Version, Effective date: 2.0., 14th May 2018
- INITIAL PROVISIONS
- Exponea s.r.o., with its registered office at Twin City B, Mlynské Nivy 12, 821 09 Bratislava – Staré Mesto, Slovakia, registered in the Commercial Register maintained by the County Court in Bratislava I, Section Sro, Insert 107011/B (“Exponea” or “we” or “us”) is committed to protecting the personal data of our Customers, individuals who visit our website at the domain exponea.com (“our website”), individuals who contact us via contact forms on our website, individuals receive marketing communication or newsletters from us, applicants for a job in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) and Act No. 18/2018 Coll. on personal data protection (hereinafter referred to as “Data Protection Act”).
- DATA PROCESSING
- Website personalization. By enabling cookies in your browser, you acknowledge that Exponea may process the following data for the purposes of website’s personalization, browsing experience optimalisation, analyzing your website’s behavior and delivering relevant advertisements to you: (IP) address, name, surname, gender, email address, login information, time zone setting, operating system and platform, information about visits including the URL, the search terms, information about what you viewed or searched on our website, page response times, download errors, length of visits to certain pages, page interaction information, (such as scrolling, clicks, and mouse-overs) and the methods used to browse away from the page, activities of users, browsing web pages. The legal ground for processing cookies is our legitimate interest according to the Article 6 (1) f) GDPR. You have the right to object to data processing for the purpose of website personalisation (for more information please see Section 9).
- Pre-contractual relationships. If you are an individual interested in cooperation with Exponea (candidate for a job, prospective partner/supplier/customer), you may contact us via contact forms available on our website. In such request form you are required to provide information that includes your full name, company email, phone number and company industry. We process this data for the purpose of handling your request regarding our future cooperation. The legal ground for processing this data is Article 6 (1) b) GDPR. Exponea processes this data as the Controller within the meaning of Article 4 (7) GDPR.
- Hiring. Exponea processes personal data (CV, resumes) of unsuccessful candidates for a job in our internal database for the period of up to one (1) year, provided that candidates provided us with the consent to such processing. The legal ground for processing this data is consent according to Article 6 (1) a) GDPR. Exponea processes this data as the Controller within the meaning of Article 4 (7) GDPR. You can withdraw your consent at any time. You can withdraw your consent by sending an email to firstname.lastname@example.org or via our website in Section Control Your Data.
- Contractual relationship. Exponea processes personal data of its existing Customers in order to provide them with Services. The data processed for such purpose may include: full name, company email, phone number, data in the Account, company name, industry and others. The legal ground for processing this data is Article 6 (1) b) GDPR. Exponea processes this data as the Controller within the meaning of Article 4 (7) GDPR.
- Direct marketing (non-customers). Exponea processes personal data of individuals who subscribed for receiving personalized (targeted) newsletters. The legal ground for processing this data is consent according to Article 6 (1) a) GDPR. You have the right to withdraw your consent at any time (for more information please see Section 9 hereof). Exponea processes this data as the Controller within the meaning of Article 4 (7) GDPR. The data processed for such purpose may include: email address, gender, login information, time zone setting, operating system and platform, information about visits including the URL, the search terms, information about what you viewed or searched on our website, page response times, download errors, length of visits to certain pages, page interaction information, (such as scrolling, clicks, and mouse-overs) and the methods used to browse away from the page, activities of users, browsing web pages.
- Direct marketing (Exponea’s Customers). Exponea process personal data for the purpose of targeted email marketing to existing Customers. The data processed for such purpose may include: email address, gender, login information, time zone setting, operating system and platform, information about visits including the URL, the search terms, information about what you viewed or searched on our website, page response times, download errors, length of visits to certain pages, page interaction information, (such as scrolling, clicks, and mouse-overs) and the methods used to browse away from the page, activities of users, browsing web pages. The legal ground for processing this data is our legitimate interest according to Article 6 (1) f) GDPR. Exponea processes this data as the Controller within the meaning of Article 4 (7) GDPR. You have the right to object to such processing (for more information please see Section 9 hereof).
- While using our Services, our Customers may be providing us with their clients’ personal data. This data may include following: (IP) address, name, surname, gender, email address, login information, time zone setting, operating system and platform, information about visits including the URL, the search terms, information about what you viewed or searched on our website, page response times, download errors, length of visits to certain pages, page interaction information, (such as scrolling, clicks, and mouse-overs) and the methods used to browse away from the page, activities of users, browsing web pages. Exponea processes this data as the Processor within the meaning of Article 4 (8) GDPR. The Customers have the obligation to ensure that they have collected their clients’ respective consents and approval in order to process such data in accordance with the Act, other applicable data protection law and the General Terms and Conditions – Exponea Platform or Data Protection Addendum. Please note that processing of our customers’ clients’ personal data is governed by the General Terms and Conditions – Exponea Platform or respective data processing agreement. Exponea processes personal data, i.e. activities of users in Exponea Application and browsing webpages, for the purpose of logging for compliance. The data subjects in this processing operation are users of Exponea Application and web pages. Exponea processes this data as the Processor within the meaning of Article 4 (8) GDPR. The legal ground for processing is legitimate interest according to Article 6 (1) f) GDPR.
