1. Home
  2. /
  3. Privacy policy

We play fair

Personal data protection


We are aware that everyone has the right to privacy and protection of personal data. We respect and preserve these rights to the maximum extent possible. We will protect and process only the information that has been and will be provided to us in accordance with applicable law. All personal data is the property of HAST GROUP s.r.o. and will not be misused.

  • Basic provisions

The controller of the personal data pursuant to Article 4, point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter: “GDPR”) is the company HAST GROUP s.r.o., company ID 27835731, with registered office at Kopt’ovo 503, 739 34 Václavovice (hereinafter: “Controller”).

The contact details of the Administrator are as follows:

Address: Novoveská 2064/5E, Ostrava – Mariánské Hory

E-mail: info@hastgroup.cz

Personal data is any information on the basis of which it is possible to directly or indirectly identify a specific individual.

The controller applies this policy to all persons who visit the company’s website, specifically www.hastgroup.cz, and to all customers, external collaborators and business partners of HAST GROUP s.r.o.

The controller has not appointed a data protection officer as it has no legal basis to do so.

  • Sources and categories of personal data processed

The controller does not accept your personal data from “third parties” as a matter of principle.

The Controller processes personal data that you have provided to it in written, telephone or other commercial communications or personal data that the Controller has obtained as a result of processing your order or creating your customer account. This includes in particular the following personal data:

the name and surname or the name of the legal entity on whose behalf you are acting:

email address

postal and billing address

telephone number

payment details

The controller processes your identification, contact and contact details necessary to answer your business enquiries and requests, to create business offers or to create and fulfil orders or business contracts. It also processes the data necessary to protect the rights of the controller, in particular its right to payment for services provided.

Some personal data may also come from publicly available sources (commercial register, debtors’ register, etc.).

The controller uses cookies to ensure the full functionality of the corporate website referred to in Article I and for statistical and marketing purposes. We consider such processing of personal data to be in our legitimate interest. You can restrict or block their use in your browser settings.


  • III. Legal basis and purpose of the processing of personal data

  • The legal basis for the processing of personal data is:

the performance of a contract between you and the controller pursuant to Article 6(1)(b) GDPR

the fulfilment of a legal obligation of the controller pursuant to Article 6(1)(c) GDPR.

the legitimate interest of the controller in providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(f) GDPR where a product or service has been ordered

Your consent to processing for the purpose of maintaining a customer account on our e-shop.

The purpose of the processing of personal data is:

processing your business enquiry, your request, your order and exercising the rights and obligations arising from the contractual relationship between you and the controller; maintaining your customer account; when placing an order, personal data is required that is necessary for the successful execution of the order (name and address, contact), the provision of personal data is a necessary requirement for the conclusion and performance of the contract, the controller may, if necessary, transmit the necessary personal data to carriers and couriers who may arrange delivery of the shipment, or to workers who arrange construction work

the fulfilment of legal obligations towards the government

sending commercial communications and carrying out other marketing activities

There is no automatic individual decision-making by the controller within the meaning of Article 22 of the GDPR.

  • IV. Data retention period

The controller retains personal data:

For the period necessary for the exercise of the rights and obligations arising from the contractual relationship between you and the controller and for the exercise of claims arising from this contractual relationship (for 20 years from the end of the contractual relationship).

for as long as the controller is obliged to retain personal data under applicable law

for as long as you withdraw your consent to the processing of personal data for marketing purposes or for a maximum of 3 years if the personal data is processed on the basis of a valid consent to processing.

After the expiry of the retention period, the controller will delete the personal data.

  1. Recipients of personal data / subcontractors of the controller

The recipients of the necessary personal data are

Authorised employees whose job description is to respond to business enquiries, process requests and orders, prepare commercial offers

  1. persons involved in: delivery of goods, provision of works related to the ongoing implementation, making payments according to the contract, control of contract performance persons involved in ensuring the operation of the website.

The controller does not intend to transfer personal data to a third country (non-EU country) or to international organisations.

  • Your rights

Under the terms of the GDPR, you have:

You have the right to access your personal data in accordance with Article 15 of the GDPR,

The right to rectification of your personal data in accordance with Article 16 of the GDPR or to restriction of processing in accordance with Article 18 of the GDPR,

the right to erasure of your personal data in accordance with Article 17 of the GDPR,

the right to object to processing under Article 21 of the GDPR,

the right to data portability under Article 20 GDPR,

the right to withdraw consent to the processing of personal data, in writing or electronically to the address or email of the controller set out in Article I of this Policy.

You have the right to request a copy of the personal data we hold about you. If you ask us for copies of your personal data repeatedly, we may charge a reasonable fee. If you choose to exercise any of the above rights, please send us a clear description of your request, including the relevant personal data, and include your name or the name of the legal entity you represent. We may request additional information from you to protect your personal information from unauthorised access.

If you have any concerns about how we process your personal data or if you wish to make a complaint about how we have processed your personal data, you can contact us at info@hastgroup.cz. If you are not satisfied with our response or believe that we are processing your personal data in breach of the law, you have the right to lodge a complaint with the Data Protection Authority (https://www.uoou.cz).

  • VII. Personal data security conditions

The controller declares that it has taken all appropriate technical and organisational measures to safeguard personal data.

The controller has taken technical measures to secure the storage of the data. All devices are protected by a secure password, use anti-virus software and can only be accessed by authorised persons. Personal data is consistently backed up. Storage of personal data in paper form is secure. They are located in offices that are locked after hours. The Controller declares that only persons authorised by him who need access to personal data for the performance of their work have access to personal data.

  • VIII. Final provisions

All legal relations arising in connection with the processing of personal data shall be governed by the laws of the Czech Republic, regardless of where the personal data were accessed. The courts of the Czech Republic shall have jurisdiction to settle disputes arising in connection with the protection of privacy between the data subject and the controller.

By submitting an enquiry or business inquiry, you confirm that you have read this Privacy Policy and that you accept it in full.


The Controller is entitled to change this policy. The Controller will post the new version of the Privacy Policy on its website or send you a new version of this Policy to the email address you provided to the Controller as part of the business contact.