PRIVACY NOTICE FOR PERSONS ENGAGED IN PAYMENT PROCEDURE UNDER ART. 13 AND 14
of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the „GDPR“)
In view of the fact, that you or a third party (the Licensee) provided us (for the purposes of this Privacy Notice: “controller”, “we” shall mean the entity specified in the License agreement (the “Agreement”) as the Licensor (Spaceflow s.r.o.), of which you are in the position of the person (cardholder) making payment on behalf of the Licensee, and shall include our subsidiaries and/or affiliates) with your personal data, we are obliged to inform you, as a data subject, that while processing your personal data we are, in fact, the controller under the GDPR and all applicable laws and therefore we provide you with further information regarding such processing.
WHAT LAWFUL REASONS DO WE HAVE FOR PROCESSING YOUR PERSONAL DATA?
We process your personal data under Art. 6 (1) (f) GDPR – therefore our legal basis is a legitimate interest.
WHAT IS OUR LEGITIMATE INTEREST?
We process your personal data to ensure that our contractual obligations arising from the Agreement with a third party, of which you are in the position of the person making payment on behalf of the third party (the Licensee) under the Agreement for such third party (the Licensee), are effectively fulfilled.
WHY DO WE NEED YOUR PERSONAL DATA?
We aspire to be transparent when we collect and use your personal data and tell you why we need it (the purpose). Since we conducted a contract with a third party (the Licensee), of which you are in position of the of the person (cardholder) making payment on behalf of the Licensee, we need to process your personal data in order to make a payment under such contract (the Agreement).
WHAT CATEGORIES OF PERSONAL DATA DO WE COLLECT?
To fulfil our purpose the best way we can, we need to collect following personal data: name, surname, card number, signature, other personal related (identifying/person-identifiable data) on payment (credit/debit card).
HOW LONG DO WE STORE YOUR PERSONAL DATA?
We store them through our payment processor (see below) company Adyen for processing payments. As soon as we no longer need your personal data for the processing purposes for which the personal data were collected, it will delete them unless the statute-barred period applies. Certain details and correspondence may be retained until the time limit for claims (contractual and statutory liability), in respect of the pre-contractual or contractual relationship has expired or in order to comply with regulatory requirements regarding the retention of such data (in such cases the legal basis shall be an applicable was imposing statutory duty to process a personal data).
DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES?
We may share your personal data with trusted third parties to help us fulfil our purpose. These recipients are contractually bound to safeguard your personal data that we entrust to them. We may engage with several or all the following categories of recipients:
- Adyen N.V., a company registered with the Dutch Chamber of Commerce under number 34259528 and having its seat at Simon Carmiggeltstraat 6-50, 1011 DJ in Amsterdam, the Netherlands as a payment operator and processor of personal data of the card holder.
- In the event of a statutory duty or an effective administrative or judicial decision, judicial, administrative or police authorities may be the recipients of such data.
TRANSMISSION OF PERSONAL DATA TO THIRD COUNTRIES OR THIRD PARTIES:
Your personal data are processed within the territory of the country of the registered seat of the processor (Adyen) and other states of the European Union. Your personal data can be processed by a country outside of European Union if this third country has been confirmed by the European Commission as a country with adequate level of data protection or if other appropriate data protection safeguards exist (for example, binding corporate privacy rules or EU standard data protection clauses).
IS THERE ANY AUTOMATED DECISIONS-MAKING?
WHAT ARE YOUR RIGHTS?
Under the GDPR you have the following rights to process your personal information:
- Access to personal data we process about you;
- Rectification of incorrect or inaccurate personal data and add incomplete personal data;
- Restriction, i.e. blocking of processing of your personal data;
- The deletion of personal data in case the purpose absence or unauthorized data processing;
- Submission of an objection to the processing of personal data if you believe that our data processing is not justified;
- Right to portability of the personal data (if applicable);
- Be excluded from automated decision making.
HOW CAN YOU EXERCISE YOUR RIGHTS?
Spaceflow s.r.o., registered seat at: Pernerova 676/51, Karlín, 186 00 Praha 8
Telephone: +420 775 921 992
We strive to protect your privacy as much as possible and therefore We process your personal data in compliance with the GDPR and all other relevant laws. However, if you disagree with the way we handle your personal information, you can file a complaint with our data protection officer to protect your rights.
WHO CAN YOU CONTACT FOR PRIVACY QUESTIONS OR CONCERNS?
If you have any questions or comments or you want to report your concerns or enjoy your rights, please contact us or our data protection officer:
Data Protection Officer’s contact:
JUDr. Theodor Klán, attorney-at-law
Seat at: Rohanské nábřeží 678/25, Prague 8 – Karlín
Or you can file a formal complaint with the local data protection supervisory authority; further information about the different EU Supervisory Authorities and how to contact them is available at here.