I. Opening statements
- The company WEB Project, s.r.o., ID No.: 28596935, registered seat at Dlouhá 730/35, Staré Město, 110 00 Praha 1, the Czech Republic, incorporated in the Commercial Register maintained by the Municipal Court in Prague, section C, file 306366 (hereinafter referred to as the “controller“) is providing services using the platform Leadspicker. The controller is concluding contracts with its clients based on which the controller is providing its services to clients.
- The controller is duly fulfilling its obligations arising from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter as “GDPR“). Since the personal data might be processed in connection with conclusion of the contract, the controller pursuant to GDPR hereby informs clients who are data subjects (hereinafter as “data subjects”) on processing thereof.
- The controller is entitled to store and to process cookies while operating its website www.leadspicker.com in order to facilitate and optimize providing of its services to clients. Cookies are stored within clients’ devices. Clients can deny cookies from storing in their devices by adjusting their browser settings.
- The controller may update this document by publishing a new version on its website www.leadspicker.com. Data subjects are advised to check this website occasionally. The controller may also notify data subjects on changes to this document via e-mail.
II. Information pursuant to Art. 13 of GDPR
- We manage and process your personal data in accordance with applicable laws. Based on the GDPR, we would like to inform you that we comply with all requirements. The most important information can be found below, but if you have any further questions, please do not hesitate to contact us at email@example.com, where we are fully at your disposal.
- According to Art. 13 of GDPR the controller provides the data subject with following information on personal data protection:
Information pursuant to Art. 13 of GDPR
Who handles and processes my personal data?
Identity of the controller and contact details:
According to Article 4 Sec. 7 of the GDPR, your personal data is taken care of by the data controller:
WEB Project, s.r.o.
ID No.: 28596935
registered seat at Dlouhá 730/35, Staré Město, 110 00 Praha 1, the Czech Republic
postal address: Americká 525/23, 120 00 Prague, the Czech Republic
E-mail address: firstname.lastname@example.org
We are the entity responsible for compliance with the obligations set out in the GDPR. Therefore, if necessary, you can contact us, primarily via above-mentioned e-mail address or also at the above-mentioned postal address.
What personal data do we process and where?
Processed categories of personal data:
- contact details of clients – especially names, addresses, e-mail addresses, contact detail to social networks, IP addresses or phone numbers;
How and for what purposes is personal data processed?
Legal basis and purposes of processing:
We process personal data on the basis of your consent or legitimate interest. We only process it to the extent necessary for the purpose. Based on your consent to the processing of personal data, our company processes and manages it through computer systems and the computer systems of our processors.
Just as any proper contract includes the provision of personal data, we use the data to enter a contract with you and to properly perform that contract.
Our legitimate interest is therefore to enter into a contract with you and to provide you with the agreed services, and furthermore, after the contract has been fulfilled, it is a legitimate interest to protect our rights arising from our relationship with you.
The data provided is an essential element of the contract and must therefore be provided in order to conclude such a contract. The consequence of not providing such data is the impossibility to conclude and perform the contract.
If you decide to give us your consent to the processing of your personal data, you also give us your consent to use your personal data for our marketing purposes. You can do so by subscribing to our newsletters - sending you the latest information and news regarding our product portfolio, notifying you of accompanying events and promotions, spreading awareness of our activities.
You can unsubscribe from our newsletters at any time directly in the footer of each newsletter or at our email address email@example.com.
Legitimate interest of the controller or a third party:
You can refuse or withdraw your consent to data processing for each of the areas at any time by contacting firstname.lastname@example.org.
According to Art. 21 of the GDPR a data subject can express an objection. In case a data subject expresses an objection against processing of personal data for abovementioned purposes the controller shall not process personal data of the data subject for such purposes anymore.
The controller may carry out automated individual decision-making within the meaning of Article 22 of the GDPR.
To whom do we pass on personal data?
Recipients or categories of recipients of the personal data:
The controller may only transfer personal data in the following situations:
- to providers of postal and transport services, if we need to deliver anything to you via a carrier;
- certain personal data may be transferred on request to the relevant public authorities or to our external legal, accounting, tax or similar advisors who have undertaken to handle your personal data in accordance with the GDPR and this document;
- in order to connect you with other businesses according to the contract.
