Privacy Policy

1. Data controller

GrainOil Trade s.r.o., a Czech limited liability company registered at Uralská 689/7, Bubeneč, 160 00 Praha 6, Czech Republic, Company ID (IČO) 214 50 757, is the data controller for personal data collected through this website.

If you have any questions about this policy or wish to exercise your rights, please contact us at grainoiltrade.sro@gmail.com.

2. What data we collect

When you submit an inquiry through the contact form, we collect the personal data you provide voluntarily: name, company name, email address, phone number (optional), and any information contained in your message, including product interest, delivery country, and volume.

We do not collect tracking data, behavioural analytics, or advertising identifiers. The website does not set non-essential cookies.

Our hosting provider (Netlify) may collect standard server access logs (IP address, user agent, request timestamps) for a limited period for security and diagnostic purposes.

3. Purpose and legal basis

We process your personal data solely to respond to your inquiry, prepare and negotiate commercial offers, and — where applicable — conclude and perform a commercial contract. The legal basis is:

(a) Article 6(1)(b) GDPR — processing necessary for the performance of a contract or to take steps at your request prior to entering into a contract;

(b) Article 6(1)(f) GDPR — our legitimate interest in managing B2B commercial relationships and responding to business inquiries.

4. Recipients of your data

Your data is accessed by authorised personnel of GrainOil Trade s.r.o. for the purposes described above. We use the following processors:

• Resend (transactional email infrastructure, US-based, GDPR Data Processing Addendum in place) — delivers inquiry emails to our mailbox.

• Netlify, Inc. (website hosting and content delivery) — standard server logs.

• Our email provider, used to read and reply to inquiries.

We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not transfer your data outside the European Economic Area except through processors that provide appropriate safeguards (Standard Contractual Clauses).

5. Data retention

We retain inquiry data for as long as necessary to manage the commercial relationship, and thereafter for up to three (3) years from the last contact, for documentation of business dealings and potential legal claims. Data related to concluded contracts is retained for the period required by Czech and EU law (typically 10 years for accounting and tax records).

Server access logs are retained by our hosting provider for a period not exceeding 90 days.

6. Your rights

Under the GDPR, you have the right to:

• access your personal data and receive a copy;

• request rectification of inaccurate data;

• request erasure ("right to be forgotten") subject to legal retention obligations;

• request restriction of processing;

• object to processing based on legitimate interest;

• data portability;

• lodge a complaint with the Czech Data Protection Authority — Úřad pro ochranu osobních údajů (ÚOOÚ), Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.

To exercise any of these rights, contact us at grainoiltrade.sro@gmail.com. We will respond within one month.

7. Security

We apply appropriate technical and organisational measures to protect your personal data, including TLS/HTTPS encryption in transit, restricted access to mailbox systems, and vendor assessments of our processors.

8. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. The effective date is shown at the top of the page.