PERSONAL DATA PROTECTION RULES, DATAWEPS s.r.o.

This document contains information regarding personal data processing in the company DATAWEPS s.r.o. in accordance with art. 12 et seq. of the Regulation of the European Parliament and the Council (EU) 2016/679 of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC (hereinafter, the “GDPR“) and the Act No. 110/2019 Coll., on the processing of personal data; among others, by means of the Dataweps Azor, Dataweps Beed, Dataweps SocialWatch, Dataweps TrendPanel and Dataweps TrendLucid (all together hereinafter referred to as the „Applications“).

The Personal Data Protection Rules (hereinafter referred to as the „Rules“) will be updated as required. The updated version will always be available on our website https://www.dataweps.com/processing-of-personal-data-for-marketing-purposes/.

By visiting our website or using our Applications you confirm that you have become familiar these Rules.

IDENTIFICATION AND CONTACT INFORMATION

DATAWEPS s.r.o., identification number (IČO) 44962738, with registered seat at Nováčkova 401/53, Husovice, 614 00 Brno, a company registered in the Commercial Register with the Regional Court in Brno, section C, file 4160 (hereinafter referred to as the „DATAWEPS.

Contact phone: +420 541211984, Contact e-mail: tym@dataweps.com.

DATAWEPS has not appointed a data protection officer, since it does not fit within the obligation set out in Art. 37 of the GDPR.

SUPERVISION AUTHORITY

The supervision authority is the independent public government authority competent for personal data protection in the given country. The supervision authority for the registered office of DATAWEPS is the Office for Personal Data Protection with registered office at Pplk. Sochora 27, 170 00 Prague 7, e-mail: posta@uoou.cz, tel.: +420 234 665 125.

DATAWEPS AS PERSONAL DATA CONTROLLER

The DATAWEPS acts in the position of a personal data controller particularly in relation to the personal data of employees, customers, suppliers, their representatives and of website visitors, provided they are natural persons.

Information about personal data processing of employees is subject to a separate document, which is available to employees at the seat of DATAWEPS.

Purpose of processing (legal basis for processing) Personal data processed
Customer’s personal data (provided they are natural persons), eventually their representatives’, Personal data of the Applications Users
For the purposes of performing a contract (namely for the contracting process, communication with customer), or for implementation of measures before conclusion of the contract (negotiations before concluding the contract) In case of a natural entrepreneur person – name, surname, identification number, tax identification number, address of place of business e-mail, phone number
For the purpose of creating a user account within the Applications e-mail, name, surname, IP address, eventually other online identifiers
For the purposes of performing legal obligations (especially keeping accounts and issuing and registering invoices) In case of a natural entrepreneur person – name, surname, identification number, tax identification number, address of place of business
For the purpose of a legitimate interest (for sending commercial communications) e-mail
Suppliers’ personal data (provided they are natural persons), eventually their representatives’ 
For the purposes of performing a contract (namely for the contracting process, communication with supplier), or for implementation of measures before conclusion of the contract (negotiations before concluding the contract) In case of a natural entrepreneur person – name, surname, identification number, tax identification number, address of place of business
e-mail, phone number
For the purposes of performing legal obligations (especially keeping accounts and issuing and registering invoices) In case of a natural entrepreneur person – name, surname, identification number, tax identification number, address of place of business
Personal data of website visitors:
For the purpose of a legitimate interest (for security reasons, website traffic analysis) IP address, eventually other online identifiers

If we intend to process other kinds of personal data than those set out above, we can only do so on the basis of a written consent to personal data processing granted in a valid manner. You will grant us your consent to personal data processing in a separate document.

We do not process any personal data which can be included in a special category (the so-called sensitive data) within the meaning of Art. 9 GDPR.  Simultaneously, we do not process personal data related to verdicts in criminal matters and criminal acts within the meaning of Art. 10 GDPR.

DATA PROCESSING PERIOD

If it is not above stated otherwise, personal data processed to perform obligations arising from special legislation is processed for a period of time stipulated by this legislation. In the case of a need to use personal data to protect our legitimate interests, this personal data is processed for a period necessary to assert these rights. If personal data is processed on the basis of a consent, we perform the processing only for the period for which the consent is granted. In other cases personal data will be erased after 2 years following termination of the contractual relationship.

RECIPIENTS OF PERSONAL DATA, SUBMISSION OF PERSONAL DATA TO THIRD COUNTRIES

Personal data controllers: 

We do not submit personal data to any other personal data controller.

We submit personal data processed for the purpose of performing obligations arising from special legislation to public administration bodies or other competent authorities only when obliged to do so by the law.

We use the following processors of personal data:

  • companies providing accounting and tax services,
  • cooperating programmers.

The full list of processors is available at the seat of DATAWEPS upon request.

