RULES OF PROTECTION OF PERSONAL DATA
Introductory provisions
These personal data protection rules (hereinafter referred to as “rules“) have been adopted by the operator Zhongyou – communication and technologies s.r.o., Sládkovičova 9, 900 01 Modra, ID: 46 294 660 , contact: 0904 175 269, mi*********@gm***.com (hereinafter referred to as “provider“).
- These rules regulate the principles of personal data processing of persons who request or order translation and interpretation services, or other products of the provider or representatives of these persons (hereinafter referred to as the “customer“).
- of the operator when processing personal data , and therefore determines for what purposes and by what means personal data will be processed.
Scope of processed data
These rules apply exclusively to the handling of data on natural persons .
- Data relating to the customer – The provider processes personal data that the customer provides as part of his order. Personal data may refer directly to the customer or third parties. The provider also processes personal data provided by the customer for the duration of the contract concluded with the provider. Such data are mainly: name, surname, telephone number and email address, or also other contact data, data on language skills and the customer’s occupation.
- Data related to children – Ordering goods and concluding a contract with the provider can only be done for persons older than 15 years . In the case of concluding a contract in favor of a younger person, the legal representative must approve the consents according to these rules.
- Considering the amount of personal data obtained from the customer, the provider is not able to control their origin. If the customer provides any personal data about third parties, including his own employees, or if this data is contained in documents related to the processing of translation or interpretation, the customer is entitled to provide this data only if the conditions set by the relevant legal regulations are met, including possibly obtaining consent to the processing personal data. The customer is also obliged to ensure that such data is up-to-date and to immediately notify the provider of any changes regarding personal data that are relevant for their processing.
The purpose of personal data processing
- Fulfillment of the order – fulfillment of the contract concluded between the provider and the customer. In this case, the provider uses personal data mainly in the following scope: first and last name, address, email address, phone number and billing data. Personal data is also used to provide translations and interpretation . At the same time, personal data is processed for the purposes of invoicing or solving customer comments. The processing of this personal data is necessary for the stated purpose.
- Access and management of online accounts – In the case of the implementation of any service online, the provider processes personal data within the framework of the fulfillment of contractual conditions and for the purpose of accessing the online information system and its operation, within the scope of the username and password. The processing of personal data is necessary for the stated purpose .
- Offer of services and products of the provider via e-mail – The provider processes the name, surname and e-mail address for sending business announcements. These notifications are sent exclusively to the customer to whom the service or product was provided , i.e. to the customer who was or still is in a business relationship with the provider. The processing of personal data in this case does not take place on the basis of consent, but because of the legitimate interest of the provider. The subscription to commercial announcements can be canceled at any time or an objection can be raised against such processing of personal data.
- Telephone offer of services and products of the provider – Only if consent is granted, the provider can promote its services and other products within the framework of telephone calls. Consent can be revoked at any time through the contacts listed in these rules.
- Further processing of personal data beyond the stated periods is carried out by the provider only if it is necessary for the purposes of legitimate interests or the fulfillment of obligations arising from the legal regulations by which the provider is bound.
- Social networks. Promotion of the company through the social network Facebook and Instagram.
Cancellation of sending commercial messages and withdrawal of consent
- Email notifications – If the customer does not agree to processing for marketing purposes, he is entitled to cancel the sending of commercial notifications at any time by clicking on the link located at the bottom of each commercial notification page or through the contacts listed in these rules.
- Telephone calls – Consent to be contacted for the purpose of promoting the provider’s services and products can be revoked at any time through your request to any of the contact persons listed in these rules.
Persons with access to personal data
- Only the provider has access to personal data.
- The provider is entitled to entrust the processing of personal data to other persons such as intermediaries. Intermediary means any entity that processes personal data for the provider solely on the basis of its instructions. The intermediary may not expand the purpose and scope of personal data processing that the provider determines. All intermediaries are bound by confidentiality and compliance with obligations in the processing of personal data resulting from the relevant legal regulations. Intermediaries mainly include:
- external translators, interpreters and lecturers, or other persons involved in the provision of services offered by the provider;
- providers of certain information systems and other software used by the provider or
- providers of courier and transport services.
