Legal and Terms
Privacy Policy
Privacy policy of Mobilyze s. r. o. with registered seat at Bazalkova 1211/1, 900 46 Most pri Bratislave, Slovak Republic, ID No. (IČO): 52 010 988 (“Mobilyze”), registered in the Commercial Registry of Bratislava I District Court, Section Sro, Insert No. 132181/B (“Mobilyze”) (Mobilyze hereinafter referred to as “Mobilyze“, “we“ or “us“).
If you have any questions concerning how we process your personal data, you can contact our data protection officer either by email at: privacy@biotron.io or by post using the registered seat of Mobilyze mentioned above. We must comply with the EU general data protection regulation (the “GDPR“) and applicable sections of Slovak Act No. 18/2018 Coll., on protection of personal data as well as other Slovak and EU legislation. This privacy policy is primarily designed to ensure compliance with informational obligations pursuant to Articles 13 and 14 GDPR of Mobilyze and our business customers towards data subjects about whom we process personal data. Typical data subjects about whom we process personal data are our business customers or suppliers and their employees or our own employees.
We have tried to answer the required and most frequent privacy-related questions below:
What is our position when processing personal data?
Generally, we act as a data controller when processing your personal data for the below purposes. We might also act as a data processor in certain scenarios. For example, when our partner provides us with its own data to conduct analysis of such data on its behalf or generally when we are contracted to process personal data on behalf of someone else, we act as a data processor of such partner or someone else that by virtue of determining the purpose and means of processing of personal data is regarded a data controller. In such a scenario, we suggest concluding a separate agreement pursuant to the Article 28 of the GDPR setting out in more detail our rights and obligations in relation to personal data processing. This agreement is not part of this privacy policy nor Terms of Use but is concluded separately, if required.
For what purposes are your personal data processed?
If you use the website zoniq.io, the following are the typical purposes for which we are processing your personal data as a data controller:
| Purpose | Legal basis | Description |
|---|---|---|
| Security | Compliance with legal obligation pursuant to Article 6(1)(c) of the GDPR | Security is a cornerstone of our operations. We consider our obligation under Article 32 GDPR to protect our assets, including data (including personal data), against any potentially harmful conduct, such as unauthorized bots. |
| Direct marketing (e.g.targeted advertising or newsletter) | Consent pursuant to Article 6(1) of the GDPR | We rely on your consent to send direct marketing communications or targeted advertisements when you subscribe to our newsletter. For existing clients, we process data based on legitimate interest pursuant to Article 6(1)(g) of the GDPR, adhering to Section 62(3) of the Electronic Communications Act for direct marketing with an opt-out option available. |
| Direct marketing (e.g.targeted advertising or newsletter) | Legitimate interest pursuant to the Article 6(1)(g) of the GDPR | If we focus our marketing newsletter on our existing clients whose email addresses we obtained in connection with provision of similar services or products we rely on statutory consent exemption provisioned in Section 62 (3) of the Electronic Communications Act and we consider processing of personal data for such purpose our legitimate interest (direct marketing). We also process your personal data for other targeted advertising campaign purposes. In any case you have right to opt-out from any processing of your persona data for direct marketing purposes. |
| Statistical purposes | Any other legal basis pursuant to Article 89 GDPR | We generate anonymous aggregated statistics from the personal data we process, ensuring that the resulting data are no longer personal. |
Depending on our relationship, we as a data controller might also process your personal data for the following purposes:
| Purpose | Legal basis | Description |
|---|---|---|
| Accounting & Tax purposes | Compliance with legal obligation pursuant to Article 6(1)(c) of the GDPR | To comply with Slovak accounting and tax legislation, we must process the personal data included in invoices and related documents for a statutory period. |
| Performance of contracts | Performance of contract pursuant to Article 6(1)(b) of the GDPR for individuals and legitimate interest pursuant to Article 6(1)(g) of the GDPR for legal persons | To perform various contracts with our suppliers or customers, we process the necessary personal data to fulfill our obligations. |
