In connection with the processing of personal data, pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), we provide you with the following information on how we process personal data in our company Seyfor, a. s.
For easier orientation, we have divided the content of this document into the following sections:
- Our commitment to personal data protection
- Information about the personal data controller
- Purposes and legal bases for the processing of personal data
- Legitimate interests pursued by the controller
- Personal data processors and disclosure of personal data
- Security of personal data processing
- Transfer of personal data outside the EU
- Period of personal data processing
- Rights of the data subject
- Updates and changes
- Contacts
Our commitment to personal data protection
The protection of personal data is very important to us. Our goal and intention is to provide services in such a way that the fundamental rules and principles of privacy protection, and in particular personal data protection, are respected under all circumstances. Our main principle is to obtain and retain personal data only to the extent necessary and for no longer than necessary.
When processing personal data, we are governed in particular by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), as well as by other legal regulations relating to the processing of personal data and the protection of privacy.
Information about the personal data controller
The controller that has determined the purpose and means of the processing of personal data is Seyfor, a. s., Company ID No.: 01572377, with its registered office at Drobného 555/49, 602 00 Brno, registered in the Commercial Register maintained by the Regional Court in Brno, Section B, Insert 70172.
Seyfor, a. s. is (on the basis of Article 37 of the General Data Protection Regulation (GDPR)), together with Seyfor Slovensko, joint-stock company, Company ID No.: 36 237 338, with its registered office at Plynárenská 7/C, 831 02 Bratislava, registered in the Commercial Register maintained by the District Court Bratislava I, Section Sa, Insert 2969/B, part of a group of undertakings that are linked. Within this group of undertakings, data are transferred for administrative purposes, including the processing of personal data of clients or employees. This processing is based on legitimate interest (under Article 48 of the General Data Protection Regulation (GDPR)).
Regardless of whether Seyfor processes your personal data independently or as a joint controller, you may exercise your rights with any company within the group.
If you have any questions regarding the protection of your personal data, you may contact us in writing at the company’s registered office address or by e-mail at gdpr@seyfor.com.
Purposes and legal bases for the processing of personal data
Personal data that we obtain in the course of our activities directly from you as the data subject or by other means (e.g. provided to us by your employer or obtained from publicly available sources) are processed by us in accordance with the law for the following purposes:
In connection with business activities:
|
Purpose |
Legal basis |
|
Searching for potential customers |
Legitimate interest of the controller pursuant to Art. 6(1)(f) GDPR (with regard to Act No. 480/2004 Coll.) |
|
Preparation and implementation of business contracts |
Performance of a contract pursuant to Art. 6(1)(b) GDPR |
|
Business communication with customers and their employees |
Performance of a contract pursuant to Art. 6(1)(b) GDPR or legitimate interest of the controller pursuant to Art. 6(1)(f) GDPR |
|
Providing customer and employee data for software licensing purposes |
Performance of a contract pursuant to Art. 6(1)(b) GDPR |
|
Conducting surveys to verify customer satisfaction |
Consent of the data subject pursuant to Art. 6(1)(a) GDPR or legitimate interest of the controller pursuant to Art. 6(1)(f) GDPR (with regard to Act No. 480/2004 Coll.) |
|
Recording telephone calls to improve the quality of our services |
Consent of the data subject pursuant to Art. 6(1)(a) GDPR (or compliance with a legal obligation, if laid down by a specific legal regulation) |
|
Services aimed at improving user experience (mini-courses, training, academy) |
Performance of a contract pursuant to Art. 6(1)(b) GDPR or legitimate interest of the controller pursuant to Art. 6(1)(f) GDPR |
|
Providing technical support and consultancy to users in connection with our products |
Performance of a contract pursuant to Art. 6(1)(b) GDPR or legitimate interest of the controller pursuant to Art. 6(1)(f) GDPR |
In connection with marketing activities:
|
Purpose |
