Privacy Policy

Before signing up for the COSTLOCKER Service (hereinafter the “Service”) you are required to acquaint yourself with the Terms of Service (hereinafter the “Terms”) and the Privacy Policy (hereinafter the “Policy”). By clicking the signup button and using the Service, you agree to these Terms and personal data processing in accordance with the Policy and you undertake to comply therewith.

Personal Data and Service Provision

You acknowledge that your personal data, including your name, company information, e-mail address, login credentials, user role and country may be processed by the Provider (COSTLOCKER SE, with its registered office at Bořivojova 878/35, Žižkov, 130 00 Prague 3, Czech Republic, ID No.: 01434641) as a data controller for the purpose of fulfilment of a contract, particularly to set up and maintain your user account and ensure functionalities of the Service;

your personal data, including your name, company information, e-mail address, user role, country and other personal data entered by you into the Service, particularly information about your working time, wage or other remuneration, may be processed by the Owner as a data controller for the purposes of tracking working time and managing costs and also that the whole scope of this personal data may be collected and otherwise processed for the Owner by the Provider as an appointed data processor;

the Provider, as a data controller, may use your e-mail address and its details it has obtained, in the course of registration, to send you direct marketing communications regarding the Service and its features. Your e-mail may be used by the Provider until you opt out. You can opt out at any time by clicking on the “unsubscribe” link in the respective e-mail or by another action described therein. All personal data categories mentioned above in this section can be hereinafter referred to as “Personal data”. The Personal data will be processed by the Provider for the purpose of service provision until you delete it or until you or the Provider will terminate the Agreement.

Recipients and Transfers to Third Countries

The Provider may appoint third parties (data processors) to perform some of the personal data processing operations, however only for the purposes specified in this Policy, on a basis of written agreement and under statutory conditions.

Sharing your Personal Data with other users of the Service is completely under your control. You acknowledge, that data processors being used by the Provider include:
Google Commerce Limited, 70 Sir John Rogerson's Quay, 2 Dublin, Ireland
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Intercom Inc., 55 Second Street, Suite 400, San Francisco, CA 94105, USA
DigitalOcean, LLC, 101 Avenue of the Americas, New York, New York 10013, USA

Transfer of personal data is carried out on the basis of appropriate safeguards, in the form of standard clauses, and in the case of any transfer to USA under „Privacy Shield“ certification (https://www.privacyshield.gov). We maintain reasonable and appropriate security measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. Personal data are being processed by the Provider by automatic means and stored in an electronic form in data centers located in the EU and USA. All registration and login procedures take place through a secure HTTPS protocol using 128-bit or 256-bit encryption. The SSL certificate Let’s Encrypt is provided by Internet Security Research Group, 1 Letterman Drive, Suite D4700, San Francisco, CA 94129, USA.

Your Rights

You acknowledge that in relation to the personal data processing you have the right to access your personal data. If you find or presume that the Provider or any of data processors is carrying out processing of your personal data which is in contradiction with the protection of your private and personal life or with the law, you are entitled to contact them with a complaint concerning the processing of your personal data and ask for explanation and/or require them to remedy the arisen state of affairs, in particular by blocking, rectification, supplementing or liquidation of your personal data.

You acknowledge that you have also right to object, on grounds relating to your particular situation, to processing based on legitimate interest (service improvement and development), including profiling. You furthermore acknowledge that you have also right to object to processing for direct marketing purposes, in which case, when you object to processing, the Provider will no longer process your personal data for the direct marketing purposes.

You acknowledge that you have the right to receive your personal data, which you have provided to the Provider, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the Provider. In exercising this right, you have the right to have your personal data transmitted directly from the Provider to another controller, where technically feasible.

You acknowledge that you can also contact directly the Office for Personal Data Protection of the Czech Republic with your complaint (www.uoou.cz).

Commercial communications of our partners

You agree, pursuant to the Act No. 480/2004 Coll., on certain Information Society Services, that Provider may use the details of your electronic contact details (e-mail address) to send you commercial offers and communications related to the Service or services of its business partners. This consent may be withdrawn at any time by unsubscribing from the newsletter in the way specified in the particular commercial communication.