| Payroll & personnel purposes | Compliance with legal obligation pursuant to Article 6(1)(c) of the GDPR | In our employment relationships or when discussing potential employment opportunities, we process personal data to comply with employment, payroll, and social contribution legislation. |
| Publication of photos of employees, team, and supervisory board members | Consent pursuant to Article 6(1)(a) of the GDPR | We request consent to publish photographs of our employees, team members, or supervisory board members on our website and other media. |
| Increasing online awareness about Mobilyze | Legitimate interest pursuant to Article 6(1)(g) of the GDPR | To increase brand awareness, we maintain business profiles on social networks (Facebook, Twitter, LinkedIn, Medium), which is considered a legitimate interest. |
| Establishment, exercise or defense of legal claims | Legitimate interest pursuant to Article 6(1)(g) of the GDPR | We process personal data to pursue legal claims, seek compensation, or handle settlements and reports to public authorities, under our legitimate interest. |
| Compliance with other legal obligations | Compliance with legal obligation pursuant to Article 6(1)(c) of the GDPR | We process your personal data without consent to comply with legal obligations that require processing. |
| Archiving purposes | Any other legal basis pursuant to Article 89 GDPR, as explained in recital 50 GDPR and in compliance with the Slovak Act on Archives and Registries | We are obliged to comply with the Slovak Act on Archives and Registries, processing data for archiving purposes including storing documents for specified periods before their deletion. |
Do we sell your personal data?
We do not sell your personal data in raw form. Raw data is always analyzed and only aggregated anonymous or pseudonymous results or final analysis are sold to our business customers.
What personal data we collect?
We process the following personal data:
▪ E-mail address – Within the website registration process we collect e-mail address of Data Subjects in order to be able to communicate with registered users about products, services, offers, promotions, and events, and provide other news and information we think will be of interest to users.
▪ Information necessary in order to provide our services - this includes e-mail address and other information provided by you through email (such as your first name and surname might be disclosed, even though not directly requested by us).
▪ Other Information – you may choose to provide other information directly to us, e.g. with respect to the promotions and related services, your requests and notifications, customer support or other communication with us.
We do not intend to process special categories of data, such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or a natural person's sex life or sexual orientation, unless the individual has given explicit consent to the processing of such data or other conditions under Article 9(2) of the GDPR are met.
How we collect your personal data?
Generally, we collect your personal data directly from you. Your provision of personal data to us is voluntary. You can provide your personal data to us by number of means such as by visiting, registering or using Mobilyze website; in the process of concluding or negotiating the contract with us; by communicating with us; by subscribing to our newsletter; by activity on our profiles on social media.
However, we may also obtain your personal information from your employer or from the company in relation to which we process your personal data. This is typically the case when we conclude or negotiate a contractual relationship with the company where you work at. If the collection of personal data relates to a contractual relationship it is often a contractual requirement or a requirement that is required for the conclusion of a contract. Failure to provide personal data (whether yours or your colleagues) may have negative consequences for the company you represent, as this may result in failure to conclude or performance of a contractual relationship. If you are a member of a statutory body of a legal person that is a contracting party to us or with whom we are negotiating a contractual relationship, we may obtain your personal data from publicly available sources and registers.
In some cases, we collect data (including personal data) from other third-party data vendors acting as separate controllers who are responsible for ensuring that collection and provision of your personal data to us is done in compliance with the GDPR. We actively cooperate with our data vendors to ensure such provision of data to us is as transparent, fair and legal as possible.
How we share your data?
