This privacy policy ("Privacy Policy”) sets out the basis on which any personal data we collect from you, or that you provide to us, in connection with the use of Tech Buddy will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
Please be informed that this Privacy Policy uses definitions as described in Article 2 of the Tech Buddy Terms of Service.
1. Data Controller
The Data Controller is DataSentics, a.s., with its registered office at Washingtonova 1599/17, Nové Město, 110 00 Praha 1, ID No. 05355541, a company incorporated under the Czech law and registered in the Czech Commercial Register maintained by the Municipal Court in Prague under File No. B 24293 ("We" or “Data Controller”).
2. Information We May Collect From You
We may collect and process the following data about you:
a) Information you give us. You give us information about you when managing your account or by corresponding with us by phone, email or otherwise. This includes information you provide when you register your account, use the Service, manage your account or when you report a problem with the Service. The information you give us may include your name, email address, phone number, place of residence, date of birth.
b) Information the Customer gives us about you. The Customer may provide us with your personal details when managing the Customer account. The information may include your email address, your name or your position. We assume that the Customer is entitled to do so.
c) Information we collect about you. With regard to each of your visits to our site our use of the Service we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Please note that the IP address does not identify you personally, but it allows us to maintain communications with you as you move about our site;
- information about your visit, including the full URL clickstream to, through and from our site (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number;
- information about the use of the Service including your questions, complaints, customer history etc.
3. Purpose and legal basis for personal data processing
We use information held about you in the following ways:
a) Information you give to us or the Customer gives to us about you. We will use this information:
- to provide you / or the Customer with the Service;
- to ensure that content from our site is presented in the most effective manner for you and for your computer.
b) Information we collect about you. We will use this information:
- to administer our site and / or the Service and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our site and / or the Service to ensure that content is presented in the most effective manner for you and for your computer;
- as part of our efforts to keep our site and / or the Service safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
We process most personal data to fulfil our agreements with the Customer, including processing requests and applications, sending invoices, and providing access details.
We also process your personal data based on our legitimate interests which includes all processing related to improving the user experience on our site or sending you our newsletter.
W may also process your personal data based on your consent for the specific purposes of processing, most often for the purpose of subscribing to our newsletter.
4. Duration
We will store your personal data as long as is necessary for the purposes named in this Privacy Policy or as long as the law allows us store it for particular purposes.
5. Recipients
We may share your personal data with:
a) our contractual parties involved in provision of services including Third Party Offering. Please be informed that Third Party Terms may apply with respect to personal data processing, or
b) upon request or in case of disputes, we may provide your personal data to public authorities to the necessary extent and within the boundaries of law.
We would like to assure you that all our contractual partners are bound by the duty of confidentiality.
6. Transfer
Your personal data will be processed in the European Union. We will not transfer your personal data outside the European Economic Area member states.
7. Your rights
We are committed to protecting and respecting your privacy and your rights:
a) Access your data
You can contact us free of charge at any time to inquire whether we process your personal data and, if so, request detailed information about this processing.
b) Correction of incorrect, inaccurate or incomplete personal data
If there is any change in your personal data, such as a change of your name, email address etc., or if you find that we process your incorrect, inaccurate or incomplete data, please let us know as soon as possible.
c) Erasure of personal data
Under certain circumstances specified by applicable law, you may ask us to erase your personal data.
d) Restriction of data processing
If you believe that i) we process your inaccurate data; ii) processing your data is illegal and you do not want us to erase all your personal data; iii) we no longer need your data for the purpose stated in this Privacy Policy, but you would like to use the personal data for defending your legal claims, for example in court proceedings; you may ask us to restrict the processing of only some of your personal data or for just some processing purposes.
e) Right to object
You may object to the data processing, if you believe that the processing of personal data is unlawful.
f) Data portability
You may ask us to provide you with an extract of your personal data in machine-readable format for yourself or another controller.
g) Consent withdrawal
If you have granted us with the consent for the specific purpose of processing, you are entitled to withdraw your consent at any time.
h) Complaint with the Office for Personal Data Protection
If you believe that we handle your personal data contrary to law, you may address a complaint with the Office for Personal Data Protection at any time.
