PRIVACY NOTICE

PRIVACY NOTICE

 

The company VM DevOps s.r.o., with registered office at Bizetova 454/1, Nitra 949 11, Slovak Republic, ID number: 54 534 895, registered in the Commercial Register, District Court Nitra, Section: S.r.o., item no.: 57244/N (hereinafter Company) acts as a Data Controller of the personal data provided by the User when using the VisibleMoney.org web application (hereinafter Application), provided by the Website Visitor, or collected by the Company when using this Website. 

In this Privacy Notice, the Company provides information about:  

      how it collects and processes the personal data provided by Users while using the Application,

      how it collects and processes the personal data of Website Visitors,

      how it collects and processes the personal data provided by Website visitors, and

      the rights of Data Subjects in connection with the processing of their personal data and how can they exercise them.

Personal data are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (hereinafter GDPR) and Act no. 18/2018 Coll. on the protection of personal data and amendments to other legislation (hereinafter Act).

Unless specified otherwise in this document, the capitalized terms in this Privacy Notice have the same meaning as the meaning assigned to them in the Terms of Use of the Application (hereinafter Terms of Use). The Terms of Use are available in the Application in the Terms of Use section.

I.     INTENDED RECIPIENTS OF THIS PRIVACY NOTICE

The information provided in this Privacy Notice is intended for the Users of the Application and Website Visitors.

II.     HOW TO CONTACT THE COMPANY

Should you have any questions regarding the processing of your personal data, you can contact the Company by phone or email at:

   info@visiblemoney.org

   +421 951 070 178

III.     PURPOSE, LEGAL BASIS, CATEGORIES AND RETENTION PERIOD OF PERSONAL DATA

       PURPOSE OF PROCESSING

LEGAL BASIS OF PROCESSING

CATEGORIES OF PERSONAL DATA

RETENTION PERIOD

Operation of the Application (i.e. registration and creation of an account in the Application, use of the Application, including auditing of assets, communication with the User).

Fulfillment of the Agreement according to Article 6, paragraph 1, letter b) of the GDPR.

Email, phone number, title, first name, last name, date of birth, gender, place of residence, password

For the duration of the contractual relationship with the User, or until the account is deleted in the Application. The Company will keep information from the log files for a period of 3 years from the end of the contractual relationship with the User.

Provision of technical support

Fulfillment of the Agreement according to Article 6, paragraph 1, letter b) of the GDPR.

E-mail, name, surname.

For the duration of the contractual relationship with the User, or until the account is deleted in the Application.

Identity verification.

Fulfillment of the Agreement according to Article 6, paragraph 1, letter b) of the GDPR for mandatory identity verification.

 

Legitimate interests according to Article 6, paragraph 1, letter f) of the GDPR for voluntary identity verification.

User’s identification data, ID card or other identity document.

For the duration of the contractual relationship with the User, or until the account is deleted in the Application.

Development, improvements and testing of the Application.

Legitimate interests according to Article 6, paragraph 1, letter f) of the GDPR.

Common personal data processed by operating the Application.

When operating the Application.

Processing of complaints.

Fulfillment of legal obligations according to Article 6, paragraph 1, letter c) of the GDPR.

First name and surname, email, personal data mentioned in the complaint.

Until the complaint is resolved.

Exercise of rights of the Data Subjects (submissions).

Fulfillment of legal obligations according to Article 6, paragraph 1, letter c) of the GDPR.

Name, surname, place of residence, date of birth, or other information to properly identify the Data Subject.

2 years after processing the request of the Data Subject.

History of personal data breaches.

Fulfillment of legal obligations according to Article 6, paragraph 1, letter c) of the GDPR.

Personal data affected by a personal data breach.

For the duration of the Company’s existence.

Substantiation, exercise and defense of the Company’s legal claims.

Legitimate interests according to Article 6, paragraph 1, letter f) of the GDPR.

Common personal data.

Until the legal termination of the claim that is being substantiated, exercised or defended.

Website usage analytics

and marketing services.

Consent of the Data Subject in accordance with Article 6, paragraph

1, letter a) of the GDPR.

 

Common personal data, in particular:

 

information about your device (e.g. operating system), information about the use of the Website, IP address, location.

For the duration of your consent, however, for a maximum of 3 years.

 

Detailed information about the use of cookies on the Website can be found in the Cookies section.

Delivery of marketing communications.

Consent of the Data Subject in accordance with Article 6, paragraph

1, letter a) of the GDPR.

