At Business Factory we, just like everybody else, process personal data of our customers and business partners. We are committed to protecting the privacy of visitors of our website, and our customers (hence also referred to as “Data Subjects”).
This Privacy Policy describes how we process personal data (information that can be used to directly or indirectly identify a Data Subject). It also lists Data Subjects’ choices regarding their rights such as access to their personal data or removal of such data.
1. Personal Data we collect
From visitors of our web pages we automatically collect data based on their web browsing activity, just like almost every other webpage. All such collected data is only processed for the purpose of analysis of our webpage effectivity and possible improvements, so that we are able to provide our visitors and customers with better service, and as such it is processed on the legal basis of our legitimate interests (point d of article 6, paragraph 1 of GDPR).
A wider range of data about browsing activity of our visitors may be collected so that we can get detailed statistics and more information about our visitor's preferences to improve our services and to target our marketing better. Such data, however, are collected only after we get our visitors consent to do so, therefore, in this case, the legal basis for processing of personal data is the consent (point a of article 6 paragraph 1 of GDPR).
Our visitors may contact us or request newsletters using forms on our website. Data provided in these forms will be used only to reply or send newsletters. This processing is based on data subject's consent (point a of article 6 paragraph 1 of GDPR).
We also collect and process data provided to us by the visitors directly in the process of them becoming our customers. This includes name, phone number, email, URL and other. This set of data is crucial for us entering into contract with the visitor, meaning it falls under the point b of article 6, paragraph 1 of GDPR (“contract processing”).
From our customers we only collect a little more - data about their activity inside the application. Such logs mostly won’t contain any personal data, though. Still it is worth mentioning that the logs also fall under above mentioned point b of article 6, paragraph 1 of GDPR.
None of the personal data mentioned above are sensitive (special categories of personal data).
The data is stored securely, i.e. behind firewalls and, where applicable, encrypted. We have taken multiple organizational and technical measures to make sure the data will be stored securely.
2. Disclosure of Personal Data
For the purposes stated in this Privacy Policy, Personal Data may be disclosed, when necessary, to authorities, other companies within the same group of companies as us, companies which the group cooperates with and to other third parties.
Personal Data may be transferred outside the European Union and the European Economic Area (“EU/EEA”), including but not limited to, the United States of America, China, Australia, Singapore and Argentina as well as other locations and jurisdictions in which we conduct our business. Such transfers outside the EU/EEA are performed subject to appropriate safeguards such as standard data protection clauses adopted or otherwise approved by the EU Commission in accordance with the GDPR.
3. Retention Period
We strive to retain Data Subjects’ data only for the period we need them. If a customer decides to stop working with us, we will only retain the customer’s personal data inside the application for 2 months. Logs about customers’ activities are automatically deleted even faster - within one month. If the processing of personal data is based on consent, we may process the data until the consent is withdrawn.
4. Data Subjects’ Rights
Data Subject has a right to request from us:
- access to and rectification or erasure of Data Subject’s Personal Data
- for restriction of processing concerning the Data Subject or to object to processing
- to receive, under certain preconditions, Data Subject’s Personal Data in a structured, commonly used and machine-readable format and to transmit those data to another controller
Data Subject may exercise the aforementioned rights by contacting our support or client partners. We shall endeavor to comply with legitimate requests by Data Subjects as quickly as possible.
5. Contact information
Data controller: Business Factory s. r. o. (VAT CZ28356624)
All contacts and inquiries related to this Privacy Policy should be addressed to info@openshop.io.