As a part of Services, you have to create your user profile and provide us with other necessary information and by visiting our Website, some information about your device may be collected. In this document we describe how these information are processed.
If you have any question related to GDPR or related to our processing activities, please do not hesitate and contact us at [email protected].
1. WHAT PERSONAL DATA DO WE PROCESS?
In accordance with Services, we process:
• Your e-mail address or e-mail address of representative who created user profile under name of company.
• Billing information.
• Unique ID assigned to the user account after registration process is completed.
• Other personal information you provide us with in accordance to fulfill any service action you ask us to do.
2. HOW WE USE YOUR PERSONAL DATA AND ON WHAT LEGAL BASIS?
Your personal data are only used for the mutual relationship and for the purpose of fulfilling all legal duties that may arise in connection with provision of Services.
When you register your account, we use Auth0, Inc. company as our data processor to create your user profile. After you chose your payment plan and decide to pay for Services, we will request all necessary billing information (such as address, payment info etc.). We use Stripe services for handling payments. All of this information are necessary for fulfilment of our mutual contractual relationship that was concluded by creating your user profile. The legal basis for this processing is necessary for the performance of a contract to you are a party under Art. 6.1.b) of GDPR.
Also, we process information stated above for the purpose of fulfilling all legal obligations that we have. E.g., for the purposes of accounting laws, tax laws etc. In these cases, we process your personal data under Art. 6.1.c) of GDPR.
We do not expect that, but if there will be any dispute between us, we also process your personal data to protect our claims, to abide requests from relevant state authorities etc. The legal basis is our legitimate under Art. 6.1.f) of GDPR which consist of protection of our own claims.
Also, your e-mail address may be used in two ways. We may send you some technical notifications under our mutual relationship. These e-mails contain necessary information about our app, changes, updates etc. There is no way to reject these e-mails other than by ending mutual relationship.
However, in some cases we may send you newsletters. We will only do this if you give us your active consent under Art. 6.1.a) of GDPR when registering your user profile during provision of Services.
When you contact us through e-mail on our Website and you want to start cooperation with us, we will process your e-mail for the purpose of pre-contractual negotiations and for providing you with all necessary information under Art. 6.1.b) of GDPR. However, if we subsequently do not cooperate or your enquiry is not aimed at mutual cooperation, we will process the personal data on the basis of the legitimate interest of providing a response under Art. 6.1.f) of GDPR.
Your personal data will not be used for any automated decision making, including profiling.
3. DURATION OF PROCESSING OF PERSONAL DATA
Your personal data are always used only for a period necessary to achieve the purpose for which they were collected – for example, for the duration of the mutual relationship, until you have expressed disagreement with receiving our marketing communications, as long as the law requires us to do so or as long as we are dealing with your e-mails.
If you want to be acquainted with precise length of processing of your personal data, please write us on e-mail [email protected].
4. WHO HAS ACCESS TO YOUR PERSONAL DATA?
We use other companies and their products to secure processing of personal data and providing you with the Services. Those other companies are so called data recipients.
We use these data recipients:
• Company Auth0, Inc. which helps us with creation of user profile. The company is located in the USA. As a part of our terms we have concluded, there is data processing addendum and standard contractual clauses as a safeguard for the transfer to the third countries.
• Stripe Payments Europe, Ltd., which Is facilitating payment transaction on our behalf.
• Google Ireland company which provide us with cloud storage.
• Plausible Analytics company located in the EU. This company do not process your personal data, only helps us with analytics of our website without using cookies. More information about which data they may collect are available here: https://plausible.io/data-policy.
5. WHAT RIGHTS DO YOU HAVE?
You have the following rights in relation to our processing of your personal data:
a) right of access to personal data;
b) right to rectification;
c) right to erasure (‘right to be forgotten’);
d) right to restriction of data processing;
e) right to data portability;
f) right to object to processing;
g) right to withdraw a consent; and
h) right to file a complaint with respect to personal data processing.
Your rights are explained below so that you can get a better idea of their contents.
If you think that we are doing something that is not in accordance with law, you can file a complaint with the supervisory authority, i.e. the Office for Personal Data Protection (http://www.uoou.cz).
The right of access means that you can ask us at any time to confirm whether or not personal data concerning you are being processed and, if they are, you have the right to access the data and information for what purposes, to what extent and to whom they are disclosed, for how long we will process them, whether you have the right to rectification, erasure, restriction of processing or to object; from which source we obtained the personal data, and whether automated decision-making, including any profiling, occurs on the basis of processing of your personal data.
The right to rectification means that you may request us at any time to rectify or supplement your personal data if they are inaccurate or incomplete.
The right to erasure means that we must erase your personal data if (i) they are no longer necessary for the purposes for which they were collected or otherwise processed; (ii) the processing is unlawful; (iii) you object to the processing and there exist no overriding legitimate grounds for processing; (iv) this is required of us based on a legal duty or (v) you withdrew consent on which the processing is based and there is no other legal ground for the processing.
The right to restriction of processing means that until any disputable issues concerning the processing of your personal data are resolved, we must restrict the processing of your personal data.
The right to data portability means that you have the right to obtain personal data that concern you and which you have provided to us and which are processed in an automated manner and on the basis of consent or contract, in a structured, commonly used and machine-readable format, and the right to have these personal data transferred directly to another controller.
The right to object means that you may object to the processing of your personal data that we process for the purposes of our legitimate interests, especially for the purposes of direct marketing. If you object to processing for the purposes of direct marketing, we will no longer process your personal data for those purposes.
You can exercise all your rights by contacting us at the following e-mail address: [email protected].
This policy is effective from 15 December 2021.