Privacy Policy

High data protection standards are part of Yumecs's brand essence and, like the security of our IT systems, are of particular importance to our business. As a global company whose business model is based on the networking of people and the exchange of sensitive data, we feel we have a special responsibility in this regard.

The protection of your personal data in the course of the entire business process is an important concern for us. The following policy is intended to provide you with an overview of how we process your data.

We handle the data transferred to us in a trusting and responsible manner and observe the legal provisions on data protection, in particular the Law of the Republic of Uzbekistan No. ZRU-547 (Law on Personal Data) and the General Data Protection Regulation (GDPR).

Contact details of the persons responsible

Responsible for this website and other products and services is

KCIC s.r.o

Senovážné náměstí 1464/6, Praha 1, Czech Republic

www.yumecs.eu

Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject rights

You have the following data subject rights:

With regard to the assertion of your data subject rights, please contact us.

Storage period

Your personal data will be deleted or blocked by the respective company responsible as soon as the purpose for storing it no longer applies. In addition, storage may take place due to legal and contractual retention periods. Data will also be blocked or deleted if a legally prescribed storage period expires unless there is a need for further storage of the data for contractual reasons. Further information on the storage period in connection with certain products and services can also be found in the following sections.

Categories of recipients

The aforementioned responsible parties do not sell, transfer or otherwise disclose your data to third parties in each case on their own behalf and will not do so in the future, unless this is required by law, necessary for the purposes of the contract or you have consented to this disclosure. For example, when providing postal services, your address data may be passed on to companies involved in the transport process (e.g., courier service providers, customs service providers and - if it is not a postal service - sanctions list check service providers for comparison with sanctions lists).

External service providers that process data on behalf of Yumecs (e.g., customer service activities, IT services) provide sufficient guarantees that appropriate technical and organisational measures are implemented in such a way that the processing is carried out in accordance with the requirements of the EU General Data Protection Regulation. They are contractually obliged to maintain strict confidentiality, among other things, in accordance with Art. 28 GDPR. In these cases, Yumecs remains responsible for the protection of your personal data. The external service providers only process the personal data on the documented instructions of the respective responsible parties.

Third country transfer

In the case of international mailings, your data will also be processed in a so-called third country, i.e., forwarded to or accessed from a country outside the European Union (EU)/ European Economic Area (EEA). Specifically, this concerns the recipient country of the respective shipment. This data transfer is necessary for the fulfilment of the respective transport contract (e.g., delivery, customs clearance). If a third country transfer is carried out by the above-mentioned responsible parties, this is only done on the basis of standard contractual clauses or within the scope of the exemptions of the GDPR.

Data security

Yumecs takes all necessary technical and organisational security measures to protect your personal data from misuse or loss. For example, your data is stored in a secure operating environment that is not accessible to the public. In certain cases, your personal data is encrypted during transmission using Secure Socket Layer (SSL) technology. This means that an approved encryption method is used for communication between your computer and the Yumecs servers, provided your browser supports SSL.

If you wish to communicate by e-mail with one of the responsible persons, you should bear in mind that the confidentiality of the information transmitted cannot be guaranteed. The contents of e-mail messages can be read by third parties. The respective person in charge therefore recommends that confidential information addressed to them be sent by post.

Data processing in the context of visiting the website and using our services

Visiting our website

When you visit this website, the web servers temporarily store data for security reasons, which may allow identification.

The following data is collected: IP address, host name of the accessing computer, website via which you accessed this website, a list of the websites visited by you within the scope of our Internet presence, the date and duration of your visit, notification as to whether the call was successful, volume of data transferred, information on the identification data of the browser type and operating system used by you.

The temporary storage of data is necessary for the course of a website visit in order to enable the website to be delivered. Further storage in log files takes place in order to ensure the functionality of the website and the security of the information technology systems. The legitimate interest in data processing also lies in these purposes. The data is processed on the basis of Art. 6 para. 1 lit. f GDPR.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the provision of the website, this is the case when the session has ended. The log files (access logs) are kept directly and exclusively accessible to administrators for 24 hours. After that, they are only indirectly available via the reconstruction of backup tapes and are permanently deleted after 30 days.

Use of cookies

In addition to the aforementioned data, cookies are stored on your device when you use our platform. Cookies are small text files which are stored on your hard drive, and which provide the party setting the cookie with certain information. Cookies cannot execute programs or transmit viruses to your computer. They serve to make the Internet offer as a whole more user-friendly and effective. The legal basis for the processing is our legitimate interest according to Art. 6 para. 1 lit. f) or your consent Art. 6 para. 1 lit. a) GDPR. Our legitimate interests are derived from the need to ensure trouble-free operation of our platform. For more information on the cookies we use, please read our Cookie Policy whish forms part of our Privacy Policy.

Google Maps

We use the Google Maps service on our website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. The legal basis for the use of Google Maps is Art. 6 para. 1 lit. f) GDPR.