Data processing time
- For order fulfillment and further fulfillment of the contract, personal data is processed throughout the duration of the contract and subsequently for 10 years after its termination. The period of 10 years is calculated from the termination of the provision of services or the complete settlement of mutual rights and obligations, whichever event occurs later. The stated deadline is set with regard to the possible application of any claim that results from the concluded contract or is related to it in any way.
- For the purposes of online account management, personal data is processed until its cancellation. The cancellation of the online account may occur mainly in connection with the termination of the contract on the basis of which the online account is maintained, or based on the request of the person concerned. Ending the processing of personal data will prevent access to the online account.
- For the purpose of sending commercial messages, personal data is processed until you unsubscribe or object to such processing, but for a maximum of 5 years. The period of five years is calculated from the termination of the contractual relationship with the provider or the completion of the last order, whichever event occurs later. Before the expiration of this period, the provider will invite you to confirm your continued interest in sending commercial announcements for the next period. In addition, the provider verifies the email database at regular intervals.
- The expiration of system backups in which personal data can be stored after the expiration of the stated periods is set to a maximum of 31 days. Subsequently, personal data will be disposed of in them as well.
- Further processing of personal data beyond the above-mentioned periods is carried out by the provider only if it is necessary to fulfill obligations or exercise rights arising from the legal regulations applicable to the provider.
Rights related to the processing of personal data
- In connection with the processing of personal data, the customer or any third party whose personal data is affected by this has the right to demand from the provider:
- Information about personal data that the provider processes regarding the purpose and nature of personal data processing, including information about potential recipients of personal data outside the provider.
- Access to data held by the provider. In the case of exercising this right, the provider will confirm whether and what specific personal data it processes, or will make these data available together with information about their processing.
- Correction of personal data , if they are inaccurate or incomplete in any way. Only in the case of up-to-date data can the provider correctly process your order, properly manage your online account and communicate with you.
- Explanation and removal of an erroneous state (e.g. blocking, correction, addition or disposal of personal data) if you believe that the provider is processing personal data in violation of the protection of your personal and private life or in violation of legal regulations.
- Deletion of personal data (the so-called right to be forgotten) or restriction of their processing if they are no longer necessary for the stated purposes or the provider no longer has a legal reason to process personal data, including cases where you do not agree to their further processing. As part of the fulfillment of the stated conditions, the provider will completely or partially dispose of your data, or justify why complete liquidation did not take place.
- Transfer of automatically processed personal data obtained on the basis of your consent or in connection with the fulfillment of the contract by the provider to another entity, when the provider transfers your personal data in a commonly used format to you or to another operator at your request.
- In the case of direct marketing in the form of sending commercial announcements, the customer can raise an objection to the processing of personal data , on the basis of which the provider will terminate the processing of personal data for these purposes.
- In connection with the exercise of rights in the processing of personal data, the so-called logs recorded information about the required action, e.g. on the change or disposal of personal data. This log is kept by the provider on the basis of its legitimate interest for 5 years from the execution of the relevant action to demonstrate the fact that your request has been fulfilled.
- In addition to the above-mentioned authorization, in case of suspicion of violation of obligations in the processing of personal data, you can at any time contact the Office for the Protection of Personal Data with your complaint .
Security
- The provider handles personal data in full compliance with applicable laws, including the General Data Protection Regulation (GDPR). When processing personal data, the provider places great emphasis on the technical and organizational security of the processed data.
- All personal data in electronic form are stored in databases and systems. Only persons who need to handle personal data immediately for the purposes specified in these rules have access to such databases and systems, and only to the extent necessary. Access to such personal data is protected by appropriate means. The security of personal data is regularly checked and the protection is continuously improved.
Contact
- If you have any comments regarding the processing of personal data or want to exercise your rights, you can contact the provider by email at mi*********@gm***.com
Efficiency
- These rules become valid and effective on May 25, 2018.