1 IDENTIFICATION OF CONTROLLER, CIRCLE OF DATA SUBJECTS AND INITIAL INFORMATION
1.4 This Document deals with the processing of personal data and adherence to the basic principles of lawful processing of personal data based in particular on performing the necessary processing of personal data lawfully, fairly vis-à-vis all interested parties and transparently vis-à-vis the Data Subjects. We continually place great emphasis on the security of personal data processing, while minimising data and processing operations to the minimum necessary to properly conclude our mutual Agreement and fulfil the obligations under it.
1.5 You make a declaration of having familiarised itself with this Document published on the Website, valid at the time of conclusion of the Agreement, in the form of a confirmation of your will to be bound by its provisions as well as the provisions of the General Terms and Conditions, by downloading and installing our Application as well as creating an Account needed for the use of our Services in accordance with the General Terms and Conditions, whereby you express your will to conclude an Agreement with us.
2 LIST OF PERSONAL DATA SUBJECT TO PROCESSING, PURPOSE OF PROCESSING AND LEGAL BASIS CONCLUSION OF THE AGREEMENT
2.1 We process your personal data for the purposes of downloading and installing the Application as well as creating an account for proper use of our Services, on the legal basis of performance of the Agreement pursuant to Article 6(1)(b) of the GDPR to the following extent:
name and surname, e-mail address, mobile phone number, data relating to the company the Data subject is acting on behalf of (company name, address, website), account number and other.
We may come into contact also with other personal data included in documents, data and information uploaded by the Data subject while using our services, the nature of which might not be specified at this moment. Regarding the provision of data exceeding the scope necessary for the provision of our services we implement the data minimization principle.
The provision of personal data pursuant to this clause 2.1 shall constitute compliance with the requirement to conclude an agreement, and you are not obliged to provide us with these personal data. However, the possible consequences of not providing the personal data shall constitute the impossibility to execute a registration and creatin of an account and impossibility of provision of the Services.
The period of processing of personal data shall constitute the period from the conclusion of the Agreement, during the performance of mutual obligations, until the expiration of the period for exercising any rights and legal claims arising from the Agreement (for example, the period for making a warranty claim, the period for claiming damages).
2.2 We process your personal data even after the completion of the fulfilment of obligations arising from the Agreement (especially the provision of the Service). In fact, both parties to the Agreement have the right to exercise claims for liability for defects and damages as well as to make complaints and they also have a statutory or contractual right to withdraw from the Agreement. For the purposes of making a complaint, withdrawing from the Agreement, exercising claims for the liability for defects and damages (the “Postcontractual Obligations”), we process your personal data on the legal basis of statutory obligation pursuant to Article 6(1)(c) of the GDPR to the extent specified in clause 2.1 as well as data on the Service subject to the complaint and data provided when making the complaints.
The provision of personal data pursuant to clause 2.3 shall constitute fulfilment of the statutory
requirement; this creates an obligation for you to provide us with the data. The possible consequences of failing to provide these data shall constitute the impossibility to fulfil our obligations under the Postcontractual Obligations arising from both the contractual provisions and laws. The retention period of personal data shall be the period from the date of exercising the claim for performance arising from the Post-contractual Obligation until the end of the provision of our performance and possible subsequent settlement of mutual performances (for example, until the legal proceedings are finally completed).
2.3 In addition to processing your personal data on the legal basis of statutory obligation, we also process your personal data for the purpose of exercising our claims only. These are, for example, cases where due to non-compliance with the contractual conditions, we have a receivable owed to us by the Customer, or where damage has been inflicted on us. In such a case, we process your personal data on the legal basis of legitimate interest pursuant to Article 6(1)(f) of the GDPR to the following extent: data contained in the agreement pursuant to clause 2.1 of this Document, data processed within the process of making a complaint pursuant to clause 2.3 of this Document, and data kept by third parties (e.g., data kept in books).
The purpose of the processing of your personal data pursuant to this clause of this Document is our
legitimate interest, being the protection of our property and protection against unjust enrichment, and you shall tolerate this processing even without your consent. The retention period of personal data shall constitute the statutory limitation period of individual rights and the limitation period for the exercise of individual claims arising from the contractual relationship as well as from breaches of laws in force during the validity of the Agreement.
