WhomLab s.r.o., with registered office at SNP 2349/13, Ústí nad Labem-centrum, 400 11 Ústí nad Labem, ID No.: 08841977, registered in the Commercial Register maintained by the Regional Court in Ústí nad Labem under File No. C 44648 (also “we“) considers the responsible processing and protection of collected personal data to be very important for building trust with our customers and partners. In this processing information, we, therefore, describe what personal data we process, why we do so, to whom we transfer your data, what rights you have against us, and how you can exercise them.
We recommend that you read this information carefully. If you have any questions, you can contact us at any time using the contact details below.
A. TABLE OF CONTENTS
Our goal is to ensure maximum transparency in the processing of your personal data. We have divided this document into the following sections:
- our commitment to data protection (part B);
- the personal data processed, including examples of the data processed (part C);
- the purposes of the processing of personal data, as well as the legal bases and periods of processing (part D);
- sharing of personal data (part E);
- Your rights in data processing and how to exercise them (part F);
- the possibility to lodge a complaint (part G); a
- amendments to this document (part H).
Information on the use of cookies and similar technologies is contained in the separate Cookie Processing Information: https://whomlab.com/cookies-policy/. Whenever we refer to processing on our website, we also refer to processing in our other online presentations.
B. OUR COMMITMENT TO DATA PROTECTION
We take care of the security of the processed data. In order to prevent unauthorized access or disclosure of data, to ensure the accuracy of the data and the proper processing of the data, we have taken a number of technical and organizational measures to ensure the protection of the data we collect. We also ensure that data is encrypted during data transmission and storage.
C. PERSONAL DATA PROCESSED
In particular, we process data that you yourself have provided to us or that we have obtained from your use of the website, mobile application, our products, and services, communication with us, etc., as well as data derived from these data.
For the sake of clarity, we have divided the data processed by us into several categories, to which we refer in this document:
- Identification information such as first name, last name, or username. These are required for the proper functioning of our products and services and to be able to contact you on your behalf.
- Contact details such as an address, telephone number, and email address. These are needed to communicate with you and to be able to provide some of our products and services.
- Purchase details such as order number, payment method, invoices, and orders.
- Communication data, i.e. information about communications with you, such as emails, call logs, chats, etc.
- Site usage data, i.e. information about your use of our site and your behavior on the site such as IP addresses and HTTP logs of site usage obtained via your device used to access the site.
- Cookie data, i.e. data obtained from cookies and similar technologies that we use. For more information about their use, please read our Cookie Processing Information: https://whomlab.com/cookies-policy/.
- Product and service usage data, i.e., information about the use of our products and services, such as records of the use of and access to our products, identification of your device, its IP address, license and confirmation information, order content, etc.
D. PURPOSES OF THE PROCESSING OF PERSONAL DATA
We process your personal data as a data controller for the processing purposes set out below, on the basis of the legal bases set out here, for a limited period of time and only to the extent described here.
In the first part of this section, we describe the processing of your data related to the provision of our products and services. In the second part, we further describe the processing related to the use of our mobile application and website.
Processing related to the provision of goods and services
D.1 Provision of goods and services and related information
We primarily process personal data to provide you with our products and services and to treat you as a customer, in particular when you create a user account, register a product or service, contact us for further information, use our user forum, participate in our events, or place an order. As part of this, we may also send you messages about the conclusion and performance of a contract, new product and service releases, payment reminders, etc.
For this purpose, we process your Identification data, Contact details, Site usage data, Product and service usage data, Purchase details, and Communication data.
We may also provide your personal information to our partners who help us process your payments for products and services you have ordered.
The legal basis for this processing is the performance of the contract between you and us and the need to take steps at your request before entering into the contract or, where you are not directly party to the contract (if you are, for example, an employee of the customer), our legitimate interest in the performance of any contract entered into.
The data are processed for the duration of the concluded contract and for the period necessary for the performance of the obligations under such contract, or until the expiry of 3 years from the acquisition of the data if no contract has been concluded.
D.2 Protection against piracy and unauthorized use of our products and services
We may also process your data to protect us and other customers from piracy and unauthorized use of our products and services to ensure their safe use.
For this purpose, we process your Identification data, Contact details, Site usage data, Product and service usage data, Purchase details, and Communication data.
The legal basis for this processing is our legitimate interest in protecting against piracy and unauthorized use of our products and services.
We process the data until a maximum of 5 years after the end of the concluded contract or for 2 years after the collection of the data if no contract has been concluded.
D.3 Improving our products and services
We may process data about how you use our products and services, what features you use most, etc. so that we can better understand how you use them and trends in their use and then improve and further develop them to your satisfaction.
For this purpose, we process your Identification data, Contact details, Site usage data, Product and service usage data, Purchase details, and Communication data.
