At KompiTech we recognise the importance of protecting your personal information and are committed to processing it responsibly and in compliance with any and all applicable data protection laws in countries in which KompiTech operates. For this reason, this document will provide you – i.e. our business partners and as appropriate their representatives or other contact persons, users and those interested in our services, but also visitors to our website – with information related to the privacy data protection at KompiTech.
The controller of your personal data is KompiTech s.r.o., ID no. 015 10 584, with its registered office at Thámova 137/16, Karlín, 186 00 Prague 8, Czech Republic.
2. Categories of personal data we process
In order the best quality IT services and solutions (hereinafter the “Services”) provided by KompiTech, could be delivered to you, we process the following categories of your personal data:
- Basic identification data – this category mainly includes data that is necessary for fulfilling any requests and/or for the conclusion and performance of the contract between us and you (i.e. name, surname, address, date of birth, payment and bank details);
- Contact details – this category includes data that we use to communicate with you in relation to the Services and fulfilment of any requests between us and you (i.e. phone number, email address, user names for communication tools);
- Services related data – this category includes data pertinent the Services provided (i.e. type and description of the Services, data on the amount and frequency of the Services provided, price, payment history, current location solely required for the purposes of provision of our Services via our platform BLiTS);
- Web usage related data – this category includes data that is processed in connection with usage of our web and our platform BLiTS (i.e. login account number, login password, marketing preferences, social media account, IP address).
Our Services are not intended for persons under 15 years. Therefore, we do not process such personal data and we verify whether you are at least 15 years old prior commencing any business relationship.
3. Purposes and legal basis on which we process personal data
For each processing of your personal data, there is a legal basis (title), which entitles us to process your personal data. We always process personal data only to the extent necessary for a particular purpose, which may be:
- Processing necessary for the fulfilment of our statutory and contractual obligations
Processing of personal data for the purposes of fulfilment of our statutory and contractual obligations is vital for our business activities. Without obtaining and processing personal data for these purposes we would not be able to provide you with our Services at all. Hence, if you are seeking provision of our Services, you will have to provide us with your personal data. So that we do not need your consent to process personal data for these purposes. If there is a contractual relation on the provision of Services between you and us, neither can you refuse processing of respective personal data due to the contract performance and fulfilment of our statutory obligations, nor can we comply with your request to delete such personal data.
In particular, these are as follows:
- Processes associated with your identification and contacting for the purposes of contract conclusion and performance (conclusion and performance of contracts);
- Securing and providing particular activities related to provision of Services (performance of contracts);
- Processes related to billing for the provided Services (performance of contracts);
- Fulfillment of our statutory accounting and tax obligations (statutory obligations fulfillment);
- Fulfillment of our obligations relating to measures against anti money laundering and terrorist financing (statutory obligations fulfillment);
- Purposes stipulated by special acts such as needs of criminal proceedings, administrative proceedings etc. (statutory obligations fulfillment).
We process personal data for these partial purposes only to the extent strictly necessary for the fulfillment of specific obligations and for a period directly stipulated by respective acts or necessary for the fulfilment of relevant contractual obligation.
- Processing based on our legitimate interests
We also process personal data if it is necessary to protect our legitimate interests. Prior any such processing we always consider carefully whether our legitimate interest outweighs your rights and freedoms. Even though we do not need your consent for this processing, you have the opportunity to contact us and file an objection to the processing of your personal data.
In particular, these are as follows:
- Evaluating the payment morale and if applicable enforcing our legitimate claims against our debtors and any related and factual acts;
- Keeping records of our debtors;
- Providing documents to a party interested in the assignment of our eligible receivables from our debtors;
- In justified cases securing evidence in case it is necessary to defend our rights;
- Direct marketing, i.e. sending information (commercial messages) in connection with the offer of our Services. It is always clear from such commercial messages that these come from us, and we may send them to you only until you object to it. The procedure for submitting an objection is described in each our commercial message sent for these purposes;
- Transfer of your personal data within KompiTech’s entities for internal administrative purposes;
- Collection of basic network identifiers of website and app visitors for the purposes of our Services enhancement, technical administration of our website and app for the purposes of technical administration and diagnostic of technical failures.
- Processing based on your consent
Certain processing of your personal data can be performed only on the basis of a consent granted by you. The processing of this data helps us to provide you with Services of higher quality, however such processing will not be performed without your consent. You can revoke this consent at any time via a letter sent to our registered office address or via email to email@example.com. If you do so, we will delete or anonymise your data (unless we have to further process it for the purpose of fulfilling our statutory or contractual obligations or protecting our legitimate interests). The revocation of your consent does not affect the lawfulness of the processing prior to the revocation of your consent.
In particular, these are as follows:
- Processing of cookies from our website – if you have cookies enabled in your web browser and you agree to their use on our website, we process records of behaviour from cookies placed on our website, for the purpose of securing better operation of the website and for other purposes described in detail in our Cookies Policy;
- Contact details for the purposes of a specific type of marketing activities.
4. To whom we disclose your personal data
- We process your personal data within KompiTech’s entities that provide either the means to data processing and/or help processing your requests, orders and marketing activities. These are mainly: KompiTech s.r.o. (Czech Republic), KompiTech GmbH (Switzerland), KompiTech GmbH (Germany), KompiTech Limited (UK).
