Personal Data Protection at PDFix, s.r.o.
Information pursuant to Section 15 (1) of Act No. 18/2018 Coll. on Personal Data Protection in the wording of subsequent regulations
In order for you to use the PDFix SDK, we need your Personal data. We process this data in accordance with Act No. 122/2013 Coll. on Personal Data Protection as amended, and only use for the specified purpose.
1. Data controller
The information system is operated by:
- Registered name: PDFix, s.r.o.
- Registration: Business Register of the Bratislava I District Court, Section Sro, file no. 112512/B
- Registered Office: Jilemnického 2346/3, 900 31 Stupava
- Corporate ID: 46 248 650
- Tax ID: 2023298024
- VAT ID: SK2023298024
- e-mail: firstname.lastname@example.org
(hereinafter referred to as “Data controller”)
2. Purpose of Personal Data Processing
The Data controller shall process Personal data for the following purposes:
- keeping records of PDFix SDK users,
- keeping records of its customers,
- concluding a License Agreement with the Licensee at www.pdfix.io and meeting obligations arising from that agreement and the generally binding legal regulations,
- concluding a Technical Support Agreement with the Licensee at www.pdfix.io and meeting obligations arising from that agreement and the generally binding legal regulations,
- providing services to PDFix SDK users,
- implementing marketing activities,
- operating a loyalty scheme.
3. List of Processed Personal Data
The Data controller shall process the Personal data of Data subjects within the extent stipulated in the respective legal regulations, contracts and other Data controller’s documents within the scope in which such Personal data was provided to the Data controller in documents, letters and notifications, phone calls, and electronic communication between the Data controller and the Data subject.
The Data controller processes in particular the following Personal data of Data subjects:
- name and surname,
- bank account number,
- payment card information,
- order information,
- payment information,
- phone number,
- Licensee’s files.
If the Data controller also processes the Data subject’s Personal data other than that stipulated in Art. 3 (2) hereof, it shall process such data within the scope necessary to fulfil the obligations arising from the agreement or the generally binding legal regulations.
4. Voluntary Provision of Personal Data
The Licensee provides his/her Personal data to the Data controller voluntarily in order to meet his/her obligations arising from the agreement and the generally binding legal regulations.
The Data controller shall process the Data subject’s Personal data only for the period necessary to fulfil its obligations arising from the agreement and the generally binding legal regulations.
The Data controller shall retain the files provided by the Licensee through the applications available at pdfix.io for a period of 30 days. Once this period elapses, it shall delete such files.
The Data controller shall process the Data subject’s Personal data for marketing purposes and purposes pertaining to the loyalty scheme with the Data subject’s consent provided in accordance with Section 11 of Act No. 122/2013 Coll. on Personal Data Protection as amended. The Data subject shall grant his/her consent to process his/her Personal data at pdfix.io or in another suitable way. The Data subject grants his/her consent to process his/her Personal data for a period of 5 years. This consent may be withdrawn at any time by a written notice. The consent shall lapse within 1 month from the receipt of the Data subject’s withdrawal notice and the data shall then be deleted.
5. Provision and Disclosure of Personal Data
The Data controller provides and discloses the Data subject’s Personal data to third parties only within the extent necessary to meet its obligations arising from the Contract and the generally binding legal regulations, or in accordance with the agreement pursuant to Section 8 of Act. No. 122/2013 Coll. on Personal Data Protection as amended.
The Data controller provides the Personal data to its accountant AUDIT SK, spol. s r.o., with its registered office at Kmeťkova 5, Nitra, CIN: 36 559 831 by virtue of a contract concluded in accordance with Section 8 of Act. No. 122/2013 Coll. on Personal Data Protection as amended in order to process accounting records and payroll agenda.
6. Publishing of Personal Data
The Data controller shall not publish any of the Data subject’s Personal data.
7. Information about the Data Subject’s Rights
By submitting a written request, the Data subject has the right to request from the Data controller:
- a confirmation of whether his/her Personal data is being processed,
- information in a generally comprehensible form about the processing of Personal data in the information system within the scope pursuant to Section 15 (1), paragraphs a) through e), clauses two through six of the said Act; when resolutions are being issued, the Data subject has the right to become acquainted with the procedure used in the processing and evaluation of operations,
- precise information in a generally comprehensible form about the source from which his/her processed Personal data has been obtained,
- list of Personal data being processed in a generally comprehensible form,
- correction or liquidation of his/her incorrect, incomplete or outdated Personal data being processed,
- liquidation of Personal data the purpose of processing of which has expired; if official documents containing Personal data are being processed, the Data subject may request that such are returned,
- deletion of Personal data being processed, if there has been a breach of the law,
- blocking of Personal data due to withdrawal of consent before the expiry of its validity, if the Data controller processes Personal data by virtue of the Data subject’s consent.
