Information and principles of personal data processing by
the company crmango s.r.o.
These principles are taken by the company crmango s.r.o.
(hereinafter referred to as the "Company") inform about the
processing and protection of personal data in accordance with the general
regulation GDPR on personal data protection and in accordance with the legal
order of the Slovak Republic, in particular Act No. 110/2019 Coll. on personal
data processing with effect from 24.4.2019, as amended. The principles provide
the information on the basic principles according to which the Company
processes personal data of the data subjects, and on the Company's approach to
the processing, protection and security of the personal data of the data
subjects.
1. Introduction
1.1. The Company as a personal data administrator processes
the personal data of the data subjects in all its main activities concerned,
based on established rules and security measures, such as particularly:
controlled access to such information, encryption, and anonymization of data,
and other security measures taken.
1.2. The Company processes personal data of data subjects in
accordance with the Regulation of the
European Parliament and of the Council (EU) No. 2016/679 on the protection of
the natural person with regard to the processing of personal data and on the
free movement of such data and repealing Directive 95/46 / EC (General Data
Protection Regulation), which is directly applicable in all EU Member States
(General Data Protection Regulation "GDPR") ) from the date of its
establishment, in line with its effectiveness. Furthermore, the Company
processes personal data of the data subject under the rule of Act No. 110/2019
Coll. on the processing of the personal data, with effect from 24.4.2019.
1.3 The Company, as a legal entity, processes personal data
and fulfills with the administrator‘s or processor‘s obligations of such data,
as they are set out in applicable enactments.
1.4. The personal data subject supplies the Company with its
personal data depending on the purpose of their processing, this is mainly and
exclusively following definitions of the purposes of personal data processing:
• for insuring
the Company's services;
• for the
purposes of the legitimate interests of the Company or a third party, for the
protection of its own rights and claims;
• for the
performance of the contract between the data subject and the Company and the
fulfillment of legal obligations, including the needs of records and
statistics;
• for communication
with customers, suppliers, contractors, and business partners;
• for ensuring
the purpose of intermediation the Company's services,
• for training
activity;
• for possible
promotional and marketing activity;
• for ensuring
the processes of internal security and personal data protection, management of
payroll and personnel agenda and the resulting accounting obligations of the
Company;
• for other
purposes with the consent of the data subject to the processing of his personal
data.
1.5. The data subject
grants consent with the processing of personal data when another legal
provision cannot be used for the purpose of processing.
The Company accepts the consent of the data subject as a
free, specific, informed, and unambiguous expression of will, by which the data
subject gives his consent to the processing of his personal data by a
declaration or another evident confirmation. The data subject has the right to
withdraw his consent at any time. The withdrawal of consent is without
prejudice to the lawfulness of the prior processing of personal data of the
data subject, based on the consent previously granted by him. The data subject
shall be informed about it before his consent is given.
2. Purpose of the
processing of personal data of data subjects
2.1. The personal
data of data subjects must be collected only for specific, explicit, and
demonstrable purposes and may not be further processed in a way incompatible
with those purposes. The processing of personal data is carried out mainly to
cover the main activities of the Company and for the purposes of processing
listed in point 1 of these Principles of personal data processing of the
Company, which are mainly production, trade, and services not listed in Annexes
1 to 3 of the Trade Licensing Act.
2.2. The Company
further processes personal data of entities to ensure its contractual and other
relationships, bookkeeping, personnel and payroll agenda, recruitment agenda,
and other activities which directly relate to the main activities of the
Company.
3. Categories of personal data processed
3.1. The Company collects, processes, and stores the
following categories of personal data of data subjects, the composition of
which always is given by the necessity of personal data processing, always in
line with the defined purpose of personal data processing for a given data
subject.
3.1.1. Address, contact, and identification personal data -
in particular: name, surname, email, telephone, business address, and other
necessary data.
3.1.2. Descriptive personal data - in particular: data of
the entity related to the contractual relationship, such as in particular and
in addition to the personal data already mentioned in point 3.1.1. VAT number,
address of registered office and place of business, etc.;
3.1.3. Other personalized data - in particular photographs
or camera recordings, payment data and data related to order, information from
the use of social networks and visit rate on our web environments, and other
necessary personal data necessary for the performance and provision of the
Company's services.
4. Principles of working with cookies files
4.1 Cookies files are short text files which a website sends
to your browser. They allow the website to record information about your visit,
such as the selected language and so on. The next visit on the site can be
easier and more pleasant for you. Cookies files are important because without
them browsing the Internet would be much more difficult. Cookies files enable
better use of our website and an adaptation of its content to your needs. They
are used by almost every website in the world. Cookies file are useful because
they increase the user-friendliness of repeatedly visited websites.