COOKIES AND USE OF THE WEBSITE AND APPLICATION
2.5 Cookies the use of which is necessary for the proper functioning of the Website and Application are used without your consent; in the case of cookies that improve the functionality of the Website and Application and store some of your data and information, you have the opportunity to grant or not grant your consent to their use immediately upon visiting the Website or installing the Application.
The legitimate interest in the processing of personal data under this clause is the interest in the proper functioning of the Website and Application, its protection, as well as the proper performance of business activities operated through the Website and Application. In the case of processing personal data on the legal basis of consent, you have the possibility to withdraw your consent at any time; however, the withdrawal will not affect the lawfulness of the processing based on the consent before its withdrawal. The retention period of personal data shall be the duration of the legitimate interest or the duration of the consent.
2.7 All cookies that our Website and Application may store on your end device can be checked and deleted. By appropriately setting the preferences of the internet browser, it is possible to prohibit the use of the cookies effectively and completely. Generally, it can be stated that it is necessary to switch on the function that is usually called “Protection against spying” in the internet browser.
3 INSTRUCTIONS ABOUT THE RIGHTS OF THE DATA SUBJECT
3.1 We are committed to preserve the integrity and confidentiality of your personal data. Therefore, we strive for the strong protection of personal data not only through individual modern technical and organisational precautions, but also by making available the possibility to exercise the rights of the Data Subject at any time through a written signed application implying the identity and the right that the Controller is requested to exercise by the Data Subject. You may send the applications to exercise the right to the Controller to our e-mail address: firstname.lastname@example.org.
3.2 Please note that in cases where the legal basis for the processing of personal data is your consent, you may withdraw your consent at any time. You may withdraw your granted consent to the processing of personal data at any time by contacting the Controller by sending a written request to the e-mail address email@example.com; withdrawal of your consent shall not affect the lawfulness of processing of your personal data before its withdrawal.
3.3 In cases where the legal basis for the processing of your personal data is the protection of the rights and legally protected interests of the Controller (Article 6(1)(f) of the GDPR), we may process your related personal data even without your consent, and you shall tolerate such processing. Notwithstanding the above, if we process your personal data on the legal basis of legitimate interest, you have the right to object to the processing of your personal data. In such a case, we will consider whether there are, in a particular case, the necessary legitimate reasons for processing that override your interests, rights and freedoms (for example, reasons to prove, exercise or defend legal claims).
3.4 At the same time, you have the right of access to personal data (Article 15 of the GDPR), right to rectification (Article 16 of the GDPR), right to erasure (Article 17), right to restriction of processing (Article 18 of the GDPR), right to data portability (Article 20 of the GDPR), right to object to processing (Article 21 of the GDPR), right to request a review of an individual decision based on the automated processing of personal data (Article 22 of the GDPR).
3.5 Please note that we may request that you credibly demonstrate your identity when dealing with your application to exercise the right of the data subject, especially if you apply to exercise your right in a manner other than a signed written letter, e-mail with credible qualified electronic signature or in person at the registered office of our company (e.g., in the case of common e-mail requests or telephone calls).
3.6 Each delivered application to exercise the right of the data subject will be assessed individually and competently; we will always inform you about the result within 30 days of the receipt of the application.
3.7 DingoDot‘s use and transfer to any other app of information received from Google APIs will adhere
to Google API Services User Data Policy, including the Limited Use requirements, read more at:
4 CONTROLLER’S POLICY AND GUARANTEES
4.1 We do not publish or transfer personal data without your consent to any third country that would not provide for the appropriate level of protection of personal data. We guarantee that your personal data be processed solely in the territory of EU member states.
4.2 The personal data may only be published on the basis of your individually expressed consent or your knowledgeable conduct (e.g., publication of the content in the form of a review of our Services on our Website). In this context, we wish to inform you that by posting posts, photos or performing any activity resulting in you being identified on our Website and Application, your personal data is processed and your conduct grants us “tacit” consent to the processing of your personal data for our marketing activities.
4.3 We regularly review and revise not only the security measures taken to ensure a high security of personal data processing, but also other procedures and rules designed to protect privacy and personal data, and we can work together with an expert appointed as Data Protection Officer (DPO).
4.4 During the data transfer through a publicly accessible computer network between your end device and our server, we use appropriate means of encrypted protection of information. Similarly, we store all data and personal data on the specified data storages that are protected by appropriate means of encrypted protection of information.
