Transport Solutions
Legal · GDPR

Privacy Notice

Last updated 19 June 2026

This notice explains how Transport Solutions s.r.o. ("TS", "we") collects and processes personal data on this site, in line with the EU General Data Protection Regulation (GDPR) and Czech Act No. 110/2019 Coll. on personal data processing.

1. Controller

The data controller is Transport Solutions s.r.o., registered in the Czech Republic. Postal and contact details are listed on the Imprint page.

2. What we collect & why

We process: (a) dealer application data (name, work email, company, country, optional phone) to evaluate applications; (b) contact-form submissions (name, email, optional phone, message) to answer enquiries; (c) dealer account data (name, email, hashed password, role, country, VAT ID, phone) to operate the portal; (d) order and payment metadata (line items, totals, Stripe payment / refund IDs, order status history) to fulfil orders and meet accounting obligations. We do not store payment card data — card details are submitted directly to Stripe by your browser.

3. Lawful basis

Processing is based on (i) performance of the dealer contract (Art. 6(1)(b) GDPR) for portal use, ordering and fulfilment; (ii) our legitimate interest (Art. 6(1)(f) GDPR) in responding to applications and contact-form enquiries; and (iii) legal obligation (Art. 6(1)(c) GDPR) for tax and accounting retention.

4. Processors & sub-processors

We rely on Vercel (hosting), Neon (managed Postgres, EU region), Stripe (payment processing), and Resend (transactional email). Each is engaged under written terms compliant with Art. 28 GDPR and processes data within the EU/EEA or under equivalent safeguards.

5. International data transfers

Some of our processors are established in, or transfer personal data to, countries outside the European Economic Area (EEA), including the United States (for example Vercel, Stripe and Resend). Where this happens we ensure an adequate level of protection in accordance with Chapter V GDPR: transfers to the United States are made to recipients certified under the EU–U.S. Data Privacy Framework (Art. 45 GDPR) and/or are governed by the European Commission's Standard Contractual Clauses (Art. 46 GDPR), with additional safeguards where necessary. A copy of the relevant safeguards is available on request via the contact details on the Imprint page.

6. Retention

Contact-form and application submissions are retained for up to 24 months. Order, invoice and accounting records are retained for the statutory periods required by Czech law (typically 10 years). Dealer accounts are retained for as long as the account is active and for a reasonable period thereafter for audit purposes.

7. Your rights

You have the right to access, rectify, erase, restrict or port your personal data and to object to processing based on legitimate interest (Art. 21 GDPR). Requests are handled within one month. You also have the right to lodge a complaint with a supervisory authority — our lead authority is the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů, ÚOOÚ), Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz — or with the supervisory authority of the EU/EEA country in which you live or work.

8. Automated decision-making

We do not use your personal data for automated decision-making that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR, and we do not carry out profiling. Decisions on dealer applications and orders are made by our staff.

9. Security

We implement appropriate technical and organisational measures to protect personal data, as required by Article 32 GDPR — including encryption in transit (TLS), encryption at rest, hashing of account passwords, role-based access controls, and processing only through reputable providers bound by data-processing agreements. Payment card details are transmitted directly to our payment processor and are never stored on our systems.

10. Data breaches

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of it (Art. 33 GDPR). Where the breach is likely to result in a high risk to you, we will also inform you without undue delay (Art. 34 GDPR).

11. Cookies

We use only strictly necessary cookies — a Better-Auth session cookie for authenticated portal access and a small acknowledgement cookie to remember that you have dismissed the cookie notice. No analytics, advertising or third-party tracking cookies are set on this site. Full details are set out in our Cookie Policy.

12. Children

Our portal and services are intended exclusively for businesses and their authorised representatives. They are not directed at children, and we do not knowingly collect personal data relating to children.

13. Changes to this notice

We may update this notice from time to time to reflect changes in our processing or legal requirements. The current version is always available on this page and is marked with the date it was last updated; where changes are material we will take appropriate steps to bring them to your attention.

14. Contact

Requests regarding your personal data can be sent to the email address listed on the Imprint page.