Legal basis |
|
Sending information to customers and their employees by e-mail (newsletter) |
Consent of the data subject pursuant to Art. 6(1)(a) GDPR or legitimate interest of the controller pursuant to Art. 6(1)(f) GDPR (with regard to Act No. 480/2004 Coll.) |
|
PR communication through social networks |
Legitimate interest of the controller pursuant to Art. 6(1)(f) GDPR |
|
Analysis of engagement on social network pages |
Legitimate interest of the controller pursuant to Art. 6(1)(f) GDPR |
|
Analysis of e-mail recipient engagement |
Consent of the data subject pursuant to Art. 6(1)(a) GDPR or legitimate interest of the controller pursuant to Art. 6(1)(f) GDPR only for basic statistics |
|
Publishing references containing customer and employee data |
Consent of the data subject pursuant to Art. 6(1)(a) GDPR |
In connection with other activities:
|
Purpose |
Legal basis |
|
Keeping accounting records |
Compliance with a legal obligation pursuant to Art. 6(1)(c) GDPR |
|
Mail records and archive management |
Compliance with a legal obligation pursuant to Art. 6(1)(c) GDPR |
|
Establishing, defending and enforcing legal claims |
Legitimate interest of the controller pursuant to Art. 6(1)(f) GDPR |
|
Handling requests from data subjects in connection with personal data protection |
Compliance with a legal obligation pursuant to Art. 6(1)(c) GDPR |
Legitimate interests pursued by the controller
In connection with the legitimate interests we pursue, we process your data as a controller without your consent only to the extent strictly necessary to achieve the stated purpose. For explanation, we provide the following:
|
Legitimate interest |
Additional information |
|
Searching for potential customers |
In an effort to offer our products and services to companies and organisations, we obtain business contacts through public registers or from other persons. These are common data such as name, e-mail or telephone number. |
|
Business communication with customers and their employees |
If our customers are companies and organisations, we communicate with the relevant employees regarding products and services. In such communication, we use common personal data such as name, business telephone number or e-mail. |
|
Services aimed at improving user experience (mini-courses, training, academy) |
If our customers are companies and organisations, we communicate with the relevant employees regarding products and services. In such communication, we use common personal data such as name, business telephone number or e-mail. |
|
Providing technical support to users in connection with our products |
If our customers are companies and organisations, we communicate with the relevant employees regarding products and services. In such communication, we use common personal data such as name, business telephone number or e-mail. |
|
Conducting surveys to verify customer satisfaction |
We usually conduct satisfaction surveys anonymously or with the customer’s consent. In some cases, we may use contact details such as e-mail to send questionnaires (with regard to Act No. 480/2004 Coll.) |
|
Sending information to customers and their employees by e-mail (newsletter) |
As part of building relationships and in an effort to inform you about products and services that may be of interest to you, we process your contact e-mail address. You can always unsubscribe from receiving such messages (with regard to Act No. 480/2004 Coll.) |
|
Analysis of e-mail recipient engagement |
In order to effectively send information by e-mail only to persons interested in it, we evaluate the success of delivery and reading of our e-mail messages. Once you unsubscribe from e-mails, we will stop evaluating this information. |
|
PR communication to increase awareness of the company through social networks |
If you decide to follow our fan pages on social networks, your data, profile or posts will form part of the information that we process as a joint controller with Facebook. However, you may hide your posts or stop following our pages at any time. |
|
Establishing, defending and enforcing our legal claims |
In the event of dispute resolution, negotiations on contractual relationships, debt collection, notification of facts to public authorities and similar activities, we process personal data that are necessary for establishing, defending and enforcing our legal claims. |
Personal data processors and disclosure of personal data
When processing your personal data, situations may arise in which we disclose your personal data to a third party (another controller), or to our contractual partners (processors) who assist us with the processing of personal data.
