This document governs how Smartly s.r.o., established: Purkyňova 648/125, 612 00 Brno, ID No.: 04779568 (hereinafter also “Smartly”) treats personal data in the operation of Ofisly (hereinafter also “Application”) as a controller:
- we only collect personal data for the purpose of fulfilling the contractual relationship, and as a processor according to the concluded processing contract;
- to enter into a contractual relationship, we need the name, surname, billing address, e-mail, statistical browser information (domain names, IP addresses, network provider, browser types, data about the websites you visited immediately before visiting our website, the pages of our website you visited, the time spent on these pages, information, data that you have searched on our website, access times and dates and other statistical data about visitors to our website), and for the performance of the contractual relationship, data that we manage and process, such as information relating to vehicles that may be personal data (owner, operator of the vehicle), data about persons and journeys, personal data contained in documents and documents, copies of which you upload to the Application;
- the data subject is the natural person to whom the personal data relates, most often a Customer or potential Customer who is considering using the Application;
- the purpose of collecting and processing personal data is to register a potential customer of Ofisly so that a contract can subsequently be entered into; to facilitate the use of the Application and related activities; to protect the user from known threats in order to secure information, improve user interaction and experience with our services, in particular in relation to changes to the user interface and the provision of requested content and advertising for marketing purposes; to provide technical support services to customers and to improve the quality of products and services; answering your questions and other interactions with you; securing our website and protecting you and ourselves from fraud; sending promotional emails to registered customers (new features and enhancements to the Application, offering training); sending transactional emails (messages to Customers to inform them of required maintenance, service defects or emails necessary for the convenient use of the Application); billing for pricing and collection of outstanding debts; communicating with each other, e.g. to provide customer support for use of the Application; compliance with legal requirements, including participation in legal proceedings and legal requirements of public authorities, including compliance with national security or law;
- categories of personal data submitted by users of the Application: First name, last name, email, mobile phone, billing details, bank account details, user account behavior, IP address, cookies, personal data contained in IDs and documents uploaded by the user to the Application for the purpose of sharing with other users (Ofisly manages and processes this data in such a way that it may provide access to other users of the Application according to the user rights set; the user has full user control over what documents (and therefore what personal data) are stored in the Application and can irreversibly delete them)
- personal data generated by the Application: Ofisly may track how and when you use the Application. This information may include, for example, IP address, time, date, browser used and actions you have taken within the Application;
- for a live chat on the Site, we then process for the purpose of providing the Service and fulfilling our respective obligations, such as: chat session data such as your IP address, time and date of chats as well as data about the content of chats and files uploaded to provide the Service to you; chat history and any files uploaded; email address, activation code, and license number. Chat history data and uploaded files will be deleted 365 days after collection or at your request;
- if you wish to contact us using our contact or support form, we will ask you for contact details (input fields are marked with an “*“), which we will process or use only to the extent necessary to contact you and provide you with the information you request. You may also provide other information (using fields not marked with an “*”), which we will of course also process in accordance with all applicable data protection requirements.
- the legal basis for the processing of personal data are:
- processing necessary for the performance of a contract with the data subject or for taking steps to conclude a contract without the provision of which the contract cannot be concluded
- where it is necessary for our legitimate interests and your interests and fundamental rights do not conflict with those interests
- your explicit consent to the processing for the purpose in question
- processing necessary to comply with a legal obligation
- processing pursuant to Section 7(3) of the Act on Certain Information Society Services: we are entitled to use your electronic address and telephone number for the purpose of disseminating commercial communications relating to our own products or services similar to those we have already provided to you, which is processing carried out for the legitimate interest of the controller;
- origin of personal data – from the customer
- Ofisly does not collect or process special categories of personal data (known as sensitive data) except for those that the subject provides with explicit informed consent;
- Ofisly is the data controller;
- Ofisly processes personal data by its own means, using mechanical, electronic and organizational means of security to protect it, in electronic form in an automated manner or in hard copy form in a non-automated manner; there is no automated individual decision-making (pseudonymous form means data that is collected under a pseudonym, e.g. a unique random alphanumeric string generated internally to identify each data record; in this context, general data such as your domain name or browser type are recorded);
- the period for which the personal data will be stored by the controller is determined by the consent given, otherwise for a maximum of 10 years. An exception is made for tax documents issued in accordance with Article 35 of Act No. 235/2004 Coll., which are kept for 10 years from the end of the tax period in which the transaction took place;
- Ofisly does not intend to transfer personal data to a third country (a non-EU country) or an international organisation, subject to any exceptions set out in this document;
- If you believe that the processing of your personal data has breached or is in breach of Regulation 2016/679 (GDPR), you may, amongst other things, lodge a complaint with a supervisory authority;
- you are under no obligation to provide personal data, however, in some cases this will not be possible without disclosure.