The persons to whom the data is transferred are not authorised to process the data for any other purpose or to transfer it to any other person without the consent or instruction of the controller unless they have a lawful reason to do so.
We do not transfer your personal data to any other country, except as stated above if they are foreign persons.
How long do we keep personal data?
The period for which the personal data will be stored and the criteria used to determine that period:
We keep personal data for the time we actually need your data. That is, for as long as is strictly necessary to fulfil the purpose of data processing.
Period of processing of personal data:
- for period of 5 years from the fulfilment of the contract in order to exercise potential legal claims;
- we are also obliged to keep your personal data for 5 years from the end of the accounting period within the accounting system and to archive the tax documents for 10 years.
If you have any inquiries or require erasure or modification of inaccurate data, you can contact us at email@example.com.
Cookies are short-term "session cookies", which are stored in your browser only until you close it, and long-term "persistent cookies", which remain stored on your computer for longer (depending on the settings of the cookie itself and the browser) or unless you delete them yourself.
Cookies are stored within clients’ devices and therefore with data subjects. The web interface cannot utilize this personal data unless the data subject revisits webpages of the controller. Data subjects can delete cookies from their devices at any time.
Are my personal data secure?
Security of personal data:
In accordance with the applicable legal standard, we ensure the protection of the personal data we process and store through appropriate technical and organizational measures.
In addition to our authorized personnel, third parties who provide us with services (e.g. processors - IT service providers, carriers) also have access to the data.
The controller has taken reasonable technical measures to secure data storage and storage of personal data in paper form.
Rights of data subjects:
According to GDPR a data subject is endowed with following rights:
1) Right of access by the data subject
According to Art. 15 of GDPR the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) of GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
2) Right to rectification
According to Art. 16 of GDPR the data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3) Right to erasure (‘right to be forgotten’)
According to Art. 17 of GDPR the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) of GDPR, or point (a) of Article 9(2) of GDPR, and where there is no other legal ground for the processing;
- the data subject objects to the processing pursuant to Article 21(1) of GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of GDPR;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of GDPR.
4) Right to restriction of processing
According to Art. 18 of GDPR the data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pursuant to Article 21(1) of GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
5) Right to object
According to Art. 21 of GDPR the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on legitimate interest of the controller.
In this particular case the legitimate interest consists solely of processing personal data for purposes of sending information and advertisement to clients.
In case a data subject expresses an objection against processing of personal data for purposes of direct marketing the controller shall not process personal data of the data subject for such purposes anymore, unless the data subject provides the controller with unrestricted and informed consent.
The right to lodge a complaint with a supervisory authority:
According to Art. 77 of GDPR every data subject shall have the right to lodge a complaint with a supervisory authority. The supervisory authority in the Czech Republic is Úřad pro ochranu osobních údajů. Webpage of the supervisory authority: https://www.uoou.cz/
Legal or contractual obligation to provide personal data, possible ramifications of non-compliance:
Provided personal data are fundamentals of the contract on provision of services and therefore must be provided in order to conclude such contract. Contact details are mandatory contractual requirement in order to execute the contract. The only ramification of non-providing of personal data is inability to conclude and to fulfil the contract on provision of services.
Who do I contact for specific requests or additional information?
If you have further questions, wish to provide more detailed information on any of the points, request deletion or redaction of incorrect data, please contact us at firstname.lastname@example.org.
You can contact us at any time to request details of the processing of your personal data and we will provide you with detailed information free of charge or provide you with a copy of the data processed. This is your right to access your personal data. However, we must advise you that in the event of repeated or unreasonable requests, we are entitled to charge you for the cost of providing the information or to refuse to provide the information.
Does the controller have a data protection officer?
The controller does not fulfil the characteristics of Article 37(1) of GDPR and is therefore not obliged to appoint a data protection officer in this sense.
Automated decision-making and profiling:
No automated decision-making and profiling shall take place.
Upgrade to the next generation of sales prospecting
Imagine a world where you walk into your office and find your inbox packed with meeting requests, all done automatically by your personal prospecting assistant.