Principles of personal data processing

 

Principles of personal data processing (the “Principles”)

1. Introductory Provisions and overview of terms

  1. The terms "Application", "Provider", "User" have the same meaning as defined in the Terms and Conditions. The User may also be referred to as a "Data Subject" in connection with the protection and processing of personal data.
  2. The entity that determines the purpose and means for the processing of personal data carries out the processing and is responsible for this processing is called the "Administrator". The administrator of personal data is the Application Operator, ie the company Qsiga s.r.o., with its registered office at Suchý vršek 2107/30, 158 00 Prague 5.
  3. The entity that processes personal data for the Administrator on the basis of the law or on behalf of the administrator, on the basis of the agreement on the processing of personal data, is called the "Processor" or "Business Partner".
  4. The Provider does not provide any personal data of Users to unauthorized third parties and does not use any personal data of Users for advertising purposes.

2. The personal information we collect

  1. The Administrator registers the following data about the User in order to ensure the operation of the Application:
    • Email – used as the user's login name
    • Password – used for user authentication (internally stored encrypted)
  2. Legal basis for processing the operation of the application is a legitimate interest and fulfillment of the contractual relationship.
  3. For Users who use the paid version of the Application, the Provider registers only the necessary data for the purpose of processing the request and the given service for the User. These are in particular the following data:
    • Name and surname - used for invoicing
    • Company name – used for invoicing
    • Invoicing address – used for invoicing
    • Company identification – used for invoicing
    • Tax identification – used for invoicing
  4. The legal basis for processing the request and the given service for the User is the fulfillment of legal obligations, in particular the Accounting Act and the Archiving Act.
  5. The User may also provide the Provider with a telephone contact for technical support. If the User does not wish to provide a contact for the telephone connection, it is possible to use the Application without this information.
  6. The web site of Application uses cookies to improve service quality, offer personalization, anonymous data collection and analytical purposes. By using the Site, the User agrees to the use of the technology. This does not applies to the use of the Application itself after login. You can find more information about cookies here.

3. How we work with data and where we keep it

  1. All data, including the data of the Application itself, are stored on the central servers and on the backup servers of the Provider. The Provider uses the hosting provided by Avatech s.r.o., as for the operation of physical servers. This does not apply to local installations.
  2. Only the persons designated by the Provider shall have access to the servers solely for the purpose of technical administration of the servers. No third party has access to this data.
  3. Personal data is processed manually and automatically. We keep proper records of all processing activities in accordance with the relevant legal regulations - in particular Article 30, Records of processing activities.
  4. Our Application is not intended for children under 16 years of age. Therefore, we do not intentionally collect their personal data. If we find that we have inadvertently obtained personal information about children under the age of 16, we will take steps to delete that information as soon as possible, unless we are required by applicable law to retain it. In the event that the User processes data on persons under the age of 16 within the Application, we recommend that you contact customer support for a proposal for an Application tariff that meets the security measures for compliance with the GDPR Regulation.
  5. All data, including the data of the Application itself, are stored and processed only within the European Economic Area ("EEA").

4. User Rights

  1. When exercising your rights, please contact us through our contact details, which are listed at the end of this Policy. We reserve the right to adequately verify the identity of the applicant for the rights in question. If requests are repeated and are clearly unfounded or disproportionate, we may charge you a reasonable fee or refuse to comply.
  2. The user has the right to:
    • For access to personal data
    • To correct inaccurate data and supplement incomplete personal data
    • Right to delete
    • The right to restrict the processing of personal data
    • The right to object
    • The right to file a complaint to the supervisory authority, contact details here.
  3. The majority of these powers may be exercised by the User in the Application interface or through mutual communication with the Administrator's representatives.

5. Deadlines for data deletion

  1. Within the processes of personal data processing listed in Article 2 of these Principles, we record individual data only for the time necessary according to individual legal regulations:
    • To ensure the operation of the Application, the Provider registers all data until the end of the license by the User, within 60 days all this data will be deleted from the backup centers. In case of suspension of the use of this Application by the User, we recommend backing up all data.
    • In order to process the request and the given service for the User, the invoicing and payment data are recorded for the time necessary for tax and financial inspections, unless otherwise stated by other law. The standard archiving period is 5 years beginning at the end of the accounting period to which they relate.
    • For the processing of the use of technical support, this data is recorded until the termination of the license relationship with the given User, or in the event that the User prohibits the processing of this data.

6. Closing Provisions

  1. The User undertakes to immediately report all facts known to him that could adversely affect the proper and timely fulfillment of obligations arising from these Principles.
  2. The User undertakes to provide the Provider with the cooperation necessary to fulfill these Principles.
  3. The Provider reserves the right to modify these Principles without prior notice.
  4. The latest version of the Principles is always available at www.startbss.com
  5. These Principles shall become valid and effective as of 23 April 2022.

 

Contact details of the Administrator:

Email: frantisek.danek@startbss.com

Tel.: +420 602 231 184