Effective Date: May 27, 2024
HLS Logistics Solutions s.r.o. ("we", "us", "our", "HLS Logistics") is committed to protecting and respecting your privacy. This Privacy Policy explains how we process your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Czech Act No. 110/2019 Coll., on the Processing of Personal Data.
The data controller responsible for your personal data is HLS Logistics Solutions s.r.o., a company registered in the Czech Republic with its registered office at Braunerova 563/7, Libeň, 180 00 Praha 8, company identification number (IČO): 21649197, registered in the Commercial Register maintained by the C 404564 vedená u Městského soudu v Praze. You can contact us at contacts@hlslogistics.cz or by phone at +420 292 332 209. Our business hours are Monday to Friday from 9:00 AM to 8:00 PM, and Saturday to Sunday from 9:00 AM to 10:00 PM.
In the course of providing our logistics and fulfilment services, we process various categories of personal data depending on your relationship with us. For identification purposes, we collect your first and last name, email address, phone number, and both delivery and billing addresses. When dealing with business partners, we also process company registration numbers and VAT identification numbers. We maintain records of all orders and transactions, as well as any communication and correspondence we have with you. Additionally, our website automatically collects certain technical data including your IP address, information from cookies and similar tracking technologies, and data about how you use our website.
We process your personal data for several purposes, each with its own legal basis under GDPR. When you enter into a contract with us for our services, we process your data to fulfill that contract pursuant to Article 6(1)(b) of GDPR. This includes processing and fulfilling your orders, providing our logistics and fulfilment services, communicating with you about those services, and managing payments and invoicing.
We also process certain data based on our legitimate interests under Article 6(1)(f) of GDPR. These legitimate interests include improving the quality of our services, marketing our own services to existing customers, protecting our business against fraud and ensuring security, and analyzing how users interact with our website to make improvements. We have carefully balanced these interests against your rights and freedoms and have determined that processing is necessary and proportionate.
In some cases, we process your data based on your explicit consent under Article 6(1)(a) of GDPR. This applies when we send you commercial communications beyond what is necessary for our existing business relationship, when we use marketing cookies on our website, and when we send you newsletters and promotional materials. You have the right to withdraw this consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.
Finally, we process certain data to comply with legal obligations under Article 6(1)(c) of GDPR. This includes maintaining accounting records as required by Czech law, fulfilling our tax obligations, and archiving documents for the periods mandated by applicable legislation.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. For data processed for contract performance, we retain it for the duration of our contractual relationship plus an additional three years to handle any potential claims or disputes. Accounting and tax records are retained for ten years from the end of the relevant tax period, as required by Czech legislation. If you have given us consent for marketing purposes, we will retain your data until you withdraw that consent or until five years of inactivity, whichever comes first. Technical logs and website usage data are typically retained for twelve months.
Access to your personal data within our organization is limited to authorized employees who need the information to perform their duties. We have implemented strict access controls and confidentiality obligations to protect your data. Outside our organization, we may share your personal data with certain third parties who help us provide our services. These include shipping and logistics carriers who need your address information to deliver goods, payment processors who handle transactions on our behalf, IT service providers who maintain our hosting infrastructure and provide technical support, and our accounting and legal advisors who require certain information to provide their professional services. We may also be required to share your data with government authorities when legally obligated to do so.
In some cases, we may transfer your personal data to countries outside the European Economic Area. We only do this when adequate safeguards are in place to protect your data. These safeguards typically include Standard Contractual Clauses approved by the European Commission or transfers to countries that have received an adequacy decision from the European Commission confirming that they provide an adequate level of data protection.
Under GDPR and Czech data protection law, you have several important rights regarding your personal data. You have the right to access your data, which means you can request confirmation of whether we process your personal data and obtain a copy of that data along with information about how we use it. If you discover that any of your personal data we hold is inaccurate or incomplete, you have the right to request that we rectify or complete it without undue delay.
In certain circumstances, you have the right to request erasure of your personal data. This right applies when the data is no longer necessary for the purposes for which it was collected, when you withdraw consent on which processing is based and there is no other legal ground for processing, when you object to processing and there are no overriding legitimate grounds, when your data has been unlawfully processed, or when erasure is necessary to comply with a legal obligation. However, this right is not absolute and we may need to retain certain data to comply with legal obligations or to establish, exercise or defend legal claims.
You also have the right to restrict processing of your personal data in specific situations. This applies when you contest the accuracy of the data and we need time to verify it, when processing is unlawful but you do not want the data erased, when we no longer need the data but you need it for legal claims, or when you have objected to processing and we are verifying whether our legitimate grounds override your interests. Where processing is based on your consent or on a contract, and the processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit that data to another controller without hindrance from us.
