Privacy policy
Introductory provisions
1. Through this Privacy Policy("Policy"), the operator of the Loxper mobile application (" Application"), as the controller and processor of personal data, the User of this Application ("User "), data subjects, all processing activities and the privacy policies of users.
2. By downloading the Application and using it, the User agrees to this Policy.
Data Controller
1. The controller and processor of the User's personal data is the operator of the Application – Ing. Jaroslav Haltmar, ID: 687 73 463, with its registered office at Údolní 212/49, 602 00, Brno - Brno-city("Administrator").“).
2. The Controller shall proceed with the processing of the User's personal data in accordance with this Policy and generally binding in particular Act No. 110/2019 Coll., on the processing of personal data, as amended, and Regulation (EU)2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (GDPR).“).
Purpose, legal basis, scope, and duration of the processing of personal data
1. The Controller processes the personal data of the Users for the following purposes:
a) Operation of the application and fulfillment of the Administrator's obligations vis-à-vis the User
• Legal basis: From the work is necessary for the performance of the contract, its party is the User.
• Scope: (i) identification data – first name, surname, date of birth, address of permanent residence, etc.; (ii) contact details – correspondence address, e-mail address, telephone number, etc.; (iii) account details – username, unique user ID, passcode, payment information, etc.; and (iv) mobile device geolocation data - latitude and longitude.
• Time: Data is processed for the duration of the obligationsů under the contract.
b) Protection of legal claims of the Administrator after the termination of the contract with the User
• Legal basis: Work is necessary for the purposečoflegitimate interests with the
• Scope: (i) identification data – first name, surname, date of birth, address of permanent residence, etc.; (ii) contact details – correspondence address, e-mail address, telephone number, etc.; and (iii) account details – username, unique user ID, passcode, payment information, etc.
• Duration: Data is processed for the duration of the limitation periods of potential claims, i.e. approx. 3 years after the termination of the contract, or for a longer period if the limitation period is built, the limitation period is suspended, etc..
c) Accounting and tax obligations
• Legal basis: Work is necessary to fulfill the legal obligation applicable to the Administrator.
• Scope: Identification data – first name, surname, date of birth, address of permanent residence, etc.
• Processing time: The data is processed for a period of 5 years from the creation of the document.
d) Contacting the User to improve customer care and inform us about what's new in the App
• Legal basis: User consent.
• Scope: (i) identification data – first name, surname, date of birth, address of permanent residence, etc., and (ii) contact details – mailing address, e-mail address, telephone number, etc.
• Processing time: The data are processed for the duration of the obligation under the contract and for 3 years from the termination of the contract or until the consent of the User is withdrawing.
e) Direct Marketing – App-Related Admin Products
• Legal basis: Work is necessary for the purposečoflegitimate interests with the
• Scope: (i) identification data – first name, surname, date of birth, address of permanent residence, etc., and (ii) contact details – mailing address, e-mail address, telephone number, etc.
• Processing time: The data are processed for the duration of the obligation from the contract and for 3 years after the termination of the contract.
f) Direct Marketing – Manager Products Not Related to the Application
• Legal basis: User consent.
• Scope: (i) identification data – first name, surname, date of birth, address of permanent residence, etc., and (ii) contact details – mailing address, e-mail address, telephone number, etc.
• Processing time: The data are processed for the duration of the obligation under the contract and for 3 years from the termination of the contract or until the consent of the User is withdrawing.
g) Direct Marketing – Third Party Products Related or Not Related to the Application
• Legal basis: User consent.
• Scope: (i) identification data – first name, surname, date of birth, address of permanent residence, etc., and (ii) contact details – mailing address, e-mail address, telephone number, etc.
• Processing time: The data are processed for the duration of the obligation under the contract and for 3 years from the termination of the contract or until the consent of the User is withdrawing.
2. About the reindeer data is obtained exclusively from the User.
3. In the event that the legal basis is the consent of the User, consent is given for the purpose of the processing separately and the Controller processes the data only for the purposes for which the consent was granted.