 

Legitimate interests of the Company in the sense of Article 6, paragraph 1, letter f) of the GDPR in cases where the prior consent of the Data Subject is not required.

Name, surname, e-mail.

For the duration of the consent, or until the consent is revoked.

Resolution of issues/questions or suggestions (e.g. the Visitor’s request to invite a Public Person).

Consent of the Data Subject in accordance with Article 6, paragraph

1, letter a) of the GDPR.

Title, first name, surname, middle name, title behind the name, state, position, residence, email, subject of the message.

Until the issue/question is resolved/answered, suggestion processed, or the granted consent revoked.

Invitation of Public Person into Application.

Legitimate interests of the Company in the sense of Article 6, paragraph 1, letter f) of the GDPR

Name, Last name, title, public role, country, email, web address.

Until Public Person becomes member of Application, or latest 1 year since sending invitation to Public Person.

 

IV.     WHAT LEGITIMATE INTERESTS DOES THE COMPANY HAVE?

When sending marketing communications, the Company relies on legitimate interests in cases where consent is not required. The Company also relies on legitimate interests in judicial or extrajudicial disputes, or in the proceedings with public authorities in which it asserts or defends its legal claims.  

Based on its legitimate interests, the Company also processes personal data during the development, improvement and testing of the Application and verification of the identity of Users who have voluntarily consented therewith.Company uses it’s legitimate interest also during processing of data of Public Persons, which are publicly available on the internet.

V.     DISCLOSURE OF PERSONAL DATA

Area/Service

Recipient of Personal Data

Transfers outside EHP

Cloud services platform

Oracle

Yes.

Transfers based on the binding internal rules or adequacy decisions regarding the EU-US personal data protection framework.

Website analytics and marketing

Google Ireland Limited 

Yes (USA)

Transfers based on the Data Processing Agreement (DPA) and transfers based on the adequacy decisions regarding the EU-US personal data protection framework.

Identity verification provider

Veriff OÜ

 

No.

Invitations to Public Persons

Public Persons

No.

VI.     TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS

When processing personal data, the Company shall attempt to minimize the transfers of personal data outside the European Economic Area (EEA). However, by operating the Application, the Company also uses global service providers who can transfer personal data outside the EEA. In these cases, the Company will ensure that the GDPR conditions for such processing are met and complied with, and will only carry out the transfer when a EC decision on adequacy pursuant to Article 45 of the GDPR (e.g. a decision on adequacy regarding the framework for the protection of personal data between the EU and USA) exists, and on the basis of binding internal company rules or standard clauses on data protection pursuant to Article 46, paragraph 2 of the GDPR (e.g. transfers to USA). 

VII.     AUTOMATED INDIVIDUAL DECISION-MAKING AND PROFILING

By operating the Application, the Company also processes personal data of Users by automated means. However, these activities do not involve automated decision-making.

VIII.     COLLECTION OF PERSONAL DATA

The Company mainly processes personal data directly provided by the Users upon registration and while using the Application. However, the Company may also obtain personal data from your device or browser if the relevant settings allow it while using the Application or visiting the Website (e.g. IP address, analytical information about your visit to the Website or use of the Application).

 

The User would not be able to fully use the Application without providing his/her personal data.

IX.     RIGHTS OF DATA SUBJECTS

     If the Company processes personal data based on your consent, you have the right to withdraw your consent at any time by email to: info@visiblemoney.org. Withdrawal of consent does not affect the lawfulness of processing based on the consent given prior to the withdrawal.

     Notwithstanding the above, you have the right to object to the processing of your personal data at any time on the basis of legitimate or public interests, as well as for the purposes of direct marketing, including profiling.

     In addition to the above rights, and under the conditions set out in the GDPR, you have the right to:

·     request access to your personal data;

·     request the correction of incorrect personal data concerning you;

·     erase your personal data;

·     restrict the processing of your personal data;

·     transferability of your personal data;

·     lodge a complaint with the Personal Data Protection Office of the Slovak Republic, Hraničná 12, Bratislava, e-mail: dozor@pdp.gov.sk .

 

You can exercise your rights using the Company’s contact details in Section II of this Privacy Notice. The Company hereby declares that it is entitled to require the Data Subject to verify his/her identity before responding to his/her request.

X.     CHANGES TO PRIVACY NOTICE

The Company reserves the right to modify and change the Privacy Notice. Any changes to this Privacy Notice shall become effective upon their publication in the Application.

 

Visits: 6