This Personal Data Processing Policy ("Policy") governs the processing of personal data when its users ("User" or "you") use the http://digitoo.ai/ website (the "Site") and our other services (the "Services").
Digitoo s.r.o. is the owner and operator of the Website and the controller of personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR"), Pernerova 697/35, Karlín, 186 00, Praha, ID No.: 08494584, registered in the Commercial
Register maintained by the Municipal Court in Prague, Section C, Insert 319199 (hereinafter referred to as "Controller" or "we").
Please read how we collect, process and protect your personal data (that is, any information directly or indirectly identified or identifiable natural person) when you use our Website or our Services. This document contains information about your rights.
The contact details of the Controller are as follows:
(a) Delivery address: Pernerova 51, 186 00, Praha 8-Karlín;
b) contact email: [email protected];
The controller has not appointed a data protection officer.
The Administrator processes only personal data provided by the User. The User declares that all personal data provided by the User to the Administrator is true, accurate, up-to-date, correct and complete. Digitoo assumes no obligation to verify this information. If you provide any information that is untrue, inaccurate, not current or incomplete, or if we have reasonable grounds to suspect that such information is untrue, inaccurate, not current or incomplete, we have the right to suspend or terminate our cooperation and refuse any and all current or future use of the Services (or any portion thereof).
The processing of personal data by the Controller is lawful as at least one of the following conditions is always met in the processing:
The User has consented to the processing of his/her personal data pursuant to Article 6(1)(a) of the GDPR for one or more specific purposes;
the processing of the User's personal data is necessary for the performance of a contract to which the User is a party or the implementation of measures taken prior to the conclusion of the contract at the request of that User pursuant to Article 6(1)(b) GDPR
the processing of the User's personal data is necessary for compliance with a legal obligation to which the Controller is subject; or
the processing of the User's personal data is necessary for the purposes of the legitimate interests of the Controller pursuant to Article 6(1)(f) of the GDPR.
The Controller processes Users' personal data for the following purposes:
a) Provision of services and performance of contractual obligations
For the purpose of Providing Services and fulfilling the contractual obligations of the Administrator, the Administrator may process the User's personal data that the User has provided to the Administrator or will provide to the Administrator in the future by using the Website or otherwise using its Services. This processing of personal data is necessary for the performance of the contract between the Users, as data subjects, and the Administrator.
b) Sending newsletters and commercial communications
In the event that the User expressly subscribes to newsletters and commercial communications, the Administrator may occasionally send the newsletter or commercial communications to the e-mail address provided by the User. The User may withdraw consent to receive newsletters and commercial communications at any time. The processing of personal data for sending the newsletter and commercial communications is necessary for the purposes of the legitimate interests of the Administrator.
c) Protection of the Controller's rights
The Controller may process the User's personal data that is necessary to assert possible claims of the Controller and also for the purpose of protecting the Controller's rights, Such processing of the User's personal data is a legitimate interest of the Controller.
The Administrator shall retain the User's personal data for the purpose of providing the Services and fulfilling the contractual obligations under paragraph 2.3(a) of the Policy for the duration of the User's use of the Services.
The personal data of the User processed by the Administrator for the purpose of sending newsletters and commercial communications pursuant to paragraph 2.3(b) of the Principles shall be stored by the Administrator for the duration of the consent to such sending granted by the User.
The Controller shall keep the User's personal data processed for the purpose of protecting his/her rights under paragraph 2.3(c) of the Policy for as long as his/her legitimate interest lasts.
Therefore, the Administrator shall retain the personal data of Users only for the period necessary to exercise the rights and obligations arising from the legal relationship between the Administrator and the User or until the User withdraws consent to the provision of personal data (if such withdrawal of consent implies an obligation for the Administrator to delete the personal data). After this period, the personal data of the User shall be deleted by the Administrator.
The Controller may transfer the personal data of Users to other processors (subcontractors of the Controller) who supply marketing and other support services to the Controller, but always in accordance with the above purposes. You agree that the data we collect from you may be transferred to and stored at a destination outside the European Economic Area ("EEA"). It may also be processed by employees operating outside the EEA who work for us or one of our suppliers. By submitting your personal data you consent to such processing. We will take all necessary measures to ensure that your data is treated securely and in accordance with this Policy and the GDPR.
We will only process and store your personal data for as long as necessary for the purposes set out above or to comply with any legal requirements. After this period, we will delete or anonymise your personal data. If we process your personal data on the basis of a legitimate interest, the processing will continue for as long as our legitimate interest persists. You may object to the processing of your personal data based on our legitimate interest at any time.
User's rights as a data subject
Based on the rules set out in the GDPR, the User has in particular the right to:
(a) access to their personal data;
b) rectification of personal data or, where applicable, to limit their processing;
c) erasure of personal data;
d) object to the processing of personal data;
e) the portability of his/her personal data;
f) withdrawal of consent to the processing of personal data,
g) lodging a complaint with the Office for Personal Data Protection, if he/she considers that the processing has violated his/her right to protection of personal data during processing or a related legal regulation.
In order to exercise any of these rights, the User may contact the Controller via the contact details provided above. The Controller will advise and assist Users in exercising their rights. You also have the right to lodge a complaint with the supervisory authority, the Office for Personal Data Protection of the Czech Republic. You can find out more at https://www.uoou.cz/.
The Administrator declares that only persons authorized by the Administrator have access to the User's personal data.
We are committed to storing your data securely. Therefore, we have implemented appropriate physical, technical and organizational measures and plans to protect and secure the data we have received from you (which does not, however, relieve you of your obligation to take appropriate steps to secure your data, especially in the case of data transmission). The aim is to prevent unauthorised or unlawful processing of your personal data or accidental, unauthorised or unlawful disclosure, use, transmission, processing, copying, alteration, loss or corruption of your data. Despite all efforts to comply with the rules set out in the relevant legislation, it is not possible to ensure the security of your data if it is transmitted or transferred in an unsecured manner.
If we have given you (or you have chosen) a password that allows you to access certain parts of the Site, you are responsible for keeping that password confidential. We ask that you do not share this password with anyone.
Cookies
When you use the Website and, where applicable, our other Services, small identification files called cookies may be placed on your computer (by the Administrator or, with its consent, by a third party). These files allow us to collect certain information from your device to improve the functioning of the Site and our Services.
The Administrator does not use any of these identification files to identify Users as individuals.
The User may disable the storage of cookies or delete cookies already stored on their computer by using their web browser settings.
If the User has cookies enabled on his/her web browser and visits the Site, the User agrees to the use of cookies in accordance with this Policy.
To the extent that cookies are personal data, their processing is governed by the rules that apply to the protection of personal data under this Policy.
Final provisions
By checking the consent box via the online form and/or by actively using the Website or Services, the User confirms that he/she is aware of the Policy and accepts it in its entirety.
This Policy is governed by the law of the Czech Republic. The general courts of the Czech Republic are competent to decide on related legal disputes between the Administrator and the User.
If necessary, the Administrator is entitled to unilaterally change the wording of this Policy. The Administrator shall always notify the change at least 30 days before it becomes effective by displaying a notice on the Website and/or by sending a notice to the User's e-mail.
This Policy shall take effect on July 1, 2020.