When you register or sign up for an Account, submit an Order Form, or contact us via the “Have us contact you” form or otherwise via our website, Exponea requires you to provide information that includes your name, surname, company name, identification number, username, password and contact information such as e-mail addresses or phone numbers. If you decide to purchase the Services, Exponea requires you to provide details of a payment instrument such as a credit/debit card number, address and additional information needed for the issuing of invoices. While using our Services, we further collect track your activity via cookies or web beacons or other similar means (e.g. heatmaps or screen recordings), which may include your IP address, browser settings, preferences or other activities on our websites (see further clause 5).
If you contact us as an applicant for a job (or as a candidate for other type of cooperation with Exponea), Exponea requires you to provide information that includes your name, surname, and contact information such as e-mail addresses or phone numbers. Moreover, we require you to submit your curriculum vitae with additional information about your education, previous work experience and other information that may be required for the purpose of evaluating your abilities for the position applied for.
PURPOSE OF DATA PROCESSING
We process your personal data for the purpose of (i) registering and granting you access to your Account and our Services; (ii) providing the Services requested by you; (ii) optimising and enhancing our Services provided to you; (iii) paying for Services (if applicable); (iv) protecting the legitimate interests of our assets or interests of our other customers; (v) evaluating job applications; (vi) analysing visits to our websites; and (vii) direct marketing (if you have presented your interest in further information via the “Have us contact you” or similar form – see further clause 6).
The personal data you provide us with is only processed and used in the manner adequate for the purpose for which it was collected. Exponea does not combine personal data that was obtained for a variety of purposes. We will not store your personal data for longer than is necessary for the purpose for which it was provided or collected. We will only retain the personal data that serves a legitimate purpose (e.g. applicable legal regulations may require the retention of data, or some data may be necessary for the purposes of billing outstanding amounts).
We will neither collect an excessive amount of personal data nor data that is not relevant for the purposes for which the personal data is being collected.
YOUR CLIENTS’ DATA
By using our Services, you may be providing us with your clients’ personal data. You should therefore ensure that you have collected your clients’ respective consents and approval in order to process their data in accordance with applicable data protection law and the General Terms and Conditions. We shall be entitled to: obtain, collect, distribute, record, organise, adapt or alter, retrieve, consult, align, combine, transfer, use, store, block, destroy, and manage the cross-border flow of the personal data you provide us with.
COOKIES AND WEB BEACONS
For the purpose of analysing your visits to our website, we also collect cookies (files stored locally on your device). By enabling cookies in your browser, you have expressed your consent to our collection of cookies for this purpose. We use the following types of cookies: (i) essential cookies, which are essential for the provision of access to our websites; (ii) functionality cookies, which are crucial for the proper functioning of our websites (if these cookies are disabled, our website may not work properly); (iii) performance cookies, which do not identify you individually (until you enter your identification details in any of our forms) but help us to personalise your content in accordance with your actions on our websites; and (iv) targeting/advertising cookies, which help make advertisements more relevant to visitors of our website.
You agree that we may also use your electronic contact details, which may be derived from your past usage of Services, for marketing purposes, i.e. to keep you informed about our Services. These communications shall strictly adhere to applicable legal regulations. You may opt out of marketing communications by disabling this function via the unsubscribe link provided in each email you receive.
PERSONAL DATA SHARING
In line with the provisions of the General Terms and Conditions, we may also provide certain Services aimed at connecting our customers to services, such as e-mail or SMS, of other providers such as the providers of messaging platforms. By clicking the “I agree” button that completes the registration process and creates the Account for you or by submitting the respective Order Form to Exponea, you provide us with the express consent to share your personal data with these third-party providers for the purpose of fulfilling the Agreement (typically, you as our client provide us with all data required for such connection). We may also provide the data to third parties such as (i) hosting providers; and/or (ii) advertising partners. Any such partners will be available on our websites (typically in our Guides), and such parties will then act as processors of your data. Subject to the previous sentence, your personal data shall not be shared or provided to any other third party without your consent except for the following cases: (i) where Exponea is obliged to provide personal data by law or an order of public authority; or (ii) if personal data sharing is specifically allowed by applicable legal regulations.
If third-party providers are established outside of the EU/EEA, you agree that we may transfer your data to these third parties. In such cases, Exponea shall ensure that it cooperates only with third-party providers that are located in countries that ensure adequate levels of protection based on the European Commission’s adequacy decision, or that Exponea has entered into agreements with corresponding Model Contractual Clauses that ensure adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals.
We are committed to storing your data securely. Therefore, we have implemented adequate physical, technical and organisational measures and plans for protecting and securing data collected from you (which do not, however, deprive you of your duty to take proper steps to secure your data, particularly for the transmission of data to our Account). The aim is to eliminate unauthorised or unlawful processing of your personal data or the accidental, unauthorised or unlawful accessing, use, transferring, processing, copying, transmitting, alteration, loss or damage of your data. Despite all efforts to meet the rules set out in applicable legal regulations, it is not possible to ensure the security of your data if it is transferred or transmitted in an unsecured way. We will protect your data in the following ways:
using cryptography, where necessary;
using password or secured token protection, where necessary; and
restricting access to your data (i.e. access to your personal data is granted only to those of our employees or contractors for whom the access is necessary).
RIGHT TO ACCESS AND COMPLAINT
You have the right to be provided with details of the personal information processed by us and to request the rectification or deletion of inaccurate personal data or the restriction of the processing of data concerning you. You may edit your data using your Account, or contact us at email@example.com should you have any request about data held. However, where requests from you are manifestly unfounded, excessive or repetitive, we may either: (i) charge a reasonable fee, taking into account the administrative costs of taking the actions requested; or (ii) refuse to act on the request.
If you feel that your data has been processed unlawfully, contact us at firstname.lastname@example.org and we will undertake to resolve the problem. You have the right to lodge a complaint with the supervisory authority, the Office for Personal Data Protection of the Slovak Republic.