GDPR and Privacy Policy

PRIVACY POLICY – ONSINCH, S.R.O.

 

  1. HOW THE ONSINCH APP WORKS, ROLE OF ONSINCH

OnSinch, s.r.o., company ID: 242 74 330, with its registered seat at Příběnická 939/20, 130 00 Prague 3, registered in the Commercial Register maintained by the Municipal Court in Prague under the registration number C 199887 (hereinafter referred to as “OnSinch”) operates the OnSinch application, which is an all-in-one tool for project and workforce management with implemented CRM, planning, task management, reporting, finance and recruitment related functions (the "Application").

OnSinch provides the Application for use by the clients, who may customize its functionalities and interface to meet the needs of their business. OnSinch thus offers a digital tool as a product, which is then implemented and maintained in various forms and versions by individual clients, who insert their data into the Application and manage it in accordance with their needs. Clients allow their employees and business partners ("end users") to create user accounts in the Application and use it under the control of the client.

OnSinch cannot control the manner in which the Client interacts with the Application, nor can OnSinch control the data that is uploaded to the Application by or at the direction of the Client. OnSinch only provides technological support and oversees the smooth operation of the Application.

  1. ONSINCH AS THE CONTROLLER / PROCESSOR OF PERSONAL DATA

OnSinch as the data controller or processor of the personal data may be reached at the following contacts:

OnSinch has designated the Data protection officer:

OnSinch is considered a data controller in the following cases:

Controller of the clients’ personal data: OnSinch is the controller of personal data of clients who create a user account on www.onsinch.com website for the purposes of using the Application as the product of OnSinch or who, for this purpose, enter with OnSinch into contract negotiations.

Controller of the end-users’ personal data: OnSinch is the processor of personal data of end users who have initiated the registration process for the Application managed by the client. OnSinch is the controller of end users' personal data only during the end user's registration. Upon completing the registration, OnSinch transfers the data to the relevant client who operates his own customized version of the Application.

Controller of personal data of users of the website www.onsinch.com and of persons whose personal data is published on the website.

OnSinch is considered a personal data processor in the following cases:

 

Processor of personal data of end users who complete registration in the Application managed by the client and for whom the client subsequently maintains a user account in his version of the Application.

  1. ONSINCH AS A CONTROLLER – PURPOSES AND SCOPE OF DATA PROCESSING

Where OnSinch acts as the data controller, the following purposes of personal data processing apply:

A) Negotiations with clients regarding the conclusion of contract for use of the Application and the provision of a free demo version - those interested in using the Application for the needs of their business may contact OnSinch and enter into negotiations about the terms of the contract. For this purpose, OnSinch processes the following personal data of interested parties: first and last name, e-mail, telephone, organization, job title, ID number, VAT number, invoicing data, account number. The data is processed until the conclusion of the contract or for a period of 1 year from the end of the negotiations, shall the contract not be concluded.

B) Fulfillment of contract for use of the Application - upon conclusion of the contract, OnSinch processes the client's data for the purpose of proper fulfillment of the obligations stipulated in the contract (in particular, putting the application into operation for the client, providing support, solving Application related problems, invoicing, confidentiality) in the scope of: name and surname of the client or his representative, date of birth, organization, job title, ID number, VAT number, e-mail, telephone, bank account number, invoicing data. The data is processed for the duration of the contract, and subsequently for a period of 4 years after its termination to secure potential claims arising from the contract.

C) Handling requests and questions of third parties – anyone may contact OnSinch with a question or request through the web form or other contact published on OnSinch’s website. In such case, OnSinch processes data in the scope of first and last name, e-mail, telephone and other data provided by the third party in their inquiries for the purpose of processing such inquiries. The data is processed until the query is resolved and the communication is subsequently archived for 1 year to enable future reference between the parties.

D) Presentation of OnSinch and its services - for this purpose, OnSinch processes the personal data of third parties, usually in the scope of first and last name, organization, job title, contact and photos, especially in connection with presentation of OnSinch’s services and people of the company on the website, publishing references and case studies or publishing contact information for clients and potential customers.

