Privacy Policy

1. Introductory provisions

1.1 This Privacy Policy is an integral and binding part of the General Terms and Conditions of Use of the Portal.

1.2 Capitalized terms and definitions used in this Privacy Policy but not defined herein shall have the meaning ascribed to them in the General Terms and Conditions of Use of the Portal.

2. Processing of personal data and contact details of the controller

1. Personal data is any information relating to an identified or identifiable data subject (natural person) ("Personal Data"). All Personal Data of the User (natural person) is processed in accordance with the Terms and Conditions and generally binding legislation, in particular Act No. 101/2000 Coll., on the protection of personal data and on amendments to certain acts, as amended (hereinafter referred to as the "Personal Data Protection Act"). This is without prejudice to the obligation of the Personal Data Controller to provide information about the User to third parties or public authorities in cases regulated by law.

2. The User's rights relating to the processing of his Personal Data are governed by the Personal Data Protection Act.

3. The administrator of the User's Personal Data is Biano s.r.o., ID No.: 04146905, with registered office at Křižíkova 148/34, 186 00 Praha 8 - Karlín. The Administrator can be contacted by e-mail at info@densy.io or at the address of the registered office at Křižíkova 148/34, 186 00 Praha 8 - Karlín. The Data Controller determines the purpose and means of processing Personal Data, carries out the processing and is responsible for it.

3. Sources and purpose of the processing of Personal Data

1. When using the Portal, Personal Data is processed in the following cases:

   • When filling in the registration form or sign-in via Google (click on "Continue with Google"). The Controller processes the following Personal Data:
     • e-mail and password;
     • name, nickname, profile photo;
     • organization name, organization logo, VAT, telephone number;
     • billing information - ID number, company name, street, city, zip code, country, billing email;
     • country, currency, VAT number - if you provide them;

     These data are needed by the Administrator to enable the User to log in to the user account. Without these data, he/she is unable to enable the login and use of the account. The password is stored in encrypted form and cannot be accessed. These user data is needed to be able to identify the User. It needs billing information to issue an invoice.

   • If you contact the Administrator. The Controller processes the following Personal Data:
     • Email and message content;
     • telephone number - if you provide it.

     This data is needed by the Controller in order to answer the User and to know what the User has asked and what the User was interested in.

4. Lawful reason for processing Personal Data

1. The User's personal data is processed for 4 lawful reasons:

   • On the basis of the User's consent;

     By ticking the box "I agree to the processing of my Personal Data in accordance with the General Terms and Conditions of Use and the Privacy and Cookie Policy", which is placed in the registration form as part of the registration for the Portal, the User gives consent to the processing of his Personal Data in accordance with the Terms and Conditions and this Privacy Policy. The User is obliged to read the Terms and Conditions and the Privacy Policy before completing the registration on the Portal. Giving consent to the processing of Personal Data under this Article is one of the conditions for completing the Portal Registration and using the related services.

   • Based on the so-called legitimate interest of the Controller;

     The Administrator processes Personal Data based on its legitimate interest in maintaining its operations and improving its services, unless these interests are overridden by the rights and freedoms of the User.

   • If the Administrator and the User have concluded a contract for the provision of services, the Administrator processes Personal Data for the purpose of performance of the contract;

     This includes all necessary actions from setup, management, and billing to providing ongoing user support.

   • Where the obligation to process is imposed on the Controller by applicable law.

     This includes compliance with tax laws, anti-fraud laws, and other regulations where processing personal data is mandatory.

2. The User acknowledges that the consent to the processing of Personal Data may be revoked at any time by written notice sent by registered letter to the address of the Administrator's registered office or to the Administrator's e-mail address info@densy.io.

3. We intend to be in regular contact with Users. Therefore, if you have entered into a contract with us, we may send you a so-called business communication (newsletter) by e-mail, or if you have created an account, we may also send you informational e-mails regarding your activities on our website. The Administrator sends these e-mail messages on the basis of so-called legitimate interest. In each e-mail, the User may unsubscribe from these messages. The User may refuse the sending of such messages in advance by sending an e-mail to info@densy.io or by editing the settings of your user account.

4. If the User consents, the Administrator may also retain the User's email for purposes other than those set out above. For example, to communicate information about other promotions and merchandise. The User may withdraw consent at any time.

5. Retention period of Personal Data

1. All Personal Data of the User shall be processed for the period necessary to carry out the purposes of processing set out in the Terms and Conditions and in generally binding legal regulations. After the expiry of the period, the Controller shall anonymise the data. For the specified period of time, it keeps them in order to know what it has undertaken and to be able to respond correctly.

   • The Controller processes personal data from the account for as long as the account is active. After 2 years of inactivity, the Controller deletes the account and retains the data for a further 5 years.
   • If the Administrator processes Personal Data based on the User's consent, the Administrator shall keep the data until the User withdraws the consent, but no longer than 2 years after the consent is given. If the User withdraws consent, the Personal Data shall be deleted or not used for the purposes for which the User's express consent was given;
   • Legislation imposes an obligation on the Controller to retain certain Personal Data for longer periods of time.

6. Recipients of Personal Data

1. Personal Data processed by the Controller will be disclosed to the Controller's employees, auditors and advisers.

2. Personal data processed by the Controller may be transferred to third parties and abroad, in particular to subsidiaries of the Controller, under the conditions set out in the Data Protection Act. This includes, but is not limited to, transfers to:

   • Google, Facebook, Seznam, Microsoft (Bing, Clarity), Hubspot, Mailchimp.

7. User Rights

1. If the User discovers or believes that the Administrator is processing his Personal Data in violation of the protection of his private and personal life or in violation of the Personal Data Protection Act, the User is entitled to:

   • Request the Administrator to correct - if the Personal Data is incorrect or outdated;
   • Object - if the User believes that the Controller is processing Personal Data beyond our legitimate interest, the User may object to such processing, which we must address;
   • Ask the Controller for erasure (right to be forgotten) - at the User's request, the Controller will erase any personal data we hold about the User. However, it may be that there is some other reason which entitles or obliges the Controller to retain the data (e.g., an obligation arising from the Accountancy Act etc.), in which case the deletion cannot be carried out;
   • Request the Controller to restrict processing - in some cases the Controller may retain Personal Data but may not handle it in any way; these situations are as follows:
     • If the User denies the accuracy of the data and the Controller needs to verify the User's communication;
     • If the Personal Data is processed unlawfully, but the User does not wish the Administrator to delete it and instead of deletion only requests a restriction of processing;
     • If the Controller no longer needs the Personal Data, but the User requests that it be retained for the purpose of asserting his/her legal claims;
     • If the User objects to the processing, while the Controller verifies whether the Personal Data will continue to be processed in the important interest of the Controller or will not be processed;
   • Request the Controller to transfer the data - If the User requests it, the Controller will provide the User with the Personal Data that it processes on the basis of a contract or consent and also processes it by automated means. It will provide such data in a commonly used, machine-readable format. Alternatively, it may transfer such data to a controller designated by the User, provided that the User consents to the transfer;
   • If the User believes that the Controller is in breach of the rules on processing personal data, the User may contact the Data Protection Authority and lodge a complaint.

8. Cookies

1. Cookies are used in the operation of the Portal. Cookies are small data files that are stored on the User's computer, smartphone, or other terminal device through which the User accesses the Internet when visiting the website. Cookies are used by the Administrator to make the User's use of the website more pleasant and easier. Learn more about the processing of cookies here.

9. Final provisions

1. These Terms and Conditions shall come into force on 1 January 2024.