PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA
issued by Bound s.r.o., Company ID No.: 13965948, with its registered office at Plynární 1617/10, Holešovice, 170 00 Praha 7, represented by Pavel Šíma, Executive, incorporated in the Companies Register kept by the Municipal Court in Prague, Section C, Insert 358014 (hereinafter referred to as “Bound” or “controller”) for the provision of Bound review services, as available on https://boundwell.io.
This document aims to provide you with all information relating to the processing of your personal data. We encourage you to read these Principles Relating to Processing of Personal Data. If you have any questions about processing your personal data, please contact us by email at firstname.lastname@example.org or by mail at the address mentioned earlier.
We process your personal data on the grounds laid down by law, for the performance of contracts, or for the purposes of our legitimate interests. Where none of those legal grounds as mentioned above applies, we will ask you for your consent. We make sure that your personal data are processed under the following principles:
Applicability of these Principles. Unless stated otherwise, these Principles Relating to Processing of Personal Data shall apply to persons who:
For ease of reference and the reader's convenience, the terms which are often referred to in these Principles are specified below.
Boundacts as the controller of the Personal Data of its Users on the website https://boundwell.io.
BOUND ACTS AS THE CONTROLLER AND WHERE YOU CAN CONTACT US
Bound as the controller. The controller of personal data is Roivenue s.r.o., Company ID No.: 06812279, with its registered office at Plynární 1617/10, Holešovice, 170 00 Praha 7, represented by Pavel Šíma, Executive, incorporated in the Companies Register kept by the Municipal Court in Prague, Section C, Insert 289445 (hereinafter referred to as “we”, “Bound” or “controller”).
Contact details: email@example.com
Please note that these Principles Relating to Processing of Personal Data shall apply to the Processing of Personal Data of our Users, not those of the Recipients.
PERSONAL DATA WE PROCESSWe process the following Personal Data about you:
We do not process any Special Categories of Personal Data.
Processing of Personal Data in general. We process your personal data to the extent necessary throughout the term of using the Service. We are obliged to end the Processing of Personal Data at the time indicated; if we conclude that it is necessary to archive or process the Personal Data for a more extended period, in particular, to protect our rights and legitimate interests.
Duration of the Processing of Personal Data in general. Please note that in some cases, the duration of the Processing of Personal Data may be as much as 15 years after the completion of the Service to protect our interests or to fulfill our legal obligation.
FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA
Registration, setting up a user account. You provide us with personal data voluntarily by completing a questionnaire, available in the section Review.
Database of Reviews. We can obtain information about your LinkedIn profile or other information you post on your LinkedIn profile. Such information may include, for example, your name, location, email address, telephone number, profession, and current employer.
Using the Service. After setting up a user account, you can use our Service to write a Review. We can contact you to clarify your Review.
Website. We also process information about when you visit or browse our website. This information may include, for example, IP address, date and time of access to our website, information about your web browser, operating system, or your language settings. We can also inspect the history of your behavior on the website, e.g. what links you visit on our website and which of the Services offered are displayed to you. However, the information on your behavior on the website is anonymized to ensure your maximum privacy.
If you access our website from a mobile phone or similar device, we can also process information about your mobile device (data about your mobile telephone, etc.).
Blog. We can have a publicly accessible blog on our website. Please note that any information which you enter as a comment on our blog can be seen by anyone. If your Personal Data appears on our blog and you wish to have them erased, don't hesitate to contact us at the email address firstname.lastname@example.org. If we cannot erase your Personal Data from the blog, we will inform you and notify you of the reason.
Social networks. We have a profile on LinkedIn. All information, communications, or materials disclosed via social media platforms are also disclosed according to the principles relating to the processing of personal data applicable to those platforms.
Subscription to Newsletter. If you subscribe to our newsletter, we will send you interesting information about the operation of the Service. If you no longer wish to receive the emails, click on the unsubscribe button in the footer of the email.
Newsletter for our users. If you have created an account to use our Service, we are entitled to send you Newsletters based on our legitimate interest in promoting our services and/or related similar services. If you no longer wish to receive the emails, click on the unsubscribe button in the footer of the email. You can also object to sending newsletters (for details, see the section on your rights).
Transaction emails. These are messages we send to Users in connection with the use and proper operation of the Service. We can, for example, inform you about temporary or permanent changes to our services, such as planned maintenance, new functions, updates of versions, editions, warning against misuse, and amendments to our principles relating to the processing of personal data.
Promotional events. We can carry out surveys, organize competitions, webinars or other promotional events. Your participation in our promotional events is voluntary. As part of these surveys, competitions, and promotional events, we may ask you for your Personal Data, e.g. name and surname, address, date of birth, telephone number, email address, user name, and similar details. We will use the Personal Data you have disclosed to us to manage these promotional events or for other purposes if specified in the conditions of the particular promotional event.
