Personal data processing principles
The company FreshFlow Systems s.r.o., with registered office at Pražská 636, 252 41 Dolní Břežany, ID No.: 24299057, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 194216 (hereinafter referred to as the „Administrator“), operator of the freshflow.cz website, available at https://www.freshflow. cz (hereinafter referred to as the “Website“) and the FreshFlow mobile application (hereinafter referred to as the „Application“) declares that all personal data processed is considered strictly confidential and is treated in accordance with applicable data protection legislation. Through the Application and the Website, the Provider offers the User the use of the Software. The Provider is the processor in relation to the personal data of the Collaborators and the User’s clients and the User is the controller of such personal data. The Provider is the data controller in relation to the User’s personal data.
For the purposes of this Personal Data Processing Policy (“Policy“), the following terms shall have the following meanings:
Personal data are any characteristics that identify and distinguish a person. These include, for example, name, surname, birth number, date of birth, age, gender, address, telephone, email, personal status and citizenship.
Processing of personal data includes, but is not limited to, collection, storage on a medium, disclosure, adaptation or alteration, retrieval, use, transmission, dissemination, disclosure, storage, exchange, classification or combination, blocking and destruction.
Controller means the person who determines the purposes and means of the processing of personal data.
Processor means a person who processes personal data for the controller in accordance with the controller’s instructions.
User is a person using services provided by the Administrator.
Collaborator is a contractual partner of the User.
Regulation means Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also known as GDPR.
The Controller is the controller of personal data in relation to all services provided through the Website and the Application, but only to the extent of personal data entered when creating an account in the Application or on the Website. In the event that the User, as a data subject, establishes an account in the Application or on the Website and further provides access to the Application or the Website to Collaborators, the User and not the Administrator shall be the data controller of their data. The Data Controller manages the personal data either directly or through its subcontractors of each service, but in all cases it is responsible to the respective data subject as if it were processing the personal data itself. The Controller has not appointed a data protection officer.
For all matters relating to the processing of your personal data or the exercise of your rights under the Regulation, you may contact the contact email address email@example.com
II. Personal data processed
Scope of personal data processed:
- Identification data (name, surname, ID number, VAT number),
- contact details (e-mail, address, telephone number),
- IP address.
The Controller then processes the aforementioned personal data provided when setting up an account in the Application or on the Website and not the personal data that the User further fills in the Application itself or on the Website during user use. The entity that enters the personal data into the Application or the Website is fully responsible for the compliance of this entry with the relevant legal regulations (the User is the controller of this data, determines the purpose of its processing, storage period, etc.). At the same time, this User is fully responsible in relation to the subject whose personal data is involved.
We store your communication with customer support and data communication via the web chat window and the associated data for a period of 6 months, in order to provide the necessary information about the transaction, internal control and the necessary protection of the Provider’s rights.
III. Purposes of the processing of personal data
The purpose of the processing of your personal data is to fulfil the contractual obligation of the Administrator to provide you with an electronic service in the form of setting up an account on the Application or on the Website, which will be marked with your name and surname, email address and, where applicable, the password you choose. The electronic service in the form of account creation is provided free of charge for an unlimited period of time, provided that you may cancel your account at any time and without giving any reason by sending a written request to firstname.lastname@example.org. Other purposes of processing are to improve the quality of the services provided, to improve the security of the services provided, for accounting and tax purposes and to comply with legal obligations.
IV. Retention period and recipients of personal data
Your personal data is processed and stored for the period of registration of your account and for 5 years after its termination. In case you consent to receive commercial communications, the Controller will continue to process your personal data for the purpose of sending commercial communications until you will revoke your consent and/or you will cancel your account.
Your personal data will not be passed on to any third parties, except for IT specialists providing the operation of the Website and the Application, marketing analysis and e-mailing and users with whom you communicate via the Website and the Application (within the scope of name, surname, telephone number, e-mail). Since the Website and Application use services provided by providers located in the USA, your personal data maybe transferred to the USA. In such case the relevant transfer of data takes place on the basis of standard contractual clauses issued by the European Commission, which we concluded with the relevant service providers / third parties, and also on the basis of your consent.