4.2 The administrator may use the following types of cookies
on the website:
4.2.1 Relational (i.e. temporary) cookies file allows us to
link your individual activities while you are browsing this website. When your
browser window is opened, these files are activated and they are deactivated
when you close your browser window. Relational cookies are temporary and all
these files are deleted when you close the browser.
4.2.2 Persistent cookies file helps us to identify your
computer when you revisit our website. Another advantage of persistent cookies
is that they allow us to adapt our website to your needs.
4.3 IN ACCORDANCE
WITH THE PROVISIONS OF § 89 PAR. 3 ACT. NO. 127/2005 COLL. ON ELECTRONIC
COMMUNICATIONS, AS AMENDED, WE WOULD LIKE TO INFORM YOU THAT OUR WEBSITE USES
COOKIES FOR ITS ACTIVITIES, I.E. THAT WE PROCESS YOUR COOKIES, INCLUDING
PERSISTENT COOKIES.
4.4 Internet browsers include usually cookie management. As
part of your browser settings, probably you can delete individual cookies
manually, block or completely disable their use. Use your web browser's help
for more information. If you do not allow the use of cookies, some functions
and pages may not work as they should. You also can delete all or selected
cookies stored on your device as part of your browser settings. To browse the
web without saving information, you also can use the so-called anonymous
browsing that some browsers offer. Cookies are not stored on your device during
anonymous browsing.
4.5 We use cookies to personalization the content and ads,
to provide social media functions, and analyze our website visit rate. We share
information about how you use our site with our partner acting in the area of
social media, advertising, and analyses. By using our website you express the
consent with interconnection the following services in particular:
4.5.1 Google
4.5.2 Facebook
4.5.3 Twitter
4.5.4 Instagram
4.5.5 And another, such as Internet browsers in particular:
Opera, Safari, Mozilla Firefox, Microsoft Edge, and Internet Explorer.
4.6 In order to display targeted advertising within the
advertising and social networks on other websites we pass the data of your
behavior on the web to these advertising and social networks; however, we do
not provide them with your identifying data.
5. The way of personal data processing and storage and the
time of their storage in the Company
5.1. The Company processes the personal data of the data
subject manually or in an automated manner and stores it securely for a period
specified in the archiving, file, and disposal rules in paper or electronic
form. Following the purpose of processing, some personal data of the data
subject are kept in the information system of the Company (e.g. order
management system, etc.).
5.2. The Company processes personal data in a way that
ensures their proper security by means of established security measures against
unauthorized or illegal processing and against accidental loss, destruction or
damage namely e.g. in the form of controlled access to this information, the
encryption and anonymization of personal data, the ability to restore the
personal data or for example in the form of regular audits of security measures
established.
6. Transfer of personal data
6.1. The Company does not transfer personal data to persons
other than its personal data processors or personal data administrators (where
this obligation is imposed by a contractual relationship with the
administrator, processor, or subprocessor), unless the obligation to transfer
them to authorities, bodies or institutions is imposed to the Company by law or
the consent of the data subject has been given.
6.2. In the case of processing personal data in the Company
by the personal data administrator, there is no automated decision-making, on
the basis of which actions or decisions are made, which the impact would be
interference into the rights or legitimate interests of the data subjects.
7. Data subject rights
7.1. Upon request, the data subject shall receive from the
Company, unless further specified in the request, all information on the
processing his data, in a concise, comprehensible, and easily accessible manner
using clear and simple language.
7.2. The request may be submitted by electronic means, by
submitting through a data box or postal service provider, or by oral submission
into a record at the Company; the request cannot be submitted by telephone.
7.3. If personal data concerning the data subject are
obtained directly from him, the Company shall provide him the following
information at the time of personal data collection:
a) the identity and contact details of the administrator,
b) contact details of the Data Protection Officer (DPO), if
appointed,
c) the purposes of the processing for which the personal
data are intended and processed and the legal basis for their processing,
d) the legitimate interests of the administrator or a third
party when the data processing is based on this legal provision,
e) possible recipients or categories of recipients of
personal data, including the possible processor,
f) the potential intention of the administrator to transfer
personal data to a third country or international organizations, including a
reference to appropriate guarantees,
g) the time period for which the personal data will be
stored in the Company or, if it cannot be determined, the criteria for
determining this period that will be used,
h) the existence of the right to request from the Company
access to personal data concerning the data subject, their correction or
deletion, or the restrictions on processing, and to express objections to the
processing, as well as the right to data transfer,
i) if the processing is based on the data subject consent,
the existence of the right to withdraw the consent at any time, without
prejudice to the lawfulness of the processing based on the consent given before
the withdrawal,
j) the possibility to submit a complaint to the Supervisory
Authority,
k) the fact, whether the personal data provision is a legal
or contractual requirement or a requirement that has to be included in a future
contract, and whether the data subject is obliged to provide the personal data,
and the possible consequences of failure to provide such data,
l) the fact, whether there is automated decision-making,
including profiling, and at least in these cases meaningful information on the
procedure used as well as the meaning and expected consequences of such data
processing for the data subject.
