With respect to the Regulation (EU) No. 2016/679 of the European Parliament and of the Council (GDPR – General Data Protection Regulation), we have published a Declaration on Personal Data Protection, in which we would like to inform all Users of our Electronic system at http://aostrading.cz/en/ about the way their personal data are handled.
On behalf of Petr Tmej, Provider of the Electronic system at http://aostrading.cz/en/, please allow us to welcome you at our website. We appreciate your interest in our Services and information from the world of algorithmic trading, which we provide for you at our Electronic system either publically or by means of your User account. Protection of your personal data is very important for us, and therefore we would like you to feel safe while visiting our Electronic system. The following text therefore includes information which we collect during your visit and the purpose for which we use it further on.
- The scope of application of the following declaration
1.1 This Declaration on Personal Data Protection only regards the Electronic system at http://aostrading.cz/en/, owned by Petr Tmej, Petr Tmej with a registered office at Barvitiova 934/4, Prague 5, 158 00, ID No.: 03557065, VAT ID No.: CZ8412035555, incorporated in the Trades Register administered by the Municipal Office for Prague 3, No. UMCP3104565/2014, who acts within his commercial or other business activities (hereinafter referred to as “Provider”). This Declaration does not apply to any eventual existing links to external companies.
2. What is Personal Data
2.1 Personal data means all information about an identified or identifiable natural person: an identifiable natural person is a natural person that may be identified directly or indirectly, especially by way of referencing to a specific identifier, e.g. the name, identification number, localization details, network identifier, or to one or more special elements of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person. Information not directly associated with your real identity – such as the preferred websites or the number of website users – do not represent personal data.
3. Collection and processing of personal data
3.1 The Provider is an administrator of users’ personal data according to Section 4, Part 7) of the Regulation (EU) No. 2016/679 of the European Parliament and of the Council on the protection of natural persons in association with processing personal data and on free movement of such data, and on cancelling the Guideline No. 95/46/EC (general regulation on personal data protection) (hereinafter referred to as “GDPR”). The Provider hereby pledges to process personal data in accordance with legal regulations, esp. GDPR.
3.2 By means of user registration or sending an order from the internet order form for the delivery of services from the Electronic system at http://aostrading.cz/en/, the User confirms having read the Provider’s Declaration on personal data protection and expressing his consent with the wording thereof, accepting it fully.
3.3 When placing the order, personal data necessary for a successful realization of order are required (name and address, contact details). The purpose of personal data processing is to enable continuing deliveries of business communications and to carry out further marketing activities. The statutory reason substantiating the personal data processing is to perform the contract pursuant to Section 6, Subsection 1, Letter g) of GDPR, to meet a legal obligation of the administrator pursuant to Section 6, Subsection 1, Letter c) of GDPR, and the rightful interest of the Provider pursuant to Section 6, Subsection 1, Letter f) of GDPR. The Provider’s rightful interest is in processing personal data for the purposes of direct marketing.
3.4 When visiting the Electronic system at http://aostrading.cz/en/, our web servers will be set at the initial setting, and the connection data of the inquiring facility will be stored temporarily in order to safeguard the system, specifically:
- Visited websites,
- Date and time of your visit,
- Information on the browser type
- Information on the operating system,
- Web sites from which you paid us the visit.
3.5 Data, such as your name, address, telephone number or e-mail address, are not collected, unless you provide them freely, e.g. for the purposes of registration to FREE EBOOK, enquiries, handling contracts or orders, for sending out our newsletter, special offers, discounts or requests for information.
3.6 The period of storing data depends on their purpose. Data regarding contracts and orders are only stored for the period necessary for the contract performance (we will inform you in detail upon entering into the contract), or if such obligation is imposed on us by law. The data collected and processed based on your consent will only be stored for the period of your consent.
3.7 The Provider makes use of the services of sub-suppliers, especially the webdesign provider http://www.tokaworks.cz/, marketing services http://www.ptagroup.sk/cs/, (personal data are stored in two countries) and webhosting provider https://hosting.wedos.com/cs/, provider of invoicing services: https://www.fakturyonline.eu and a provider of mailing services: https://mailchimp.com/. The sub-suppliers are audited with respect to the safe processing of personal data. The Provider and the sub-suppliers entered into an agreement on personal data processing, according to which the sub-supplier is responsible for the due securing of physical, hardware and software perimeter, therefore bearing direct responsibility towards the User for any leak or violation of personal data.
3.8 The processor stores personal data of the Provider for the period necessary to perform the rights and obligations ensuing from the contractual relationship between the Provider and the Processor and the application of claims from these contractual relationships (for the period of 10 years after the termination of contractual relationship). The data will be erased upon the termination of this relationship.