By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. This takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your Google profile, you must log out before. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website in line with requirements. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

Data processing for sales purposes

The sales department of Yumecs processes personal data in addition to business data in order to carry out pre-contractual measures and for sales purposes. This includes contact data of the respective contact person of the prospective customer or customer (name, business e-mail address and telephone number) as well as information on the notified annual shipment volume and shipment structure. All other consignment and personal data stored within the scope of the business relationship (e.g., offer calculation, contract processing, invoicing) are bound to the purpose of fulfilling the contract. The legal basis for the data processing described above is Art. 6 Para. 1 lit. b GDPR and Art. 6 Para. 1 lit. f GDPR. The legitimate interest of Yumecs lies in particular in the optimal and customer-specific support.

Data processing for advertising purposes

If you are already a customer of Yumecs, your address data (e.g. name, address) will be processed in order to inform you about offers, news, products and services of the respective responsible company.

In addition to an existing consent, the respective responsible companies process your e-mail address exclusively to provide you with information about their own and similar products, to the extent permitted by law. For example, Yumecs will send you e-mails that you or others have requested, such as parcel announcements. Likewise, you may receive important usage instructions for product, service or system information and also details of your respective customer account with Yumecs by e-mail. The legal basis for the aforementioned processing is Art. 6 Para. 1 lit. f GDPR. The processing of customer data for own direct marketing purposes is carried out within the framework of the legitimate interest of the respective responsible company. You have the right to object to this processing at any time. To exercise your right, simply contact the responsible company using the contact details above.

In the event of unsubscription from e-mail communication or revocation, the corresponding data will be removed from the distribution list or blocked and no longer processed for these purposes. The inclusion of the e-mail address in a blocking list at the respective responsible company is done to protect the legitimate interests of the respective responsible company in accordance with Art. 6 Para. 1 lit. f GDPR. The legitimate interest lies in not sending you information by e-mail in the future.

In the context of sending e-mails, a performance measurement is carried out by the respective responsible party. For example, it is recorded whether an email has been opened and whether links in the email have been clicked. The evaluations are used to recognise the reading habits of the users and to adapt the content to their needs or to send different content according to the interests of the users. The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR. This data processing for own direct marketing purposes takes place within the framework of the legitimate interest of the respective responsible company.

Data processing for security, quality assurance and process optimisation purposes

To the extent permitted by law, Yumecs process the data collected in the course of contract performance for (data) security purposes (e.g., for the purpose of detecting criminal offences or misuse), for compiling statistics and for quality assurance, process optimisation and planning security. For this processing, there is a legitimate interest on the part of the data controller with regard to ensuring a smooth process as well as the continuous improvement of the respective products and services. In the opinion of the data controller, there is no predominant interest worthy of protection, as the intensity of the processing is kept as low as possible, e.g., by using pseudonyms. The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR.

Data processing for contract fulfilment

Within the scope of the services provided by Yumecs, in particular transport and logistics services, personal data is processed on the basis of contracts concluded with you or the senders. This data is used, for example, to execute a (transport) contract, to manage customer data, to process payments and, if necessary, to check creditworthiness. Certain shipping data is provided to the authorities of the transit or destination country - depending on the relevant legal regulations - for the purpose of customs clearance and taxation or for security checks. Such data usually includes the name and address of the sender, name and address of the recipient, description of goods, number of items, weight and value of the consignment.

Personal data of the sender and (substitute) recipient (e.g., name, address of the sender and (substitute) recipient, e-mail address, telephone number, consignment information, delivery documentation such as signature, GPS date at the time of the delivery event, bank data) are processed.

The legal basis for the processing of the sender data is Art. 6 para.1 lit. b GDPR, as the processing is carried out for the fulfilment of the contract as well as for the proof of correct service provision.

The legal basis for the processing of (substitute) recipient data is in principle Art. 6 para. 1 lit. e GDPR. The provisions of Section 41a of the Postal Services Act allow the processing of personal data to ensure a functioning postal system and are thus in a special public interest as defined in Article 6 (1) (e) of the GDPR. This also includes the authorisation to process the personal data of recipients or substitute recipients insofar as this is necessary for the proper delivery of items.

In addition, we are entitled to collect and store certain identification data: the type of ID card, the issuing authority, the number of the identity document and the date of issue.

Contact options

This website contains contact options, which can be used to contact the respective company electronically. If the user makes use of this option, the data entered in the input mask will be transmitted to the respective company and processed accordingly.

The personal data you provide (e.g., first and last name, e-mail address, telephone number, address, remarks, customer number, details of the weight and dimensions of a consignment, delivery documents, information relevant to invoicing, details required for customs processing) are processed exclusively for the technical administration of the websites and to fulfil your wishes and requirements - i.e., primarily to process contracts concluded with you or your enquiries. In addition, within the scope of processing a customer request, data processing may also take place for the creation of a customer account, acceptance and processing of a transport order, cooperation, or registration of a service, among other things.