8. Changes to the Privacy Policy
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy.
9. Contact
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to info@datasentics.com.
ANNEX NO. 1
Personal data processing clause
1. INTRODUCTORY PROVISIONS
1.1. The purpose of this clause is to establish rules and conditions leading to the protection of personal data that DataSentics (as a processor) processes for the Client (as a controller) in connection with the performance of the Agreement concluded between the Parties.
1.2. This clause takes into account the legislation in force on the date of its conclusion in the Czech Republic, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”), effective from 25 May 2018.
1.3. The Parties agree to, if necessary to meet the requirements of legislation concerning the protection, processing or transfer of personal data, in particular the Personal Data Processing Act, GDPR or other regulations (the “Personal Data Protection Regulations”), at the request of either Party a written amendment to this clause shall be concluded without undue delay, taking into account such requirements.
1. DATA MANAGEMENT MODES
1.1. The Parties agree that within performing the Agreement, the following Data Management Modes may apply:
1.1.1. data management in systems operated by the Client containing, inter alia, personal data, where the Client allows DataSentics access to systems operated by the Client and to perform tasks under the Agreement, which also includes the processing of personal data, DataSentics shall use only the system operated by the Client, while the Client is responsible for its technical security (the “Data Management Mode in the Client's Systems”);
1.1.2. management of anonymized data outside the systems operated by the Client, where the Client transmits anonymized data to DataSentics without any personal data (the “Anonymous Data Management Mode”);
1.1.3. data management, including personal data, outside the systems operated by the Client, where the Client transfers data to DataSentics, including personal data, for further processing in DataSentics systems (the “Data Management Mode in DataSentics’s Systems”).
1.2. Unless the Parties agree otherwise in the Order, the fulfilment of all contractual obligations of the DataSentics takes place in the Data Management Mode in the Client’s Systems.
2. ANONYMOUS DATA MANAGEMENT MODE
2.1. Based on the agreement of the Parties, if the contractual obligations are fulfilled in the Anonymous Data Management Mode, the Client undertakes to provide DataSentics with all data in an anonymized form so that it does not contain any personal data within the meaning of the Personal Data Protection Regulations
2.2. Based on the agreement of the Parties, if the contractual obligations of the DataSentics are fulfilled in the Mode of Anonymous Data Management, the DataSentics has no obligations under other provisions of this Annex no. 1.
3. CREDENTIALS
3.1. If the obligations of the DataSentics pursuant to this Agreement are performed in the Data Management Mode in the Client's systems and/or in the Data Management Mode in the DataSentics’s systems, the Client as controller hereby entrusts DataSentics as a processor of personal data (provided by the Client) to a limited extent and for specified purposes under this clause, and DataSentics, as the processor, accepts the authorization to process personal data under the conditions defined in this clause. DataSentics is obliged to process personal data for the Client, on the basis of their instructions and to the extent necessary for the proper performance of their contractual obligations. The Client undertakes to submit all instructions to DataSentics via email communication addressed to the contact details info@datasentics.com. The Client shall not impose an instruction on DataSentics that would be contrary to legal regulations. In the event that DataSentics receives an instruction from the Client concerning the processing of personal data, which is in conflict with valid legal regulations, it shall not be bound by such an instruction.
3.2. DataSentics may involve another processor in the processing (respectively the Client grants DataSentics a general consent to the involvement of another processor in the sense of Article 28, paragraph 2 of the GDPR), and undertakes to inform the Client of such involvement, who may object to the involvement of another processor. The Parties have agreed that information on the involvement of another processor (or on changes or replacement of other processors) shall be sent to the Client by DataSentics before the involvement of another processor via email addressed to the Client's email address specified in the Order. DataSentics shall impose on its subcontractors, that act as the personal data processors, the same personal data protection obligations as set out in this clause.