The legal basis for this processing is our legitimate interest in improving our products and services, and the data is processed for a maximum of 3 years from the date of collection.
D.4 Internal records, statistics, and protection of our rights
We may process your data for the purposes of keeping internal records within our company, recording payments made, producing statistical reports, protecting our rights and legal claims, and ensuring that only you use our products and services in accordance with their terms.
For this purpose, we process your Identification data, Contact details, Site usage data, Product and service usage data, Purchase details, and Communication data.
The legal basis for this processing is our legitimate interest in keeping internal records, statistics, and the protection of our rights. The data is processed until a maximum of 16 years after the termination of the concluded contract (or longer in the event of a dispute), or for a maximum of 5 years after the collection of personal data if no contract has been concluded.
D.5 Support and promotion of our products and services
We may process the data you provide when you review, register, or purchase our products and services to inform you about our other products, services or promotions, news, announcements, new releases, etc.
For this purpose, we process your Identification data, Contact details, Site usage data, Product and service usage data, Purchase details, and Communication data.
The legal basis for this processing is our legitimate interest in supporting and promoting our products and services. The data is processed until a maximum of 2 years after the termination of the contract concluded with you.
In addition to objecting to the processing of data for this purpose (see F.7), you may opt out of receiving any newsletters at any time by using the unsubscribe links provided in the footer of each message sent.
D.6 Fulfilling legal obligations
We may also process your personal data in order to comply with our legal obligations, particularly in the area of tax. At the same time, we need to be prepared to provide cooperation to state authorities if we are required to do so by law.
For this purpose, we process your Identification data, Contact details, Site usage data, Product and service usage data, Purchase details, and Communication data.
The legal basis for this processing is the fulfillment of our legal obligations. The data is processed for the period of time required by law.
Processing related to the use of the mobile application and website
D.7 Site operation and security (a necessity)
We process your personal data for the operation of the website and its security, i.e. for the presentation of information on the website, the internal functioning of the website, your identification as a user when browsing and repeated visits to the website, and for ensuring your security.
For this purpose, we process your Site usage data and Cookie data.
The legal basis for this processing is our legitimate interest in the proper functioning and safe operation of our website. ÚU data are processed, as a rule, for the duration of your visit to the website, for a maximum of 2 years from the date of collection.
D.8 Site customization (preferences)
We process your personal data to customize the site to your preferences and save them. This enables us to make it easier for you to browse the website and to customize the website for you in terms of location, language options, device of choice, etc.
For this purpose, we process your Site usage data based on our legitimate interest in tailoring the Site to customer preferences. Personal Data is processed until a maximum of 2 years after your visit to the website.
With your consent, we may also process information from cookies for this purpose, which makes it easier for us to further adapt our website to your preferences (preference cookies), in which case your personal data may also be transferred to third parties. The legal basis for processing here is thus your consent, which you have given via the cookie bar. The personal data is processed until your consent is withdrawn, but in any case, for a maximum of 2 years after your visit to the website.
D.9 Analysis of website traffic (analytics)
We process your personal data to understand how visitors use our website. As part of this, we can monitor traffic to our website, optimize it and generally make your visit to the website smoother and more user-friendly.
For this purpose, we process your Site usage data based on our legitimate interest in obtaining information about the use of our website for its further development. The personal data is processed until a maximum of 2 years after your visit to the website.
With your consent, we may also process cookie information for this purpose, which facilitates us to make more detailed analyses of your visits to the website (analytical cookies), in which case your personal data may also be transferred to third parties. The legal basis for processing here is thus your consent given via the cookie bar. The personal data is processed until your consent is withdrawn, but in any case, until a maximum of 2 years after your visit to the website.
D.10 Web support and promotion (marketing)
We process your personal data to obtain information about your personal preferences and to display relevant advertising. In doing so, we may promote and offer products and services on the site and show you marketing communications relating to the products and services you have enquired about, and promote our brand online.
For this purpose, we process your Site usage data based on our legitimate interest in promoting and selling our products and services. Personal data is processed until a maximum of 2 years after your visit to the website.
With your consent, we may also process information from cookies for this purpose, which facilitates our ability to get to know you better and to better target advertisements (analytical cookies), in which case your personal data may also be transferred to third parties. The legal basis for processing here is thus your consent given via the cookie bar. The personal data is processed until your consent is withdrawn, but in any case, until a maximum of 2 years after your visit to the website.
E. SHARING OF PERSONAL DATA
As data controllers, we determine the purposes for which we obtain and process your personal data, choose the means of processing your data, and are responsible for any processing of such data. We may share your personal data with other companies in our group who also process data in accordance with this document.
At the same time, we may share personal information with third parties who help us provide our products and services to you. These parties act as our data processors and will only process personal data for us, within the scope of our processing purposes set out above.
Your personal information may also be shared with others, such as social or advertising networks if we have obtained your consent for such sharing.
