Identification of company: Ynput s.r.o., limited liability company existing under the laws of Czech Republic, with its registered office at Dělnická 503/47, Holešovice, 170 00 Praha 7, Czech Republic, ID No.: 09055207, registered in the Commercial Register at the Municipal Court in Prague under No. C 329992 (“we“).

This Data protection terms is an integral part of the Agreement concluded between you and us.

This data protection terms ("Data protection terms") regulate the rules regarding the processing of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR"). The Data protection terms is divided into two parts, with Part A serving to inform you about how we process personal data as a data controller and Part B regulating the rights and obligations of us as a data processor.

Capitalized terms have the same meaning as terms used in the Agreement or the Terms, unless otherwise specified in this Data protection terms. Terms are available here: https://ynput.io/terms.

PART A – INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA

1. PERSONAL DATA PROCESSED BY US

We obtain personal data primarily during your use of the Service and also through communication with you, in particular through the Service and Website or other communication. The personal data processed are mainly:

1. identification data such as name of your company, name and surname of your employees who cooperate with you on the basis of a cooperation contract or other agreement (or any other Authorized Users as mentioned in Terms);

2. contact data such as e-mail address;

3. billing data such as bank account information, payment method, payment information and invoices;

4. technical data gathered during provision of Service (logs and other technical data necessary to ensure functionality of Service);

5. data from the contractual relationship;

6. data contained in communications;

7. cookie data.

We process personal data as a personal data controller for the processing purposes set out below, on the basis of the legal bases set out herein, for a limited period of time and only to the extent described herein.

Provision of the Service and related information

Personal data is processed by us for the purpose of providing the Service. This processing includes the use of personal data for the purposes of entering into the Agreement and the subsequent provision of the Service themselves, other contractual communications and invoicing for the Service provided. Within the scope of this purpose, we also use your personal data for the purposes of pre-contractual negotiations, researching documents, etc.

The legal basis for this processing is the performance of the Agreement between you and us and the need to take steps before the conclusion of the Agreement, or in the case where the data subject is not directly a party to the Agreement, the legitimate interest of us in the performance of any concluded contract.

The data are processed before the conclusion of the Agreement, for the duration of the contractual relationship created by the conclusion of the Agreement and for the period necessary for the performance of obligations under Agreement and for the performance of obligations related to the provision of the Service.

Development of the Service

Our goal is to be able to provide you with the best services we can. We therefore process personal data to improve the Service, your user experience and to obtain analytical data about the use and performance of the Service.

The legal basis for this processing is the performance of the Agreement between you and us and the need to keep the Service up to date. The data are processed for the duration of the contractual relationship and use of the Service. We will fully anonymise the personal data after the termination of the Agreement.

Protection of rights and legal claims

We also process personal data to protect your rights and legal interests. In particular in connection with proceedings before judicial authorities and other public authorities, or in connection with the internal settlement of your claims.

The legal basis for this processing is our legitimate interest in protecting rights and legal claims. The data are processed until a maximum of 10 years after the termination of the concluded Agreement (or longer in the event of a dispute), or for a period of 5 years from the collection of personal data if the Agreement has not been concluded.

Fulfilling legal obligations

We also process personal data to comply with legal obligations, in particular in the field of accounting and taxation. At the same time, we provide assistance to state authorities if we are obliged to do so by law. The legal basis for this processing is the fulfilment of legal obligations. The data is processed for the period of time specified by law, for example, in the field of taxation for up to 10 years.

Promotion of our Service

We may also use identification data and contact data to send you offers related to the Service to your contact email. Since you provide contact data prior to ordering the Service, we will send you commercial communications if you consent to such communications or enable you to opt-out from such communication. Also, you have the opportunity to subscribe to such marketing communication. 

The legal basis for this processing is your consent or legitimate interest (depends on mutual relationship). Personal data will be processed until you opt-out of receiving commercial communications, which you may do in each individual email or via contacting us on email stipulated in these Data processing terms. Refusal is also considered a withdrawal of consent.

Providing support and gathering feedback by Authorised Users

We may also process personal data about Authorised Users for the purpose of gathering feedback to further development of the Service, to provide direct support to the Authorized User during usage of the Service. This data will be processed when you click on the relevant parts of the Service where the support or feedback is gathered.

The legal basis for this processing is our legitimate interest which consists of improving our Service and ensuring their proper functioning. The data is processed for the period necessary to process feedback or resolve support requests. 