Our processors, who process personal data in accordance with our instructions and while observing secure measures, are:
- Providers of application hosting and cloud services
- Providers of communication tools
- Marketing agencies in the field of online advertising and communication through social networks
- Companies carrying out satisfaction surveys
We provide your personal data to the following categories of recipients:
- Public authorities where required by legislation
- Audit firms, tax advisors
- Postal and courier services
- Software licence providers
Security of personal data processing
In accordance with the requirements of applicable legislation, we ensure all necessary security, technical and organisational measures in order to protect your personal data. Electronic data are stored in protected databases on a server that is owned by us or reserved exclusively for us. We protect your personal data against damage, destruction, loss and misuse. All persons who come into contact with clients’ personal data are obliged to maintain confidentiality regarding information obtained in connection with the processing of such data.
Transfer of personal data outside the EU
We carry out the processing of personal data through information and communication systems in such a way that personal data are not transferred to third countries outside the European Economic Area (EU, Iceland, Norway, Liechtenstein). Our systems and applications are mostly operated in the territory of the Czech Republic and the Slovak Republic or in data centres located in the EU with verified providers (e.g. Microsoft).
However, in the case of our communication through social networks (e.g. Facebook, LinkedIn, Google, YouTube), we use the services of global providers whose registered offices may be located outside the EU in third countries such as the USA, which do not ensure an adequate level of protection.
The transfer of personal data outside the EU or outside the European Economic Area takes place only in compliance with personal data protection requirements under GDPR on the basis of standard contractual clauses approved by the Commission.
Below we provide links to the standard contractual clauses relating to transfers of data to the USA:
|
Processor |
Privacy information |
Appropriate safeguards within the meaning of Article 46 GDPR |
|
|
||
|
|
||
|
|
||
|
Microsoft |
Period of personal data processing
We process personal data only for the period strictly necessary to achieve the stated purpose. After this period expires, we dispose of personal data by shredding paper records and data carriers, anonymising data in electronic form, or deleting them in such a way as to prevent their misuse.
The processing period and retention periods for personal data are determined by our records retention plan and are as follows:
|
Processing activities |
Period |
|
Personal information processed for the purposes of business activities |
We process the data for the duration of the contract (business relationship) and subsequently for 5 years after its termination. |
|
Personal data processed for marketing and advertising purposes |
In most cases, we do not process these data for longer than 24 months. |
|
Personal data processed for accounting purposes |
We process personal data in accordance with the relevant legal regulations, currently for 10 years. |
|
Establishing, defending and enforcing legal claims |
For the duration of court proceedings or out-of-court settlement, but no longer than until the expiry of the limitation period. |
Rights of the data subject
When processing personal data, we are prepared to ensure the exercise of your rights:
- You have the right to access your personal data, as well as the right to know the purpose and duration of processing and any recipients of your personal data.
- You have the right to rectification; if your data are incorrect or have changed, contact us and we will correct them.
- You have the right to erasure of personal data if they are incorrect or unlawfully processed.
- If your personal data are processed on the basis of consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent given before its withdrawal.
- You have the right to restriction of the processing of personal data. If you wish, we will process the data only for the most necessary reasons laid down by law, or not at all.
- You have the right to object to automated individual decision-making if such processing takes place and you find or believe that such processing is unlawful or contrary to your rights.
- You have the right to data portability; if you wish to transfer the data to another controller, we will provide them to you in the appropriate format, unless this is prevented by technical or legal obstacles.
- You also have the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Czech Republic, with its registered office at Pplk. Socha 27, 170 00 Prague 7, Czech Republic, Company ID No.: 70837627, tel.: +420 234 665 800, https://www.uoou.cz/vismo/
You may exercise your rights in writing at the company’s registered office address, by post or by e-mail.
We will respond to your request free of charge within 30 days. In the event of complexity or a large number of requests, we are entitled to extend this period by a further 60 days. If this happens, we will inform you accordingly.
Updates and changes
The protection of personal data is not a one-off matter. The information contained in this document may change or may cease to be current. Therefore, we reserve the right to change or amend this information at any time. We will notify you of any such change through these pages or by e-mail.
Contacts
Seyfor, a. s.
Drobného 555/49, 602 00 Brno
https://www.seyfor.com/, e-mail: info@seyfor.com
Tel: +420 511 182 400