We take the confidentiality of your personal data very seriously and have policies in place to ensure that your data is only shared with authorized personnel at Mobilyze or a verified third-party services provider. Our staff might have access to your personal data on a strictly need-to-know basis typically governed and limited by function, role and department of the particular employee. Personal data of our employees, business customers or other natural persons are provided to the extent necessary to following categories of recipients:
▪ to our business customers that in line with this privacy policy get access to your personal data;
▪ payroll, accounting professionals or our professional advisors (e.g. accountants, attorneys or auditors);
▪ providers of standard software and cloud services (e.g. Microsoft One Drive or Amazon Web Services);
▪ hosting providers (Amazon, EU);
▪ providers of technical (IT) support;
▪ social insurance company, pension insurance management company, supplementary pension insurance company, health insurance company, office of
social affairs and family;
▪ postal couriers and courier services;
▪ employees of the above recipients.
We also use sub-contractors to support us in providing services who might process personal data for us. We ensure that selection of our sub-contractors and any processing of personal data by them is compliant with the GDPR in terms of technical and organizational security of processing operations. If we use our own recipients to process personal data (Mobilyze's internal staff), your personal data are always processed on the basis of authorizations and instructions that inform our recipients about not only our internal privacy policies but also about their legal responsibility for their violations. If we are requested by the public authorities to provide your personal data we examine the conditions laid down in the legislation to accept the request and to ensure that if conditions are not met, we do not adhere to the request. In case that you have a question about our current processors, do not hesitate to contact us for further information.
What countries do we transfer your personal data to?
By default, we seek not to transfer your personal data outside the EU and/or European Economic Area where not necessary, as our servers are located in Germany (EU). However, some of our business customers, sub-contractors or the above-mentioned recipients of personal data might be based or their servers might be located in the United States of America (U.S.) or elsewhere outside the EU/EEA (e.g. Canada). We utilise standard contractual clauses approved by the European Commission and rely on the European Commission's adequacy decisions about certain countries, as applicable, for data transfers from the EEA to the United States and other countries.
How long do we store your personal data?
We must not and we do not want to store your personal data for longer than necessary for the given purpose of processing. Due to this legal requirement but also due to technical and financial aspects of data storage we actively delete data where no longer necessary. Retention periods are either provisioned in respective laws or are set out by us in our internal policies or procedures. When processing of your personal data is based on a consent and you decide to withdraw your consent, we do not further process your personal data for the specific purpose. However, it does not exclude the possibility that we process your personal data on different legal basis especially due to our legal obligations. General retention periods for our purposes are as follows:
| Purpose | General Retention Period |
|---|---|
| Provision services | Duration of the contract, i.e., until you use the services |
| Development, improvement, testing | Duration of the contract, i.e., until you use the services |
| Security purposes | Duration of the contract, i.e., until you use the services |
| Direct marketing purposes (e.g., targeted advertising or newsletter) | Until the acceptance of the objection against processing or sign-out from the newsletter by the data subject |
| Statistical purposes | Duration of any other purposes |
| Scientific research purposes | Duration of any other purposes |
| Accounting & Tax purposes | 10 years |
| Performance of contracts | Duration of the contract plus 3 years |
| Payroll & personnel purposes | Duration of the employment contract, unless a longer period is required by law (e.g., 70 years of employee’s age) |
| Employment monitoring mechanisms | Duration of the monitoring mechanism |
| Publication of photos of employees, team, and supervisory board members | Duration of the relationship with the employee, team, or supervisory board member until the consent is revoked |
| Increasing online awareness about Mobilyze (e.g., via social media) | Generally during the term we use social network or media |
| Establishment, exercise or defense of legal claims | Duration of the court or off-court processing or settlement until the legal claim is settled or ceases to exist |
| Compliance with other legal obligations | As required to comply with various legal obligations (in Slovakia typically 2-10 years) |
| Archiving purposes | Duration of any other purposes or longer period if required by the Slovak act on archives or registries |
The above retention periods only specify the general periods during which personal data are processed for the specific purposes. However, we proceed to erasure or anonymization of personal data before the expiry of these general periods if we consider the personal data to be unnecessary in view of the abovementioned purposes. Conversely, in some specific situations, we may keep your personal data longer than stated above if it is required by law or our legitimate interest.
What rights do you have?
