Privacy policy

Last Update: September 1st, 2022


1. Introduction

Railsformers s.r.o. owns all rights and authorizations to:

  • Internet application available at https://unalanu.com
  • Mobile applications distributed in the Apple Appstore and Google Play systems under the name "Unalanu"

(hereinafter referred to as “Systems”).

Railsformers s.r.o. processes the personal data of all System users who are natural persons (so-called personal data subjects). Thus, Railsformers s.r.o. processes all personal data primarily for the purpose of providing System services and for related purposes.

Railsformers s.r.o. ensures that the processing of personal data is legal, correct, transparent, accurate, confidential and that personal data is processed only to the extent necessary.

The company Railsformers s.r.o. also ensures that personal data is properly secured and that when processing personal data, all rules established by the General Regulation on the Protection of Personal Data (hereinafter referred to as "GDPR") as well as other legal regulations in the field of handling personal data are observed and their protection and, at the same time, that all rules from the point of view of cyber security are observed, both general regulations and recommendations, as well as specific requirements of users of the Systems resulting from their duties.

More detailed information on the scope and method of personal data processing is provided in other articles of this policy.

2. Scope of processed personal data

The company Railsformers s.r.o. mainly processes identification and contact data of data subjects (name, surname, telephone, e-mail) and other personal data that data subjects enter into the Systems. The scope of processed data is always determined by the personal data administrator.

In addition, Railsformers s.r.o. may in some cases also process personal data of a technical nature, such as cookies, IP address or other online identifiers, GPS location, etc. More detailed information about cookies can be found in this document below - Information about cookies.

3. Administrator of personal data

From the point of view of the processing and protection of personal data in the Systems, Railsformers s.r.o. is in the position of the administrator of personal data - in the case of normal browsing of the Systems from the point of view of the end user, displaying information pages, creating and managing a user account, etc.

3.1 Identification and contact information

Company identification data - Railsformers s.r.o., ID number: 24704440, with registered office at Technologická 372/2, 708 00 Ostrava-Pustkovec, Czech Republic, company registered in the commercial register maintained by the Regional Court in Ostrava, section C, file 36254.

The representative of Railsformers s.r.o. can be contacted in particular as follows:

Electronically (by email)

Data box

  • ip9sifn

In writing (correspondence address)

  • Railsformers s.r.o., Technologická 372/2, 708 00 Ostrava-Pustkovec, Czech Republic

3.2 Personal data protection officer

Railsformers s.r.o. has appointed its Data Protection Officer, hereinafter referred to as "DPO".

  • Name and surname of the person in charge: Ing. Soňa Macíčková
  • Trustee contact details: gdpr@railsformers.com

4. Purpose and legal basis for processing

4.1 Provision of Systems services

Railsformers s.r.o. processes personal data mainly for the purpose of providing System services.

This processing is a necessary condition for the provision of System services, where the specific specification of the purpose of processing is determined by the administrator (system subscriber). Without such processing of personal data, the company Railsformers s.r.o. would not be able to provide services to users of the System.

The processing of personal data for the above purpose does not require the consent of the data subjects. The legal basis of this processing is the processing necessary for the performance of a contract to which the data subject is a party, or for the adoption of measures taken prior to the conclusion of the contract at the request of the data subject (see Article 6, paragraph 1, letter b) of the GDPR).

4.2 Establishing and maintaining a user account in the Systems

A user account is a necessary condition for using the services of the Systems. The company Railsformers s.r.o. therefore assumes that each data subject who establishes a user account is interested in using the services of the Systems at least temporarily.

The legal basis of this processing is the processing necessary for the performance of a contract to which the data subject is a party, or for the adoption of measures taken prior to the conclusion of the contract at the request of the data subject (see Article 6, paragraph 1, letter b) of the GDPR).

4.3 Fulfillment of legal obligations of Railsformers s.r.o

Railsformers s.r.o. also processes personal data for the purpose of fulfilling its legal obligations.

These are legal obligations arising for Railsformers s.r.o. mainly from accounting and tax laws. In addition, the company Railsformers s.r.o. is obliged to prove that it processes personal data in accordance with generally binding legal regulations, especially in accordance with the GDPR. This purpose of personal data processing also falls under the fulfillment of the legal obligations of Railsformers s.r.o.

