PRINCIPLES OF PERSONAL DATA PROCESSING, Disivo s.r.o.

This document contains information on the processing of personal data in Disivo s.r.o. in accordance with Article 12 et seq. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) and Act No. 110/2019 Coll., on the processing of personal data, inter alia, through the Disivo application (hereinafter collectively also referred to as “Application”).

We will update this policy as necessary. The most current version of this Policy will always be available on our website at www.disivo.com.

If you visit our Website or use our Apps, you acknowledge that you have read this Policy.

IDENTIFICATION AND CONTACT DETAILS

Disivo s.r.o., VAT: CZ08849048, with its registered office at Smetanova 1022/19, 602 00 Brno, registered in the Commercial Register maintained by the Regional Court in Brno under Case No. C 115814 (hereinafter referred to as “Disivo”).

Telephone contact: +420 797 975 200, e-mail contact: info@disivo.com

We have not appointed a data protection officer as we are not an obliged person under Article 37 of the GDPR.

SUPERVISORY OFFICE

The supervisory authority is the independent public authority responsible for the protection of personal data in the country. The supervisory authority in the place of Disivo’s registered office is the Office for the Protection of Personal Data, located at Pplk. Sochor 27, 170 00 Prague 7, e-mail: posta@uoou.cz, tel.: +420 234 665 125.

DISIVO PERSONAL DATA CONTROLLER

Disivo acts as a data controller in relation to the personal data of employees, customers and suppliers, if they are natural persons, or representatives of such persons, and visitors to the website.

Information on the processing of employees’ personal data is contained in a separate document, which is available to employees at Disivo’s headquarters.

PURPOSE OF PROCESSING  (legal basis for processing)	PERSONAL DATA PROCESSED
Personal data of customers (if they are natural persons) or customer representatives, Personal data of users of the Application
For the performance of the contract (in particular, conclusion of the contract, communication with the customer) or for the implementation of measures taken before the conclusion of the contract (pre-contractual negotiations)	in the case of a natural person doing business – name, surname, registration number, address of the place of business, e-mail, telephone
In order to create a user account within the Application	e-mail, name, surname, IP address or other online identifiers
For the purpose of fulfilling legal obligations (in particular bookkeeping, issuing and recording tax documents)	in the case of a natural person – name, surname, registration number, address of the place of business
For legitimate interest (for the purpose of sending commercial communications)	e-mail
Personal data of suppliers (if they are natural persons) or representatives of suppliers
For the performance of the contract (in particular, conclusion of the contract, communication with the supplier) or for the implementation of measures taken prior to the conclusion of the contract (pre-contractual negotiations)	in the case of a natural person – name, surname, registration number, address of the place of business e-mail, phone
For the purpose of fulfilling legal obligations (in particular bookkeeping, issuing and recording tax documents)	in the case of a natural person – name, surname, registration number, address of the place of business
Personal data of visitors to our website
For legitimate interest (security reasons, website traffic analysis)	IP address or other online identifiers

In the event that we intend to process personal data other than those referred to in this article, or for other purposes, we may only do so on the basis of validly granted consent to the processing of personal data. Consent to the processing of personal data shall be given by the data subject on a separate document.

We do not process any personal data that can be classified as a special category (so-called sensitive data) within the meaning of Article 9 GDPR. We also do not process personal data relating to criminal convictions and criminal offences within the meaning of Article 10 GDPR.

PERIOD OF PROCESSING OF PERSONAL DATA

Unless otherwise stated above, we process personal data processed for the fulfilment of obligations arising from special legal regulations for the period of time specified in these legal regulations. If it is necessary to use personal data to protect our legitimate interests, we then process such personal data for the time necessary to exercise these rights. If personal data is processed on the basis of consent, we only process for the period for which consent is given. In other cases, the personal data will be deleted after 2 years from the end of the contractual relationship with the customer.

RECIPIENTS OF PERSONAL DATA, TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

Personal data controllers:

We do not pass on personal data to any other data controllers.

We transfer personal data processed for the performance of obligations arising from special legal regulations to state administration authorities or other competent authorities only in cases where we are required to do so by law.

The processors of personal data are:

• accounting and tax consultancy companies,
• cooperating subcontractors.

A list of processors is available at Disivo headquarters and upon request.