Card payment. If you give us your credit card details, we do not have access to complete details. We only know that you are making the payment by card, and the card details are processed by recipients of those data who process the payment for us.
SUMMARY OF THE GROUNDS FOR AND PURPOSES OF THE PROCESSING OF YOUR PERSONAL DATA
We understand that it may be difficult for you to get through an extensive text about how and why we process your Personal Data and where we obtain them. We have prepared a summary table to give you a quick and transparent overview of the essential details about your personal data processing.
|Purpose of processing||Personal data||Legal ground for processing||Duration of processing||Processors|
|Provision of the Services||URL of the LinkedIn profile, name, surname, email, telephone number, details about the user as disclosed by the user itself||Performance of contract||For the term of the User's contractual relationship with us|
|Bookkeeping||billing information, bank details||Compliance with legal obligations and performance of a contract||invoices for the period of 15 years||Ing. Andrea Votavová Ph.D., tax advisor|
|Warranty claim or complaint handling||name, surname, email, telephone number, details of the contract concluded, necessary details of payments||Compliance with legal obligations and performance of a contract||For the term of the User’s contractual relationship with us and then for 4 years from the termination of the contractual relationship||Google, Freelo, Abra Flexibee|
|Administration of training courses, workshops, or other online events||name, surname, email, telephone number, user account name, participant’s preferences, billing information||Performance of contract||For the term of the contractual relationship with us and then for 4 years from the termination of the contractual relationship||Zoom|
|Routine analysis of the website traffic, security of our website, detection of server errors, and prevention of fraud and attacks on the server||pseudonymized identifiers of registered users, IP address||Legitimate interest||A specific time of cookies storage differs according to the specific cookie type, usually no more than 1 year||Google Analytics|
|Marketing and promotion of our services||name and surname, email, telephone, IP addresses, and other technical identifiers||Consent to the processing of cookies, Legitimate interest||For the term of the consent, the period of storage of cookies may differ according to the cookie type||COOKIEBOT, Customer.io, Gmass, Facebook, LinkedIn, Google Ads|
|Protection of our rights and property (or protection of the rights and property of third parties)||name and surname, email, telephone number of the User, address, and details of the services provided||Legitimate interest||For the period of 4 years of the termination of our contractual relationships||Legitas|
|Processing and evaluation of competitions, announcing and publishing the winner on our website and social networks||name, surname, address, telephone number, email address, or other details as may be specified by the conditions of the competition||Consent, legitimate interest (if specified by the conditions of the competition)||2 years of the end of the competition unless you withdraw your consent earlier||Facebook, Instagram, Google|
|Publishing User's reviews or your questions or comments on the provision of our services||name, surname, email address||Consent||For the time for which the post on which you commented is published unless you ask for the erasure of your comment earlier||WordPress, Google (google forms)|
|Technical background for the operation of the Service||name, surname, URL of the LinkedIn profile, email, details about the user as disclosed by the user itself||Legitimate interest (to provide a Service)||For the term of the contractual relationship with us and then for 4 years from the termination of the contractual relationship||Microsoft Azure Cloud, WebsupportGoogle drive, Gmail|
OUR OBLIGATIONS RELATING TO ACCOUNTING AND TAXES
Please note that we process some of the personal data because we are legally required to do so. According to Section 31 of the Act on Accounting (No. 593/1991 Sb.), we are obliged to archive accounting documents and accounting records (invoices) for five years from the end of the financial year to which such documents and records relate. We also have an obligation arising from Section 47 of the Tax Code (No. 337/1992 Sb.) to retain invoices for three years from the end of the financial year in which the tax relating to the invoice becames chargeable. Invoices include the following personal data: name, surname, email address, billing address or other identification details of the User, and information about the Services.
Further, please note that according to Section 35 of the Value Added Tax (No. 235/2004 Sb.), we are obliged to archive invoices for the period of 10 years from the end of the financial year in which the transaction occurred. Invoices include the following personal data: name, surname, email address, billing address, or other identification details of the User and information about the Services
WHAT MEASURES WE HAVE IMPLEMENTED TO PROTECT YOUR PERSONAL DATA
Technical and security measures. Taking into account the likelihood of risks and the costs of possible measures as well as technical capacity, we have implemented technical security and organizational measures – in all areas where the Processing of Personal Data takes place (in particular website operation, Services operation, employee matters, communication with Users).
We use a secure information system that provides security to personal data corresponding to the state of the art, costs, nature, scope, and purposes of the processing.