The processing of personal data for the above purpose also does not require the consent of the data subjects. The legal basis for this processing is the fulfillment of a legal obligation that applies to Railsformers s.r.o. as a personal data controller (see Article 6, paragraph 1, letter c) GDPR).

4.4 Legitimate interests of Railsformers s.r.o

Railsformers s.r.o. also processes personal data for the purpose of:

  • user registration;
  • analyzes of the use of the System by its users;
  • determination, exercise or defense of legal claims (especially legal claims arising from the concluded contract);
  • direct marketing (see Article 5 below).

The processing of personal data for any of the above purposes also does not require the consent of the data subjects. The legal basis for this processing is the legitimate interest of Railsformers s.r.o. (see Article 6(1)(f) GDPR).

This processing is only possible if the interests or fundamental rights and freedoms of data subjects requiring the protection of personal data take precedence over the interests of Railsformers s.r.o.

The data subject may object to the processing of personal data based on the legitimate interest of Railsformers s.r.o. at any time (see Article 21 GDPR).

4.5 Consent of data subjects

Based on consent to the processing of personal data, Railsformers s.r.o. is authorized to process personal data for the purpose specified in the relevant consent, but always in accordance with the principle of personal data minimization. The legal basis for this processing is the data subject's consent to the processing of personal data (see Article 6(1)(a) GDPR).

Consent to the processing of personal data is completely voluntary. Any failure to grant consent will not have any adverse consequences for the data subject.

Each data subject has the right to withdraw consent to the processing of personal data at any time, in particular:

The withdrawal of consent does not affect the legality of personal data processing in the period before the withdrawal of consent, on the basis of which the processing of personal data was carried out.

5. Direct marketing

5.1 General

The processing of personal data for the purposes of direct marketing means the processing of personal data for the purpose of sending commercial communications to a specific data subject. In the sense of Act No. 480/2004 Coll., on certain information society services, as amended (hereinafter referred to as "Act No. 480/2004 Coll."), any form of communication is understood as any form of communication, including advertising and invitations to visit websites online store, intended to directly or indirectly support the goods or services or the image of Railsformers s.r.o. (hereinafter referred to as the "Communication").

5.2 Sending messages

The legal basis for the processing of personal data for the purpose of sending the Communication of Railsformers s.r.o. is its legitimate interest (see Recital 47 GDPR). Sending Communications carried out in accordance with the GDPR and at the same time in accordance with § 7 of Act No. 480/2004 Coll. therefore, it does not require the consent of the data subject.

5.3 Termination of processing

The company Railsformers s.r.o. will stop the processing of personal data for direct marketing purposes immediately after the data subject expresses his disagreement with such processing. Disagreement can be expressed, for example, in one of the following ways:

  • by unsubscribing from the Communication (which can be done in every Communication);
  • by raising an objection to such processing (under the conditions of Article 21 GDPR).

Notwithstanding the above, the Administrator shall terminate the processing of personal data for direct marketing purposes no later than 2 years after the last active use of the System or logging into the customer account (whichever occurs later). Every time you actively use the System or log into a customer account, the processing time is always extended by another 2 years.

6. Categories of recipients of personal data

The recipient of personal data is anyone to whom Railsformers s.r.o. provides personal data in connection with the above-mentioned purposes of personal data processing.

The company Railsformers s.r.o. can provide personal data especially to the recipients whose services it uses especially in the framework of the operation and maintenance of the Systems. These are mainly entities providing accounting, printing and postal services, legal services, IT services, cloud services, services for sending messages or operators of payment gateways and systems, etc.

These recipients will process personal data either as independent administrators (i.e. as entities that themselves determine the purposes and means of personal data processing, independent of Railsformers s.r.o.), or as processors (i.e. entities that process personal data for Railsformers s.r.o. based on her instructions).

In addition, Railsformers s.r.o. will provide personal data to public authorities, if this obligation is imposed on it by generally binding legal regulations. However, public authorities are not considered beneficiaries in the exercise of their investigative powers.

6.1 Other processors of personal data and third parties to whom personal data is transferred

Among the specific other processors of personal data and third parties to whom personal data is transferred, whose services are provided by Railsformers s.r.o. within the systems (or which are used directly by the entity when using the systems), are in particular the following recipients of personal data:

  • Google LLC, located at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, providing the reCaptcha security feature, the SSO system, the Google Workspace system, the YouTube system, the Google Maps system and the analytical tool Google Analytics.
  • The company AXIMA SMS SERVICES s.r.o., with its registered office at Nové sady 25, 602 00 Brno, IČO 06563465, providing a system for sending SMS messages

7. Time of personal data processing

The company Railsformers s.r.o. will process personal data only for the period that is necessary in view of the purpose of their processing, but generally for a maximum of 2 years. The termination of one of the legal bases for the processing of personal data does not affect the processing of personal data (to the extent necessary) on the basis of another legal basis (and for the relevant purpose).

