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
- | - | - | - | - |
Analytical cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
_ga | 2 years | Google Analytics session marking | - | |
_gid | Session | Google Analytics session marking | - | |
_gat_gtag_UA_26590382_1 | Session | Google Analytics session marking | - |
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
_srecepty_new_session4 | Session | Custom | Session identification | - |
Necessary technical cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
- | - | - | - | - |
Preference cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
_ga | 2 years | Google Analytics | - | |
_gid | 1 day | Google Analytics | - | |
_gads | 1 hour | Google Ads | - | |
_gat_* | 1 day | Google Analytics | - | |
_gat_gtag_* | 1 hour | Google Analytics | - | |
_fbp | 3 months | alytics, Facebook pixel identification | - |
Analytical cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
PHPSESSID | Session | Custom | Default site settings | - |
cc_cookie | 365 days | Custom | Saving cookie preferences | - |
Necessary technical cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
PHPSESSID | Session | Custom | Default site settings | - |
cc_cookie | 365 days | Custom | Saving cookie preferences | - |
Preference cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
- | - | - | - | - |
Analytical cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
_ga | 2 years | Custom | Google Analytics session marking | - |
_gid | Session | Custom | Google Analytics session marking | - |
_gat_gtag_UA_26590382_1 | Session | Custom | Google Analytics session marking | - |
Necessary technical cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
cc_cookie | 365 days | Custom | Saving cookie preferences | - |
_cms_session | 365 days | Custom | Unique session identifier | encrypted |
Preference cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
- | - | - | - | - |
Analytical cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
viewed_posts | Session | Custom | Number of articles viewed | - |
_gat_UA-7407797-3 | Session | Custom | Google Analytics session marking | - |
_ga | 2 years | Custom | Google Analytics session marking | - |
_gads | 365 days | Custom | Google Analytics session marking | - |
_gid | Session | Custom | Google Analytics session marking | - |
Necessary technical cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
cc_cookie | 365 days | Custom | Saving cookie preferences | - |
_cms_session | 365 days | Custom | Unique session identifier | encrypted |
Preference cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
- | - | - | - | - |
Analytical cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
viewed_posts | Session | Custom | Number of articles viewed | - |
_gat_UA-7407797-3 | Session | Custom | Google Analytics session marking | - |
_ga | 2 years | Custom | Google Analytics session marking | - |
_gads | 365 days | Custom | Google Analytics session marking | - |
_gid | Session | Custom | Google Analytics session marking | - |
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
cc_cookie | 365 days | Custom | Saving cookie preferences | - |
_cms_session | 365 days | Custom | Unique session identifier | - |
Preference cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
- | - | - | - | - |
Analytical cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
viewed_posts | Session | Custom | Number of articles viewed | - |
_gat_UA-7407797-3 | Session | Custom | Google Analytics session marking | - |
_ga | 2 years | Custom | Google Analytics session marking | - |
_gads | 365 days | Custom | Google Analytics session marking | - |
_gid | Session | Custom | Google Analytics session marking | - |
Necessary technical cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
_Secure-next-auth.callback-url | Session | Custom | Callback URL for login | secure, httponly |
__Secure-next-auth.session-token | 1 day | Custom | Unique session identifier | secure, httponly, encrypted |
__Host-next-auth.csrf-token | Session | Custom | CSRF Protection Key | secure, httponly |
cc_cookie | 365 days | Custom | Save cookie consent preferences | - |
Preference cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
- | - | - | - | - |
Analytical cookies
Name | Expiry | Who has access to the information (us or another processor) |
Description | Security |
---|---|---|---|---|
- | - | - | - | - |
Railsformers s.r.o. also consults representatives of the professional public on aspects of personal data protection. Subsequently, Railsformers s.r.o. implements processes and procedures to improve organisational and technical measures to ensure adequate protection of personal data. The representatives of the professional public are highly professional data protection bodies:
You can read more about the cooperation, for example, here:
https://digitalnisvobody.cz/blog/2021/10/18/registrace-k-ockovani-nove-bez-googlu/
In case of questions regarding the processing of personal data or in case of exercising the rights of the data subject referred to in Article 8 of this Policy, Railsformers s.r.o. or its Data Protection Officer may be contacted via one of the contact addresses listed in Article 3 of this Policy.
General information on the processing of personal data can also be found on the website of the Data Protection Authority available at www.uoou.cz.
This Policy shall take effect on 31 March 2022.