Home  » gdpr

Data Protection Policy

As per: 04.04.2019


  1. About us.
  2. Why we process your data.
  3. Which data we collect and process from you.
  4. Who has access to your data and to whom we transmit your data.
  5. a) Access.
  6. b) Data exchange within the group of companies.
  7. c) Transfer to third countries and legal basis.
  8. d) Transmission to law enforcement and criminal investigation authorities.
  9. Storage periods.
  10. Your Rights.
  11. a) Right to information and data transferability.
  12. b) Right to rectification, restriction and deletion.
  13. c) Rights of objection.
  14. d) Right of revocation.
  15. e) Right of appeal to the Supervisory Authority.
  16. f) Contact information.
  17. Use of our website - Cookies.
  18. a) Basic information about Cookies an opt-out.
  19. b) Google Maps.
  20. c) Online application procedure.


1. About us

We, GMA Stanztechnik Kaplice, spol. s r.o., are responsible for the collection, processing and storage of your data. You can find details about us in our imprint  at any time.

The careful handling of your personal data has the highest priority for us. In processing, we comply with the statutory provisions, e.g. the General Data Protection Regulation (GDPR) and the associated national provisions.

This data protection declaration applies to all websites of our company that can be accessed under our domain ( If you switch to websites of other operators within the scope of our offer, their own data protection regulations apply, for the content of which the respective operators of these websites are responsible.

Since we would like to give you a comprehensive overview of the processing of personal data in our group of companies, you will find below an overview of all our services in the context of which we collect and process personal data.

If separate or additional conditions apply to individual services or we ask you for your consent, we will point this out to you separately before using the respective service (for newsletters registration for example).

We also take various security measures to protect your personal data. For example, transmission between your web browser and our servers is always transport encrypted; in addition, we maintain a variety of technical and organizational measures to always protect your data.

2. Why we process your data

You can use our website without disclosing your identity. If you would like to register for our newsletter or to contact us, we will ask you for your name and other personal information. It is your free decision whether you enter this (extended) data. Data that we absolutely need from you to provide our services are marked as such.

Your personal data is collected and processed for the following purposes on the basis of the following legal bases:

3. Which data we collect and process from you

We collect different categories of personal data from you. Personal data is all information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified directly or indirectly, in particular by assignment to an identifier such as a name. Personal data includes, for example, information such as your name, your address, your telephone number and your date of birth (if stated). Statistical information that cannot be directly or indirectly associated with you - such as the popularity of individual websites of our offer or the number of users of a page – does not qualify as personal data. Data is collected directly and indirectly. In both cases, data will only be collected to the extent necessary; the data will only be processed for the purposes stated under point 2. It is your decision whether you want to transmit data to us that optimizes the use of our services for you, yet is not necessary. Corresponding data fields are marked as 'voluntary'.

The data collected immediately include:

In addition, data about you is collected indirectly when using our services:


Our website is not directed at minors and we do not knowingly collect personal data from minors.

If persons under the age of 16 transmit personal data to us, this is only permitted if the parent/guardian has consented or has consented to the consent of the minor. For this purpose, the contact data of the legal guardian must be communicated to us in accordance with Art. 8 (2) GDPR in order to convince us of the consent or the consent of the legal guardian. These data as well as the data of the minor will then be processed in accordance with this data protection declaration.

If we determine that a minor under the age of 16 has sent us personal data without the parental consent or consent of the minor, we will delete the data immediately.

4. Who has access to your data and to whom we transmit your data

a)         Access

Access to your personal data stored by us is limited to our employees and the service providers commissioned by us, who have to deal with this personal data due to their tasks.

If third parties gain access to your data, we have obtained your permission or there is a legal basis for this.

We also use service providers to provide services and process your data (for hosting, database maintenance and analysis, securing our web servers, etc.). Insofar as these special provisions apply, we have carried them out for you in the following way for the respective service. The service providers process the data exclusively on our instructions and are obliged to comply with the applicable data protection regulations. All contractors have been carefully selected and will only have access to your data to the extent and for the time required to provide the services or to the extent to which you have consented to the processing and use of your data.

b)         Data exchange within the group of companies

Data exchange within the group of companies to which we belong takes place exclusively within the EU/EEA and serves only internal administrative purposes. By group of companies we mean affiliated companies within the meaning of Art. 4 No. 19 GDPR.

c)          Transfer to third countries and legal basis

The servers of some of the service providers we use are located in the US and other countries outside the European Union. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as is the case in the Member States of the European Union. If your data are processed in a country that does not have a recognised high level of data protection such as the European Union, we use contractual regulations or other recognised instruments to ensure that your personal data are adequately protected. We expressly point this out to you again within the scope of the individual services.

