Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA
under which the controller informs its customers and potential clients about the processing of their personal data.

OPERATOR:

Sysnetshield s.r.o.
Korunní 2569/108, Vinohrady
101 00 Prague 10,
Czech Republic
Trade Registry Number: 36 777 234

(hereinafter referred to as “Operator”)

Relevant contact details of data protection officers.
If the data subject has any questions concerning the processing of personal data, or if he or she wishes to exercise any of his or her rights concerning the processing of personal data by the Controller, he or she may, at the request of the Controller, contact the following authorized person:

Juraj Daniš
E-mail: [email protected]
tel.: +421 905 841 642
(hereinafter referred to as the “Entrusted Person”)

The request has no prescribed form and may be submitted by e-mail, by post, by telephone or in person.

1. Purpose

1.1 The Controller hereby fulfils its information obligation towards its customers and potential customers (hereinafter referred to as “Data Subjects”) regarding the processing of their personal data (within the meaning of Article 13 of Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data [hereinafter referred to as the GDPR]).

1.2 Data subjects shall have the opportunity to inform themselves about the processing of their personal data before the Controller starts processing them.

1.3 The Controller aims and strives to ensure that Data Subjects are informed in a simple way about the processing of their personal data by the Controller and that they are aware of their rights in relation to the processing of personal data. If the Data Subject has any questions relating to the processing of his or her personal data, he or she may contact the aforementioned Data Controller, who will provide him or her with an answer in a concise and comprehensible manner.

2. Information about the personal data of Data Subjects processed by the Controller

2.1 The Controller processes the following personal data of its customers (or potential customers) for the following purposes and on the basis of the legal basis stated:

Purpose Legal basis Categories of personal data Compliance with legal obligations in the field of taxation and accounting Special laws (in particular the Income Tax Act, the VAT Act, the Accounting Act)

  • customer identification data (in particular name, surname, address of residence or place of business, or VAT number, VAT number);
  • information about the services supplied;
  • fulfilment of the legal obligation in the field of registry special laws (in particular the Law on Archives and Registers)
  • the name and address of the recipient and sender of the mail
  • fulfilling a contractual obligation (providing a service to a customer)
  • the contract between the Operator and the Data Subject (customer)
  • customer identification data (in particular name, surname, title, address of residence or place of business, or VAT number, VAT number);
  • information on the goods and services supplied;
  • the address for delivery of the service;
  • bank details (especially IBAN);
  • email address;
  • telephone contact (communication with the customer, legitimate interest – contact details (email, phone number) of the contact person for the customer
  • marketing (sending information about the Operator’s services to existing or past customers in the form of newsletters)
  • legitimate interest – identification data of the customer (in particular name, surname, address of residence or place of business) or contact person for the customer;
  • information about the services supplied;
  • email address
  • information about the services supplied

2.2 If the Data Subject wishes to inquire about specific personal data processed by the Data Controller about him or her, he or she may contact the Data Controller with his or her request.

3. Categories of recipients of personal data

3.1 The Controller provides personal data of Data Subjects to the following categories of recipients:

  • an accounting service provider that manages the Operator’s accounts;
  • external providers of penetration testing, IT security consulting, project management and business services;
  • law firm;
  • tax office;
  • court, bailiff;
  • other public authorities, where required by specific legislation.

3.2 If the Data Subject wishes to enquire about a particular recipient and the scope of the personal data provided to that recipient, he or she may contact the Data Controller with his or her request.

4. Transfer of personal data to a third country

4.1 The Controller will not transfer the personal data of the Data Subjects to a third country (outside the European Union).

5. Retention period of personal data

5.1 The personal data of Data Subjects will be retained for the period required by the relevant special regulation. In the absence of such a specific regulation, the retention period shall be based on the Controller’s retention schedule.

5.2 If the processing of personal data is based on a contract, the Controller processes the personal data of the data subject for the duration of the contract and, in addition, for the period of the expiry of the limitation period relating to the assertion of the Controller’s or the data subject’s last valid claim.

