Privacy Policy
Last Updated: 18 February 2025
In relation to the processing of personal data, we provide you with the following information in accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of individuals regarding the processing of personal data and the free movement of such data (GDPR).
1. The controller who has determined the purposes and means of processing your personal data is the Company:
321auto s.r.o. (hereinafter referred to as “the controller”)
Registered office: Politických vězňů 912/10, Nové město, 11000 Prague 1, Czech Republic
Identification Nr.: 14166518
VAT NUMBER: CZ14166518
Contact: info@321coc.eu
E-mail: gdpr@321coc.eu
Registered in: Companies Register of City Court Prague under the file No. C 361429
When processing your personal data, we follow the principles of lawfulness, limitation of the purpose of personal data, minimization of the scope of storage, accuracy, integrity, confidentiality and accountability.
2. Responsible person
Due to the nature of our business, our company is not obliged to designate a responsible person.
3. What information do we collect?
The company protects your privacy and keeps the information you submit secure. In order to provide our services to you, we need to know some basic information about you. When you place an order, you need to provide us with the following information:
● full name and address (shipping address as well as billing address if they are not the same)
● your email address and phone number (used to identify you in the system and to communicate with you, inform you about the status of your order,…)
● if you are buying as a company, in addition: business name, registration number and VAT number (for billing, accounting and administrative purposes)
● details of the vehicle for which you are ordering a certificate (VIN, year of first registration and others, depending on the brand)
● in a few cases, we may need you to attach documents required by our suppliers – a copy of your ID, a copy of your registration certificate or another document relating to your vehicle.
If you choose to use our services, we will also require your billing details to issue an invoice. If you visit our website, we collect data about your web activity using cookies and analytics tools that track activity on our website. Information collected in this way includes your IP address, device type and browser settings.
We collect personal information through web forms on our subpages “Contact”: email address, first name, last name, phone number, those data are stored in the Hubspot tool for the purposes of potentially being contacted by the team.
We also receive and store information you provide via email, chat or telephone communication with our customer service department. If you contact us to request support, we will keep an internal record of the support provided.
If you are contacting us as a job seeker or potential supplier, we need you to provide us with the following information: first and last name, company name, contact details, billing details, email address and telephone number. In addition, we require a resume indicating your education, work experience and other information that may be necessary to assess your skills and suitability for the position.
4. Reason for processing personal data
The Company processes the personal data provided for a number of purposes:
Information System | Purpose | Legal Basis (according to Art. 6 GDPR) |
Contracts, Orders | Execution of activities based on contracts and orders with customers and suppliers. | Art. 6 Sec. 1 Letter b) GDPR – personal data necessary for the conclusion and performance of the contract |
Accounting | Processing of accounting records. | Art. 6 Sec. 1 Letter c) GDPR – fulfillment of a legal obligation |
Records Management | Recording of incoming and outgoing mail (letters, submissions, complaints, etc.) in paper or electronic form and recording of documents in the operator’s records management center. | Art. 6 Sec. 1 Letter c) GDPR – fulfillment of a legal obligationArt. 89 – processing for purposes of archiving in the public interest, for scientific or historical research purposes, or for statistical purposes |
Rights of Data Subjects | Recording of security incidents related to personal data breaches and requests from data subjects. | Art. 6 Sec. 1 Letter c) GDPR – fulfillment of a legal obligationArt. 34 GDPR, Art. 15 GDPR |
Insurance and Damage Claims | Handling damage and insurance claims. | Art. 6 Sec. 1 Letter c) GDPR – fulfillment of a legal obligation |
Wages and HR | CVs of rejected job applicants. | Art. 6 Sec. 1 Letter a) GDPR – consent to the processing of personal data |
Customer Service | Communication with individuals seeking information. | Art. 6 Sec. 1 Letter f) GDPR – legitimate interests purposes |
Record of Business Partners’ Representatives | Record of contact details of business partners’ representatives. | Art. 6 Sec. 1 Letter f) GDPR – legitimate interests purposes |
E-shop via User Account | Processing and tracking orders through the e-shop | Art. 6 Sec. 1 Letter c) GDPR – fulfillment of a legal obligation |
| Overview of orders and status updates. | Art. 6 Sec. 1 Letter b) GDPR – personal data necessary for the conclusion and performance of the contract |
Email Marketing | Sending marketing offers. | Art. 6 Sec. 1 Letter a) GDPR – consent of the data subject |
| Direct marketing – providing relevant information about similar services that the customer has already ordered in the past. | Art. 6 Sec. 1 Letter f) GDPR – legitimate interests purposes |
Legal Agenda | Handling legal cases, debt collection, litigation, criminal offenses, executions. | Art. 6 Sec. 1 Letter c) GDPR – fulfillment of a legal obligation |
Record of Suppliers’ and Customers’ Representatives | Maintaining a database of representatives, employees of suppliers and customers for the purpose of fulfilling their work, service, and functional duties and ensuring smooth supplier-customer relations. | Art. 6 Sec. 1 Letter f) GDPR – legitimate interests purposes |
We may also obtain your personal data from publicly available sources (e.g. public registers, business cards, etc.).