When processing the user's personal data, automated individual decision-making and profiling are not carried out
Recipients of personal data
1. The Controller is entitled, in justified cases and to an appropriate extent, to transfer the personal data of the User to other recipients – processors who process personal data according to his instructions, in particular:
a) cloud or hosting service providers;
b) payment gateway operators;
c) contractors providing some functionality of the Application;
d) accounting companies, etc.
2. Furthermore, the controller shall be entitled, where justified, and to an appropriate extent, to transmit personal data to public authorities if this is necessary for:
a) compliance with generally binding legislation or an enforceable application by the competent authority;
b) claim of the Administrator against the User; or
c) protection against damage to the rights, property, or safety of the Company, the User, other customers of the Administrator, or the public, to the extent permitted by generally binding legislation.
3. The User's personal data are not transferred to third countries or international organizations outside the European Union.
Cookies
1. The Administrator's website (www.loxper.com) may contain third-party cookies, which are used to obtain anonymous statistics on traffic and typical behavior on individual pages.
2. Asa rule, third parties do not store the User'spersonal data in connection with cookies, as the identity of the visitor to the site is unknown to them.
Rights of the User as a data subject
-
Each user has the following rights in connection with the processing of his/her personal data by theController:
-
Right to information on the processing of personal data
The User has the right to be informed by the Controller about the processing of his/her personal data, which means, in particular, information on the purpose of the processing, the identity of the controller, the legitimate interests of the controller, the recipients of personal data, etc.
-
Right of access to personal data
The User has the right to request confirmation that the Controller processes his/her personal data and if so, obtain a copy of this data and the information resulting from Article 15 GDPR.
-
Right to rectification
Under the terms of Article 16 of the GDPR, the User has the right to request the rectification or addition of his/her personal data in the event that the Controller processes incorrect or incomplete data. At the same time, the User is obliged to notify the Administrator without delay of the change in his/her personal data.
-
Right to erasure
Under the terms of Article 17 GDPR, the User has the right to request the erasure of his/her personal data.
-
Right to restriction of processing
Under the terms of Article 18 of the GDPR, the User has the right to request a restriction on the processing of his/her personal data.
-
Right to data portability
If the processing is based on the consent of the User or is carried out for the purpose of fulfilling obligations under the contract to which the User is a party, and at the same time the processing is carried out by automated means, the User has the right under the terms of Article 20 GDPR to receive his/her personal data obtained from him by the Controller in a structured, commonly used and machine-readable format. If the User so requests and if technically possible, the Administrator will transfer the Personal Data of the User directly to another administrator.
-
Right to object
If the Controller processes the Personal Data of the User on the basis of his or her legitimate interests or the legitimate interests of a third party, the User has the right to object to such processing in accordance with Article 21. The User has the right to object to the processing of his personal data for direct marketing purposes at any time and in this case, the Controller will not process the User's personal data for this purpose.
-
Right to withdraw consent
The User has the right at any time to withdraw his/her consent to the processing of personal data processed by the Controller on the basis of the given consent, under the terms of Article 7 GDPR.
-
The right not to be subject to automated individual decision-making, including profiling
The user has the right not to be subject to any decision based solely on automated processing, including profiling, which has legal effects for him or her or significantly affects him or her. The automated decision-making is permissible in accordance with Article 22 GDPR where it is necessary for the conclusion or performance of a contract between the User and the Administrator, if it is permitted by European U law or a Member State or if it is based on the express consent of the User.
-
Right to lodge a complaint with the supervisory authority
If the User considers that the Controller processes his/her personal data in violation of generally binding legislation on the protection of personal data, he or she has the right to lodge a complaint with the supervisory authority in accordance with Article 77 GDPR.
-
The aforementioned rights may be exercised by the User against the Administrator via Application, e-mail address jaroslav@loxper.com, web addresses www.loxper.com and/or by post at the address of the Administrator's registered office.
-
The user may also exercise his rights with the supervisory authority, which is the Office for Personal Data Protection in the Czech Republic, Id. No.: 708 37 627 with its registered office at Pplk. Sochora 27170 00 Praha 7, tel.: 234 665 111, e-mail: posta@uoou.cz, web: www.uoou.cz, databox ID: qkbaa2n.
Final provisions
These conditions are valid and effective on 6 June 2020.