Insofar as personal data is transferred to third countries, this is done on the basis of the EU Commission's decision on appropriateness to the EU-U.S. Privacy Shield pursuant to Art. 45 GDPR or the EU Standard Contractual Clauses 2010 pursuant to Art. 46 (2) lit. c GDPR in conjunction with the decision of the EU Commission of 05.02.2010 (2010/87/EU) or your consent pursuant to Art. 49 (1) lit. a) GDPR.

d) Transmission to law enforcement and criminal investigation authorities

In exceptional cases we transmit personal data to law enforcement and criminal investigation authorities. This is done on the basis of corresponding legal obligations, e.g. from the Code of Criminal Procedure, the Fiscal Code, the Money Laundering Act or state police laws.

5. Storage periods

We store personal data within the framework of legal regulations or your consent.

We use the following criteria to determine the concrete storage period:

We store the personal data until the purposes for which they were collected cease to apply (e.g. at the end of a contractual relationship or through the last activity, if no continuing obligation exists, or in the case of a revocation of your consent for the specific data processing).

Further data will only be stored if


6 Your Rights

You have a number of legal rights to which we would like to draw your attention below. Of course, our data protection officer is also available to answer any questions you may have about your personal data that we have collected and processed using the contact details given below.

a)               Right to information and data transferability

You have a right of information about the personal data we process concerning you at any time.

If the data processing is based on your consent or according to Art. 6 (1) lit. b) GDPR on a contract, you can also demand in accordance with Art. 20 (1) GDPR to receive the personal data stored about you in a structured, current and machine-readable format. At your request, we will also forward the data directly to the recipient of your choice.

b)              Right to rectification, restriction and deletion

Furthermore, in accordance with Articles 16 to 18 GDPR, you can request us to correct, restrict (block) or delete your personal data if we have processed the data incorrectly, if there is a reason to restrict further data processing, or if data processing has become illegal for various reasons, or if its storage is inadmissible for other legal reasons. We would like to point out that your right to deletion may be restricted by legal retention periods.

c)               Rights of objection

If our data processing is based exclusively on our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR, you may object to this processing pursuant to Art. 21 (1) GDPR. Then we will stop processing your data unless we can prove grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend a legal claim. Furthermore, you always have the right to object to the use of your data for the purpose of direct advertising with effect for the future pursuant to Art. 21 (2) GDPR.

d)              Right of revocation

If you have allowed us to process your personal data by giving your consent, you have a right of revocation with effect for the future pursuant to Art. 7 (3) GDPR.

e)               Right of appeal to the Supervisory Authority

You are free to complain to a supervisory authority if you believe that our processing of your personal data violates the European General Data Protection Regulation or other national and international data protection laws.

f)                 Contact information

To exercise your rights, you can send us an informal message to the following contact details. Please also address the revocation of your consent to the following contact details, indicating which declaration of consent you would like to revoke:



GMA Stanztechnik Kaplice, spol. s r.o.

Pohorská 181

382 41 Kaplice

Tschechische Republik

Telefon: +420 380 301 611

Fax:          +420 380 311 194



7. Use of our website - Cookies

a)      Basic information about Cookies an opt-out

We use so-called cookies in some areas of our website, e.g. to recognize the preferences of visitors and to be able to design the website accordingly. This facilitates navigation and a high degree of user-friendliness of a website. Cookies also help us to identify particularly popular areas of our website. Cookies are small files that are stored on a visitor's hard drive of the used device. They allow information to be stored for a certain period of time and to identify the visitor's computer. For better user guidance and individual service presentation, we use permanent cookies.

We also use so-called session cookies, which are automatically deleted when you close your browser. You can set your browser so that it informs you about the placement of cookies. This makes the use of cookies transparent for you. This is done to verify the authorization of actions and the authentication of the requesting user of our services. The legal bases are Art. 6 para. 1 lit. c) in conjunction with Art. 32 and Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest is to secure our web server in order, for example, to defend itself against attacks and to guarantee the functionality of our services.We only set non-technically necessary cookies after your express consent, which you can of course revoke at any time.