3.9 The data will not be handed over or sold to any third party, unless it is necessary to meet the contractual relationships or unless explicitly approved by your declaration on providing consent. Any time we hand your personal data over to a third person, we hereby pledge to inform you immediately about this fact and about the recipients of your personal data.
4. Information from the Provider
4.1 The Provider would like to contact you within the framework of promotions at http://aostrading.cz/en/ and inform you about news regarding its Services. When you register in our Electronic system, we will therefore ask you for the permission to send direct marketing communication to you, i.e. the newsletters, information on our special offers and discounts.
4.2 Information on important changes in connection with your existing order or contract as the User of the Provider’s Services (e.g. a confirmation of received payment, updating VIDEOS made accessible within the framework of SPK, IPK or On-line courses, etc.) does not depend on this agreement at all.
5. Using cookies
5.1 Cookie is a small file stored by the website on the User’s hard disk, not used to get access to personal data of Users (the acquired information may, for example, include the IP address of the connecting computer or the browser type), but rather to distinguish between the individual Users accessing the Provider’s Electronic systems.
- Maintaining the user relation; such cookies are necessary to allow the Provider to distinguish the individual Users when imaging the website, and thus to display data relevant only for the User;
- The basic set up of Electronic systems, also for non-registered Users, influencing the display of websites according to the User’s choice (e.g. when the User bans the display of a certain graphic feature, these cookies allow to respect such User choice) or taking into account the frequency or sequence of browsing the website (e.g. there may be information displayed during the first visit that will not be displayed during future visits).
5.3 The Electronic systems may also include cookies of third parties, which are used by the Provider to acquire anonymous statistics regarding the visitor rate and typical behavior of Users on the individual sites. These third parties usually do not store any personal data in connection with using the cookies, as they usually do not know the identity of the User (provided the User is concurrently not a registered user of products of such third party, e.g. Google). The following cookies are concerned:
- Google Analytics – The Provider uses this service in order to acquire statistical information, whereas Google may also retain the acquired data for its own needs, in accordance with the Principles of privacy protection available at http://www.google.com/intl/cs/policies/privacy;
- Conversion codes Sklik – For the purposes of measuring the effectiveness of advertisements on the Provider’s site;
- Conversion codes Facebook – For the purposes of measuring the effectiveness of advertisements on the Provider’s site;
- Google AdWords – The Provider may use the services or re-marketing, i.e. even a non-registered user visiting the Provider’s sites is identified by means of the cookies within the framework of the advertisement network of Google, and therefore an advertisement for the Provider’s services may be displayed repetitively. For more information on the advertisements in Google, please visit http://www.google.com/intl/cs/policies/technologies/ads/; the users have a chance to influence the displaying of advertisements within the framework of the Google advertisement network via http://www.google.com/ads/preferences/?hl=cs.
- The Provider hereby reserves the right to use more cookies of third parties, which are not included in the above list.
5.4 Our offers may be without cookies as well. You may ban the storing of cookie files in the browser, limit the storing to selected websites only, or set the browser to inform you about sending a cookie file. You may also delete cookie files from your computer. However, we have to inform you that in such a case, you must anticipate a limited presentation of the site and limited user instructions.
6. Using pixel tags
6.1 The Electronic system at http://www.aostrading.cz may also use the so-called pixel tags, web beacons, transparent GIFs or other techniques (hereinafter referred to as pixel tags) for the measurement and statistical increase in the utilization rate and response of the Electronic system. Pixel tags allow us to count Users who visit certain sub-sites of the Electronic system, to offer our Services, and they help us to determine and optimize the user-friendliness of our Electronic system.
7. Google Remarketing
7.1 This Electronic system uses a remarketing technique by Google Inc. (“Google”). The purpose of this function is to show the visitors and Users of the Electronic system the special interest oriented advertisements within the Google advertisement network. The User’s browser stores the so-called “cookie files”, small text files, in the computer. The purpose of these cookie files is to recognize the User when browsing the Electronic system, which forms a part of the Google advertisement network. Advertisements relating to the contents of the previously visited websites using the Google remarketing function may be displayed to the visitor at these pages. According to Google, this collecting process does not include any personal data. If you don’t want to use the Google remarketing function, you may deactivate it at http://www.google.com/settings/ads. Or eventually, you may deactivate the utilization of cookie files for special interest oriented advertisements according to the instructions published by the Network Advertising Initiative at http://www.networkadvertising.org/managing/opt_out.asp.
7.2 For more information on Google remarketing and Declaration on personal data protection, please visit http://www.google.com/privacy/ads/.