4. CATEGORIES OF DATA SUBJECTS, TYPES OF PERSONAL DATA, NATURE AND PURPOSE OF PROCESSING
4.1. On the basis of the Agreement, DataSentics processes personal data for the Client to the extent specified below:
Purpose of processing
Scope of personal data (types of personal data)
Special categories of personal data
Categories of data subjects
preparation of technical architecture for data analytics and subsequent personalized campaigns (analytical databases, business datamart, analytical stations with analytical tools, visualization tools)
name and surname of a natural person, date of birth of a natural person
the address of the natural person or the place of business;
telephone number;
e-mail;
transaction and sales history;
information on purchased products and services;
web behaviour;
responses to direct campaigns;
No
Client’s customers
Client’s employees
visitors to the Client’s website
Client’s partners
1.1. DataSentics shall process personal data as follows:
1.1.1. automatically using statistical and analytical methods with the contribution of computer technology,
1.1.2. manual data processing may occasionally occur.
1.1.3. DataSentics shall process personal data in electronic form.
2. PROCESSING TIME
6.1 The processing of personal data shall take place during the term of the Agreement. The Parties undertake to fulfil the obligations concerning the protection of personal data for the entire period of validity of the Agreement unless it follows from the provisions of the Agreement or from the provisions of legal regulations that they are obliged to continue even after its termination.
3. RIGHTS AND OBLIGATIONS OF THE CLIENT
3.1. The Client undertakes to ensure that the data processed by DataSentics are always obtained and processed in accordance with the Personal Data Protection Regulations. In particular, the Client undertakes to:
3.1.1. ensure that all data processed by them shall be processed on the basis of the proper legal title of personal data processing, while this legal title of personal data processing permits DataSentics to process personal data pursuant to this Agreement,
3.1.2. provide data subjects with all mandatory communications imposed on them by the Personal Data Protection Regulations,
3.1.3. keep proper records of personal data processing activities within the meaning of Article 30 Section 2 of the GDPR;
3.1.4. comply with legal obligations binding thm as a controller of personal data under the GDPR and other legislation.
3.2. In the event that personal data is processed in the Data Management Mode in the Client's systems: The Client declares that in the case of personal data processing in the Data Management Mode in the Client's systems the level of security corresponding to the risk to the freedoms of data subjects is fully ensured. The Client is responsible for ensuring that its data processing systems meet all requirements under the Personal Data Protection Regulations, in particular ensuring the continued confidentiality, integrity, availability and resilience of these systems. In the event of any threat to the Client's systems, which may affect the fulfilment of DataSentics 's contractual obligations, the Client is obliged to notify DataSentics immediately.
3.3. The Client acknowledges and agrees that in the case of processing personal data in the Data Management Mode in DataSentics’s systems, the encrypted data of the Client shall be stored in the Microsoft Azure data cloud under the conditions specified on the website of the relevant provider. Another external data cloud service provider may be involved under the conditions set out in Article 4.2 of this Annex no. 1. DataSentics undertakes to inform the Client about a specific data cloud provider upon request. The Client undertakes to ensure that the legal title of the processing of personal data legally allows the storage of data with an external data cloud provider and that all information obligations in relation to data subjects are met.
4. OBLIGATIONS OF DATASENTICS
4.1. Irrespective of the Data Management Mode, DataSentics undertakes not to process the obtained personal data for its own purposes, in particular, it does not improperly store, copy, print, copy, modify and make extracts or copies from them in any way.