You can object to the processing of your personal data on the basis of legitimate interest by emailing us at gdpr@321coc.eu or by writing to the controller.
5. How do we use the data we have collected?
We use your information to contact you about changes to the functionality of our products and website, new services and special offers that we think will be valuable to you. If you do not want to receive this information, please see the “Profile Settings” section of your account.
321coc.eu uses the information and copies of documents collected about our primary client to fulfil orders, but also for statistics (such as your IP address or device operating system) and to help diagnose server problems. This is not linked to any personally identifiable information, except where necessary to prevent fraud or abuse of our system. These results used to optimize our website and processes.
6. Use of cookies
{CookieBotDeclarationEmbed}
7. Consent to the processing of personal data
In the case of consent to the processing of personal data, the data subject consents to the processing of personal data freely, without coercion or compulsion, as well as without being conditioned by the threat of refusal of a contractual relationship, the services provided or the obligations imposed on the controller.
The data subject may withdraw the consent at any time, either electronically at gdpr@321coc.eu or in writing to the controller.
Withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.
The company considers the personal data provided to be confidential and places emphasis on respect for privacy.
8. Transfer of personal data to third parties
Your personal data is handled on a priority basis by our authorised employees, while maintaining confidentiality. To the extent necessary and justified, we may disclose some of your data to other parties under confidentiality if we are permitted to do so by a contract with a customer, with the customer’s consent, or if we are obliged to do so by law. Depending on the circumstances and the purpose of the processing, recipients include in particular:
● our employees authorized to do so
● intermediaries
● audit firms
● consultants (tax, legal, etc.)
● software providers
● transport companies
In the event of a request for disclosure of your personal data from a public authority, we examine whether the conditions for disclosure are laid down by legislation. Your data is not disclosed without a proper examination of the legislative entitlement.
Public authorities
In case of enforcement of our rights, your personal data may be transferred to a third party (e.g. a lawyer). If we are required by law, or by a public authority (e.g. the Police of the Czech Republic), to hand over your personal data to them, we must do so
The Company solemnly declares that, when selecting the individual companies, it has taken care of their professional, technical, organisational and personnel competence and their ability to guarantee the security of the personal data processed by means of the security measures taken in accordance with the Personal Data Protection Act.
9. Encryption
You will use secure servers and encryption when placing an order on our website. Your purchases, credit card information and personal information are encrypted and secure. As you complete your order, you will be linked from our website to customized screens on our secure server. 321coc.eu works with Verisign, Inc. to encrypt information using an SSL certificate. Secure sockets layer (SSL) technology protects your online transactions as shown in the image below. Your information is encrypted while traveling over the Internet so that it cannot be viewed by a third party, which can be seen in the address bar of your browser (the green lock symbol and https:// at the beginning of the address).
Web servers and web browsers rely on the Secure Sockets Layer (SSL) protocol to create a uniquely encrypted channel for private communication over the public Internet. Each SSL certificate consists of a public key and a private key. The public key is used to encrypt information and the private key is used to decrypt it.