E) Protection of the rights and claims of OnSinch – for this purpose, OnSinch processes the data of clients and other persons engaged in business relations in the scope of data provided in contracts or other data that is necessary for the effective enforcement of any claims of OnSinch arising from violations of contractual provisions or violation of legal regulations. The data is processed for the duration of the statute of limitations with a one-year reserve, i.e. usually 4 years from the occurrence of the violation or termination of contract.

F) Improving the OnSinch communication and push notifications - OnSinch company collects information about the activity of website users, including data obtained using cookies. Based on the collected data, OnSinch monitors statistics regarding the engagement of website users. Each user can change the cookie settings and manage their consent with data collection in their browser settings.

G) Newsletter –OnSinch processes the data of users subscribed to the newsletter in the scope of first and last name and email address, and only if the user has given consent to such processing. The user may revoke the consent at any time free of charge, by sending an email to the contact address of OnSinch or by clicking on the relevant link in the footer of the messages sent.

H) Allowing end users to register to the client’s Application using Facebook and Google tools – to facilitate the login and registration of end users to the client’s Application, the Application enables simplified registration and login of the end user using their existing profile on Facebook or Google services. In order for simplified login to be possible, the end user must actively choose such option and give the Application consent to access public data on the relevant profile and to transfer it to the client. If such consent is granted, OnSinch processes data in the scope of public data on the end user's profile (name and surname, email, profile photo) for the purpose of transferring them to the registration form in the client’s Application. Upon completing the registration, OnSinch does not process personal data as the controller. The client becomes the controller thereof and OnSinch remains mere processor carrying out the operation of storing data in the client's Application.

4. ONSINCH AS THE DATA PROCESSOR

OnSinch is a processor of personal data collected by individual clients during the course of operating the Application managed by them. Clients are thus controllers of personal data who determine the purposes and means of processing end users' data, while instructing OnSinch to carry out mere operation of storing collected data in the Application.

Under this mechanism, OnSinch does not have access to the content of the stored data and information and cannot influence their scope, content or format. The controller (client) with whom OnSinch has concluded a contract for the processing of personal data is responsible for fulfilling obligations imposed by GDPR on data controllers. OnSinch does not carry out any data processing operations other than the storage operation.

OnSinch has adopted the maximum standard of technical, organizational, security and other measures to prevent unauthorized or accidental access to data, change, destruction, loss or other unauthorized handling thereof.

OnSinch ensures that employees and other persons authorized to process data do so only to the extent and for the purpose of fulfilling the contract concluded with the client, all of this pursuant to applicable legal regulations. OnSinch takes professional care in fulfilling its obligations under the GDPR.

OnSinch, as a processor, may process data collected by the client only for the duration of the obligations arising from the contract for use of the Application or from the contract for the processing of personal data in accordance with GDPR.

  1. VOLUNTARY PROVISION OF PERSONAL DATA

Clients, end users and other third parties may voluntarily decide whether or not to provide personal data to OnSinch. However, provision thereof may be necessary for the use of certain services or for the use of OnSinch’s products. For example, it is not possible to allow the client to use the Application without knowledge and processing of his personal data, nor to allow the end user simplified registration without allowing access to his other existing profiles.

  1. LEGAL BASES FOR PROCESSING

Processing of personal data by OnSinch is based on the following statutory grounds for processing:

Performance of the contract

This ground for processing is used e.g. for processing data in the course of handling requests of clients or future clients, in the course of fulfillment of contractual obligations or terminating the contracts, during billing and invoicing OnSinch’s services or in connection with the maintenance of user accounts.

Fulfilling the OnSinch’s statutory obligations

This ground for processing applies where OnSinch is required to process certain data directly by law or other legal regulation - OnSinch thus compulsorily maintains accounting documentation, issues tax documents, processes the data of its employees, etc.

