General Data Protection Regulation

Information on processing personal data in relation to the General Data Protection Regulation – directive of the European Parliament and Council (EU) 2016/679 dating from 27 April 2016.

Scope of Processing Your Personal Data
EXPINIT, s.r.o., Org. ID No.:29046050, Headquarters Jinonická 804/80, 158 00 Praha 5, administered by the Municipal Court in Prague, Registration record: C 162525 (hereafter referred to as “controller”) processes your personal data based on the following conditions.The controller will process your personal data in the scope that you provided it as relates to the controller’s activities: specifically, with your signing up to receive emails, print news or possibly direct marketing services. The controller will process primarily your name, surname, email, phone number, address of your private residence, or your business address. Moreover, in relation to provision of specific software services, where the content and purpose of data processing are always clearly expressed in individual permissions given, we will process mainly this information: name, surname, email, phone number, address of residence or business address, bank account number, date of birth, civil ID number and organizational ID number.

The controller will further process your personal data in the role of processor for individual controllers of personal data. If you would seek information on the scope and means of processing this data, please first contact your personal data controller to request information on whether we, as processors, are processing this information. Such processing is always carried out only in the minimum necessary scope for performing the controller’s activities and in compliance with personal data protection principles.

Purpose of Processing Your Personal Data
The controller will process your personal data for purposes of carrying out his activities (work); namely for the following:
• Individual software applications.
• Marketing (i.e. offering products and services from the controller or third parties) including dispatch of commercial communication in the spirit of the Act No. 480/2004 Coll. on Certain Services of Information Society and analyses of your behavior related to these commercial messages for the purpose of personalizing the offers.
• We use them, for example, to store your configurations for secure online searches, for monitoring the number of visitors to websites, for improving webpage functionality in order to make services simpler, etc. We do not use them to collect personal data, for purposes of content marketing or for other purposes, or for sharing with third parties,
• And we always do this in the scope authorized either by the law, by authorization for the controller of your personal data, or in the scope specified in your given consent.

Legal Basis for Processing Personal Data
The legal basis (grounds) for processing your data processing include
• legal authorization,
• permission given to the personal data controller,
• your consent.
The fact is that your personal data is essential for fulfilling individual purposes for which this personal data is provided, i.e. accounting, marketing, or subscription to newsletters to which you have subscribed. Personal data is processed in compliance with the General Data Protection Regulation – directive of the European Parliament and Council (EU) 2016/679 dating from 27 April 2016 (hereafter referred to as “GDPR”).

Period for Which Your Personal Data Is Processed
The controller will process your personal data in relation to the purpose of processing:
• for software and services for the period of service usage,
• for the processing of personal data for periods prescribed by Czech law (mainly the Accounting Act),
• for direct marketing, for a period of three years from the date of giving consent, provided you do not revoke consent.

Revoking Consent for the Processing of Personal Data
You can revoke your voluntary consent to the processing of personal data at any time, free-of-charge. This is done by sending an email to info@expinit.com. Revocation of consent is also possible directly via any commercial communication sent to you by email. Revocation of consent does not impact the legality of processing stemming from consent given prior to revocation. Revocation of consent also does not impact the processing of personal data carried out by the controller based on other legal grounds, i.e. other than consent.
ATTENTION. Provided you revoke consent to processing of personal data for applications, it could occur that the application needs your personal or ID data for its functioning. In such cases, the application will no longer be accessible.

Persons with Access to Your Personal Data
The controller, their employees and possibly third parties (processors who provide suitable guarantees and whose processing fulfils all GDPR requirements and who will sufficiently protect your rights and your personal data) will have access to your personal data. These persons include mainly lawyers and technicians; in the case of direct marketing, also marketing consultants. However, these persons will have access to data only for the necessary period and in the necessary scope, provided this will be necessary for provision of services and fulfilment of legal requirements.
Provided it involves recipients of personal data (in addition to persons mentioned, further persons can be given access to personal data, but this only in the case that they have a provable legal reason for accessing the personal data (e.g. police and judicial bodies, other monitoring bodies with legal authorization for access to the data) or provided it will be essential to protection of the controller’s rights (e.g. in court).

Controller Contact Information
You can contact the controller via email info@expinit.com, or in written form at the address of their headquarters: Jinonická 804/80, 158 00 Praha 5. The controller is authorized to request proof of your identity on grounds of limiting access to your personal data by unauthorized persons. For the purpose of improving service quality and for maintaining records on fulfilment of the controller’s legal obligations, all communications between you and the controller may be monitored.

Your Rights Relating to Protection of Your Personal Data
You have the right to revoke your consent at any time, to edit or add to your personal data, to request limits to scope of processing, to submit an objection or complaint on the processing of your personal data, to request the transfer of personal data, access to your personal data, to be informed about a breach in the security of your personal data, deletion and other rights stipulated in the GDPR. You have the right to deletion in the event that your personal data is no longer necessary for the purpose for which it was collected or processed, provided processing is based on consent and there are no other legal grounds for its processing, if personal data is processed in breach of the law, provided parental consent for processing of children’s personal data has not been given and provided (this consent) is required by legal obligations stipulated in EU law or that of a member state.

Right to Object
You have the right to object to the processing of your personal data provided the controller processes it for their own purposes, for provision of services or for direct marketing. Objections must be submitted to the controller. In the event that you submit an objection against processing for purposes of the client zone or direct marketing, then the personal data controller will no longer process the data in this scope, provided they cannot offer a binding, justifiable reason for the processing that supersedes your interests or rights and freedoms; or for definition, performance or defense of legal rights. Further information on this right is contained in Article 21 of the GDPR.

Right to Submit Complaint to a Supervisory Authority
You can submit a complaint on the processing of your personal data, or the failure to fulfil the controller duties stemming from GDPR, to the supervisory authority at any time. The supervisory authority for the Czech Republic is the Personal Data Protection Authority: www.uoou.cz.

Obligation to Provide Personal Data. Consequences of Not Providing Personal Data.
Your personal data is provided fully voluntarily. You have no obligation to provide it. In the event that you do not provide your personal data, you are not liable to any sanctions. However, provided you do not provide it to the controller, it is possible that you won’t receive access to a specific application or that we will not be able to send individual commercial communication to which you have subscribed.
In the event of legal authorization for performance of our activities, you do not have the option of refusing consent to the processing of your personal data. However, we are always prepared to provide the broadest level of support cooperation possible in order to prevent the misuse of your personal data. We will also provide you information on the scope and content or information processed related to your person.