WHEN WE TRANSFER YOUR PERSONAL DATA TO THIRD PARTIES
We may transfer your Personal Data to our business partners (Processors) or other third parties where required by law.
Processors. We use only pre-screened Processors with whom we have entered into a written agreement and who provide us with safeguards that are equal to those we provide to you. They are only Processors based in the European Union or with whom we have entered into standard contractual clauses under Article 46 GDPR and who provide a level of protection of your personal data equivalent to the one resulting from the application of GDPR and Czech legislation. All these Processors have committed themselves to secrecy. They must not use the provided Personal Data for purposes other than those we have disclosed under these principles. Particular Processors are indicated for each ground and purpose of the Processing of Personal Data above.
Legal obligations. We can transfer your Personal Data also to third parties, in addition to Processors, if required by law or when responding to legitimate requests of public authorities or at the request of the court in legal proceedings.
YOUR LEGAL RIGHTS
You can request access to personal data and request rectification, alteration, erasure, or restriction of processing of personal data where the personal data are inaccurate or were processed in violation of the applicable data protection laws. In addition, you have the right to data portability, the right to object to processing, the right to withdraw consent to the processing of personal data, and the right not to be subject to automated individual decision-making, including profiling.
You can exercise your rights concerning the processing of Personal Data at the email address email@example.com, in person, or by mail at the address of the controller.
We aim to comply with your requests without delay but no later than one week. However, there may be circumstances in which we cannot provide the access (for example, where the required information compromises the privacy of others or endangers other legitimate rights, or where the costs of granting the access would be disproportionate to the risks compromising the individual privacy in the particular case). We can take reasonable action to verify a user's identity before we take any steps in relation to the rights of Users of the data.
Right of access to personal data
According to Article 15 GDPR, you will have the right of access to personal data, which includes the right to obtain from the controller:
For any further copies requested, the controller may charge a reasonable fee.
Right to rectification of inaccurate data
According to Article 16 GDPR, you have the right to the rectification of inaccurate personal data. At the same time, you are obliged to inform us about any changes to your personal data (e.g., user profile records). You are also obliged to cooperate with us should it be established that the personal data we process is inaccurate. We will perform the rectification without undue delay but, in any case, take into account the technical capacities available.
Right to erasure
According to Article 17 GDPR, you have the right to the erasure of personal data concerning you unless we prove legitimate grounds for processing those personal data. Accordingly, we have established mechanisms to ensure automatic anonymization or erasure of personal data when they are no longer necessary to the purposes for which they were processed.
Right to restriction of processing
According to Article 18 GDPR, you have the right to obtain restriction of processing pending the resolution of your complaint if you contest the accuracy of personal data or the grounds for the processing of personal data or if you object to the processing of personal data.
Right to be notified of rectification, erasure, or restriction of processing
According to Article 19 GDPR, you have the right to be notified of any rectification, erasure, or restriction of processing of personal data. Therefore, in case of any rectification or erasure of personal data, we will inform each recipient unless this proves impossible or involves disproportionate effort.
Right to portability of personal data
According to Article 20 GDPR, you have the right to receive the data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format, and the right to request that the data can be transmitted to another controller.
Where you provide any personal data in the context of our contractual obligations or based on consent and the processing of the personal data is carried out by automated means, you have the right to receive the data in a structured, commonly used, and machine-readable format. Where technically feasible, the data can be transmitted to a controller indicated by you provided that the person acting on behalf of the relevant controller is properly identified and can be authorized. If the exercise of this right might adversely affect the rights and freedoms of others, we cannot comply with your request.
Right to object to the processing of personal data
According to Article 21 GDPR, you have the right to object to processing your personal data on the ground of legitimate interest.
Unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, we will end the processing based on your objection without undue delay.
Where you object to processing for direct marketing purposes, we will end the processing without undue delay.
Right to withdraw consent to the processing of personal data
You may withdraw any consent to the processing of personal data for marketing and commercial purposes at any time. The withdrawal of consent shall be made by an explicit, comprehensible, and specific manifestation of will. Web browser settings can prevent the processing of any data from cookies.
Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you. We state, however, that we do not perform any automated decision-making unaffected by a human intervention that has legal consequences relating to Users.
We may amend these Principles Relating to Processing of Personal Data only in writing. However, we will inform users about any amendments on our website or by email.
If you have any questions concerning our Principles Relating to Processing of Personal Data, don't hesitate to contact us at the email address firstname.lastname@example.org. If you are dissatisfied, you can lodge an objection or complaint at any time with the Office for Personal Data Protection, with its registered office at Pplk. Sochora 727/27, 170 00 Praha 7 – Holešovice (further details can be found at https://www.uoou.cz/)
These Principles Relating to Processing of Personal Data take effect on 1 January 2022.