8. Matomo (previously Piwik)
8.1 This Electronic system uses Matomo. Matomo is a web analytics service using the so-called “cookies”, small text files, which are stored in your computer and help us analyze the user interactions at our website. For this purpose, data regarding usage (including your IP address) generated by means of the cookie files are transferred onto our server and stored for the purposes of analyzing the use and optimization of our Electronic system. The immediate anonymization of your IP address makes sure that you cannot be identified. Information created by the cookies regarding your utilization of this Electronic system will not be offered to any third parties. You can switch off the utilization of cookie files in the browser setting. As a result, however, you will not be able to use our Electronic system fully.
8.2 If you disagree with the storage and analysis of data regarding your visits within the framework of our Electronic system, you may refuse the storage and utilization by clicking the link below. If you do that, the so-called opt-out-cookie file will be stored in your computer, preventing Matomo from collecting data regarding the relations. Please bear in mind that deleting the cookie files will also delete this opt-out-cookie file and you will have to save it again.
8.3 Please consider whether or not this cookie file allowing for a unique web analysis of the Electronic system may be stored in your computer, allowing the Provider of the Electronic system to collect and analyze different statistical information.
8.4 If you decide against the data collection by Matomo, please click on the link below to save the Matomo deactivation cookie in your browser. Data regarding your visit are currently collected by Matomo web analytics. By clicking on this link, you will stop the process of data collection regarding your visit.
9. Links to social networks
9.1 Clicking on the “share button”, if it appears in our Electronic system, will transfer information to Facebook, Twitter, Pinterest, Google, etc. in the U.S.A., eventually also storing the said information there. Our website uses the so-called double-click technique, which means the buttons are deactivated and they do not connect to the social network servers upon the first click. The visual indication is displayed first, and only upon the second click, you will be redirected onto the selected social network.
10. Links to third party websites (Links)
10.1 The Provider cannot influence the contents of third party websites available via a link. The websites were inspected thoroughly prior to creating the link. Nevertheless, it is still possible that the operators of the respective websites changed the contents, which may violate the current legislation or be in conflict with the philosophy of the Provider and the Electronic system at http://aostrading.cz/en/.
10.2 Clicking on links to third party websites displayed in our Electronic system or according to the above instructions may subsequently lead to the collection of user data. We have no control over data collection with or without consent by means of advertisements or third party websites. If you are concerned about the collection and utilization of your data, we recommend you to check the Instructions for personal data protection at these websites.
11.1 The Provider has adopted all the necessary technical and organizational-safety measures to protect your personal data from loss or abuse. Your data are stored in a safe environment that is inaccessible to the public. In some cases, your personal data is encrypted by the most up-to-date technology during the transfer. This means that the communication between the computer and the Provider’s servers is carried out by means of encryption technique, if your browser supports it. In case you wish to contact the Provider by e-mail, please bear in mind that the privacy of the transferred information cannot be guaranteed, as the e-mail content may be captured by a third party. We, therefore, recommend to you mail services in all cases when you want to transfer confidential information.
12. User rights – Your rights
12.1 As a User, you have the right to request from the Provider the access to your personal data according to Article 15 of GDPR, the correction of your personal data according to Article 16 of GDPR, or eventually the restriction of processing according to Article 18 of GDPR. The user has the right to request the deletion of personal data according to Article 17, Section 1, Letter a) and c) to f) of GDPR. Further on, the user has the right to raise an objection to the processing according to Article 21 of GDPR, and the right to data portability according to Article 20 of GDPR.
12.2 If you give your consent to the Provider of this Electronic system, i.e. to Petr Tmej, you have the right to revoke such consent at any time, with future effect. We pledge to delete all collected data regarding you. However, we are obliged by law to abide by any eventual tax and business periods of storage, which may prevent the immediate deletion of such data. If there are reasons impacting the deletion of your data, we will inform you.
12.3 Moreover, you have the right to file a claim to the respective supervising authority if you come to believe that we process your personal data without authorization.
13. Changes in this Declaration on personal data protection
13.1 Please bear in mind that this Declaration on personal data protection may be changed from time to time. Each version of this Declaration on personal data protection must be marked with a date and version number at the end of this document. All previous versions of this Declaration on personal data protection are archived and you may ask for access to these versions.
13.2 If any individual provisions of this Declaration on personal data protection are or become invalid, this shall not have any impact on the validity of other provisions. The gap created in these cases shall be replaced by a provision corresponding to the purpose and meaning of this Declaration on personal data protection.
14. Data protection officer
14.1 Provider, Petr Tmej with a registered office at Barvitiova 934/4, Prague 5, 158 00, ID No.: 03557065, VAT ID No.: CZ8412035555, incorporated in the Trades Register administered by the Municipal Office for Prague 3, No. UMCP3104565/2014,, acting within the framework of its business or other entrepreneurial activity, shall hold the position of Data protection officer.
15. Responsible supervisory authority
15.1 The responsible supervisory authority for the Provider is: The Office for Personal Data Protection, with a registered office at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic.