7.1 Provision of System services

In order to provide System services, Railsformers s.r.o. will process personal data at least for the duration of the contractual obligation.

7.2 Fulfillment of legal obligations of Railsformers s.r.o

In order to fulfill legal obligations, Railsformers s.r.o. will process personal data for the duration of the relevant legal obligation, established by generally binding legal regulations (e.g., tax documents on which personal data are listed must be kept by Railsformers s.r.o. for a period of 2 years, obligations from European funds e.g. even 10 years).

7.3 Legitimate interests of Railsformers s.r.o

For the purpose of direct marketing (I am sending a Communication), Railsformers s.r.o. will process personal data until the time of expressing disagreement with such processing, but no longer than for a period of 2 years from the termination of the obligations from the license agreement (termination of use of the System) or from logging into the customer account, if the subject The system does not use data.

For the purpose of registering users, Railsformers s.r.o. will process personal data for a period of 2 years from the termination of contractual obligations (ceasing use of the System) or from logging into the user account, if the data subject does not use the System.

In order to analyze the use of the System by its users, Railsformers s.r.o. will process personal data for a period of 2 years from the user's last login.

In order to determine, exercise or defend legal claims, Railsformers s.r.o. will process personal data for the duration of the relevant legal claim, but for a maximum period of 1 year after the expiration of the statute of limitations according to generally binding legal regulations. In the event of the initiation and duration of judicial, administrative or any other proceedings in which the rights or obligations resulting from the relevant legal claim will be resolved, the period of personal data processing for this purpose will not end before the final conclusion of such proceedings.

7.4 Consent of data subjects

For the purpose specified in the relevant consent to the processing of personal data (if the data subject has granted Railsformers s.r.o. such consent), Railsformers s.r.o. will process personal data until the consent is revoked, otherwise a maximum of 3 years from the moment of granting such consent to the processing of personal data.

8. Rights of data subjects

Each data subject has, among others, the following rights:

  • the right to access personal data (under the terms of Article 15 GDPR)

You have the right to request confirmation from the personal data controller as to whether your personal data is being processed and, if so, to obtain a copy of this data and information pursuant to Article 15 of the GDPR. In the case of a large amount of data, the administrator may request that you specify the request for specific data that it processes about you.

  • the right to correct personal data (under the terms of Article 16 GDPR)

In order for the personal data manager to process only your current personal data, he needs you to notify him of any changes as soon as possible. If the administrator processes your incorrect or incomplete data, you have the right to request their correction or addition.

  • the right to erasure of personal data (under the terms of Article 17 GDPR)

If the conditions of Article 17 GDPR are met, you can request the deletion of your personal data. You can therefore request erasure, for example, if you have revoked your consent to processing, successfully objected to the legitimate interest of the personal data controller and there is no other legal basis for processing, or if the controller processes your personal data illegally or the purpose for which your personal data was processed has ceased to exist processed the data and did not process it for another compatible purpose. However, the administrator will not delete your data if they are necessary for the determination, performance or defense of the administrator's legal claims or for the fulfillment of his legal obligations.

  • the right to restrict the processing of personal data (under the terms of Article 18 GDPR)

If the conditions of Article 18 GDPR are met, you can request the administrator to limit the processing of your personal data. You can therefore request a restriction, for example, when you object to the correctness of the processed data or in the event that the processing is illegal and you do not want the administrator to delete the data, but you need their processing to be limited for the period when you exercise your rights. The administrator continues to process your data if there are reasons for the determination, exercise or defense of legal claims.

  • the right to object to processing (under the terms of Article 21 GDPR)

If the administrator processes your personal data for the purpose of fulfilling a task carried out in the public interest or in the exercise of public authority entrusted to him, or if he carries out processing on the basis of his legitimate interests or the legitimate interests of a third party, you have the right to object to this processing. Based on your objection, the administrator will limit the processing of personal data, and until he proves serious legitimate reasons for processing that outweigh your interests, rights and freedoms or reasons for the determination, exercise or defense of legal claims, he will no longer process personal data and delete your personal data.

