of company X-Sight s.r.o.
Registered office Staňkova 557/18a, 602 00 Brno, Czech Republic
Dear Madams and Sirs,
We would like to hereby inform you of the principles and procedures in the processing of personal data, being conducted in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the“GDPR”).
X-Sight may revise and update these Personal Data Protection Rules in case of need. Current version of the Personal Data Protection Rules will be available on the website www.xsight.eu and in the registered office of X-Sight. In case a significant change is made in the way in which personal data are handled, the X-Sight will inform about it on the website www.xsight.eu.
Table of content
- I. BASIC INFORMATION REGARDING PERSONAL DATA PROCESSING
- II. ADDITIONAL INFORMATION REGARDING PERSONAL DATA PROCESSING
- III. RECIPIENTS OF PERSONAL DATA
- IV. TECHNICAL SECURITY OF DATA
- V. RIGHTS OF DATA SUBJECTS
- VI. COOKIE FILES
I. BASIC INFORMATION REGARDING PERSONAL DATA PROCESSING
Controller’s identification and contact information: X-Sight s.r.o., identification number 262 71 061, with registered office at Staňkova 557/18A, Ponava, 602 00 Brno, Czech Republic, a company registered in the Commercial Register with the Regional Court in Brno, section C, rider 41093 (hereinafter also referred to as the „X-Sight“), contact email: email@example.com, tel.: +420 705 809 415.
Data protection officer: X-Sight has not appointed a data protection dle officer, because X-Sight is not an obligated person within the meaning of Art. 37 of the GDPR.
Transfer of personal data to a third country or international organization: X-Sight does not transfer personal data into third countries nor to international organisations within the meaning of Art. 44 and following of the GDPR.
Automated individual decision-making: X-Sight does not conduct automated individual decision-making or profiling within the meaning of Art. 22 of the GDPR.
Information on the nature of the provision of data: If personal data are being processed for the purpose of the fulfilment of an agreement or the fulfilment of legal obligations, the provision of data is a statutory requirement. If personal data are being processed on the basis of the consent of the data subject, the provision of data is a contractual requirement.
Supervisory authority: The supervisory authority is an independent public authority entitled to personal data protection in the state. The supervisory authority for X-Sight is the Office for Personal Data Protection with registered office at Pplk. Sochora 27, 170 00 Praha 7, email: firstname.lastname@example.org, tel.: +420 234 665 125.
II. ADDITIONAL INFORMATION REGARDING PERSONAL DATA PROCESSING
Purpose and scope of processing: For the purpose of fulfilling an agreement or fulfilling legal obligations, X-Sight processes particularly: name, surname, business name, date of birth, identification number, residence/registered address, telephone, email.
X-Sight also processes data from subjects through their visit to the website www.xsight.eu. It is particularly IP address of a user.
If X-Sight intends to process other personal data than as stated in this article, or for other purposes, it can do so only on the basis of a validly granted consent to the processing of personal data. Consent to the processing of personal data is granted by the data subject in a separate document.
Processing of X-Sight employees’ personal data is governed by an internal regulation.
Duration of data processing: The personal data are processed by X-Sight for the duration of the contractual relationship and subsequently for a maximum period of 5 years from the termination of the contractual relationship. Personal data being processed in order to fulfil obligations arising from special legal regulations are processed by X-Sight for the duration of time as set out in such legal regulations. If it is necessary to use the personal data for the protection of the X-Sight’s legitimate interests, X-Sight processes these for the duration of time necessary in order to exercise such rights.
Sources of personal data: X-Sight obtains personal data directly from data subjects within the scope of negotiations regarding the execution of the Agreement. X-Sight always informs data subjects as to which of the personal they must provide for the purposes of the performance of the Agreement.
III. RECIPIENTS OF PERSONAL DATA
X-Sight does not transfer personal data to any other controllers.
Processors of personal data are:
- E-mail hosting: Váš Hosting s.r.o., identification number 24742252, with registered office at Zbožská 1385, 288 02, Nymburk, Czech Republic
- Accouting office: KVATRO s.r.o., identification number 29281725, with registered office at Dřevařská 24, 602 00 , Brno
- Microsoft 365: operated by the Microsoft holding company (Microsoft Ireland Operations Limited)
- Google analytics
- Vladimír Růžička
Processing of personal data may be conducted for X-Sight by processors exclusively on the basis of a personal data processing agreement, i.e. with guarantees of the organizational and technical security of such data with a definition of the purpose of processing, whereby processors cannot use the data for other purposes.
Personal data processed in order to fulfil an obligation set out in a special law may X-Sight disclose to government authorities to other entities within the scope as set out in a special law.
IV. TECHNICAL SECURITY OF DATA
For the purpose of the security of personal data against their unauthorized or accidental disclosure, X-Sight applies reasonable and appropriate technical and organizational measures that are continuously updated. Technical measures consist of the application of technologies preventing unauthorized access by third parties to personal data. Organizational measures are a set of rules of behavior for X-Sight’ employees and are part of X-Sight’s internal rules. These rules are considered to be confidential on grounds of security.
If X-Sight’ servers are located in a data centre operated by a third party, X-Sight takes care to ensure that the technical and organizational measures are implemented by the third party. X-Sight proclaims that all data are located only on servers within the European Union or in countries ensuring personal data protection in a manner equivalent to the protection ensured by the legal regulations of the Czech Republic.
