CONDITIONS FOR PROCESSING PERSONAL DATA
1. INTRODUCTORY PROVISIONS
On the basis of the Agreement, we provide the Service to you, whereby the Service may also include the processing of personal data. In such a processing we act as a processor of personal data.
2. NATURE AND PURPOSE OF PERSONAL DATA PROCESSING
2.1 We will only process personal data in accordance with applicable law and for the following purposes:
a) evaluating the performance and effectiveness of the Service;
b) development and optimization of the Service;
c) monitoring of the use and functioning of the Service;
d) resolving errors, problems and the Service malfunctions;
e) as further specified in other written instructions given by you.
2.2 For the purpose of providing the Service to you, we will process personal data in electronic form, whereby the subject of the processing will be the transmission, structuring of personal data, storage of personal data, accessing of personal data (on behalf of your consent) including technical data related to personal data. Also, we will process personal data to provide you with the Service and to enable Authorised Users to use Service.
3. DURATION OF PROCESSING OF PERSONAL DATA
3.1 We will process the personal data for the duration of the Agreement or for the time necessary for the provision of the Service. Upon termination of the Agreement, we will fully anonymize the personal data and store only usage statistics of the Service.
4. TYPES OF PERSONAL DATA
4.1 The subject of processing under these Data processing terms (Part B) for processing personal data will be the following personal data:
a) Authorized User identification and contact data;
b) Authorized User’s Service usage data;
c) technical data;
d) other data in connection with the use of the Service;
e) other information that will be processed as part of the provision of the Service.
5. CATEGORIES OF DATA SUBJECTS
5.1 Personal data will relate to the following categories of data subjects:
a) Authorized Users;
b) other persons whose personal data is contained in information that is transmitted in the course of providing the Service.
6. RIGHTS AND OBLIGATIONS OF THE PARTIES
6.1 We declare and undertake that:
a) we will process personal data only on the basis of your instructions and only in accordance with these Data processing terms (Part B) for processing personal data, the Service provided or on the basis of other written instructions from you;
b) if we become aware of a breach or threatened breach of security of personal data, accidental or unlawful destruction, loss, alteration or unauthorised disclosure or access to processed personal data, we shall immediately, but no later than within 72 (seventy two) hours, inform you in writing and describe the resulting or threatened security risk, while informing you of appropriate measures to prevent or minimise the breach of security of the Service and take all necessary measures to minimise the damage;
c) personal data will be secured in accordance with Article 7 of these Data processing terms (Part B) for processing personal data;
d) we will assist you in implementing and maintaining appropriate technical and organizational measures to secure personal data, in reporting personal data breaches to the supervisory authority or data subject, in conducting data protection impact assessments and in prior consultations with the supervisory authority;
e) we will provide you, through appropriate technical and organizational measures, with assistance, no later than within 14 (fourteen) days of your request, to comply with your obligation to respond to requests for the exercise of data subjects’ rights;
f) we will provide you, at your request, without delay, but no later than within 14 (fourteen) days, with all the cooperation necessary to prove that the personal data are organizationally and technically secured and we will provide all the cooperation in cases where an inspection by a supervisory authority is initiated.
6.2 If we receive any request from the data subject in relation to the personal data during the processing of personal data, we will inform the data subject to contact you directly with the request. You are responsible for dealing with such request. We undertake to provide you with all the assistance necessary for the processing of the data subjects’ rights.
6.3 You agree that we may involve other processors in the processing of personal data. If we so engage another processor, we will ensure that it complies with the same data protection obligations as set out in these Data processing terms (Part B) for processing personal data.
6.4 You agree that we will involve the following additional processors in the processing of personal data:
- our employees who cooperate with us on the basis of a cooperation contract or other agreement;
- CoreWeave, Inc.101 Eisenhower Pkwy Ste 10, Roseland NJ 07068-1050, United States of America;
- Hetzner Online GmbH, with its registered office at Industriestr. 25, 91710 Gunzenhausen, Germany;
6.5 If we should involve other processors not listed in these Data processing terms (Part B) for processing personal data, we will inform you in advance and give you the opportunity to object to such involvement. If you do not object even within 14 (fourteen) days of the notification of the involvement of the other processor, we will involve the additional processor in the processing of the personal data. In the event that you object, we will evaluate the objection and, if we find it to be reasonable, we will not involve the other processor, in which case we may terminate the Service.
6.6 We are obliged to enable you or a person authorised by you to check (including audit or inspection) compliance with these Data processing terms (Part B) for processing personal data, in particular the obligations for processing personal data arising therefrom, and shall contribute to such checks as reasonably instructed by you or the person checking.
6.7 You are obliged to send any request for an audit exclusively to our e-mail address: [email@example.com]. Upon receipt of a request for an audit, we shall agree in advance on: (a) the possible date of the audit, security measures and how to ensure compliance with confidentiality obligations during the audit; and (b) the expected start and duration of the audit. In the event that no agreement is reached even within 30 days from the date of dispatch of the request, the terms of the audit will be determined by us.
6.8 We may object in writing to any auditor appointed by you if, in our opinion, the auditor is not sufficiently qualified, is not independent, is in a competitive position with us or is otherwise manifestly unsuitable. Upon objection, you are obliged to appoint another auditor or to carry out the audit itself.
6.9 You are only entitled to audit data and documents relating to the processing of personal data that we carry out directly for you on the basis of the Agreement. You agree that the scope of the data and documents subject to audit shall always be determined by us for this reason.
6.10 You are responsible for the fullfilment of all obligations in relation to the processing of personal data, in particular for properly informing data subjects about the processing of personal data, obtaining consent to the processing of personal data, if necessary, handling requests from data subjects concerning the exercise of their rights (such as the right to information, access, rectification, erasure, restriction of processing, objection, etc.).
7. SECURITY OF PERSONAL DATA
7.1 We have also adopted the measures listed below and undertakes to maintain them to ensure the security of the processing of personal data throughout the processing:
a) pseudonymisation and encryption of personal data;
b) he ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services – the measures in place and their correct functioning will be regularly reviewed;
c) the ability to restore the availability of and access to personal data in a timely manner and in the event of physical or technical incidents;
d) a process for regularly testing, assessing and evaluating the effectiveness of the technical and organisational measures in place to ensure processing security.
8. OTHER ARRANGEMENTS
8.1 We are entitled to charge you for costs reasonably incurred in connection with the processing of any request and the performance of any obligation under these Data processing terms for processing personal data.
8.2 We are not liable for any damage, including lost profits or other damage caused to you in connection with the performance of obligations under these Data processing terms (Part B) for processing personal data, in particular such damage that is independent of our will or that is caused by your actions as a controller or processor of personal data.
8.3 If we are still obliged to compensate for any damage caused (whether pecuniary or non-pecuniary), the amount of the damage is limited to 10000 CZK.