Ofisly is committed to protecting all personal data. Without express consent, it will not pass them on to a third party for processing, unless this is necessary for the fulfilment of its contractual obligations, in particular for the delivery of the purchased goods and the guarantee for them.
If the legal basis for consent is the data subject’s consent, you may withdraw that consent at any time in the same or equally simple way as you previously gave consent and the company will allow you to do so. For each consent, the specific means by which you can withdraw it will be indicated, including by sending an email to the contact person, usually the one in charge of the action.
Withdrawal of consent does not affect the lawfulness of the processing of personal data processed between the granting of consent and its withdrawal.
For the processing of personal data, Ofisly uses the services of other processors who process personal data on its instructions. Such processors include, but are not limited to: providers of information systems, software, and technical infrastructure, providers of payroll accounting, tax, and auditing services, providers of professional services to ensure occupational health and safety and fire protection (OHS and OHS), lawyers, and debt collection companies. In addition, Ofisly is obliged to transfer processed personal data to government authorities, courts, law enforcement agencies, and supervisory authorities if requested to do so also Ofisly may transfer personal data to these entities and debt collectors based on its legitimate interests.
For the performance of the contract, Ofisly uses the services of subcontractors, in particular a mailing service provider and a cloud service provider (personal data is stored within the EU – Frankfurt, Germany). The subcontractors are vetted in terms of the secure processing of personal data. Ofisly has entered into a personal data processing agreement with each subcontractor, according to which the subcontractor is responsible for the proper security of the physical, hardware, and software perimeter, and is therefore directly liable to the Customer for any leakage or breach of personal data.
Social networks. Ofisly has a profile on Facebook, Twitter, and LinkedIn. Any information, communications or materials provided via social media platforms are provided at your own risk. Ofisly cannot control the users of its social, privacy is handled separately within each of the aforementioned platforms.
MailChimp: Ofisly may use MailChimp for certain marketing services, with any personal data transferred to the US for processing being transferred to a processor with whom Ofisly has a processing agreement and who has agreed to comply with the regime described in the Data Processing Addendum, as a specific tool to establish appropriate safeguards under Article 46 of the GDPR to ensure that the level of protection of natural persons guaranteed by the GDPR is not compromised.
Smartsupp: Ofisly may use Smartsupp for certain marketing services, whereby any personal data submitted for processing is transferred to a processor with whom Ofisly has a processing contract and who has committed to the regime described in the Terms and Policies as a specific tool to establish appropriate safeguards under Article 46 of the GDPR to ensure that the level of protection of natural persons guaranteed by the GDPR is not compromised.
Under the conditions set out in Regulation 2016/679 (GDPR), you have the right to request from Ofisly access to your personal data, the right to rectification or erasure of your personal data, or restriction of their processing, the right to object to the processing of personal data, as well as the right to the portability of your personal data and the right to deactivate cookies (if you wish to restrict or block all cookies that are set by our website, please use the tool available on the specific website (if any) or refer to the Help function in your browser to find out how to manage your browser settings).
If you wish to exercise any of these rights, please contact Ofisly’s Managing Director for this purpose or via email at firstname.lastname@example.org
However, with the exception of withdrawal of consent, Ofisly may charge a reasonable fee if the request is manifestly unfounded, repetitive, or redundant, or may refuse to comply with the request in these circumstances.
The data subject may withdraw his or her consent at any time in the same or equally simple manner as he or she previously gave consent and Ofisly will allow this. For each consent, the specific means by which Data Subjects can withdraw it will be provided, including by sending an email. Withdrawal of consent does not affect the lawfulness of the processing of personal data that has been processed between the giving of consent and its withdrawal. Ofisly will hold evidence of this (whether written or electronic) for as long as consent is given.
Privacy By Default:
In any designation of means for processing, in introducing new processing of personal data and in reviewing the organisational arrangements whereby personal data are handled, Ofisly shall consider, taking into account the state of the art, the cost of implementation, the nature, scope, context and purposes of the processing, as well as the varying likely and varying risks to the rights and freedoms of natural persons entailed by the processing, appropriate technical and organisational measures to implement the data protection principles, such as data minimisation, in an effective manner and to incorporate the necessary safeguards in the processing to meet the requirements of this Regulation and to protect the rights of data subjects, in particular that only personal data necessary for each specific purpose of the processing are processed by default (this obligation relates to the amount of personal data collected, the scope of processing, the duration of storage and accessibility, and that personal data are not made available to an unlimited number of individuals by default without human intervention). Where forms and software are used for record-keeping, it is necessary to check whether they require or offer the recording of redundant data and not to process such data.