4.2. When processing personal data, DataSentics is obliged to:
4.2.1. process personal data exclusively on the basis of documented instructions of the Client and in accordance with the principles of communication according to the Agreement;
4.2.2. follow the Client's instructions regarding the transfer of personal data to a third country or international organization, if such processing is no longer required by the law of the European Union or a Member State that applies to DataSentics; in such a case, DataSentics informs the Client about this legal requirement before the commencement of processing, unless these legal regulations prohibit such information for important reasons of public interest;
4.2.3. ensure that persons authorized to process personal data are bound by the obligation of confidentiality or are subject to a legal obligation of confidentiality;
4.2.4. involve another processor in the processing only under the conditions specified in Section 4.2 of this Annex no. 2;
4.2.5. take into account the nature of the processing and, if possible, be of assistance to the Client through appropriate technical and organizational measures to fulfil the Client's obligation to respond to requests for the exercise of rights of data subjects;
4.2.6. to assist the Client in ensuring an appropriate level of processing security, in reporting cases of breaches of personal data security to the supervisory authority and possibly also to data subjects, in assessing the impact on personal data protection and conducting prior consultations with the supervisory authority;
4.2.7. In the event that personal data is processed in the Data Management Mode in DataSentics’s systems: in accordance with the Client's decision, either delete all personal data or return them to the Client after the termination of services, and delete existing copies if European Union law or Member State does not require the storage of the personal data concerned; and
4.2.8. at the Client's request, provide the Client with all information necessary to prove that the obligations set out in Article 28 of the GDPR have been met and to enable audits, including inspections, performed by the Client or another auditor authorized by the Client.
4.3. In connection with the processing of personal data, DataSentics shall keep records of all categories of processing activities performed for the Client, which include:
4.3.1. the name and contact details of DataSentics and the Client and any representative of the Client or DataSentics and the personal data protection officer;
4.3.2. the categories of processing performed for the Client;
4.3.3. information on any transfer of personal data to a third country or international organization; and
4.3.4. a general description of the technical and organizational security measures. In this regard, the Client undertakes to provide DataSentics with a description of the technical and organizational measures taken by the Client for the purposes of processing personal data in the Data Management Mode in the Client's systems as of the effective date of this Agreement. The Client further undertakes to immediately inform DataSentics of any change in these technical and organizational measures.
4.4. Based on a written request from the Client, DataSentics undertakes to disclose the records specified in the Section 8.3 of this Annex no 1. to the Client.
5. SECURITY OF PERSONAL DATA
5.1. In the event that personal data is processed in the Data Management Mode in Client’s systems, DataSentics undertakes to comply with the technical and organizational measures adopted by the Client for the purposes of data processing in these systems, with which the Client undertakes to demonstrably acquaint DataSentics. These measures shall always include the following:
5.1.1. ensuring that the Client's systems are used only by authorized persons;
5.1.2. ensuring the protection of access data to the Client's systems;
5.1.3. sufficient physical and software security of the devices from which the authorized persons shall access the system of the Client.
5.2. In the event that personal data is processed in the Data Management Mode in the DataSentics’s systems, the DataSentics undertakes to adopt and maintain in particular the following measures to ensure the necessary level of security, to the extent reasonable probability of infringing the rights and freedoms of data subjects, including:
5.2.1. the implementation of pseudonymization and encryption of personal data;
5.2.2. ensuring the continued confidentiality, integrity, availability and resilience of processing systems and services and the regular conduct of checks on the arrangements in place and their proper functioning;
5.2.3. ensuring the ability to restore the availability of and access to personal data in a timely manner in the event of physical or technical incidents;
5.2.4. establishing and ensuring a process of regular testing, assessment and evaluation of the effectiveness of the technical and organizational measures in order to ensure processing security;
5.2.5. ensuring the protection of the perimeter of the information system, e.g. by a multi-level firewall;
5.2.6. ensuring that only authorized persons of the DataSentics have access to personal data and data carriers;
5.2.7. ensuring a high level of physical security of servers with personal data, e.g. servers with personal data are locked in a server room or data centers.
5.3. In the event that DataSentics ascertains a breach of personal data security, it shall report it to the Client without undue delay.