You have the right to object to the processing of personal data for direct marketing purposes at any time. After raising an objection, the administrator will not process your personal data for this purpose.

  • the right to portability of personal data (under the terms of Article 20 GDPR)

If the processing is based on your consent or carried out for the purpose of fulfilling a contract concluded with you and at the same time carried out by automated means, you have the right to receive from the administrator your personal data, which they obtained from you in a structured, commonly used and machine-readable format. If you are interested and if it is technically possible, the administrator will transfer your personal data directly to another administrator.

  • the right to file a complaint with a supervisory authority

If you believe that the administrator is processing your personal data in violation of the GDPR or other personal data protection regulations, you have the right to file a complaint with one of the relevant supervisory authorities, especially in the Member State of your permanent residence, place of work or place of alleged violation . For the territory of the Czech Republic, the supervisory authority is the Office for the Protection of Personal Data, with headquarters in Plk. Sochora 27, Holešovice, 170 00 Prague 7, Czech Republic, website www.uoou.cz, phone: +420 234 665 111.

  • the right to withdraw consent to the processing of personal data

If the processing of your personal data is based on consent, you have the right to withdraw this consent at any time. Withdrawal of consent does not affect processing that has already been carried out.

9. Information about cookies

  1. We, the company Railsformers s.r.o., ID number: 24704440, with registered office at Technologická 372/2, 708 00 Ostrava-Pustkovec, Czech Republic, a company registered in the commercial register maintained by the Regional Court in Ostrava, section C, insert 36254, as the controller of personal data, we would like to inform you that in order to:
  • measurement of website traffic
  • creating statistics regarding our website traffic and visitor behavior on our website
  • the correct functionality of our website
  • adapting our website to your needs
  • determining which pages and features our website visitors use most often
  • improving the use of our servers

we use small amounts of data that are stored on your end device (so-called cookies). You can learn more about cookies, for example, at the following sources of information:

  1. Cookies are used by almost every website in the world, they are generally a useful service because they increase the user-friendliness of a repeatedly visited website (they allow your computer to remember the pages you visit and your preferred settings for individual pages).
  2. The comprehensive use of cookies can be set using your internet browser. Most internet browsers automatically accept cookies by default. However, cookies can be rejected by setting your internet browser. You can find more detailed information about how to set it up on the following pages:
  1. We only use cookies other than necessary technical cookies based on your consent, which you give us. You can change the scope of the consent granted in this way and your preference settings at any time directly in the System.
  2. However, technical cookies that are necessary for the functionality of our website and do not require your consent will only be kept for the time necessary for the website to function.
  3. Cookies that are collected for the purpose of measuring traffic to our website and creating statistics regarding their traffic and the behavior of visitors on the website are processed in an almost anonymized form, which allows you to be identified, but only when considerable and professional effort is made.
  4. All cookies are stored for a period of time, which is specified below for individual types of cookies.
  5. In accordance with the GDPR, you have the following rights from the perspective of cookies - viz. Article 8 of these Personal Data Processing Principles - Rights of data subjects.
  6. As part of other cookie arrangements, we follow our privacy policy set out in the previous chapters of this document.
  7. List of cookies that may (but may not, depending on the System functions used by the subject of personal data) be processed in the Systems:

Necessary technical cookies

  • __Secure-next-auth.callback-url
  1. Validity: session
  2. Secured: yes
  3. Who has access: own cookie
  • __Host-next-auth.csrf-token
  1. Validity: session
  2. Secured: yes
  3. Who has access: own cookie
  • __Secure-next-auth.session-token
  1. Validity: 1 month
  2. Secured: yes
  3. Who has access: own cookie
  • __cc_cookie
  1. Validity: 1 year
  2. Secured: yes
  3. Who has access: own cookie

Analytical cookies

Marketing cookies

  1. You can change your settings for saving cookies at any time in the cookie settings in the Systems tab.

10. Further information on the processing of personal data

In case of questions regarding the processing of personal data or in case of exercising the data subject's rights listed in Article 8 of these policies, Railsformers s.r.o. or its Personal Data Protection Officer can be contacted via one of the contact addresses listed in Article 3 of these policies.

General information on the processing of personal data can also be found on the website of the Office for the Protection of Personal Data available at www.uoou.cz.

These policies take effect on September 1, 2022