10. Secure payment
● 321coc.eu provides its customers with the possibility to pay for services by credit/debit card. We give you the security and convenience you demand when ordering online.
● Credit/debit card payments are made directly on the bank’s website, ensuring maximum data protection. Your completed credit or debit card details are processed solely by the bank and we have no contact with them. Your credit or debit card payment page from our partner banks will ask you to enter your card number, expiry date and the 3-digit CVV/CVC code that is printed on the back of your card. The communication between your browser and the payment page is also encrypted.
11. Transfer of personal data to third countries
In the case of cross-border transfers to third countries, we only transfer to countries that guarantee adequate protection of personal data in accordance with the EU Commission Decision.
12. Conditions and manner of processing of personal data of data subjects
Personal data will not be used for automated individual decision-making, including profiling.
The Company does not disclose the personal data processed. The only exception may be a specific legal regulation or a decision of a court or other public authority.
The Company will not process your personal data without your consent or any other lawful legal basis for any purpose other than as stated.
13. Retention period of personal data of data subjects
For the purposes of processing personal data, the retention period is set in terms of the statutory time limits and within the time limits set out in the Records Retention Schedule.
The Company shall securely dispose of all personal data whose processing purpose and retention period has expired. After the end of the defined purpose, the Company is entitled to process personal data to the extent necessary and for research or statistical purposes in its anonymised form.
The company shall ensure that the personal data of the data subjects are processed in a form which permits the identification of individual data subjects for no longer than is necessary to achieve the purpose of the processing.
14. Rights of the data subject related to the processing of his/her personal data
Upon written request, the data subject may exercise the following rights (legal obligation, consent of the data subject, legitimate interest, contractual relationship) in all forms of processing of personal data:
● to request from the controller access to personal data concerning the data subject,
● to rectify the personal data processed,
● erasure of the processing of personal data (only if we do not need to store it legally, e.g. invoices, tax documents, etc.),
● object to the processing of personal data
● lodge a complaint or bring an action before a supervisory authority
● access to your own personal data
● to a list of their own personal data which are subject to processing
● the destruction of her personal data subject to processing if there has been a breach of the law
● prevent the processing of her personal data which she believes is or will be processed for marketing purposes without her consent
● the right to bring an action under section 100 if the data subject suspects that his or her personal data are being unlawfully processed.
Upon written request, the data subject has the right (in the case of consent to the processing of personal data and contractual relationships) to:
● withdraw consent to the processing of personal data at any time
● the right to the portability of the personal data from the controller to another controller as far as technically feasible.
Upon written request, the data subject shall have the right (in case of legitimate interest):
● to restrict the processing of his or her personal data – if the data subject suspects that we are processing his or her personal data unlawfully, he or she may object. In the event of an objection, the data subject has the right to have us restrict the processing of his or her personal data.
If the data subject lacks legal capacity, his or her rights may be represented by a legal representative.
The company shall process the data subject’s request pursuant to the Data Protection Act free of charge, except for the payment of an amount which may not exceed the amount of the reasonable material costs incurred in making copies, in procuring technical media and in sending the information to the data subject, unless otherwise provided for by a special law.
The company shall be obliged to deal with the data subject’s request no later than 30 days from the date of receipt of the request or to inform the data subject of the reasons why the verification has not been carried out and the possibility of exercising the data subject’s right to bring an action pursuant to Section 100 and to other legal protection pursuant to a special provision.
The company shall notify the data subject without undue delay of a personal data breach where such a personal data breach is likely to result in a high risk to the data subject’s rights.
The Company has informed you as the data subject about the protection of your personal data. You have been advised of your rights in relation to the protection of personal data.
15. Supervisory Authority
You have the right to lodge a complaint with the Personal Data Protection Office of the Czech Republic, which is the national supervisory authority, in relation to the processing of your personal data. Contact details can be found at https://uoou.gov.cz/en.
You can change your account information or opt-out of receiving communications from us at any time. To contact us, please use one of the following options:
Send us an email at info@321coc.eu
Send us your request via chat at www.321coc.eu
In Prague, on 10.02.2025