The right of the Data subject pursuant to clause 1 par. e) and f) of the said Act can be limited, only if such limitation is based on a special legislation, or if by exercising it the protection of the involved person would be violated, or if the rights and freedoms of other parties would be violated.
By virtue of a written request, the Data subject can submit an objection with the Data controller against:
- the processing of his/her Personal data which he/she assumes is or will be processed for the purposes of direct marketing without his/her consent, and request the deletion thereof.
- the use of Personal data listed in Section 10 (3), par. d) of the said Act.for the purposes of direct marketing in written correspondence, or
- the provision of Personal data listed in Section 10 (3), par. d) of the said Act. for the purposes of direct marketing.
The Data subject has the right to object in writing or in person, if the matter cannot be postponed, against the processing of Personal data in the cases stipulated in Section 10 (3), par. a),e), f) or g) of the said Act by voicing legitimate reasons or presenting proof of the illegal violation of his/her rights and legally protected interests, which are or may be in specific cases violated by such Personal data processing; if no legal reasons prevent this and it has been proven that the Data subject’s objection is legitimate, the Data controller shall, as soon as possible, block and delete the personal data the processing of which the Data subject objected.
The Data subject has the right to object in writing or in person, if the matter cannot be postponed, against the Data controller’s actions or decisions and refuse to accept its decision which could have a legal effect or significant impact on the Data subject, if such decision is issued exclusively on the basis of the automated processing of his/her personal data. The Data subject has the right to demand from the Data controller review of the issued decision using a method other than automated processing, whereby the Data controller is obliged to comply with the request so that in reviewing the decision the Data subject will have the leading role; the Data controller shall notify the Data subject of the method and outcome of the review within the time period stipulated inSection 29 (3) of the said Act. The Data subject shall not have this right only when so stipulated in the special legislation which regulates the measures ensuring the legitimate interests of the Data subject, or if prior to entering into or during a contractual relationship the Data controller has issued a resolution by which it accepts the request of the Data subject, or if the Data controller adopted, by virtue of a contract, reasonable measures to protect the legitimate interests of the Data subject.
If the Data subject exercised his/her right
- in writing and the written request clearly specifies that he/she exercises his/her right, the request shall be deemed submitted in accordance with this Act; a request submitted by e-mail or fax shall also be delivered by the Data subject in writing, at the latest within three days from the date of the original request,
- in person in oral form and a written record has been made of this, it must be clear from the record who exercised the right, what he/she requested, and who made the record, it must be signed by the Data subject, and the Data controller shall provide a copy of the record to the Data subject,
- at an intermediary in accordance with paragraph a) or b), the intermediary shall be obliged to hand over the request or the record to the Data controller without undue delay.
If the Data subject suspects that his/her Personal data is being processed without authorization, he/she may file with the Office a request to start proceedings with regard to Personal data protection.
If the Data subject does not have full legal capacity, his/her legal representative may exercise the right.
If the Data subject is deceased, his/her rights under this Act shall be exercised by his/her next of kin.
The Data subject is obliged to only provide true Personal data. In accordance with Section 16 (1) of Act No. 122/2013 Coll. on Personal Data Protection as amended, he/she who provided the Personal data to be stored in an information system shall be responsible for the veracity of such data.
8. Data Controller’s Responsibility
The Data controller shall not be responsible for the misuse of Personal data by a third party which obtained the Personal data without its authorization.
The Data controller’s responsibility for breaching the individual provisions of Act No. 122/2013 Coll. on Personal Data Protection as amended shall be governed by the provisions of this Act.
9. Final Provisions
These Terms of Personal Data Processing are valid in the wording available at pdfix.io.
These Terms of Personal Data Processing have been prepared by the lawyer’s office Lanikova Group, s.r.o. for the Data controller, and are protected by Copyright Law in the wording of subsequent regulations. It shall be prohibited to use this copyrighted work without the author’s consent in any way, in particular, to copy, publish, modify, edit, expand or otherwise misuse it.
In Bratislava, dated May 1, 2017