The processing of personal data may only be carried out for us by processors on the basis of a contract for the processing of personal data, i.e. with guarantees for the organisational and technical security of the data, specifying the purpose of the processing, and the processors may not use the personal data for other purposes.

Transfer of personal data to third countries: 

We do not transfer personal data to third countries or international organisations within the meaning of Article 44 et seq. of the GDPR.

YOUR RIGHTS IN RELATION TO DATA PROTECTION

You have the following rights in relation to data protection. If you wish to exercise any of these rights, please contact us via the contact email.

The exercise of these rights is subject to certain exceptions and therefore may not be applicable in all situations.

If your request is found to be justified, we will take the required measures without undue delay, within one month at the latest. In justified cases, we may extend this period by up to two months.

As a data subject, you have:

Right of access to personal data (Article 15 GDPR): you have the right to obtain confirmation from Disivo whether or not your personal data is being processed. If your personal data is processed by Disivo, you have the right to access this personal data and the information referred to in Article 15 GDPR. You also have the right to obtain a copy of the personal data processed. For additional copies, Disivo may charge you a reasonable fee taking into account the administrative costs.

Right to rectification of personal data (Art. 16 GDPR): you have the right to have your inaccurate personal data corrected or incomplete personal data completed by Disivo without undue delay.

Right to erasure of personal data (Article 17 GDPR): you have the right to have your personal data deleted by Disivo without undue delay in the cases set out in Article 17 GDPR. The right to erasure does not apply if the processing is necessary for compliance with legal obligations, for the establishment, exercise or defence of legal claims and in other cases provided for in the GDPR.

Right to restriction of processing (Article 18 GDPR): you have the right to have Disivo restrict processing in any of the following cases:

1. you deny the accuracy of the personal data for the time necessary for Disivo to verify the accuracy of the personal data;
2. the processing is unlawful and you refuse the erasure of your personal data and instead request a restriction on its use;
3. Disivo no longer needs the personal data for processing purposes, but you require it for the establishment, exercise or defence of legal claims;
4. you have objected to the processing until it has been verified that Disivo’s legitimate grounds outweigh your legitimate grounds.

Right to information concerning rectification or erasure of personal data or restriction of processing (Article 19 GDPR) Disivo is obliged to notify the individual recipients to whom the personal data have been disclosed of any rectification or erasure of personal data or restriction of processing, except where this proves impossible or requires disproportionate effort. If you request it, Disivo will inform you of these recipients.

Right to data portability (Article 20 GDPR): if technically feasible, you have the right to obtain your personal data and transfer it to another controller.

The right not to be subject to automated individual decision-making, including profiling (Article 22 GDPR): when processing personal data, Disivo does not carry out automated individual decision-making or profiling within the meaning of Article 22 GDPR.

Right to be informed in the event of a personal data breach (Article 33 GDPR): if a personal data breach is likely to result in a high risk to your rights and freedoms, Disivo will notify you of the breach without undue delay

Right to lodge a complaint with the supervisory authority: If you believe that Disivo is not processing your personal data in a lawful manner, you have the right to lodge a complaint with the supervisory authority whose contact details are listed above.

Right to object to processing (Article 21(1) GDPR): you have the right to object at any time to the processing of personal data processed by Disivo on the grounds of legitimate interest. In this case, Disivo will no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests or rights and freedoms or for the establishment, exercise or defence of legal claims.

Right to withdraw consent to the processing of personal data: If Disivo processes any of your personal data on the basis of your consent, you have the right to withdraw your consent to the processing of your personal data at any time in writing by sending a letter of disagreement to the contact email address. Withdrawal of consent does not affect the processing of personal data in cases where consent is not required.

Further information about your rights can be found on the website of the Office for Personal Data Protection: https://www.uoou.cz/6-prava-subjektu-udaj/d-27276.

SENDING COMMERCIAL COMMUNICATIONS, INFORMATION ABOUT DIRECT MARKETING

When sending commercial communications, we proceed in accordance with Act No. 480/2004 Coll., on certain information society services, as amended. You can cancel the sending of commercial communications by using the unsubscribe link in each e-mail sent.

Right to object to processing for direct marketing purposes (Article 21(2) GDPR)

If Disivo processes your personal data for direct marketing purposes, you have the right to object to such processing at any time. In this case, Disivo does not process the personal data further.