5.3 Personal data for marketing purposes is processed for a period of 5 years after it is provided.

5.4 The Data Controller shall provide the Data Subject, at his/her request, through the Data Controller, with information on the period for which the Data Controller stores his/her personal data.

6. Information about cookies

6.1 Cookies are small text files that a website stores on a Data Subject’s computer or mobile device when they browse it. Thanks to this file, the website retains information about the actions and preferences of the Data Subject for a certain period of time, so that they do not have to be entered again the next time they visit the website or browse its individual pages.

6.2 Cookies may be controlled or deleted by the Data Subject at his/her discretion.

Details can be found at aboutcookies.org. You can delete any cookies stored on your computer or mobile device, and you can set most browsers to prevent them from being stored. The procedure for deleting cookies depends on the browser you are using. Below are links to the procedure from the providers of the most commonly used internet browsers:

  1. Google Chrome
  2. Mozilla Firefox
  3. Microsoft Internet Explorer

7. Rights of the Data Subject in relation to the processing of personal data

7.1 The data subject shall have the right to obtain confirmation from the Controller as to whether personal data relating to him or her are being processed and, if so, the right to obtain access to such personal data.

[Further details and information regarding the right of access can be obtained from the Authorised Person.]

7.2 The data subject shall have the right to have incorrect personal data concerning him or her rectified by the Controller without undue delay. With regard to the purposes of the processing, he or she has the right to have incomplete personal data completed, including by providing a supplementary declaration.

7.3 The data subject shall also have the right to obtain from the Data Controller the erasure of the personal data concerning him or her without undue delay, and the Data Controller shall be obliged to erase the personal data without undue delay if one of the following grounds is met: (i) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed; (ii) the data subject withdraws the consent on the basis of which the processing is carried out and where there is no other legal basis for the processing; (iii) the personal data has been unlawfully processed; (iv) the personal data must be erased in order to comply with a legal obligation.

[Further details and information on the exercise of the right to erasure may be obtained from the Data Subject by contacting the Data Controller.]

7.4 The data subject shall have the right to have the Controller restrict the processing in respect of one of the following cases: (i) the Data Subject contests the accuracy of the Personal Data, during a period allowing the Controller to verify the accuracy of the Personal Data; (ii) the processing is unlawful and the Data Subject objects to the erasure of the Personal Data and requests instead the restriction of its use; (iii) the Controller no longer needs the personal data for the purposes of the processing, but the Data Subject needs it to establish, exercise or defend legal claims; (iv) the Data Subject has objected to the processing, pending verification that the legitimate grounds on the part of the Controller outweigh the Data Subject’s legitimate grounds.

[Further details and information on exercising the right to restriction of processing may

The person concerned to obtain from the Authorised Person.]

7.5 The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her which is carried out on the basis of a legitimate interest of the Data Controller or a task carried out in the public interest, including an objection to profiling. The Data Controller shall not further process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the Data Subject shall have the right to object at any time to processing of personal data concerning him or her for the purposes of such marketing.

[Further details, conditions and exceptions in relation to the exercise of the right to object may be obtained from the Named Person.]

7.6 The data subject has the right to obtain personal data concerning him or her which he or she has provided

to the controller, in a structured, commonly used and machine-readable format, and shall have the right to transfer that data to another controller where the processing is based on consent or on a contract and where the processing is carried out by automated means. [Further details and information on the exercise of the right to portability may be obtained from the Data Subject by contacting the Data Controller.]

7.7 The data subject shall have the right to lodge a complaint with the Data Protection Authority if he or she considers that the processing of personal data concerning him or her is in breach of applicable law.

[Further details and information on the exercise of the right to complain can be obtained from the Person in Charge.]

7.8 Further details and information on the exercise of the Data Subject’s rights relating to the processing of his or her personal data may be obtained by the Data Subject from the Data Controller.

8. Further information on personal data

8.1 The Data Subject may enquire from the Data Controller whether the provision of personal data is a legal or contractual requirement or a requirement necessary for the conclusion of a contract, whether the Data Subject is obliged to provide personal data, and the possible consequences of not providing such data.