GDPR – PRIVACY POLICY

Aeronautica Czech republic s.r.o.

Valid from November 11, 2025

I. Basic Provisions

1. The data controller pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”) is Aeronautica Czech Republic s.r.o., Company ID: 29204739 (hereinafter referred to as the “Controller”).

2. Controller’s contact details:
   Address: U Panelárny 675/5a, 779 00 Olomouc, Czech Republic
   E-mail: aeronauticamilitareczsk@gmail.com
   Phone: +420 739 308 678

3. Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

4. The Controller has appointed a Data Protection Officer (DPO):
   Name: Tomáš Richter
   Address: U Panelárny 675/5a, Olomouc, 779 00, Czech Republic

II. Sources and Categories of Processed Personal Data

1. The Controller processes personal data that you have provided or personal data obtained in connection with the fulfillment of your order.

2. The Controller processes your identification and contact details, and any data necessary for the performance of the contract.

III. Legal Basis and Purpose of Personal Data Processing

1. The legal basis for processing personal data is:

   • performance of a contract between you and the Controller pursuant to Article 6(1)(b) GDPR,

   • the Controller’s legitimate interest in direct marketing (particularly sending commercial messages and newsletters) pursuant to Article 6(1)(f) GDPR,

   • your consent to processing for the purpose of direct marketing (especially sending newsletters and promotional materials) pursuant to Article 6(1)(a) GDPR and Section 7(2) of Act No. 480/2004 Coll., on Certain Information Society Services, if no order of goods or services has been made.

2. The purposes of personal data processing are:

   • processing your order and exercising rights and obligations arising from the contractual relationship between you and the Controller. When placing an order, certain personal data (name, address, contact details) are required for successful processing; without providing such data, it is not possible to conclude or perform the contract,

   • sending commercial communications and conducting other marketing activities.

3. The Controller does not engage in automated individual decision-making, including profiling, within the meaning of Article 22 GDPR.

IV. Data Retention Period

1. The Controller stores personal data:

   • for the period necessary to exercise rights and obligations arising from the contractual relationship and to assert claims from these relationships (for 15 years after termination of the contractual relationship);

   • for the duration of consent to personal data processing for marketing purposes, but no longer than 15 years, if data are processed based on consent.

2. After the retention period expires, personal data will be permanently deleted.

V. Recipients of Personal Data (Processor Subcontractors)

1. Recipients of personal data include:

   • persons involved in the delivery of goods/services or processing of payments under the contract,

   • providers of e-shop operation and technical support services (e.g. pokladny.com) and related systems,

   • providers of marketing services.

2. The Controller does not intend to transfer personal data to a third country (outside the EU) or to any international organization.

VI. Your Rights

1. Under the conditions set out in the GDPR, you have the following rights:

   • the right of access to your personal data pursuant to Article 15 GDPR,

   • the right to rectification pursuant to Article 16 GDPR, or restriction of processing pursuant to Article 18 GDPR,

   • the right to erasure (“right to be forgotten”) pursuant to Article 17 GDPR,

   • the right to object to processing pursuant to Article 21 GDPR,

   • the right to data portability pursuant to Article 20 GDPR,

   • the right to withdraw consent to processing at any time in writing or electronically using the contact details provided in Article III of this policy.

2. You also have the right to lodge a complaint with the Office for Personal Data Protection (Úřad pro ochranu osobních údajů) if you believe that your personal data protection rights have been violated.

VII. Security of Personal Data

1. The Controller declares that all appropriate technical and organizational measures have been adopted to secure personal data.

2. These include securing data storage systems and physical archives using antivirus software, encryption, secure storage, and data backups. The Controller declares that access to personal data is granted only to authorized persons.

VIII. Final Provisions

1. By submitting an order through the online order form, you confirm that you have read and understood this Privacy Policy and fully accept its terms.

2. The Controller reserves the right to amend this Privacy Policy. The updated version will be published on the Controller’s website and, if applicable, sent to your e-mail address provided to the Controller.