Processing related to the use of the Service

1. Site operation and security (necessity)

We also process your personal data for the operation of the Service and its security, i.e. for the presentation of information, the internal functioning of the Service, your identification when browsing and on repeat visits, and to ensure your security. For this purpose, we process your technical data gathered during provision of Service and cookie data. The legal basis for this processing is our legitimate interest in the proper functioning and safe operation of the Service. The data is generally processed for the duration of your visit to the Service, at most for a period of 1 year from the date of collection.

2. SHARING OF PERSONAL DATA

The above personal data is processed by us as a so-called personal data controller. However, we may also share data with some other third parties that are so-called “data recipients”.

• List of data recipients is available in the separate list of recipients and sub-processors that is available here: htps://ynput.io/sub-processors. 

Where we share personal data with controllers and processors in third countries (outside the EEA), we will only do so where there is a European Commission decision that a particular country outside the EEA provides an adequate level of data protection, including where controllers or processors have adopted additional data protection measures such as Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs).

3. RIGHTS OF DATA SUBJECTS AND THE POSSIBILITY OF EXERCISING THEM

The data subject shall have the right to (i) request access to personal data; (ii) withdraw consent; (iii) request rectification of personal data; (iv) request erasure of personal data; (v) request restriction of processing of personal data; (vi) request portability of personal data; (vii) object to the processing of personal data; or (viii) lodge a complaint with the competent supervisory authority. 

In all matters related to the processing of personal data, whether it is a question, exercise of rights, sending a complaint, you can contact us through e-mail: gdpr@ynput.io.

4. RIGHT TO LODGE A COMPLAINT

In addition to the possibility of exercising rights with us, you may also file a complaint with the relevant supervisory authority, which is the Office for Personal Data Protection located at Pplk. Sochora 27, 170 00 Prague 7.

PART B – CONDITIONS FOR PROCESSING PERSONAL DATA

1. INTRODUCTORY PROVISIONS

   1. On the basis of the Agreement, we provide the Service to you, whereby the Service may also include the processing of personal data. In such a processing we act as a processor of personal data.

   2. Protection of personal data is our priority. Therefore, without your consent (usually provided during the ordering process, but it can also be provided at later date) we have no access to personal data described bellow. Until you provide us with such a consent to use your data, we cannot be in default with any of the following obligations.

2. NATURE AND PURPOSE OF PERSONAL DATA PROCESSING

   1. We will only process personal data in accordance with applicable law and for the following purposes:

1. evaluating the performance and effectiveness of the Service;

2. development and optimization of the Service;

3. monitoring of the use and functioning of the Service;

4. resolving errors, problems and the Service malfunctions;

5. as further specified in other written instructions given by you.

2. For the purpose of providing the Service to you, we will process personal data in electronic form, whereby the subject of the processing will be the transmission, structuring of personal data, storage of personal data, accessing of personal data (on behalf of your consent) including technical data related to personal data. Also, we will process personal data to provide you with the Service and to enable Authorised Users to use Service.

3. DURATION OF PROCESSING OF PERSONAL DATA

   1. We will process the personal data for the duration of the Agreement or for the time necessary for the provision of the Service. Upon termination of the Agreement, we will fully anonymize the personal data and store only usage statistics of the Service.

4. TYPES OF PERSONAL DATA

   1. The subject of processing under these Data processing terms (Part B) for processing personal data will be the following personal data:

1. Authorized User identification and contact data;

2. Authorized User’s Service usage data;

3. technical data;

4. other data in connection with the use of the Service;

5. other information that will be processed as part of the provision of the Service.

5. CATEGORIES OF DATA SUBJECTS

   1. Personal data will relate to the following categories of data subjects:

1. Authorized Users;

2. other persons whose personal data is contained in information that is transmitted in the course of providing the Service.