Legitimate interests

OnSinch's legitimate interests are:

  • interest in improving online services by collecting data about traffic, user engagement and users' devices;
  • interest in ensuring the proper provision of services in connection with the handling of inquiries, complaints or suggestions;
  • interest in the presentation of the company and its activities and publishing photos and videos on the web and other platforms;
  • interest in the protection of rights and claims in connection with the storage of contractual and other documentation, enabling the support of claims, rights or interests of the company

Consent of the data subject

The following processing operations may be carried out only upon provision of data subject’s consent with the processing:

  • Sending a newsletter;
  • Displaying push notifications;
  • Customization of website content using cookies;
  • Enabling simplified registration of end users to client’s Application;
  • Publishing personal data on the website in cases where legitimate interests do not apply.

Given consent may be revoked in writing at any time without penalty. Consent may be revoked by email sent to info@onsinch.com, by unsubscribing from the newsletter by clicking on the respective link in the footer of messages, or by changing browser settings or device settings regarding the collection of cookies and push notification preferences.

  1. RECIPIENTS OF PERSONAL DATA

OnSinch does not transfer processed personal data to unauthorized third parties. The transfer of personal data to third parties takes place only to the extent necessary for the proper provision of OnSinch’s services, and only on the basis of a contract or legal obligation. If such conditions are not met, OnSinch may transfer data to third parties only with the consent of the data subject.

OnSinch may transfer data to the following recipients:

  • The relevant client by whom the Application is operated in connection with enabling a simplified registration of end users (data from public profiles are entered into the registration form with the consent of the end user);
  • Google LLC (web analytics and online marketing tools);
  • Facebook Ireland Ltd. (online marketing tools);
  • Seznam.cz (tools for online marketing);
  • Mailchimp.com (newsletter tools);
  • External tech support service provider;
  • External data storage service provider;
  • External sales support provider;
  • External provider of accounting services;
  • External legal services provider.
  1. RIGHTS OF DATA SUBJECTS AND HOW TO EXERCISE THEM

In relation to their personal data, the data subject may exercise the following rights granted by Articles 15 to 22 of the GDPR:

  • The right to access personal data - i.e. the right to obtain information about the scope and nature of data processed by OnSinch and the right to obtain a copy thereof;
  • The right to correction of data in case those are inaccurate or incomplete;
  • The right to delete personal data if they are no longer needed for the specified purpose;
  • The right to restrict processing, i.e. the right to request that data be temporarily processed only by storage operation;
  • The right to data portability, i.e. transfer thereof to another controller, if possible;
  • The right to object to processing carried out on the basis of legitimate interests of OnSinch;
  • The right to revoke consent to the processing of personal data at any time without penalty.

You may exercise your rights by sending a written email request to info@onsinch.com, or by contacting the data protection officer on contact provided above in this policy. OnSinch may request additional information to identify the person making the request to secure that personal data are handled upon request of authorized party.

In the event that the data subject is not satisfied with the manner in which OnSinch enabled him to exercise his rights, a complaint may be filed with the relevant supervisory authority, in the Czech Republic: The Office for the Protection of Personal Data (www.uoou.cz).

  1. COOKIES

Cookies are tiny data files that are processed and stored in the user's browser when visiting websites. Upon collection, websites are able to remember user’s browser settings, and when the user visits the site again, the browser sends cookies back to that site. This way, the website may be customized in accordance with the user's preferences. Cookies are also used for the purpose of granting consent to targeted advertising.

The user may enter his cookie preferences by clicking on the bar that appears when visiting the site. The user's consent is not required to store the so-called necessary cookies, which are vital to ensure the basic functionality of the site, or so-called preference cookies, which are used to adjust the basic settings of the website. These cookies are automatically stored on the device. In the browser settings, consent to the storage of cookies may be revoked at any time.

The cookies used by third parties and the use of data obtained by means of them are governed by the privacy policies of the relevant third parties. These third parties may combine the information obtained through cookies with other information provided by the user or obtained as a result of the user engaging with their services.

  1. AMENDMENTS, VALIDITY AND EFFECT

OnSinch reserves the right to make changes or amendments to this privacy policy if necessary. OnSinch will inform users about significant changes thereof on its website.

This privacy policy is valid and effective as of 7/21/2023.