Principles of the Processing of Personal Data (hereinafter “the Principles”)
These principles govern the processing of personal data which the company VIRTUAL ZOOM s.r.o., ID: 26744333, having its registered office at Sokolovská 131/86, 186 00 Praha 8 (hereinafter “the Provider”)
performs for any user of the “ZOOM LETTER CRM” software (hereinafter “the User”) as the administrator of the processing of personal data of the User´s clients (hereinafter “the Clients”).
The processing of personal data by the Provider shall be performed upon instructions of the User, which the User as the administrator gives the Provider through the “ZOOM LETTER CRM” application (hereinafter “the Service”).
Subject matter of the processing, categories of data subjects, and personal data type
The subject matter of the processing is personal data of Customers which the User has input in the Service or which the Provider processes upon the User´s instruction, including, but not limited to,
identification data, address data, contact data, information about the Customer´s transactions with or in relation to the User, information on the Customer´s behavior on the web, content of messages
sent by the User to the Customer by means of the Service (hereinafter “the Message”), reactions of the Customer to received Messages, and any other data provided by the User to the Provider and concerning
the Customer (hereinafter “Personal Data”). The User shall always be the sole party to decide the scope of the processing of Personal Data of Customer in each specific case.
Nature, Purpose, and Means of the Processing
The Provider processes Personal Data using automatic means and statistical methods for the purpose of producing individualized Messages for Customers, sending them to the Customers, and evaluating
results of marketing campaigns. The User shall be solely responsible for the content of the Message and its compliance with relevant legal acts and regulations.
Time of Processing
The processing of Personal Data by the Provider shall be performed throughout the duration of the Agreement whereunder the Provider provides access to the Service for the User (hereinafter “the Agreement”).
The Provider undertakes to fulfil its Personal Data protection duties throughout the duration of the Agreement, unless provisions of the latter stipulate that such fulfilment shall survive the termination of the Agreement.
The Provider shall erase Personal Data when instructed to do so by the User, but in any case not later than 30 days since the Agreement ceases to be effective.
Representations and Duties of the User
The User hereby represents that it, in its capacity of the administrator of Personal Data of Customers and as of the date of signature of the Agreement, fulfils all its duties arising from legal acts
and regulations dealing with personal data protection, including, but not limited to:
- Processing of Personal Data on the basis of proper legal titles and having a valid legal title to process Personal Data of Customers for the purpose, in the extent, using the means, and in the manner
stipulated by the User with respect to the use of the Service;
- Informing Customers about the processing of Personal Data in the extent determined by legal acts and regulations dealing with personal data protection;
- Allowing Customers to exercise their rights in accordance with legal acts and regulations dealing with personal data protection;
- Liquidating Personal Data as soon as the purpose it has been processed for has ceased to exist;
- Fulfilling all other duties as set forth in legal acts and regulations dealing with personal data protection;
- Automatically transferring, via the Service interface and within 24 hours from receiving it, information about all cancellations of Customers´ consents with the processing of Personal Data and objections
against the processing of Personal Data, cancellations of Customers´ consent with the sending of Messages, and other circumstances which influence the possibility of processing of Personal Data of Customers
to the Provider, and always respecting such information;
- Adequately reacting, within 24 hours from receiving it, to the Provider´s information about cancellations of Customers´ consents with the processing of Personal Data and objections against the processing
of Personal Data, cancellations of Customers´ consent with the sending of Messages, and other circumstances which influence the possibility of processing of Personal Data of Customers according to the Agreement,
always respecting such information, and undertaking to fulfil the above duties throughout the duration of the Agreement. Annex No. 1 of the Principles contains general recommended instructions for the processing
of Personal Data by the User, and also represents the minimum level of the User´s duties insofar as the processing of Personal Data is concerned, which the User undertakes to comply with while using the Service.
If the Provider sustains any material or non-material damage as a result of the User´s failure to fulfil its duties arising from relevant legal acts and regulations dealing with personal data protection
or from the present Principles, the User hereby undertakes to compensate the Provider for such damage in full. The term “damage sustained by the Provider” as used herein shall denote, in particular:
(i) a compensation of any material or non-material damage or any other payments which the Provider is obliged to pay to Customers or third parties in connection with an infringement of any Personal Data
protection duty or obligation as set forth in relevant legal acts and regulations, and
- (ii) fines and other sanctions imposed by the Office for Personal Data Protection or another administrative authority, and compensations of all costs related to administrative or court proceedings (including
costs of legal representation incurred by the Provider).
General Principles of the Processing of Personal Data
Insofar as the processing of Personal Data is concerned, the Provider shall:
- process Personal Data solely on the basis of the User´s instructions submitted via the interface of the Services or any other means, including those concerning transfers of Personal Data to a third country
or an international organization, unless the Provider is already required to do so by EU legislation or by laws of an EU member state which apply to the Provider; in such cases, the Provider shall notify
the User of such legal requirement prior to processing the data, unless the relevant legislation forbids such notification on the grounds of essential reasons of public interest;
- refrain from processing the Personal Data acquired for the purpose of providing the Services for its own purposes
- make sure that the personnel whom it uses to process Personal Data undertake to abide by principles of confidentiality or are committed to comply with legal requirements applying to confidentiality;
- not involve any additional personnel in the processing of Personal Data without a prior specific or general written approval of the User;
- take the nature of the processing of Personal Data into account;
- if requested, assist the User, by taking appropriate technical and/or organizational measures, in fulfilling the latter´s duty to react to requests of Customers demanding to exercise their rights, if possible;
- if requested, assist the User in fulfilling the latter´s duty to guarantee the security/protection level of the processing of Personal Data, report cases of infringements of security of Personal Data
to the supervisory authority and potentially also to Customers, assess factors that may influence the protection/security level, and implement results of consultations with the supervisory authority,
taking into account the nature of the processing, the Provider´s technical and organizational possibilities, and information available to the Provider;
- in accordance with the User´s decision, either erases all Personal Data, or return the database of Personal Data in an agreed form to the User when the provision of Services connected with the processing
of Personal Data has been terminated and erase all existing copies thereof, unless a legal act or regulation requires the Provider to preserve such Personal Data.
- upon the User´s request, provide all information needed to prove compliance with the duties stipulated in the Principles to the User, and enable, subject to a prior agreement with the User,
to perform audits, including inspections conducted by the User or another auditor whom the User has appointed, and contribute to such audits, in respect whereof all activities of the Provider
falling as described above shall
be provided to the User for a consideration the amount of which shall be determined in accordance with prices of consultation support services in the current Price List of the Provider available upon request.
Insofar as the processing of Personal Data is concerned, the Provider shall maintain records on all categories of processing activities and operations performed for the User, which shall contain:
- name and contact information of the Provider, the User, the User´s or Provider´s representatives, if any, and the appointee responsible for personal data protection/security;
- categories of the processing performed for the User;
- a general description of technical and organization security measures implemented to protect Personal Data.
The Provider undertakes to make the records referred to above available to the User upon the latter´s written request.