Technical and anonymous data

You agree that for a purpose of ensuring the Service quality, increasing user comfort and further analysis and development of the Service, Provider may use its own technical means and 3rd party tools to acquire information on Service use and user activities (hereinafter referred to as “technical and anonymous data”). You acknowledge that the technical and anonymous data being processed through third party tools can be disclosed to such third party, including outside the territory of the EU.
Technical and anonymous data shall include particularly:

Cookies and other information stored on the side of the User. Cookies are text strings stored in web browser memory on User’s computer. Cookies can be disabled or the cookies already received can be deleted by changing web browser settings (examples of browser setting are available on internet e.g. at https://www.aboutcookies.org/how-to-control-cookies/). The User shall be entitled to reject receiving cookies, however, such rejection may cause deterioration in user comfort and restriction to some Service functions.

General information on using the Service such as the IP address type, browser type, login and logout time, incoming and outgoing URL address etc., or anonymous data on the extent and the method of Service use by users. Anonymous data shall be deemed to constitute data which cannot be linked to a specific User whether in the original form or after the processing had been carried out.

Third Party Tools

For the purposes of processing traffic statistics, Provider uses the Google Analytics tool and Adwords tools, services provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, California, United States (hereinafter “Google”). Google Analytics also uses cookies. The information on using the Service generated by the cookies file is in this case transmitted and stored on Google servers in the United States. Google shall use this information for the purposes of evaluating the use of COSTLOCKER Service and creating reports on user activity intended for the Provider and for providing other services relating to activities on the website and using Internet in general. Google is entitled to provide this information to the third party if required by law or in cases when such third party processes the information for Google. Google shall not link the User IP address with any other data which it has available. By using this website, you consent to processing data by Google in the manner and for the purposes set out above. To restrict Google Analytics, users can use the Google Analytics opt-out tool available on https://tools.google.com/dlpage/gaoptout?hl=en. This tool must be installed as extension to the Internet browser. Users can set up their advertising preferences for Google AdWords using the ad preferences tool.

For the purpose of improving quality of the Service, Provider uses during the User’s trial period Hotjar analytic tool, service provided by Hotjar Ltd., Level 2 St Julians Business Centre, 3, Elia Zammit Street St Julians STJ 1000, Malta, Europe, which helps to analyse how Users behave on the COSTLOCKER website. Hotjar collects anonymized IP address of the User and other technical and anonymous data such as screen size or browser information. This data does not constitute personal data and Hotjar does not further disclose it to any third parties. For more information on how Hotjar handles the collected data please refer to https://www.hotjar.com/privacy. To restrict Hotjar from data collection, Users can use the opt-out tool available on https://www.hotjar.com/opt-out.

For improving quality of the Service, Provider uses Intercom Int., 55 Second Street, Suite 400, San Francisco, CA 94105, USA (Intercom) services, which helps to understand how Users use the Service and COSTLOCKER website. Intercom collects, and further processes, limited amount of your information (such as sign-up date and some personal information like your email address) for analytics purposes when you visit COSTLOCKER or use the Service. As a data processor acting on Provider’s behalf, Intercom analyzes usage of the COSTLOCKER website and the Service by way of cookies and similar technologies. For more information on Intercom's use of cookies, please visit https://www.intercom.com/terms-and-policies#cookie-policy. Provider uses Intercom as a medium for communications, either through email, or through messages within COSTLOCKER. As part of the service, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles and physical addresses, to enhance your user experience. For more information on the privacy practices of Intercom, please visit https://www.intercom.com/terms-and-policies#privacy. If you would like to opt out of having this information collected by or submitted to Intercom, please contact us at privacy@costlocker.com.

Final Provision

This Policy shall be governed by the laws of the Czech Republic and Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR). This Policy shall constitute an integral part of the Terms. Legal terms, definitions, designations and names shall have the meaning or shall be construed in accordance with applicable provisions of the Terms of Service. This Policy shall enter into effect upon publication on the COSTLOCKER website. If you have any queries relating to the protection and security of your data, please contact us at privacy@costlocker.com.

Privacy Policy, version 4.0. Published on May 24th, 2018. 

Provider:
Costlocker SE, ID No.: 01434641
Bořivojova 878/35
Prague, Czech Republic