„You have the right to withdraw your consent at any time. You also have a right to object to any direct marketing processing of your personal data including profiling. You have right to object to any processing that is based on legitimate interest we rely on as described above. The same right is applicable on processing on legal ground of public interest that we do not currently rely on.”
In case of exercising the right, we will gladly demonstrate to you how we have evaluated these legitimate interests (including on behalf of our business customers) as compelling over the rights and freedoms of data subjects. The GDPR lays down general conditions for the exercise of your individual rights. However, their existence does not automatically mean that they will be accepted by us because in a particular case exception may apply. Some rights are linked to specific conditions that do not have to be met in every case. Your request for an enforcing specific right will always be dealt with and examined in terms of legal regulations and applicable exemptions.
Among others, you have:
▪ Right to request access to your personal data according to Article 15 of the GDPR. This right includes the right to confirm whether we process personal data about you, the right to access to personal data and the right to obtain a copy of the personal data we process about you if it is technically feasible.
▪ Right to rectification according to Article 16 of the GDPR, if we process incomplete or inaccurate personal data about you.
▪ Right to erasure of personal data according to the Article 17 GDPR;
▪ Right to restriction of processing according to the Article 18 GDPR;
▪ Right to data portability according to the Article 20 GDPR;
▪ Right to object according to the Article 21 GDPR;
▪ Right not to be subject to the automated individual decision making according to the Article 22 GDPR.
If you feel that we are processing incorrect personal data about you given the purpose and circumstances, you can request rectification of incorrect or incomplete personal data using our general contact details mentioned above. You have a right to lodge a complaint related to personal data to the relevant data protection supervisory authority or apply for judicial remedy. Please note that our competent data protection authority is the Office for Protection of Personal Data of the Slovak Republic (https://dataprotection.gov.sk/uoou/).
Do we process your personal data via automated means which produces legal effects concerning you?
No. We do not currently conduct processing operations that would lead to the decision which produces legal effects or similarly significantly affects concerning you based solely on automated processing of your personal data in light of Article 22 GDPR. However, we cannot rule out that such decisions are made by our business customers which remain responsible complying with Article 22 of the GDPR as a separate data controllers from us.
How we protect your personal data?
It is our obligation to protect your personal data in an appropriate manner and for this reason we focus on the questions related to protection of personal data. Mobilyze has implemented generally accepted technical and organizational standards to preserve the security of the processed personal data, especially taking into account the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. Where appropriate, we use encryption.
Social networks
Please read relevant privacy policies to better understand processing of your personal data by providers of social media platforms. We only have a typical admin control over the personal data processed by us via our own Mobilyze profile. We assume that by using these social media platforms, you understand that your personal data might be processed for other purposes and that your personal data might by transferred to other third countries and third parties by providers of social media platforms. We are not responsible for conduct of social networks providers but we do acknowledge our responsibility for protection of personal data when managing our accounts.
Minimum age
It does not fit into our goals and vision to provide our services to children and users younger than 16 years of age. In order to use our services you must be at least 21 years of age. From this reason, we do not give an option for younger users to provide us with their parent emails for verification.
Cookie Settings
What are cookies?
Cookies are small pieces of text sent by your web browser by a website you visit. A cookie file is stored in your web browser and allows the Service or a thirdparty to recognize you and make your next visit easier and the Service more useful to you. Cookies can be "persistent" or "session" cookies.
How we use cookies?
We do not use cookies and similar technologies on our website.
Changes to the Privacy Policy
Privacy is not a one-time issue for us. The information we give you with regard processing of personal data may change or cease to be up to date. From these reasons we may change this privacy policy from time to time by posting the most current privacy policy and its effective date on our website. In case we change this privacy policy substantially, we may bring such changes to your attention by explicit notice, on our websites or by email. We encourage you to review the privacy policy whenever you access or use the Services or otherwise interact with us to help protect your privacy.
Mobilyze s. r. o.
Bratislava, May 14, 2024.
