Identification of company: Ynput s.r.o., limited liability company existing under the laws of Czech Republic, with its registereaad office at Dělnická 503/47, Holešovice, 170 00 Praha 7, Czech Republic, ID No.: 09055207, registered in the Commercial Register at the Municipal Court in Prague under No. C 329992 (“we“).

This Data protection terms is an integral part of the Agreement concluded between you and us.

This data protection terms (“Data protection terms“) regulate the rules regarding the processing of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR“). The Data protection terms is divided into two parts, with Part A serving to inform you about how we process personal data as a data controller and Part B regulating the rights and obligations of us as a data processor.

Capitalized terms have the same meaning as terms used in the Agreement or the Terms, unless otherwise specified in this Data protection terms. Terms are available here: https://ynput.io/legal/terms.

INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA

1. PERSONAL DATA PROCESSED BY US

We obtain personal data primarily during your use of the Service and also through communication with you, in particular through the Service and Website or other communication. The personal data processed are mainly:

1. identification data such as name of your company, name and surname of your employees who cooperate with you on the basis of a cooperation contract or other agreement (or any other Authorized Users as mentioned in Terms);
2. contact data such as e-mail address;
3. billing data such as bank account information, payment method, payment information and invoices;
4. technical data gathered during provision of Service (logs and other technical data necessary to ensure functionality of Service);
5. data from the contractual relationship;
6. data contained in communications;
7. cookie data.

We process personal data as a personal data controller for the processing purposes set out below, on the basis of the legal bases set out herein, for a limited period of time and only to the extent described herein.

Protection of personal data is our priority and we follow the Trusted Partner Network initiative (TPN) available at https://www.ttpn.org. 

Provision of the Service and related information

Personal data is processed by us for the purpose of providing the Service. This processing includes the use of personal data for the purposes of entering into the Agreement and the subsequent provision of the Service themselves, other contractual communications and invoicing for the Service provided. Within the scope of this purpose, we also use your personal data for the purposes of pre-contractual negotiations, researching documents, etc.

The legal basis for this processing is the performance of the Agreement between you and us and the need to take steps before the conclusion of the Agreement, or in the case where the data subject is not directly a party to the Agreement, the legitimate interest of us in the performance of any concluded contract.

The data are processed before the conclusion of the Agreement, for the duration of the contractual relationship created by the conclusion of the Agreement and for the period necessary for the performance of obligations under Agreement and for the performance of obligations related to the provision of the Service.

Development of the Service

Our goal is to be able to provide you with the best services we can. We therefore process personal data to improve the Service, your user experience and to obtain analytical data about the use and performance of the Service.

The legal basis for this processing is the performance of the Agreement between you and us and the need to keep the Service up to date. The data are processed for the duration of the contractual relationship and use of the Service. We will fully anonymise the personal data after the termination of the Agreement.

Protection of rights and legal claims

We also process personal data to protect your rights and legal interests. In particular in connection with proceedings before judicial authorities and other public authorities, or in connection with the internal settlement of your claims.

The legal basis for this processing is our legitimate interest in protecting rights and legal claims. The data are processed until a maximum of 10 years after the termination of the concluded Agreement (or longer in the event of a dispute), or for a period of 5 years from the collection of personal data if the Agreement has not been concluded.

Fulfilling legal obligations

We also process personal data to comply with legal obligations, in particular in the field of accounting and taxation. At the same time, we provide assistance to state authorities if we are obliged to do so by law. The legal basis for this processing is the fulfilment of legal obligations. The data is processed for the period of time specified by law, for example, in the field of taxation for up to 10 years.

Promotion of our Service

We may also use identification data and contact data to send you offers related to the Service to your contact email. Since you provide contact data prior to ordering the Service, we will send you commercial communications if you consent to such communications or enable you to opt-out from such communication. Also, you have opportunity to subscribe to such marketing communication. 

The legal basis for this processing is your consent or legitimate interest (depends on mutual relationship). Personal data will be processed until you opt-out of receiving commercial communications, which you may do in each individual e-mail or via contacting us on e-mail stipulated in this Data processing terms. Refusal is also considered a withdrawal of consent.

Processing related to the use of the Service

• Site operation and security (necessity)

We also process your personal data for the operation of the Service and its security, i.e. for the presentation of information, the internal functioning of the Service, your identification when browsing and on repeat visits, and to ensure your security. For this purpose, we process your technical data gathered during provision of Service and cookie data. The legal basis for this processing is our legitimate interest in the proper functioning and safe operation of the Service. The data is generally processed for the duration of your visit to the Service, at most for a period of 1 year from the date of collection.

2. SHARING OF PERSONAL DATA

The above personal data is processed by us as a so-called personal data controller.

The following recipients may be involved in the processing of personal data:

• providers of the system that sends emails and commercial communications;
• cloud storage providers;
• out staff;
• Authorised Users you allow to access the Service;
• the company Stripe, Inc., with its Office of the DPO seated at 354 Oyster Point Blvd, South San Francisco, California 94080, USA. This company is registered in Data Privacy Framework: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TQOUAA4&status=Active.

Where we share personal data with controllers and processors in third countries (outside the EEA), we will only do so where there is a European Commission decision that a particular country outside the EEA provides an adequate level of data protection, including where controllers or processors have adopted additional data protection measures such as Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs).

3. RIGHTS OF DATA SUBJECTS AND THE POSSIBILITY OF EXERCISING THEM

The data subject shall have the right to (i) request access to personal data; (ii) withdraw consent; (iii) request rectification of personal data; (iv) request erasure of personal data; (v) request restriction of processing of personal data; (vi) request portability of personal data; (vii) object to the processing of personal data; or (viii) lodge a complaint with the competent supervisory authority. 

In all matters related to the processing of personal data, whether it is a question, exercise of rights, sending a complaint, you can contact us through e-mail: [gdpr@ynput.io].

4. RIGHT TO LODGE A COMPLAINT

In addition to the possibility of exercising rights with us, you may also file a complaint with the relevant supervisory authority, which is the Office for Personal Data Protection located at Pplk. Sochora 27, 170 00