Lektory

Personal Data Processing Policy

26. 4. 2024

Please read the Lektory privacy policy.

  1. What are these conditions for?
    1. Our cooperation. We have entered into an agreement with you regarding the terms and conditions of use of the Lektory.app (“Agreement“). In connection with the Agreement, we may in certain cases process personal data of your employees, persons acting on behalf of your company (e.g. the CEO) and other collaborators (lecturers and event coordinators, administrators of the App). In this document, for simplicity, we refer to everyone as “Employees“. At the same time, we also process personal data of your customers – participants of the Events who enter data into the booking system. We call them “Customers” for simplicity.
    2. What do the terms and conditions cover? These terms and conditions serve as a contract for the processing of personal data which must be concluded between the data controller and the data processor pursuant to Article 28 of Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR“).
    3. The scheme of these terms and conditions. These Terms are either an attachment to the Lektory.app Terms of Use, which form the content of our Agreement, or an attachment to a separate Agreement that we negotiate and enter into individually. By agreeing to the Terms of Use or signing a separate Agreement, you acknowledge and agree to these Terms. We must agree on other rules for the processing of personal data.
    4. What roles do we have? You are normally the data controller. In the course of your activities, you process the personal data of Employees and Customers. We are normally the processor of that personal data. This means that, based on these Terms and your instructions, we will process certain personal data for you in connection with your use of the App.
    5. When are we the controller? We may be the controller in relation to certain personal data of your Employees. You can find out more in the Personal Data Processing Policy document available here.
    6. Our Credentials. You, as the controller, authorise us to process your personal data in accordance with this policy in accordance with Article 28 of the GDPR.
    7. Terms. Capitalized terms used in these Terms have the same meaning as in the Lektory.app Terms of Use or our individual Agreement.
  2. How do we access personal data? And why do we process it?
    1. Employee Personal Data. In the course of our business, we process Employee Personal Data for you. We can access this personal data in two ways:
      1. By the Employee’s use of the Application. In order for an Employee to have an account on the Application, we must have their personal data and set up an account for them (or we can access this data when you set up an account for them and thereby store the personal data on the Application);
      2. By communicating with the Employee. We also process the Employee’s Personal Data if they communicate with us in any way in relation to the Application (e.g. support requests and other queries).
    2. Specific Employee Data. In order for an Employee to use the Application, we need at least the following personal data:
      1. Identifying Information (especially first and last name);
      2. Contact details (especially email);
      3. Employee’s employment details (e.g. job title, relationship with you);
      4. Other information that you or the Employee provide to us in the Application or in communications with each other.
    3. Purpose of Processing. We may process Employee Personal Data for the following purposes:
      1. To enable you to use the Application. In order for an Employee to use the Application, we must have their personal data. In order to use the Application, each Employee authorized by you must have a user account. This will allow the Employee to log into the Application, as well as allow the Employee (e.g. a tutor) to keep track of the Actions taken and to perform other actions.
      2. Communication with Us. If an Employee contacts Us, for example with a query about the Application, We need to know their identity so that We can advise them. The same applies if any of the Authorised Employees need to contact Us in connection with the Application and Our services.
    4. Do we really need personal data? Yes, in order to enable Employees to use the App, their personal data is necessary for us to do so.
    5. Customer Personal Data. In addition to Employees’ personal data, we also process your Customers’ personal data. It is up to you which data you request from Customers in the booking form. We will process personal data accordingly. As a rule, this will be the following personal data:
      1. Identification data (especially name and surname);
      2. Contact details (e.g. email, telephone number);
      3. Address data (address);
      4. Data relevant to the Event (e.g. employment, studies);
      5. Details of the Customer’s previous registrations for your Events;
      6. Other information that you or the Customer provide to us on the Application or in communications with each other.
    6. Purpose of Processing. We may process Customer Personal Data for the following purposes:
      1. To enable you to use the App. In order for Customers to register for your Promotion (complete the registration form), they must enter personal data into the Application. We then have access to them. Without this, it would not be possible to accept their registration for the Event, record it and allow them to manage it (change, cancel it).
      2. Protection against Application overload and attacks. We may temporarily process the IP address of the device from which the Customer accesses the Application. The reason for this processing is to possibly prevent overloading of the Application and DDoS or other attacks on the Application and to be able to block a certain IP address.
    7. On the other hand, what data do we not process? If you will have the Application connected to a payment gateway, we do not process personal data related to the payment of Customers for the Promotion. Furthermore, we do not process special categories of personal data (Article 9 GDPR) that tell about racial or ethnic origin, political opinions, religious beliefs, etc. You therefore undertake not to transmit such personal data to us.
    8. Personal data of minors. Customers may also enter personal information of minors into the Application (e.g., if they register minors for Events). As a controller, you undertake to adequately inform Customers about the processing of personal data of minors.
  3. How do we process personal data?
    1. Nature of the processing of personal data. The processing of personal data on our part may be in the nature of collecting, recording, storing on information carriers, sorting, transmitting and storing, as well as other nature necessary for the performance of the Contract, by automated and, where applicable, manual means, so that these activities correspond to the purpose of the processing of personal data.
    2. What are you responsible for? You are responsible for ensuring that the personal data provided to us is processed in accordance with the GDPR and Act No. 110/2019 Coll. on the processing of personal data. Please do not provide us with personal data that does not comply with this. You also determine what personal data we process, for how long and why.