As part of our cookie information on our website, you have agreed to the following statement in this regard:

This website uses tracking-cookies or software to provide you with the full functionality of our website and thus a better online experience. You can find more detailed information on the cookies and tracking-software used by us and the consents you have given us in our data protection declaration under [deposit link]. However, technically unnecessary cookies or tracking-tools will not be activated until you have given us your consent. [Agreed]

If you completely exclude the use of cookies, you cannot use certain functions of our website, including the possibility to use opt-out-cookies to prevent tracking. Please allow the opt-out cookies of those services for which you wish to prevent.

Please also note that deleting all cookies will also delete opt-out cookies. You may therefore have to reset them. Cookies are also browser-bound, i.e. they must be set separately for each browser you use on each device you use. You will find the necessary links in the description of the respective service below.

The following cookies are used by us – with your consent and without having set one or more opt-out cookies - for the described purposes:

Name of Cookie


Storage duration

Technically necessary


These cookies are used by Google to collect usage information for Google Maps.

differ from 1 session up to 2 years


b)      Google Maps



Our website uses the service 'Google Maps'. When Google Maps is called up on this website, data is transmitted to Google.

Responsible person with whom Google Maps is jointly operated on our website ('Google'):

Google LLC
1600 Amphitheatre Pkwy

mountain view

CA, 94043 USA


Responsible for data processing of persons living within the European Union/EEA and Switzerland:

Google Ireland Ltd.

Gordon House, Barrow Street, Dublin 4Ireland

In an agreement pursuant to Art. 26 (1) GDPR, the parties jointly responsible determined who fulfilled which obligation pursuant to the GDPR

The agreement within the meaning of Art. 26 para. 1 GDPR with Google can be found under the following link:

<font color="#ffff00">-= proudly presents

Contact details for data protection:

The Google Privacy Officer can be contacted using the following web form:

Categories of data subjects:

Visitors to our site who use Google Maps

Categories of personal data:

Data that Google processes about our website visitors can be taken from the following link:, supplemented by the separate privacy policy for Google Maps:

Origin of data

Google receives the data from the data subjects directly via our website.

Legal basis for data processing

We use Google Maps only with your consent, Art. 6 (1) lit. a) GDPR.

The legal bases on which Google bases its data processing can be found in the following link:, supplemented by the separate privacy policy for Google Maps:

Purposes of data processing

We use Google Maps to help you to plan a route, and we do this for the following purposes:

-             Public image and advertising

-             Communication and data exchange

-             event management

-             if necessary contract initiation and execution

The purposes Google pursues with the data processing can be taken from the following link:, supplemented by the separate data protection provisions for Google Maps:


We do not store any data.

The storage and deletion of the data is the duty of Google. The information for this can be taken from the following link:, supplemented by the separate privacy policy for Google Maps:

Categories of recipients

We or our employees and service providers have no access to the data processed by Google.

The recipient categories to which Google discloses the data, as well as information on intra-group data exchange, can be found at the following link:, supplemented by the separate data protection provisions for Google Maps:/

Data transfers to third countries


When Google Maps is used, the data is also processed by Google LLC. The associated transfer of data to the USA as a third country without an adequate level of data protection is secured by the EU-US Privacy Shield certification of Google LLC:

Based on the agreements on the EU-US Privacy Shield, Google LLC must grant the data subjects various rights, which they can then assert directly against Google LLC:

Google will transfer, store and otherwise process the data in the United States, Ireland and any other country in which Google does business, regardless of the residence of the data subjects. The associated data transfers to third countries are secured by an adequacy decision of the EU Commission pursuant to Art. 45 GDPR or by suitable guarantees pursuant to Art. 46 GDPR:

Involved logic and scope of a profiling or an automated individual decision based on the collected data

If the data subjects are tracked by collecting their data, whether through the use of cookies or comparable techniques or by storing the IP address, Google is obliged to inform about this.

The information for this can be taken from the following link:, supplemented by the separate privacy policy for Google Maps:

Rights of data subjects

Joint controllers must grant data subjects various rights with regard to the processing of their data.

The rights to which the data subjects are entitled can be found in our data protection declaration. These can be asserted directly against Google.

The regulatory agency for Google is:

Data Protection Commission

21 Fitzwilliam Square, Dublin
 2D02 RD28, Ireland

Web address:

© 2024 GMA Stanztechnik Kaplice spol. s r.o. - výroba dílců pro automobilový průmysl |