V. RIGHTS OF DATA SUBJECTS
The data subject has:
- the right to access to personal data: The data subject has the right to obtain a confirmation from X-Sight as to whether personal data pertaining to the data subject are or are not being processed. If so, the data subject has the right to obtain access to such personal data and to the following information: a) the purpose of processing; b) the category of affected personal data; c) the recipients to which personal data have been or will be disclosed; d) the planned time period for which personal data will be stored; e) the existence of the right to require the correction or erasure of personal data from the controller or a restriction of the processing thereof, or to raise an objection to such processing; f) the right to lodge a complaint with supervisory authority; g) all available information on the source of the personal data, if they are not obtained from the data subject; h) the fact that automated decision-making is occurring, including profiling. The data subject also has the right to obtain a copy of the personal data being processed.
- the right to the correction of personal data: The data subject has the right to the correction of inaccurate personal data pertaining to the data subject or to the supplementation of incomplete personal data without undue delay by X-Sight.
- the right to the erasure of personal data: The data subject has the right to erasure of the data subject’s personal data pertaining to him/her by X-Sight without undue delay, in the event that: a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; b) the data subject withdraws the consent on the basis of which the data were processed, and there is no other legal reason for processing; c) the data subject raises objections to processing and there are no overriding legitimate reasons for processing; d) the personal data were processed unlawfully; e) the personal data must be erased in order to fulfil a legal obligation set out within the law of the Union or of the Czech Republic; f) the personal data were collected in connection with an offer of information society services. The right to erasure shall not apply if the processing is necessary in order to fulfil legal obligations, for the establishment, exercise or defense of legal claims, and in other cases as set out within the GDPR.
- the right to the restriction of processing: The data subject has the right to the restriction of processing personal data by X-Sight in any of the following cases: a) the data subject contests the accuracy of the personal data, for the time necessary for X-Sight to verify the accuracy of the personal data; b) processing is unlawful and the data subject opposes the erasure of the personal data and, instead, requests a restriction of their use; c) X-Sight no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defense of legal claims; d) the data subject has raised an objection to processing, until it is verified whether X-Sight’s legitimate reasons override the legitimate reasons of the data subject.
- the right to object to processing: The data subject has, on grounds pertaining to the data subject’s specific situation, the right to raise an objection at any time to the processing of personal data pertaining to him/her and which X-Sight is processing on grounds of its legitimate interest. In such a case, X-Sight does not process the personal data further, unless it proves serious legitimate reasons for processing that override the interests or rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
- the right to data portability: The data subject has the right to obtain personal data pertaining to him/her that the data subject has provided to X-Sight, in a structured, commonly used and machine-readable format, and the right to transfer such data to another controller, without X-Sight preventing it, in the event that: a) processing is based upon consent and b) processing is being conducted by automated means. When exercising his/her right to data portability, the data subject has the right for personal data to be transferred directly by one controller to another controller, if this is technically feasible.
- the right to information regarding the correction or erasure of personal data or a restriction of processing: X-Sight is obligated to notify individual recipients to whom personal data have been disclosed of all corrections or erasures of personal data or restrictions on processing, with the exception of cases where this is found to be impossible or it requires a disproportionate effort. If the data subject requests it, X-Sight informs the data subject of such recipients.
- the right to lodge a complaint with a supervisory authority: If the data subject believes that X-Sight is not processing his/her personal data in a lawful manner, the data subject has the right to lodge a complaint with a supervisory authority. The data subject may lodge the complaint especially in the Member state of his or her habitual residence, place of work or place of the alleged infringement.
- the right to be informed in the event of a breach of personal data security: If it is likely that a certain case of personal data security breach will result in a high risk to the rights and freedoms of natural persons, X-Sight shall notify the data subject of such breach without undue delay.
- the right to withdraw consent to the processing of personal data: If X-Sight processes any personal data on the basis of consent, the data subject has the right to withdraw its consent to the processing of personal data at any time in writing, by sending a non-consent to the processing of personal data to the email address email@example.com
X-Sight shall comply with the request of data subject according to a) –g) within one (1) month at the latest and where necessary within three (3) months from the date of receipt of the proper request. In the event of misuse of this right, in particular where requests from a data subject are manifestly unfounded or excessive, X-Sight may to charge a fee of CZK 1,000 (one thousand Czech Crowns) or to refuse to act on the request.
VI. COOKIE FILES
X-Sight uses cookie files that identify the user of the website www.xsight.eu and record the user’s activities. The text of a cookie file consists of a series of numbers and letters that uniquely identify the user’s computer but do not provide any specific personal data regarding the user.
The website www.xsight.eu automatically identifies the user’s IP address. The IP address is the number automatically assigned to the user’s computer upon connecting to the internet. All such information is recorded in the activity file by the server, which enables the subsequent processing of data.
Purpose of using cookie files: X-Sight uses cookie files and similar technologies for several purposes, which include:
- Short-term cookies, that are necessary for the function of the website. These cookies are removed once the browser is closed or an operation on the website is completed.
- Long-term cookies, that remember user-defined settings, such as consent to the use of analytical cookies. These cookies can be removed in browser settings.
- Analytical cookies, that are necessary for Google Analytics. These cookies are permanent, can be removed in browser settings, and are used only if consent is given by the website’s user.
Third-party cookie files may also be located on the website www.xsight.eu. For example, this may be so because X-Sight has authorized a third party to conduct a site analysis.
X-Sight utilizes the following service providers:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Cookie setting: The majority of web browsers accept cookie files automatically. However, they provide controls that enable them to be blocked or removed. Users of the website www.xsight.eu are thus entitled to set their browser in such a way so that the use of cookie files on their computer is prevented. Instructions for blocking or removing cookie files in browsers may usually be found in the user documentation of individual browsers.