- In the course of our Services, Exponea analyzes our Customers’ clients’ personal data to build individual profiles. These profiles are used to predict future interests and display targeted (online) advertisement. The aim is to provide Customers’ clients with offers that are relevant and interesting for them. The profiling is based on (surfing) behaviour of our Customers’ clients on the Internet.
- Exponea does not make any decisions based solely on automated processing which produce legal effects concerning our Customers’ clients or which significantly affect our Customers’ clients. We conduct profiling solely for the purpose of providing them with more attractive offers for the purchase of goods and/or Services and customizing the content of websites according to our Customers’ clients’ preferences.
- Within our profiling activities, we do not process any special categories of personal data within the meaning of the Art. 9 (1) GDPR.
- COOKIES ON OUR WEBSITES
- When you visit our website, you are informed through a cookie banner placed at the bottom of our website that we collect cookies.
- By enabling cookies in your browser, you acknowledge that Exponea may process data for the purposes of website’s personalization, browsing experience optimalisation, analyzing your website’s behavior and delivering relevant advertisements to you.
- We use the following types of cookies: (i) essential cookies, which are essential for the provision of access to our websites; (ii) functionality cookies, which are crucial for the proper functioning of our websites (if these cookies are disabled, our website may not work properly); (iii) performance cookies, which do not identify you individually (until you enter your identification details in any of our forms) but help us to personalise your content in accordance with your actions on our websites; and (iv) targeting/advertising cookies, which help make advertisements more relevant to visitors of our website.
- If you wish cookies not to be collected, you may restrict, block or delete the cookies at any time by modifying your browser configuration. Although each browser is parameterized differently, cookie configuration is normally located on the “Preferences” or “Tools” menu. If you turn off cookies, the functionality of our website may be limited (in the case of essential cookies you may not be able to access our website).
- If you wish to prevent new cookies from being installed or if you wish to delete existing cookies you can find the instructions on the links below. The exact procedure depends on which browser you are using.
- Internet Explorer
- Google chrome
- DIRECT MARKETING
- We may send you relevant offers and news about our products and services by email, but only if you have previously agreed to receive these marketing communications or you are our past Customer (unless data protection law applicable to you does not allow it). In every email we will provide you with the opportunity to exercise an opt-out choice if you do not want to receive any further marketing communications from us. The opt-out choice may be exercised by clicking on the “unsubscribe” link located at the bottom of our marketing emails.
- THIRD PARTY WEBSITES
- Our website may contain links (which may take the form of hyperlinks, widgets, clickable logos, images or banners) to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. We strongly recommend that you read their privacy policies and terms and conditions of use to understand how they collect, use, and share information. We are not responsible for the privacy practices or the content on the websites of third party sites.
- Exponea is currently using so-called social plugins from the following social networks: (i) facebook.com, (ii) twitter.com, (iii) linkedin.com (iv) plus.google.com (v) instagram.com (“plugins”) which are indicated by their logos on our website. When you visit our website, your browser establishes a direct connection with the servers on which these plugins run. The content of the plugins is transferred directly by Facebook/Twitter/Linkedin/Google/Instagram to your browser, which then integrates it into our website. Integration of the plugins causes Facebook/Twitter/Linkedin/Google/Instagram to receive the information that you have accessed on the corresponding page of Exponea website. If you are logged with Facebook/Twitter/Linkedin/Google/Instagram, it will will be able to assign your visit to your account on these social networks. Please note that an exchange of this information already takes place when you visit our website regardless of whether you interact with the plugin or not. If you do not want Facebook/Twitter/Linkedin/Google/Instagram to gather data about you via our website, you must log out of them before visiting Exponea website. For more information regarding how these social networks process your data in their privacy policies:
- a) Facebook: https://www.facebook.com/legal/FB_Work_Privacy
- b) Twitter: https://twitter.com/en/privacy
- c) Linkedin: https://www.linkedin.com/legal/privacy-policy
- d) Instagram: https://help.instagram.com/155833707900388
- e) Google: https://www.google.com/intl/en-GB/policies/privacy/
- SHARING OF INFORMATION COLLECTED
- Subject to the previous paragraphs, your personal data shall not be shared or provided to any other third party without your consent except for the following cases: (i) where Exponea is obliged to provide personal data by law or an order of public authority; or (ii) if personal data sharing is specifically allowed by applicable law.