II. THE RIGHTS AND OBLIGATIONS BETWEEN THE ADMINISTRATOR AND PROCESSOR (PROCESSING CONTRACT)
16.1 The Provider acts as the Administrator with respect to the personal data of Users. The following parties act as the Processor according to Article 28 of GDPR with respect to the personal data of Users:
- Tokaworks.cz (hereinafter referred to as “Processor No. 2”)
16.2 These terms and conditions arrange the mutual rights and obligations in processing personal data, which:
- Processor No. 2 gained access to within the framework of performing the contract on providing webdesign services (hereinafter referred to as “Contract No. 1”).
- 16.3 Processor2 pledges to process personal data for the Provider within the scope and for the purposes determined in Sections 16.4-16.7 of these terms and conditions. The means of processing shall be automated. Within the processing, the Processor shall collect personal data, save it to information carriers, store it, block it and dispose of it. The Processor is not entitled to process the personal data in conflict with or outside the framework defined in these terms and conditions.
16.4 The Processor pledges to process personal data for the Provider within the following scope:
- Regular personal data,
Which the Provider acquired in association with its own business activity.
16.5 The Provider pledges to process personal data for the user in order to provide marketing services based on the Contract.
16.6 Personal data may only be processed at the working sites of the Processor or its sub-suppliers, according to Section 2.8 of these terms and conditions, within the territory of the European Union.
16.7 The Processor pledges to process for the Provider the personal data of Users of the Provider’s Electronic system, all for the period necessary to perform the rights and obligations ensuing from the contractual relationship between the Processor and the Provider, and from the assertions of claims from these contractual relations (for the period of 10 years following after the termination of the contractual relationship).
16.8 The Provider hereby grants its permission to involve a sub-supplier as the further processor according to Article 28, Section 2 of GDPR, being the provider of hosting. The Provider further grants to the Processor a general permission to involve another personal data processor in the processing. However, the Processor must inform the user in writing about any and all intended changes concerning the involvement of other processors or their replacement, and provide the user with a chance to raise objections against these changes. The Processor must impose the same obligations regarding personal data protection on its sub-suppliers in the position of personal data processors as determined in these terms and conditions.
16.9. The Processor hereby pledges to secure personal data processing namely in the following way:
- Personal data are processed in accordance with legal regulations and based on the Provider’s instructions, i.e. for the performance of all activities necessary for providing marketing services based on the Contract.
- The Processor pledges to secure technically and organizationally the protection of processed personal data in such a way to prevent any unauthorized or accidental access to the data, any change, destruction or loss of data, any unauthorized transfer, any other unauthorized processing thereof, as well as any other abuse, and as to make sure that all the obligations of personal data processor ensuing from legal regulations are continually secured personally and organizationally throughout the data processing.
- The adopted technical and organizational measures correspond to the level of risk. The Processor uses them to provide for constant confidentiality, integrity, accessibility and resistivity of the systems and processing services, renewing in time the accessibility of personal data and access to them in case of any physical or technical incidents.
- The Processor hereby declares that personal data protection is subject to the internal security regulations of the Processor.
- Personal data will only be accessible to the authorized persons of the Processor and the sub-suppliers according to Section 16.8 of these terms and conditions, for whom the Processor shall determine the conditions and the scope of data processing, with each such person accessing the personal data under its own unique identifier.
- The authorized persons of the Processor, processing the personal data according to these terms and conditions, are bound to keep confidential all personal data and security measures, the publication of which would threaten its security. The Provider shall secure their demonstrable pledge to abide by this obligation. The Processor shall make sure that this obligation for the Processor and for the authorized persons continues to apply even after the termination of the labour-law relation or another relation to the Processor.
- The Processor shall provide assistance to the Provider by means of suitable technical and organizational measures, if possible, to secure the Provider’s obligation to react to any requests for the performance of rights of the subjects of data determined in GDPR; as well as while securing conformity with obligations according to Articles 32 to 36 of GDPR, all while taking into account the nature of processing and information available to the Processor.
- Upon the termination of providing performance associated with processing according to Section 16.7 of these terms and conditions, the Processor is obliged to delete all personal data or return it to the Provider, unless he is obliged to store the personal data pursuant to a special law.
- The Processor shall provide the Provider with all information necessary to document that all obligations according to this contract and GDPR have been met, allowing for audits, including inspections, to be carried out by the Provider or another auditor authorized by the Provider.
16.10 The Provider pledges to immediately inform about any known facts which might have negative impact on the due and timely performance of liabilities ensuing from these terms and conditions and to provide the Processor with the necessary concurrence allowing to perform these terms and conditions.
III. FINAL PROVISIONS
17.1 These terms and conditions take force and effect as of 18th October 2018.
Date: 18th October 2018