    3. What are we responsible for? We are responsible for complying with these terms and conditions and your instructions, and we will also only process personal data in accordance with these legal provisions.
    4. Instructions. The processing of personal data is based on your instructions as the controller. The main processing instructions are these Terms, the Agreement and, where applicable, directly the activities that Employees carry out on the Application. If You wish to give Us further instructions on the processing of personal data, You can email Us at info@lektory.app. If We determine that your instruction violates the law, We will notify You promptly. If You persist with this instruction or fail to rectify the situation, We may terminate the Agreement if appropriate.
  4. What other information should you know?
    1. How long will we process personal data? We will process the personal data of Employees and Customers for the duration of the Contract, unless otherwise stated elsewhere in these terms and conditions. We will also comply with paragraph 4.2.
    2. What happens to the data after the end of the cooperation? You can download the Customer Data in a machine-readable format within 15 days of the end of the Contract. For our part, we will demonstrably delete all personal data from the Application and all storage facilities no later than 60 days after the end of the processing period, unless we are required or permitted by law to continue to process certain data (our legal obligation or legitimate interest).
    3. Storage location. We store all personal data on servers in the Czech Republic or other EU countries.
    4. Security measures. We undertake to take the necessary technical, organisational and other necessary measures to ensure the protection of personal data. Our goal is, of course, to prevent unauthorized or accidental access, alteration, destruction, loss, unauthorized transfer or other misuse of personal data.
    5. Do we transfer personal data to anyone else? We generally do not use other processors in the processing of personal data, except for colleagues who are involved in the provision of our services and are not our employees (self-employed contractors). The scope of these individuals may change from time to time and we will provide you with an up-to-date list of them on request.
    6. Transmission of Personal Data. In the future, we may use suppliers who may have access to personal data (other data processors). This may include, for example, providers of cloud and other storage or other software needed to provide the Application. You give Us general permission to engage these suppliers. We will notify You of any changes, whether it is to accept new processors or to replace them. You may object in any way within 14 days of such notification. However, you undertake not to object without good reason.
    7. Obligations of the additional processor. If we engage an additional processor, we will bind them to at least the same obligations as set out in these Terms. We will require him or her to comply with the GDPR and to protect the personal data we transfer using sufficient security measures.
    8. Our assistance to you. We will assist you in complying with your obligations under Articles 32 to 36 of the GDPR in relation to Employees and Customers, taking into account the information available to us.
    9. What if a Customer contacts us directly? If a Customer contacts us with a request to exercise their rights relating to data protection, we will pass this request on to you and assist you to resolve it.
    10. Silence. We will maintain confidentiality of all personal data and other facts of which we become aware during the processing of personal data. We will only handle them to the extent and to the extent necessary to fulfil the Agreement, these Terms and Conditions and the stated purposes of the processing.
    11. Silence of our employees. Our employees and associates are properly trained to handle personal data and will maintain the confidentiality and secrecy of personal data and comply with all measures required by Article 32 of the GDPR regarding the security of personal data entrusted to us for processing.
    12. Audits. At your request, we will provide you with any information necessary to demonstrate that the obligations set out in Article 28 of the GDPR have been met. We will allow you or a third party to audit to a reasonable extent, upon at least 15 working days’ prior written notice. You will be responsible for the cost of the audit. You are also obliged to maintain confidentiality regarding any information discovered as part of the audit relating to our company, in particular our security policies and standards. You are obliged to the same extent to third parties commissioned by you to carry out the audit.
    13. Steps to secure personal information. In order to comply with our obligations, taking into account the state of the art, the cost of implementation, the nature, scope, context and purposes of the processing, as well as the differently likely and differently serious risks to the rights and freedoms of natural persons, we undertake to secure the processing of data in at least the following ways:
      1. We use secure storage and access to our systems and yours, where access will be known only to the necessary range of our employees and associates;
      2. we use secure access to administration or other databases of personal data;
      3. we use software and services for processing personal data that meet standard requirements for data security;
      4. we do not make copies of the personal data database without your prior consent, except for necessary technical backups;
      5. we use appropriate means of security, such as encryption or other appropriate and necessary means, always depending on the specific transaction and data;
      6. we will not allow third parties access to personal data unless such access is approved in writing by you or is implied by the Agreement;
      7. we process personal data in the form in which it was provided to us by you;
      8. we only process personal data for the purposes set out in these terms and conditions and to the extent necessary to fulfil those purposes.
    14. Security Incident Notification. If we become aware that there has been a security incident and personal data breach in the provision of our services and handling of personal data on our end, we will notify you without undue delay.
  5. What to say in conclusion?
    1. Changes to the Terms. If we change the Terms, we will notify you in advance of the change. If you believe that the change would result in a breach of the GDPR or other laws, please tell us. You are entitled to reject such a change and we will make the necessary adjustments to remedy the situation.
    2. Without entitlement to remuneration. Our activities under these terms and conditions are gratuitous.
    3. Effectiveness of the Terms. These Terms become effective for you upon approval of the Terms of Use or signing of a separate Agreement. However, we will follow them before then if we provide any services to you before then.

These Terms are effective as of March 1, 2024.