Information on processing personal data

Information on processing personal data in relation to the General Data Protection Regulation – European Parliament and Council (EU) Directive 2016/679 dating from 27 April 2016

 Mainstream Technologies, s. r. o., Org. ID No.: 27404978, Registry Entry: C 110101 registered at the Municipal Court in Prague. Headquarters: Na Strži 2097/63, Krč, Prague 4, 140 00 (hereafter referred to as “administrator”) processes your personal data per the following terms.

 

Scope of processing your personal data

The Administrator will process your data in the scope that you consented to as relates to administrator activities, specifically during your subscription for emails, printed materials, or direct marketing services. The Administrator will process your name, surname, email address, phone number, your home or work address. Furthermore, as relates to the provision of specific software services, where the scope and purpose are always clearly stated in individual permissions, the Administrator will process mainly the following data: name, surname, email address, phone number, home or work address, bank account number, date of birth, civil ID number, and org. ID number.

The Administrator will also process your personal data in the role of Processor for individual personal data administrators, where, should you request information on the scope and means by which this data is processed, you will first contact your Personal Data Administrator to obtain information on whether we are processing this information about you, i.e. in the Processor role. All such processing is always carried out only to the degree necessary for performing administrator activities and in compliance with personal data protection principles.

 

Purpose of processing your personal data

The Administrator will process your personal data for the purposes and performance of their activities, namely as follows:

  • for individual software applications;
  •  marketing (i.e. offering products and services from the Administrator or third parties) including distribution of commercial messages in the spirit of Act No. 480/2004 Coll. on Certain Information Society Services and for the analysis of your behavior as relates to those advertisements for the purpose of submitting personalized service offers;
  • cookies.  We use cookies, for example, to store your configurations for secure online searches, for monitoring the number of page visitors, for improving webpage functionality and features and to simplify new services. We do not use cookies to collect personal information, for content marketing, or for other uses or providing to third parties;
  • and this always in the scope afforded by law, by authorization from your Personal Data Administrator, or in the scope for which you have given your express consent.

 

Legal basis for personal data processing

 Legal basis for processing includes:

  • legal grounds;
  • confirmation by the Personal Data Administrator;
  • your consent;

 the fact that your personal data is essential for fulfilling individual purposes for which personal data is provided, such as accounting, marketing, and newsletter subscriptions for which you have signed up. Personal data is processed in compliance with the General Data Protection Regulation – European Parliament and Council (EU) Directive 2016/679 dating from 27 April 2016 (hereafter referred to as “GDPR”).

 

The period for which your personal data will be processed

The Administrator will process your personal data in relation to the purpose of processing: 

  • for software and services for the period they are used;
  • for processing personal data for the period prescribed by Czech law (especially the Accounting Act);
  • for direct marketing, for a period of 3 years after consent is given, provided you do not revoke said consent.

 

Revoking of consent to the processing of personal data

You can revoke your voluntary consent to the processing of your personal data free-of-charge and at any time. You do this by sending an email to info@mainstream.cz. You can also revoke consent directly via any of the advertisements/marketing messages we e-mail you. Revoking consent does not affect the legality of data processing stemming from consent given prior to the revocation. Revoking consent does not have any influence on the processing of personal data that the Administrator processes based on other legal basis than that of consent.

PLEASE NOTE: Provided you revoke consent to the processing of personal data for an application, it may happen that, should the application need your personal data or identification details in order to function, the application will no longer be available/accessible.

 

Persons with access to your personal data

The Administrator, its employees, and possibly other third parties – Processors who provide a suitable guarantee and whose processing fulfills all GDPR requirements and who will sufficiently protect your rights and your personal data – will have access to your personal data. Such persons are mainly legal and technical workers, and, in the case of direct marketing, they are marketing consultants. However, such persons will only have access to that data for the period absolutely necessary and only for the essential scope needed, provided it will be necessary for provision of services and fulfillment of legal requirements.

In the case of Personal Data Recipients, in addition to the persons listed above, data can be made accessible to other persons, but only in the case that there will be legal grounds for access to that personal data (e.g. for law enforcement agencies, other monitoring bodies with legal basis for access to information), or should it be essential to protect the Administrator’s rights (e.g. in courts).

 

Administrator contact information

You can contact the Administrator by email at info@mainstream.cz or in writing at the Administrator’s headquarters (Hvězdova 1734/2c, Nusle, 140 00 Prague 4). The Administrator is authorized to ask for proof of identity for the purpose of limiting access to your personal data by unauthorized persons. In order to increase quality of service and for maintaining records on fulfillment of the Administrator’s legal obligations, all communications between you and the Administrator may be monitored.

 

Your rights relating to the protection of your personal data

You have the right at any time to revoke your consent, correct or complete your personal data, request limitations on data processing or raise an objection, or file a complaint against the processing of your personal data. You can ask for the transfer of data, access to your personal data or to be informed about security breaches for your personal data, or erasure thereof and other rights stipulated in the GDPR. You have the right to erasure in cases where the personal data is no longer necessary for the purpose for which it was collected or processed, provided its processing is based on consent and there no longer exists any legal reason for its processing, or if the personal data was processed illegally, or if parental consent has not been given for processing the personal data of children, or if a legal obligation stipulated in EU law or that of a member state requires doing so.

 

Right to object

You have the right to raise an objection to the processing of your personal data, provided the Administrator processes it for the purpose of providing services or direct marketing. You must submit your objection to the Administrator. In the event that you raise an objection to processing for the purpose of the client zone or for direct marketing, the Administrator, in such a case, will no longer process the data: this provided they do not find binding, justifiable reasons for the processing – ones that supersede your interests or rights and freedoms or for the definition, performance or defense of legal demands. You can find more detailed information about this right in Art. 21 of the GDPR.

 

Right to file a complaint with the Supervisory Authority

You can file a complaint related to the processing of your personal data or the non-fulfillment of Administrator obligations stemming from GDPR to the Supervisory Authority at any time. The Supervisory Authority in the Czech Republic is the Office for Personal Data Protection, www.uoou.cz.

 

Duty to provide personal data. Consequences of not providing personal data

You provide your personal data on a fully voluntary basis. You are by no means obligated to provide your personal data. If you do not provide your personal data, you are not subject to any sanctions. However, should you not provide the Administrator your data, you may not have access to a specific application and we will not be able to send you individual commercial communication that you have signed up for.

In the event of legal standing for the performance of our activities, you do not have the option to refuse the processing of your personal data. However, we are prepared to provide the fullest degree of cooperation possible so that we prevent the misuse of your personal data and give you information on the scope and content of information processed about your person.