In addition to this, we may share your personal data with certain third parties as data controllers for the purpose of “Fulfilling Legal Obligations” where we are obliged to do so under applicable legislation (in particular, administrative authorities, police authorities, and judicial authorities). Similarly, we may be obliged to share your data with persons who claim to have been harmed by your conduct.
We also share your personal data with third parties as data controllers to help us process your payments for the products and services you have ordered as part of the purpose of “Providing goods and services and related information”. This partner is Stripe.
Where we share your personal data with controllers and processors in third countries (outside the EEA), we only do so where there is a decision by the European Commission that a particular country outside the EEA provides an adequate level of data protection, including where controllers or processors have adopted
additional data protection measures such as Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs).
F. YOUR RIGHTS IN PROCESSING AND THE POSSIBILITY OF EXERCISING THEM
Just as we have rights and obligations when processing your personal data, you have certain rights when processing your personal data as set out in the following paragraphs. You have the right to (i) request access to your personal data; (ii) withdraw your consent; (iii) request rectification of your personal data; (iv) request the erasure of your personal data; (v) request restriction of the processing of your personal data; (vi) request portability of your personal data; (vii) object to the processing of your personal data; or (viii) lodge a complaint with the relevant supervisory authority.
In all matters related to the processing of your personal data, whether it is a question, the exercise of rights, sending a complaint to our hands, etc., you can contact us at [email protected].
Your request will be processed without undue delay, at most within 1 month. In exceptional cases, in particular, due to the complexity of your request, we are entitled to extend this period by a further 2 months. We will, of course, always inform you of any such extension and the reason for it.
You also have the right to lodge a complaint with the supervisory authority as described below.
F.1 Right of access
You have the right to obtain confirmation from us as to whether or not we are processing your personal data.
If we process your personal data, you also have the right to request access to information about the purpose and scope of the processing, the recipients of the data, the duration of the processing, the right to rectification, erasure, restriction of processing and to object to the processing, the right to lodge a complaint with a supervisory authority and the sources of the personal data (this information is already provided in this document).
You can also ask us for a copy of the personal data we process. We provide the first copy free of charge; further copies may be subject to a fee. The scope of the data provided may be limited so as not to interfere with the rights and freedoms of others.
F.2 Right to withdraw consent
You have the right to withdraw your consent to the processing of personal data at any time. However, the withdrawal of consent does not affect the lawfulness of the processing prior to such consent, nor does it lead to the termination of the processing of personal data that has already been anonymized.
F.3 Right to repair
You have the right to request us to correct inaccurate personal data concerning you. Depending on the purpose of the processing, you may also have the right to have incomplete personal data completed, including by providing an additional declaration.
F.4 Right to erasure (right to be forgotten)
You have the right to request the deletion of your personal data in cases where:
- We no longer need your personal data for the purposes for which it was collected or processed;
- you withdraw the consent on the basis of which the personal data was processed and there is no further reason for processing it:
- you object to processing and there are no other overriding reasons for processing, or you object to processing for direct marketing purposes;
- personal data is processed in violation of the law.
However, you cannot exercise this right where the processing is necessary for compliance with our legal obligations or tasks entrusted to us in the public interest or for the establishment, exercise, or defense of legal claims.
F.5 Right to restriction of processing
You have the right to request the restriction of the processing of your personal data in cases where:
- you contest the accuracy of your personal data; in this case, you may request a restriction of processing until the accuracy of the personal data has been verified;
- the processing is contrary to the law and instead of erasure, you request a restriction of the processing of personal data;
- We no longer need your personal data for the purposes for which it was collected or processed, but you require it for the establishment, exercise, or defense of legal claims;
- you have objected to the processing of your personal data; in this case, you may request a restriction of processing until it is verified that our legitimate interests prevail.
F.6 Right to portability
You have the right to obtain a copy of your personal data that we process by automated means on the basis of your consent or for the performance of a contract. We will transmit this data in a commonly used and machine-readable format to you or to a controller designated by you, if technically feasible. The scope of the data provided may be limited so as not to interfere with the rights and freedoms of others.
F.7 Right to object
You have the right to object to the processing of your personal data that we process on the basis of our legitimate interest. We will stop processing your data if there are no other overriding reasons for processing or if the processing is not necessary for the establishment, exercise, or defense of legal claims or if you object to processing for direct marketing purposes.
G. RIGHT TO FILE A COMPLAINT
In addition to the possibility of exercising your rights with our company, you can also file a complaint with the relevant supervisory authority, which is the Office for Personal Data Protection located at Pplk. Sochora 27, 170 00 Prague 7.
H. CHANGES TO THIS INFORMATION
This processing information is effective as of 15 May 2023. We are entitled to change this processing information from time to time, so please check it regularly. We will post any changes to this document on our website.