PERSONAL DATA PROCESSING POLICIES

The operator of the service imagedit.io is obliged to protect the provided personal data as strictly confidential and to handle them in accordance with the applicable legal regulations in the field of personal data protection.

The data controller is Jan Kuthan, with the registered office at Mariánovice 42, Benešov u Prahy, 25601, ID No: 74900722 (hereinafter referred to as "controller"). The controller, in the sense of the General Data Protection Regulation (Regulation (EU) 2016/679), collects, stores, and uses (or otherwise processes) your personal data for the performance of its business activities (the individual purposes for which personal data are processed are specified below), which consists of providing an online tool that allows users to edit images in real-time via API (Application Programming Interface).

These Personal Data Processing Policies apply to

  1. processing of personal data carried out by the Controller during your use of the imagedit.io websites
  2. processing of personal data carried out by the Controller during communication with you via email or phone
  3. processing of personal data in the fulfillment of legal obligations of the Controller
  4. processing of personal data necessary for the purposes of protecting the legitimate interests of the Controller.

PROCESSED PERSONAL DATA

The controller is authorized to process the following personal data:

  1. identification data, especially name, surname, title, VAT No, nickname chosen for using the service
  2. contact details, especially phone number, email, address, bank details
  3. data obtained in connection with the provision of the service, including related communication
  4. other data obtained based on consent.

PURPOSES OF PROCESSING PERSONAL DATA

Your personal data may be processed by the Controller for these purposes:

  • Fulfillment of the contract, including its negotiation (service provision contracts)
  • Fulfillment of legal obligations (especially obligations under accounting and tax legislation, i.e., transferring personal data to financial administration bodies, or other public authorities in accordance with relevant legal regulations)
  • Sending commercial communications, offering services and products, and targeting advertising (The Controller may send commercial communications or newsletters, and offer services via email)
  • Protection of the legitimate interest of the Controller
  • Protection of the legitimate interest of third parties
  • Processing requests sent via electronic forms.

RECIPIENTS OF PERSONAL DATA

The Controller makes your personal data accessible only to authorized employees and cooperating persons or individual processors of personal data contractually agreed upon by the Controller, or other controllers, but always only to the extent necessary for fulfilling the individual purposes of processing and based on an appropriate legal title for processing personal data. Personal data may also be shared by the Controller with third parties to the necessary extent, which are especially providers of IT services, accounting services, and other professional advisors, auditors, translators.

The Controller transfers personal data to these platforms, respectively, third parties:

  • AWS: hardware infrastructure provider
  • GoPay: payment gateway provider
  • Brevo: marketing platform overseeing email services
  • Google Analytics: web user analytics
  • smartsupp.com: online support on the website

In legally stipulated cases, the Controller is authorized, or obliged, to transfer some personal data based on valid legal regulations, for example, to bodies active in criminal proceedings or other public authorities.

DURATION OF PERSONAL DATA STORAGE

Personal data will be stored for the period necessary to fulfill the specified purpose, unless legal regulations require the processing of personal data for a different specified period. Personal data obtained based on consent are processed only for the duration covered by the given consent, at most until its withdrawal.

DATA SUBJECTS' RIGHTS

As a data subject, you have rights in connection with the processing of personal data that arise from legal regulations and which you can exercise at any time. These rights include:

  1. The right to access personal data: you have the right to obtain information about whether your personal data are being processed, and the right to access them.
  2. The right to rectification of inaccurate and completion of incomplete personal data: The Controller will carry out the correction or completion of data without undue delay, always, however, considering technical possibilities.
  3. The right to erasure: If you request erasure, the Controller will delete your personal data if (i) they are no longer necessary for the purposes for which they were collected or otherwise processed, (ii) the processing is unlawful, (iii) you object to the processing and there are no overriding legitimate grounds for processing your personal data, or (iv) the legal obligation to process has lapsed under the law of the European Union or national legal regulations.
  4. The right to restriction of processing of personal data: If you request the restriction of processing, the Controller will make the personal data inaccessible, temporarily remove or store them, or perform other processing actions that will be necessary for the proper exercise of the exercised right.
  5. The right to data portability: If you wish the Controller to transfer personal data about you, which he processes electronically based on a contract or consent and which you have provided to him, to a third party, you can use your right to data portability. If the exercise of this right would adversely affect the rights and freedoms of other persons, the Controller may not be able to comply with your request.
  6. The right to object: The right to object to the processing of personal data that are processed for the purposes of performing a task carried out in the public interest or in the exercise of official authority or for the purposes of protecting the legitimate interests of the Controller. If the Controller does not demonstrate that there is a serious legitimate reason for processing that outweighs the interest or rights and freedoms of the data subject, processing based on the objection will be terminated without undue delay.
  7. The right to lodge a complaint: The Office for Personal Data Protection supervises privacy and personal data protection, address: Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.