4.5 We guarantee that we will not make any consents to the processing of personal data conditional on the conclusion or performance of an agreement.
4.6 We process and use your personal data solely for the purpose defined in this Document. If the purpose of processing your personal data ceases to exist (in whole or in part), we shall examine whether there is another purpose for processing specific personal data at that time, and if there is not, the processing and storage of personal data will be terminated – this in relation to personal data in full or in relation to individual personal data for which the purpose of processing has ceased to exist.
4.7 All entities other than us that legally participate in the process of processing of personal data are
transparently identified in this Document together with their status under the GDPR. We will not perform any processing operation on your personal data in respect of a third party and/or a recipient if the third party and/or the recipient is not transparently identified in this Document and at the same time we lack the legal basis to do so pursuant to Article 6 of the GDPR.
The following persons shall be the recipients of personal data:
Entities providing us with legal services, accounting services, IT services, marketing and other
professional services i.e. business consulting services.
4.8 All recipients of personal data shall access these personal data exclusively based on an authorisation granted by us; they are legally bound by specific obligations and legal guarantees enhancing the personal data protection of the Data Subjects.
4.9 We guarantee that we will not disclose any information and personal data about the content of internal communication conducted through our Website and Application or through other means to any unauthorised natural or legal persons, except for the authorised government authorities of the Germany in the exercise of their powers in accordance with the relevant special laws in effect in German laws.
4.10 We do not disclose your personal data to any parties for commercial purposes without you granting your individual and free consent in advance. We also consider it necessary to inform you that part of the processing of personal data related to the use of the features integrated into the Website may be performed separately and completely independent of us by third parties acting as independent controllers different from our personal data information systems; in those cases, these are mainly operators of “payment gateways” for making cashless payments via the Internet. You disclose your personal data to these third parties directly without us entering or influencing this process in any way. This part of the processing of personal data shall be governed by internal policies and precautions adopted by these third parties and we have no influence on that processing of personal data, including the possibility to exercise the rights of the Data Subject about which we inform you in this Document.
4.11 We carefully screened our business partners (the so-called processors) who we allowed to process your personal data considering their practical ability to ensure the safety and lawfulness of the processing of your personal data.
4.12 However, as part of the provision of your personal data to third parties, we follow the rule of providing personal data only to the extent necessary to achieve the necessary purpose (for example, in the case of accounting services, only the data necessary to achieve the purpose of proper accounting for the Services provided and payments received).
4.13 When processing personal data and communicating with the Data Subjects, we use, in addition to regular telephone and email communication, the communication options provided through our Website and Application.
4.14 We process the personal data of minors only if they have been provided to us by their legal representative for the purposes of performing the Agreement, for the purpose of fulfilling our legal obligations, protecting rights and legally protected interests or for the purpose of processing them for purposes to which consent is required provided that the legal representative has granted this consent to the processing of the personal data of the children.
4.15 If within our communication and in addressing specific requests, in addition to the information we request, you include on your own initiative information that we do not need and at the same time that could be sensitive or could result in a sensitive nature revealing data from a specific category of personal data that we do not require or are not necessary to provide proper contractual performance, we will (if possible) ensure their immediate erasure or modification to a more neutral meaning, which does not allow the creation of a special category of personal data from such additionally obtained additional information. At the same time, we would like to ask you not to state any unnecessary data and information of a private nature about yourself in our mutual communication when ordering the Services, which are not directly related to our contractual performance and conclusion of a particular Agreement.
5 FINAL PROVISIONS
5.1 If you do not agree or do not sufficiently understand the content or meaning of any part of this Document, we will welcome your factual reservations and comments that we will discuss with you with a view to protect and support your rights and prevent the occurrence and increase of any risks for your rights and freedoms that could be caused or influenced by the conclusion of the agreement to purchase the Services and/or other processing of personal data in this Document.
5.2 We regularly revise and update this Document; the current version of the Document published on the Website is always valid.
5.3 You may address your complaint related to the processing of personal data to the supervision authority, which is the Office for Personal Data Protection of the Germany. Contact details of the supervision authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Tel.: +49 30 13889-0
Fax: +49 30 2155050
In Berlin, Germany
December 20th, 2021
DingoDot GmbH, Peter Fusek, CE