Provided that no legal or contractual retention periods are to be observed, your enquiry will be stored for a maximum of two years by the respective responsible party as proof of proper processing and further optimisation of the services.

The data is primarily processed for the fulfilment of the contract in accordance with Art. 6 Para. 1 lit. b GDPR and for the protection of legitimate interests in accordance with Art. 6 Para. 1 lit. f GDPR. A legitimate interest on the part of Yumecs is, in particular, to ensure a smooth process flow, to process customer concerns, to conduct direct marketing for its own products and services and to permanently improve these.

Transport enquiries and requests

In order to process your request, some information is required (e.g., consignment number or date of posting). The processing of this data is necessary and is carried out for the purpose of fulfilling the contract on the basis of Art. 6 Para. 1 S.1 lit. b GDPR. In addition, we request other relevant data on a voluntary basis, which may lead to accelerated processing. The legal basis for the processing of this data is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. The required information is marked as mandatory fields [*mandatory field].

Delivery service

Your personal data provided in the order form will be forwarded to the respective participating service provider and subsequently processed there for the purpose of carrying out the order process. The data includes your contact details as well as your information on the storage location. The legal basis for the processing is pursuant to Art. 6 (1) p. 1 lit. b GDPR (the performance of the contract).

Parcel notification

With the parcel notification, you will be informed free of charge about the expected delivery date of the parcels ordered by you to your address. In addition, we will inform you in the event of delivery delays or if you were not met at the time of delivery. In order to be able to send you a notification of the expected delivery day and the whereabouts of your shipment by e-mail, Yumecs requires your e-mail address. The parcel notification is part of the Services, which is activated as part of the contract. The processing of the e-mail address for the purpose of parcel notification is carried out for the fulfilment of the contract on the basis of Art. 6 Para. 1 lit. b GDPR.

Shipment tracking

The following data, for example, are processed in the context of shipment tracking: Consignment number, name and address of the sender, name and address of the recipient, e-mail address of the sender/recipient if applicable, name and address of the substitute recipient if applicable, customer data of the sender, product or service designation, consignment history, signature of the recipient. The data is processed for the purpose of fulfilling the contract on the basis of Art. 6 para. 1 lit. b GDPR.

Data processing for Administration, financial accounting, office organisation

We process data in the context of administrative tasks as well as organisation of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the data mentioned in these processing activities.

In this context, we disclose or transfer data to consultants, such as legal advisors or auditors, as well as other fee offices and payment service providers.

Furthermore, based on our business interests, we store information on suppliers, event organisers and other business partners, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is generally stored permanently.

Online presences in social media

We maintain online presences on the above-mentioned Platforms on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR and in order to communicate with customers, interested parties and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write Art.s on our online presences or send us messages.

Social Media Functions and Widgets

Within our online offer, functions and widgets of the above-mentioned Platforms are integrated. When you click on or use any of those functions and widgets, your browser establishes a direct connection to the relevant platform provider. The function or widget then transmits log data to the relevant platform provider. This log data may contain your IP address, the address of the visited websites, type and settings of the browser, date and time of the request, your usage of the relevant platform provider, as well as cookies. Those may also include the display of our post, the link to our profile, the possibility to interact with the posts and functions, as well as to measure users reach (so-called conversion measurement).

Routine deletion and blocking of personal data

We process and store personal data of the data subject only for the period necessary to achieve the purpose of storage or were provided for by applicable legislation and statutory retention periods. If the storage purpose ceases to apply or if a storage period prescribed expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Duration for which the personal data are stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment of the contract or the initiation of the contract.

Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

We inform you that the provision of personal data is sometimes required by law (e.g., tax regulations) or may also result from contractual regulations (e.g., information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data by the data subject, the data subject must contact one of our employees. Our employee will explain to the data subject on a case-by-case basis whether the provision of the personal data is required by law or by contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences of not providing the personal data would be.

Existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling.

When do we disclose your Personal Data?

We may share your information with organisations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support our online offer and our services. If you wish to learn more about how the relevant provider process your personal data, please follow the link embedded in the mentioned provider’s name.

Typically, and unless otherwise stated in this policy, data may be shared on the basis of our contractual and pre-contractual obligations, in accordance with Art. 6 para. 1 lit. b GDPR. Equally, if you have consented to it, or where there we have a legal obligation to do so or on the basis of our legitimate interests (e.g., when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to perform our contractual obligations, administrative tasks and duties efficiently and effectively).

If we commission third parties to process data on the basis of a so-called "processing agreement", this is done on the basis of Art. 28 GDPR.

In relation to metadata obtained about you, we may share a cookie identifier and IP data with analytic service providers to assist us in the improvement and optimisation of our website which is subject to our Cookie Policy.

We may also disclose information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.

Children Data

Our website is not intended for children, and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.

Changes

This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date with any changes.

Queries and Complaints

Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.