6. RIGHTS AND OBLIGATIONS OF THE PARTIES

   1. We declare and undertake that:

1. we will process personal data only on the basis of your instructions and only in accordance with these Data processing terms (Part B) for processing personal data, the Service provided or on the basis of other written instructions from you;

2. if we become aware of a breach or threatened breach of security of personal data, accidental or unlawful destruction, loss, alteration or unauthorised disclosure or access to processed personal data, we shall immediately, but no later than within 72 (seventy two) hours, inform you in writing and describe the resulting or threatened security risk, while informing you of appropriate measures to prevent or minimise the breach of security of the Service and take all necessary measures to minimise the damage;

3. personal data will be secured in accordance with Article 7 of these Data processing terms (Part B) for processing personal data;

4. we will assist you in implementing and maintaining appropriate technical and organizational measures to secure personal data, in reporting personal data breaches to the supervisory authority or data subject, in conducting data protection impact assessments and in prior consultations with the supervisory authority;

5. we will provide you, through appropriate technical and organizational measures, with assistance, no later than within 14 (fourteen) days of your request, to comply with your obligation to respond to requests for the exercise of data subjects' rights;

6. we will provide you, at your request, without delay, but no later than within 14 (fourteen) days, with all the cooperation necessary to prove that the personal data are organizationally and technically secured and we will provide all the cooperation in cases where an inspection by a supervisory authority is initiated.

2. If we receive any request from the data subject in relation to the personal data during the processing of personal data, we will inform the data subject to contact you directly with the request. You are responsible for dealing with such request. We undertake to provide you with all the assistance necessary for the processing of the data subjects' rights.

3. You agree with the involvement of other sub-processors in the processing of personal data. You hereby agree that we will involve sub-processors listed in our webpage at: htps://ynput.io/sub-processors (the “Sub-processor list”). The Sub-processor list contains table of “ENTITIES AS SUB-PROCESSORS ACCORDING TO THE PART B OF THE DATA PROCESSING TERMS” where are included entities that process personal data as sub-processors.

4. We shall inform you in written form via updating Sub-processor list about the involvement of the additional sub-processor before the involvement of the additional sub-processor, and you may object to the involvement of the additional sub-processor within 14 days after notification. If you do not object within the time limit, we will engage the additional sub-processor. If you object, we will assess the objection and, if we find it justified, we will not engage the additional sub-processor or make commercially reasonable change to the configuration or use of the Service to avoid processing by such sub-processor. If change is not possible, we may terminate the contractual relationship with you (or part of it) or not provide the part of the Service to which the additional sub-processor is linked, without being in default or in breach of any obligation.

5. We are obliged to enable you or a person authorised by you to check (including audit or inspection) compliance with these Data processing terms (Part B) for processing personal data, in particular the obligations for processing personal data arising therefrom, and shall contribute to such checks as reasonably instructed by you or the person checking.

6. You are obliged to send any request for an audit exclusively to our e-mail address: gdpr@ynput.io. Upon receipt of a request for an audit, we shall agree in advance on: (a) the possible date of the audit, security measures and how to ensure compliance with confidentiality obligations during the audit; and (b) the expected start and duration of the audit. In the event that no agreement is reached even within 30 days from the date of dispatch of the request, the terms of the audit will be determined by us.

7. We may object in writing to any auditor appointed by you if, in our opinion, the auditor is not sufficiently qualified, is not independent, is in a competitive position with us or is otherwise manifestly unsuitable. Upon objection, you are obliged to appoint another auditor or to carry out the audit itself.

8. You are only entitled to audit data and documents relating to the processing of personal data that we carry out directly for you on the basis of the Agreement. You agree that the scope of the data and documents subject to audit shall always be determined by us for this reason.

9. You are responsible for the fulfilment of all obligations in relation to the processing of personal data, in particular for properly informing data subjects about the processing of personal data, obtaining consent to the processing of personal data, if necessary, handling requests from data subjects concerning the exercise of their rights (such as the right to information, access, rectification, erasure, restriction of processing, objection, etc.).

7. SECURITY OF PERSONAL DATA

   1. We have adopted the measures listed below and undertake to maintain them to ensure the security of the processing of personal data throughout the processing:

1. pseudonymisation and encryption of personal data;

2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services – the measures in place and their correct functioning will be regularly reviewed;

3. the ability to restore the availability of and access to personal data in a timely manner and in the event of physical or technical incidents;

4. a process for regularly testing, assessing and evaluating the effectiveness of the technical and organisational measures in place to ensure processing security.

8. OTHER ARRANGEMENTS

   1. We are entitled to charge you for costs reasonably incurred in connection with the processing of any request and the performance of any obligation under these Data processing terms for processing personal data.

   2. We are not liable for any damage, including lost profits or other damage caused to you in connection with the performance of obligations under these Data processing terms (Part B) for processing personal data, in particular such damage that is independent of our will or that is caused by your actions as a controller or processor of personal data.

   3. If we are still obliged to compensate for any damage caused (whether pecuniary or non-pecuniary), the amount of the damage is limited to 10000 CZK.