- If third-party providers are established outside of the EU/EEA, you agree that we may transfer your data or data of your Clients to these third parties. In such cases, Exponea shall ensure that it cooperates only with third-party providers that are located in countries that ensure adequate levels of protection based on the European Commission’s adequacy decision, or that Exponea has entered into agreements with corresponding Standard Contractual Clauses that ensure adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals or that the third-party provider complies with EU-US Privacy shield or Swiss-US Privacy Shield Principles. Please find the link of our sub-processors here:
- Exponea is committed to store your data securely. Therefore, we have implemented technical and organizational security measures in an effort to safeguard the personal information in our custody and control (which do not, however, deprive you of your duty to take proper steps to secure your data, particularly for the transmission of data to our Account). The aim is to eliminate unauthorised or unlawful processing of your personal data or the accidental, unauthorised or unlawful accessing, use, transferring, processing, copying, transmitting, alteration, loss or damage of your data. Despite all efforts to meet the rules set out in applicable legal regulations, it is not possible to ensure the security of your data if it is transferred or transmitted in an unsecured way. We will protect your data, including but not limited to, in the following ways: using cryptography, where necessary; using passwords or secured token protection, where necessary; and restricting access to you data (i.e. access to your personal data is granted only to those of our employees or contractors for whom the access is necessary).
- While we endeavor to always protect our systems, website and information against unauthorized access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others, such as hackers.
- To provide you with increased security, access to certain personal information stored in your account is protected with your username and password. you are responsible for maintaining the confidentiality of your our credentials, and we strongly recommend that you do not disclose your Account username or password to anyone. We will never ask you for your password in any unsolicited communication. Please notify our Data Protection Officer immediately of any unauthorized use of your account credentials or any other suspected breach of security.
- YOUR RIGHTS
- You have the right to obtain from us confirmation as to whether or not we process your personal data. If you would like to obtain such confirmation, please visit the section Control Your Data on our website. If your personal data is processed by us, we will provide you with an access to such personal data and the following information: (i) the purposes of the processing, (ii) the categories of personal data concerned, (iii) the recipients or categories of recipients to whom the personal data have been or will be disclosed, (iv) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, (v) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing (vi) the right to lodge a complaint with a supervisory authority, (vii) where your personal data are not collected from you, any available information as to their source, (viii) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. you will be provided with a copy of your personal data undergoing processing.
- You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement. If you would like to realise this right, please visit the section CONTROL YOUR DATA on our website.
- You have the right to obtain from us the erasure of your personal data without undue delay where you no longer wish we process your personal data on the basis of your consent. This means that if you no longer wish we send you newsletters via email or if you wish to delete your account on our website, you can contact us and we will delete all your personal data we processed for such purposes. Please bear in mind that we cannot erase your personal data which we obtained from you when you bought our Services as we process this data not on the basis of your consent but on the basis of the Agreement we entered into. If you would like to realise this right, please visit the section CONTROL YOUR DATA on our website.
- You have the right to obtain from us restriction of processing where (i) the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of your personal data; (ii) the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead; (iii) we no longer need your data for the purposes of processing, but your personal data are required for the establishment, exercise or defence of legal claims; (iv) you have objected to processing in connection with the profiling (see more in section 12 hereof) pending the verification whether our legitimate grounds override yours. If you would like to realise this right, please visit the section CONTROL YOUR DATA on our website.
- You have the right to receive your data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. If you would like to realise this right, please visit the section CONTROL YOUR DATA on our website.
- You have the right to object to processing of your personal data where (i) Exponea processes your personal data on its legitimate interest or for the purposes of direct marketing. If you would like to realise this right, please visit the section CONTROL YOUR DATA on our website.
- If you feel that your data has been processed unlawfully, contact our Data Protection Officer via contact form available at https://exponea.com/privacy-policy/#contact-dpo who will undertake to resolve the problem. You have the right to lodge a complaint with the supervisory authority, Office for Personal Data Protection of the Slovak Republic. Find the link here: https://dataprotection.gov.sk/uoou/
- If you feel that Exponea as the processor processes your data unlawfully, contact our Data Protection Officer via this contact form: https://exponea.com/privacy-policy/#contact-dpo. In this case Exponea will pass you request to data controller.
- Data Protection Officer
- Exponea designated a Data Protection Officer whom you have the right to contact with regard to all issues related to processing of your personal data and to the exercise of your rights. For more information about your rights please see section 8.
- post: DPO, Exponea s.r.o., Twin City B, Mlynské Nivy 12, Bratislava – mestská časť Staré Mesto 821 09, Slovakia
- contact form: https://exponea.com/privacy-policy/#contact-dpo
- Data subjects may contact the data protection officer with regard to all issues related to processing of their personal data and to the exercise of their rights under this Regulation.
- Final provisions
- Our website is not directed to individuals under the age of eighteen (18). If you are under eighteen, do not provide your personal information on or to the website. We do not knowingly collect any personal information from children under eighteen on the Site. Users who are below the age of eighteen (18) (or the age of majority in the applicable jurisdiction) should not use the website without authorization from a parent or legal guardian.
- If for any reason, any provision herein is found void or unenforceable, it will be severed to the extent void or unenforceable and the remaining provisions will continue in full force and effect.