7.4. If the Company intends further to process personal data
for a purpose other than the purpose for which they were collected, it shall
provide the data subject with information on this other purpose prior to the
said further processing.
7.5. The Company does not need to provide information of
data processing to the personal data subject if the data subject already has
the information and to the extent that he or she has it.
7.6. If personal data has not been obtained from the data
subject, the Company will provide him with identical information and in
addition the source from which the personal data originates and, if appropriate
the information on whether the data come from publicly available sources.
7.8. The Company will not apply an information obligation in
the case of obtaining personal data from someone other than the data subject if
the acquisition or disclosure is expressly provided by the law applicable to
the Company, which sets out security and organizational measures to protect the
legitimate interests of the data subject.
7.9. A personal data subject who will recognize or believes
that the Company, as an administrator or other person who processes personal
data for the Company, performs the processing of his personal data in conflict
with the regulation in the field of personal data protection or in conflict
with legislative obligations in the field of personal data protection, may
request an explanation or request that the Company or the processor will
eliminate the state so created. If the Company or the relevant processor will
fail with the request, the personal data subject may contact the Office for
Personal Data Protection, without prejudice to the data subject's right to
contact the Office for Personal Data Protection directly.
7.10. The personal data subject has the following additional
rights:
1. to obtain from the Company, when the conditions for this
are met, the information on the processing of his /her personal data (identity
information and contact details of the administrator and his / her deputy, if
any; contact details of the Data Protection Officer (DPO) eventually; purposes
of the processing for which the personal data are intended, and the legal basis
for the processing, potential recipients or categories of recipients of personal
data and other information necessary to ensure the transparent and fair
processing of his/ her personal data),
2. to obtain access from the Company to personal data, i.e.
to obtain the confirmation from the Company whether it processes personal data concerning
him/ her and if so, the personal data subject has the right to obtain access to
such personal data and to other information to the legal extent,
3. to correct his/
her incorrect personal data, or to supplement incomplete personal data,
4. to clearance his/
her personal data if the legal conditions have been met, e.g. when personal
data are no longer needed for the purposes for which they were obtained or
otherwise processed, or e.g. when the data subject will withdraw his /her
consent on the basis of which the personal data were processed,
5. to restriction of
the personal data processing by the Company when the legal conditions are met,
6. for data portability, i.e. to obtain the personal data
concerning him/ her and which he/ she has provided to the Company, in a
structured, commonly used and machine-readable format,
7. at any time to express objection against the processing
of personal data concerning him/ her due to his /her specific situation;
8. not to be subject of automated individual
decision-making, including profiling, unless the data subject grant the consent
to this, except the cases where automated processing is permitted by law;
9. to submit a complaint to the supervisory authority.
7.11. The Company is entitled to request from the data
subject of personal data when submitting a request for the fulfillment of any
above rights, his personal identification by verification by the relevant
employee, or identification by verification by other available methods (e.g.
data box, notarial verification / CzechPOINT verification of the signature at
the subject's request, or at the registered office of the Company personally).
7.12. The Company is entitled, in cases defined by law, to
demand an appropriate payment for the provision of information on the processed
personal data of the data subject, not exceeding the costs necessary for the
provision of information.
8. Final provisions
8.1. The data subject of personal data may obtain all
information for the processing of his / her personal data personally or via
e-mail. Current contact details are listed on our Company's website at
www.crmango.com. The data subject may apply the rights arising from the valid
legal regulations in the field of processing and protection of personal data at
the email address of the contact person for personal data protection:
gdpr@crmango.com.
8.2. The data subject has the right to contact the Office for Personal Data Protection with its registered office in Prague 7, Pplk. Sochora 27, 170 00, telephone exchange +420 234 665 111, www: https://www.uoou.cz, especially in the case when the Company fails the requests for clarification or removal of the situation arising from the personal data processing, which is in conflict with legal regulations in the field of processing and protection personal data.
Google API Services Usage Disclosure:
CRM Mango use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use Requirements.
Limited Use
Our app strictly complies with all conditions specified in the limited use policy of Google.
- Do not allow humans to read the user's data unless you have obtained the user's affirmative agreement to view specific messages, files, or other data.
- Do not use or transfer the data for serving ads, including retargeting, personalized, or interest-based advertising; and
- Limit your use of data to providing or improving user-facing features that are prominent in the requesting application's user interface. All other uses of the data are prohibited;
- Only transfer the data to others if necessary to provide or improve user-facing features that are prominent in the requesting application's user interface.