PRIVACY POLICY

We care about the protection of your personal data, therefore all personal data are processed in accordance with all applicable data protection regulations, such as Regulation 2016/679 on the protection of individuals with regard to the processing of personal data (General Data Protection Regulation ("GDPR")), as well as relevant national regulations and standards.

This Privacy Policy is based on such regulatory obligations and explains how we process personal information in the provision of our services to our Customers.

1. General provisions

This Privacy Policy is issued by the entity ControlMe, s.r.o., IČO: 09995846, with its registered office in Prague 5, 15000, Jeřabinová 3252/12 (hereinafter referred to as "ControlMe").

Our main activity is the collection, analysis and management of data on (i) the evaluation of operations, companies, departments, public institutions (hereinafter referred to as "Establishments") and (ii) the evaluation of employees or other persons operating within the Operation (hereinafter referred to as "Employees") provided by independent third parties with recent experience with the Company and its Employees ("Customers").

We have tried to make these policies as simple and user-friendly as possible; however, if you have any further questions after reading them, do not hesitate to contact us by e-mail at: [email protected]

2. What personal data do we process?

  • As an operator, we process the personal data of our Customers and our Customers. This personal data includes in particular identification and contact data, such as name, surname, nickname, e-mail, telephone number. Our Customers may also provide us with other publicly available personal information through partner social networks.
  • As an intermediary, we process the personal data of their Employees (or contractors) and their Customers for the benefit of our Customers. The personal data of the Clients Employees usually includes their names, surnames, titles, e-mails, job identification numbers, job positions or photographs. The personal data of the Clients Customers usually include contact data, such as e-mail, telephone number or contact on social networks, but we may also process other personal data depending on the Clients settings.

3. How and why we process personal data

The personal data of our Customers, Clients and their Employees are always collected and used for specified purposes and in accordance with applicable laws. Therefore,

  • on the legal basis of performance of the Agreement, we use the personal data of our Customers provided to us when registering and / or logging in to our Web Application in accordance with the ControlMe Web Application Terms of Use ("Terms") for proper identification, subsequent use of the Web Application; Non-marketing web applications. The provision of data is a contractual requirement and failure to provide data will prevent us from providing our customers with our services;
  • on the legal basis of performance of the contract, we use the personal data of our Customers, which were provided to us when registering and / or logging in to our Web Application in accordance with the Terms for proper identification and subsequent use of the Web Application and providing non-marketing information about the Web Application. The provision of data is a contractual requirement and failure to provide data will prevent us from providing our services to the Client;
  • on the legal basis of the Clients legitimate interests (improvement of customer servicand depending on the scope of provided data - compliance with legal obligations we may as intermediaries use personal data of our Clients employees provided by the Client for the purpose of providing digital feedback from Customers to the Client and its Employees. For this purpose, some personal data is published online through our Web application, including name, job title, workplace and photo. The provision of data is not a contractual or legal requirement and failure to provide data will prevent us from providing our services to the Customer. The Clients employees may object to the processing of their personal data on the basis of the Clients legitimate interests;
  • on the legal basis of the Clients legitimate interests (improvement of customer servicor consent, we may, as an intermediary, use the personal data of our Clients Customers provided to us by the Client for the purpose of requesting and mediating Customer feedback for the Client and its employees. The provision of data is not a contractual or legal requirement and failure to provide data will have no negative consequences for the Customer, but will prevent us from providing our services to the Customer. The Customers Customers may object to the processing of their personal data on the basis of the Clients legitimate interests or may withdraw their consent to the processing;
  • on the legal basis of our legitimate interests such as direct marketing, we may use the personal data of our Customers, Clients and their Employees for the purpose of promoting the Clients services by electronic means. The provision of data is not a contractual or legal requirement and failure to provide data will have no negative consequences. Customers, Customers and their Employees may object to the processing of their personal data for marketing purposes based on legitimate interests. In the event of any objection, we will stop using this information for marketing purposes;
  • on the legal basis of compliance with legal obligations, we may use the personal data of our Customers, Customers and their Employees in order to comply with applicable legal obligations, such as archiving regulations. The provision of data is a legal requirement and failure to provide data will prevent us from complying with these legal obligations;
  • on the legal basis of our legitimate interests, in particular in order to improve our services and protect our legal rights and interests, we may use the personal data of our Customers, Clients and their Employees to improve our services and establish, enforce or defend legal claims;
  • based on the legal reason for the consent, we may use the personal data specified in the consent for the purposes stated in the consent. The provision of data is never mandatory and the person concerned may refuse to give consent or revoke it later without any negative consequences.

We guarantee that your personal data will only be used for the intended purposes or for compatible purposes in accordance with the applicable regulations.

At the same time, we undertake not to transfer your personal data to third countries outside the EU.

4. Handling of personal data

The personal data we process is provided to other persons only within the law and on the basis of reasonable agreements ensuring sufficient protection.

4.1 Authorized intermediaries or subcontractors

We work with various business partners who help us provide and improve our services. The personal data we share with such partners is processed only in accordance with our express instructions and is subject to a strict obligation of confidentiality. With the consent of the Client, we may also use subcontractors.

4.2 Our partners

Our partners assist us in particular in (i) providing our services, (ii) data storage, (ii) marketing communications, (iii) software engineering and programming, (iv) design, (v) new client acquisition, sales and support (vi) consulting and customer experience analysis, etc.