Personal data processing can be performed for by processors exclusively on the basis of a personal data protection contract, i.e. with guarantees of organizational and technical securing of this data and the definition of the purpose of processing, with processors not allowed to use the data for other purposes.

Submission of personal data to third countries: 

We do not submit personal data to third countries nor to international organizations within the meaning of Art. 44 et seq. GDPR.

YOUR RIGHTS IN RELATION TO PERSONAL DATA PROTECTION

In relation to personal data protection, you have the following rights. If you wish to assert any of these rights, please contact us via contact e-mail.

In some instances, the exercise of these rights is subject to certain exceptions; therefore, it may not be possible to assert them in all situations.

If your request is considered justified, we will take the required measures without undue delay, within a month at the latest. In substantiated cases, we can extend the deadline by another two months.

As a data subject you have:

  • The right to access personal data (Art. 15 GDPR): You have the right to obtain a confirmation from DATAWEPS on whether or not your personal data is processed. If your personal data is processed by DATAWEPS, you have the right to gain access to this personal data and the information stated in Art. 15 GDPR. Simultaneously, you have the right to obtain a copy of the personal data processed. For more copies, DATAWEPS can charge you a reasonable fee considering administrative costs.
  • The right to personal data correction (Art. 16 GDPR): You have the right to DATAWEPS correcting your inaccurate personal data or supplementing incomplete personal data without undue delay.
  • The right to personal data erasure (Art. 17 GDPR): You have the right to DATAWEPS  erasing your personal data without undue delay in instances laid down by Art. 17 GDPR. The right to erasure will not be applied if the processing is necessary for the compliance with legal obligations, for the determination, exercise or defence of legal claims and in other instances laid down in the GDPR.
  • The right to processing restriction (Art 18 GDPR): You have the right to DATAWEPS restricting processing in any of the following instances: a) you dispute the accuracy of personal data, for a period necessary for DATAWEPS to be able to verify the accuracy of the personal data; b) the processing is illegal and you reject the erasure of personal data, asking instead for the restriction of its use; c) DATAWEPS no longer needs the personal data for the purposes of processing but you require it to determine, exercise or defend legal claims; d) you have raised an objection against the processing until it is verified whether the legitimate reasons of DATAWEPS prevail over your legitimate reasons.
  • The right to information regarding the correction or erasure of personal data or processing restriction (Art 19 GDPR): DATAWEPS is obliged to notify individual recipients to whom personal data was disclosed of any personal data corrections or erasures or processing restrictions, with the exception of cases when this proves impossible or requires unreasonable effort. If you request so, DATAWEPS will inform you about these recipients.
  • The right to data transferability (Art. 20 GDPR): If technically possible, you have the right to obtain all your personal data and submit it to another administrator.
  • The right not to be subject of automated individual decision-making, including profiling (Art. 22 GDPR): DATAWEPS does not perform automated individual decision-making nor profiling during processing of personal data within the meaning of Art. 22 GDPR.
  • The right to be informed in the event of a personal data breach (Art. 33 GDPR): If a certain case of personal data security breach is likely to result in a high risk for your rights and liberties, DATAWEPS will announce this breach to you without undue delay.
  • The right to lodge a complaint with a supervision authority: If you believe that DATAWEPS does not process your personal data in a lawful manner, you have the right to lodge a complaint with the supervision authority whose contact details are provided above. We will be very happy if you approach us first. We will do our best to correct the faulty situation and process your personal data in a lawful manner.
  • The right to raise an objection against processing (Art. 21 para 1 GDPR): You have the right to raise an objection at any time regarding the processing of your personal data that DATAWEPS  processes for the reasons of its legitimate interests. In such an instance, DATAWEPS will no longer process personal data unless it demonstrates serious legitimate reasons for processing that prevail over your interests or rights and liberties or for the determination, exercise or defense of legal claims.
  • The right to revoke consent to personal data processing: If DATAWEPS processes any of the personal data on the basis of a consent, you have the right to revoke your consent to personal data processing in writing at any time, by sending your objection to personal data processing to the contact e-mail address. The revocation of consent shall be without prejudice to personal data processing in instances where a consent is not required.

More information about your rights can be found on the website of the Office for Personal Data Protection: https://www.uoou.cz/6-prava-subjektu-udaj/d-27276.

SENDING COMMERCIAL COMMUNICATIONS, DIRECT MARKETING INFORMATION

When sending commercial communications, we proceed in accordance with the Act. No. 480/2004 Coll., on certain information society services as amended. The sending of commercial communications can be cancelled using an unsubscribe link in each e-mail sent.

The right to raise an objection to processing for direct marketing purposes (Art. 21 para 2 GDPR)

If DATAWEPS processes your data for direct marketing purposes, you have the right to raise an objection to such processing. In such an instance, DATAWEPS will not further process your personal data.