- Our partners and suppliers securing provision of the Services as well as independent service providers such as legal/tax/accountancy/technical consultants that we engage in our business activities may participate in processing of your personal data. We contractually require them to keep your personal data secure and confidential.
- When applicable, we may be required or it may be necessary for us to disclose your personal data to respective authorities as arising from the applicable law.
- As a result of potential corporate restructuring and/or transactions and for maintaining a contractual relationship with you, your personal data may be transferred to a related affiliate. If we are involved in any of the above mentioned, your personal data may be transferred as part of such transaction. You will be notified of any such deal and your choices in that event will be outlined to you, if applicable.
We are a global business providing our services worldwide and provide the GDPR-level of personal data protection to all our relations and activities. The cases when we transfer data outside the European Economic Area include transfers among KompiTech’s entities and transfers to partners and service providers mainly involved in the provision of Services, or potential transfers in case of mergers, acquisitions and restructuring.
5. How long we store your personal data
Your personal data is stored for the necessary time only:
- If we provide you with Services or you are involved in the provision of Services, then we store your basic identification data, contact details, Services related data and the data from your communication with us for the entire existence of the contractual relationship or for a period as may be required under respective statutory obligations or for our legitimate interests establishing our rights;
- We store the personal data that we process on the basis of your consent until respective consent is revoked.
6. How we obtain and store your personal data
Most of the personal data that we process comes from direct interactions with you. However, in some cases it may happen that your personal information is provided to us by someone else such as your employer, one of your employer’s supplier, or your supplier and other processor of your personal data, as the case may be.
We always make sure whether your personal data was disclosed to us with your consent. If you believe your data was disclosed to us by a third party without your consent, please do contact us in this regard.
In some cases, we also obtain your personal data for processing from publicly available sources such as commercial registers, trade registers, insolvency registers, land registers, etc.
There are administrative, technical and physical safeguards that we maintain for protection of your personal data, both during transmission and once we receive it.
The personal data we obtain may be stored, with appropriate technical and organisational security measures applied to it, mainly on our servers in the Czech Republic and Switzerland, as well as anywhere we or our trusted services providers and partners operate.
7. What privacy rights you have
You can exercise certain rights with us in connection with the processing of your personal data. You can send your requests in this regard via post to our registered office address or electronically to the e-mail address firstname.lastname@example.org. Please note that in connection with these rights, we are entitled to reasonably require you to prove your identity, as we must ensure that we provide the information on personal data that relates to you.
Your rights related to the processing of your personal data are as follows:
- Right to access your personal data – you have the right to: (i) receive information on the processing of your personal data, prior to processing as well as during the processing, upon request; (ii) obtain confirmation from us whether we process your personal data; (iii) obtain one copy of your personal data being processed by us free of charge, provided that this does not adversely affect the rights and freedoms of others.
- Right to rectification – considering any relevant technical possibilities we will carry out correction of any inaccurate and incomplete data without undue delay after you notify us on this.
- Right to erasure (right to be forgotten) – you have the right to request erasure of your personal data in case it is no longer needed for the purpose for which it was processed (i.e. there is no legally recognised title on our part for further processing of your personal data including protection of our legitimate interests and rights).
- Right to revoke your consent – in case of processing based on your consent, you can withdraw your consent at any time. Revoking your consent shall not affect the lawfulness of processing based on your consent prior its revocation.
- Right to restrict processing – you have the right to restrict the processing of your personal data if you contest its accuracy, the legitimacy of the reasons on the basis of which we process the data, or if you object to the processing of the data.
- Right to information on the recipients of the personal data – in the event of corrections, deletions or restrictions on the processing of your personal data, we are also obliged to notify this fact to all recipients of your personal data – i.e. to all the persons to whom we have disclosed your personal data. In connection with this, you have the right to request information from us about these recipients.
- Right to data portability – you have the right to receive personal data which you have provided and is being processed on the basis of consent or where it is necessary for the purpose of conclusion and performance of a contract, in machine-readable format. The right in question applies solely to personal data that is processed by automated means.
- Right not to be the subject of a decision based solely on automated processing – you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In this regard we inform you that the only automated processing of the personal data that we make relates solely to provision of our Services via our platform BLiTS, since processing of one’s current location and related data is necessary for contract performance.
- Right to object – this right applies to cases of processing carried out for protection of our legitimate interests. You have the right to object to such processing, on grounds relating to your particular situation, and we are required to assess the processing in order to ensure compliance with all legally binding rules and applicable regulations. In case of direct marketing, we shall cease processing your personal data for such purposes after a respective objection.
- Right to contact supervisory authority, court –in the event you consider our processing of your personal data from our side is not compliant with the applicable with GDPR you may contact and lodge a complaint with the supervisory authority – The Office for Personal Data Protection (in Czech: Úřad na ochranu osobních údajů, with its registered office at Pplk. Sochora 27, 170 00 Prague 7 – www.uoou.cz) or your local authority or a relevant court.
Last updated on 6 October 2020