4.3 Other beneficiaries

We also provide processed personal data to legal entities, individuals and state and public authorities if we believe in good faith that access to, use, storage or disclosure of such data is reasonably necessary for:

  • (compliance with the relevant law, procedure or official request of a public or public authority;
  • (compliance with and enforcement of the relevant contractual conditions;
  • (fraud prevention, fraud, technical or security incident investigations;
  • protection of the rights or interests of our company, our Customers, our Customers or the public in terms of legal requirements or permits.

When sharing personal information, we will always ensure that we do not provide more information than is absolutely necessary for the purpose.

5. Access to and control of your personal data

The applicable legislation guarantees the persons concerned certain rights regarding the protection of personal data. You can exercise these rights through our contact details above. Depending on whether we are acting as an operator or an intermediary in relation to a particular person concerned, we will either (i) process your request directly or (ii) forward your request to the relevant Customer acting as an operator and assist him at his request. . If we act as an operator, we will try to process your request as soon as possible and strive to respond within one month of receiving the request. Due to the complexity and number of applications, we can extend this processing time by another two months.

If the request is manifestly unfounded or disproportionate, we may charge you an administrative fee or refuse to respond to your request. Except in this case, you can exercise your rights free of charge. If in doubt, we may ask you to further verify your identity.

The persons concerned are guaranteed in particular the following rights:

  • Right of access to data
  • As the data subject, you have the right to request confirmation that we process your personal data and, if so, to request a copy of this personal data together with the additional information referred to in Article 15 of the GDPR.

  • Right to correct data
  • In order to process accurate personal data, we ask you to notify us of any changes to your personal data. If we process inaccurate or outdated data, we will correct it based on your request.

  • Right to delete data
  • If your situation meets the conditions of Article 17 of the GDPR, you have the right to request the deletion of your personal data. For example, you can request the deletion of your personal data if you have revoked your consent to the processing of personal data and there is no other legal basis for processing, or if we process your personal data illegally, or if the personal data are no longer needed for the purposes for which they were collected. or otherwise processed. However, we will not delete personal data if we need it to establish, assert or defend legal claims.

  • The right to restrict data processing
  • If your situation meets the conditions of Article 18 of the GDPR, you have the right to request restrictions on the processing of your personal data. For example, you can request a restriction on processing if you question the accuracy of personal data or if the processing is illegal and you object to the deletion of personal data and instead request a restriction on their use. However, we do not completely limit the processing of personal data if we need it to establish, enforce or defend our legal claims.

  • The right to data portability
  • If the processing is based on consent or performance of a contract concluded with you and the processing is carried out in an automated manner, you have the right to obtain your personal data from us in a structured, commonly used and machine-readable format. If you wish, and if it is technically possible, you also have the right to request that we transfer this data directly to another operator.

  • Right to object
  • As a data subject, you have the right to object to the processing of personal data on the basis of legitimate interests, including profiling, on grounds relating to your specific situation. Upon your request, we will limit the processing of personal data unless we demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms. If your interests, rights and freedoms prevail, we will delete your personal data.

    If you object to the processing of your personal data for marketing purposes, we will always delete your personal data and stop processing it for that purpose.

  • The right to file a complaint
  • If you believe that our processing of your personal data infringes the GDPR Directive, as the person concerned you have the right to lodge a complaint with the supervisory authority, specifically in the EU Member State of residence, place of work or alleged infringement. In the territory of the Czech Republic, the Office for Personal Data Protection of the Czech Republic, Lt. Col. Sochora 27, 170 00 Prague 7. Office website: www.uoou.cz.

  • The right to withdraw consent
  • If the processing of your personal data is based on consent, you have the right to withdraw this consent at any time. However, the withdrawal of consent will not affect the processing performed before your withdrawal of consent.

6. Where personal data come from

The personal data we process is collected either from (i) our Customers, who may be your employer or service provider, or (ii) directly from you.

If you access our Web Application through your social network, we process your personal data publicly available on this social network with your consent.

7. How long and where we store personal data

Depending on the legal basis and purpose of the processing, we store your personal data at different times. In general, we process and store your personal data:

  • on the basis of consent during the period specified in the consent, resp. until you withdraw your consent;
  • on the basis of compliance with legal obligations, as long as we are obliged to keep your personal data in accordance with the law;
  • on the basis of the performance of the contract, until the termination of the performance of the contract (provision of services) or until the termination of the pre-contractual measures;
  • on the basis of legitimate interests, as long as these interests take precedence over your rights and interests, resp. until the termination of the contract (provision of services).

After this period, we will only be able to process and store personal data for compatible purposes or for special purposes, such as statistics or archiving.

Personal information is always stored only on our hard drives, servers or on the servers of our reliable business partners, such as cloud service providers.

8. Policy Changes

We reserve the right to continuously change this Privacy Policy, in particular as a result of legislative changes or other changes in the methods and purposes of processing. As a result, your rights under this Privacy Policy will not be restricted. If there is a material change to this Privacy Policy, we will notify you in advance as appropriate.

Any changes to this Policy will become effective upon posting at the following link https://controlme.app/privacy.

This latest updated privacy policy is effective from 1 January 2022.