Personal Data Protection Policy
1. Personal Data Protection Policy
1.1 By registering in the PinCity application, the user confirms that he/she has read and understood this Personal Data Protection Policy and accepts it in its entirety.
1.2 The provider is a controller of the user's personal data pursuant to Article 4 (7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “GDPR”). The provider undertakes to process personal data in accordance with the applicable law, in particular with the GDPR.
1.3 When registering, the user is required to provide the following personal data in order to ensure the successful processing of the order: first name, surname and email address. The purpose of the processing of personal data is the processing of the registration, commenting on projects, creating citizen projects and any communication related to the citizen projects.
1.4 When registering, the user may consent, in the form of an opt-in, to receiving commercial communications. In such a case:
- 1.4.1 The user agrees to the use of his/her personal data also for the purpose of the electronic sending of commercial communications by the provider, but no more frequently than once a week.
- 1.4.2 The user may revoke the consent under this section at any time in writing to [email protected].
1.5 The provider uses the services of subcontractors in order to perform a license agreement. Personal data may be stored in third countries. The subcontractors have been checked for the secure processing of personal data. The provider has concluded an agreement on the processing of personal data with the subcontractors.
1.6 The provider stores the user's personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between the provider and the user and to assert claims arising from this contractual relationship (for a period of 15 years from the termination of the contractual relationship). Upon expiry of this period, the data will be deleted.
1.7 The user has the right to request from the provider access to his/her personal data pursuant to Article 15 GDPR, rectification of personal data pursuant to Article 16 GDPR, or restriction of processing pursuant to Article 18 GDPR. The user has the right to erasure of personal data pursuant to Article 17 (1a), and (1c to f) GDPR. Furthermore, the user has the right to object to the processing pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR.
1.8 The user has the right to lodge a complaint with the Data Protection Authority if he/she believes that his/her right to data protection has been violated.
1.9 The user is under no obligation to provide his/her personal data. However, the provision of personal data is a necessary requirement for the conclusion and performance of the contract, and without the provision of personal data the contract cannot be concluded or performed by the provider.
1.10 There is no automatic individual decision-making on the part of the provider within the meaning of Article 22 GDPR.
2. Rights and Obligations between the Controller and the Processor (Processing Agreement)
2.1 The provider is the processor in relation to the personal data of the user's clients pursuant to Article 28 GDPR. The user is the controller of this data.
2.2 The provider undertakes to process personal data on behalf of the user to the extent and for the purposes set out in Articles 2.3–2.5 of this Personal Data Protection Policy. The means of processing will be automated. The provider is not entitled to process personal data contrary to or in excess of the scope set out in this Personal Data Protection Policy.
2.3 The provider undertakes to process on behalf of the user the ordinary personal data of the user's clients that the user has obtained in connection with his/her own business activities for the purpose of providing the PinCity platform by way of a license agreement.
2.4 Personal data may only be processed at the workplaces of the provider or its subcontractors, as referred to in Articles 2.6–2.7 of this Personal Data Protection Policy, in the territory of the European Union.
2.5 The provider undertakes to process the personal data of the user's clients on behalf of the user for the time necessary to exercise the rights and obligations arising from the contractual relationship between the provider and the user and from the exercise of claims arising from these contractual relationships.
2.6 The user grants permission to involve a subcontractor as an additional processor pursuant to Article 28 (2) GDPR. The provider must impose on its subcontractors in the capacity of the processors of personal data the same data protection obligations as set out in this Personal Data Protection Policy.
2.7 The provider undertakes that the processing of personal data will be secured in accordance with Article 32 GDPR.
2.8 The user undertakes to promptly report all the facts known to him/her that could adversely affect the proper and timely performance of the obligations arising from this Personal Data Protection Policy and to provide the provider with the cooperation necessary for the performance of this Personal Data Protection Policy.
3. Final Provisions
3.1 This Personal Data Protection Policy expires on the expiry of the period set out in Articles 1.6 and 2.5 of this Personal Data Protection Policy.
3.2 The user agrees to this Personal Data Protection Policy by checking the consent box on the online form. By checking the consent box, the user indicates that he/she has read and understood this Personal Data Protection Policy, that he/she agrees to it and that he/she accepts it in its entirety.