You have the right to object to processing of your personal data at any time where we rely on legitimate interests as the legal basis for processing. We must stop processing unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defense of legal claims. You also have an absolute right to object to processing for direct marketing purposes, and we will stop such processing immediately upon receiving your objection.
Where we process your data based on consent, you have the right to withdraw that consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. If you believe that we have violated your rights or processed your data unlawfully, you have the right to lodge a complaint with the Czech Data Protection Authority, known as Úřad pro ochranu osobních údajů. Their office is located at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic. You can contact them by email at posta@uoou.cz or visit their website at www.uoou.cz for more information.
Our website uses cookies and similar tracking technologies to improve functionality and enhance your user experience. Cookies are small text files that are placed on your device when you visit our website. We use different types of cookies for different purposes. Essential cookies are strictly necessary for the website to function and cannot be switched off in our systems. These cookies do not store any personally identifiable information and are typically set in response to actions you take such as setting your privacy preferences, logging in, or filling in forms.
We also use analytics cookies to help us understand how visitors interact with our website by collecting and reporting information anonymously. These cookies help us improve our website by showing us which pages are most and least popular and how visitors move around the site. Marketing cookies may be set through our site by our advertising partners and are used to build a profile of your interests and show you relevant advertisements on other sites. These cookies require your consent before they can be placed on your device. You can manage your cookie preferences at any time through the cookie consent banner that appears when you first visit our website. For more detailed information about the specific cookies we use and how to manage them, please refer to our separate Cookie Policy.
We take the security of your personal data very seriously and have implemented appropriate technical and organizational measures to protect it against unauthorized or unlawful processing and against accidental loss, destruction or damage. Our security measures include encryption of data both in transit and at rest, strict access controls that ensure only authorized personnel can access your data, regular security assessments and audits to identify and address potential vulnerabilities, secure backup procedures to prevent data loss, and comprehensive staff training on data protection and security best practices. We also require all third parties who process personal data on our behalf to implement appropriate security measures and to process your data only as instructed by us and in compliance with applicable data protection laws.
In certain aspects of our operations, we use automated systems and artificial intelligence to make decisions or assist in decision-making processes. This includes our AI-backed address validation system which helps ensure accurate delivery information, automated fraud detection systems that protect both our business and our customers, and order processing optimization tools that improve efficiency and reduce errors. When we use automated decision-making that produces legal effects or similarly significantly affects you, you have the right to obtain human intervention, to express your point of view, and to contest the decision. We will always inform you when such automated decision-making is taking place and explain the logic involved, as well as the significance and envisaged consequences of such processing.
Our services are not directed to children under the age of sixteen. We do not knowingly collect or process personal data from children. If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to delete that information as quickly as possible. If you are a parent or guardian and you believe that your child has provided us with personal data, please contact us immediately so that we can take appropriate action.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will update the effective date at the top of this policy. The current version of the Privacy Policy will always be available on our website. If we make material changes that significantly affect your rights or how we process your data, we will provide you with more prominent notice, such as by sending you an email notification or displaying a prominent notice on our website. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data.
If you have any questions about this Privacy Policy, wish to exercise any of your rights, or have concerns about how we handle your personal data, please do not hesitate to contact us. You can reach us by email at contacts@hlslogistics.cz or by phone at +420 292 332 209. Our business hours are Monday to Friday from 9:00 AM to 8:00 PM, and Saturday to Sunday from 9:00 AM to 10:00 PM. We will respond to your inquiry as soon as possible and in any event within one month of receiving your request, although we may extend this period by a further two months where necessary, taking into account the complexity and number of requests.
Under current applicable law, we are not required to appoint a Data Protection Officer. However, we continuously monitor our processing activities and legal obligations, and should the appointment of a Data Protection Officer become necessary, we will update this Privacy Policy with their contact details. In the meantime, all data protection inquiries should be directed to the contact information provided in section twelve of this policy.
This Privacy Policy is governed by and complies with several key pieces of European and Czech legislation. The primary regulation is the General Data Protection Regulation, which is Regulation (EU) 2016/679 of the European Parliament and of the Council. This is supplemented by Czech Act No. 110/2019 Coll., on the Processing of Personal Data, which implements GDPR provisions into Czech law and provides additional national rules. We also comply with Act No. 480/2004 Coll., on Certain Information Society Services, which governs electronic communications and commercial practices, and the Civil Code, Act No. 89/2012 Coll., which governs contractual relationships and obligations. Our data processing activities are designed to comply with all applicable provisions of these laws and regulations.
Last updated: May 27, 2024. Version: 1.0