V. Rights of data subjects
In connection with the processing of your personal data by the Controller, you have the following rights, which you can exercise at any time:
The right to request access to your personal data, i.e. your right to obtain, upon your request, information (confirmation) as to whether or not your personal data is being processed. If your personal data is processed, you have the right to access this personal data and you also have the right to obtain the following information:
- a) the purposes of the processing;
- b) the categories of personal data concerned;
- c) the recipients or categories of recipients to whom your personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- d) the intended period of time for which your personal data will be stored or, if this cannot be determined, the criteria used to determine this period;
- e) the existence of the right to request the Controller to rectify or erase your personal data or to restrict their processing or to object to such processing;
- f) any available information about the source of the personal data, unless the Controller has obtained it from you;
- g) the fact that automated decision-making, including profiling, referred to in Article 22 (1) and (4) of the Regulation is taking place and, at least in these cases, meaningful information concerning the procedure used as well as the significance and foreseeable consequences of such processing for you.
The right to have your personal data rectified, i.e. the right to have inaccurate personal data concerning you rectified by the Controller without undue delay; you also have the right to have incomplete personal data completed, including by providing an additional declaration.
The right to request the erasure of your personal data, i.e. the right to have the Controller erase the personal data concerning you without undue delay if one of the following reasons applies
- a) your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- b) you withdraw the consent on the basis of which your personal data was processed and there is no further legal basis for processing it;
- c) you object to the processing of your personal data pursuant to Article 21(1) of the Regulation and there are no overriding legitimate grounds for processing pursuant to Article 21(2) of the Regulation;
- d) your personal data have been unlawfully processed;
- e) your personal data must be erased to comply with a legal obligation under European Union or Member State law to which the Controller is subject;
- f) your personal data have been collected in connection with the offer of information society services pursuant to Article 8( 1. ) Regulation.
The right to restrict the processing of your personal data, i.e. the right to have the Controller restrict the processing of your personal data, in any of the following cases:
- a) if you contest the accuracy of your personal data, for the time necessary to allow the Controller to verify the accuracy of your personal data;
- b) the processing is unlawful and you refuse to erase your personal data and instead request a restriction on the use of your personal data;
- c) where the Controller no longer needs your personal data for the purposes of processing but you require it for the establishment, exercise or defence of legal claims;
- d) if you object to the processing of your personal data pursuant to Article 21(1) of the Regulation until it is verified that the legitimate grounds of the Controller outweigh your legitimate grounds.
The right to the portability of your personal data, i.e. the right to obtain the personal data relating to you that you have provided to the Controller in a structured, commonly used and machine-readable format, and the right to transmit that data to another controller without hindrance from the Controller, if:
- a) the processing is based on consent pursuant to Article 6(1)(a) of the Regulation or Article 9(2)(a) of the Regulation or on a contract pursuant to Article 6(1)(b) of the Regulation; and
- b) the processing is carried out by automated means.
In exercising your right to data portability, you have the right to have your personal data transferred directly by the Controller to the other Controller, if technically feasible.
The right to object, that is, the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data which is processed on the basis of legal grounds:
– the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
– the processing is necessary for the purposes of the legitimate interests of the controller or third party concerned.
If you object to the processing of your personal data, the Controller will no longer process your personal data unless it demonstrates compelling legitimate grounds for processing which override your interests or rights and freedoms or for the establishment, exercise or defence of legal claims.
The right to lodge a complaint with the supervisory authority,the Office for Personal Data Protection, at Pplk. Sochora 27, 170 00 Prague 7, official website: https://www.uoou.cz.
In exercising your rights, please contact us by e-mail at email@example.com by telephone at: +420 or by letter to the address of the Administrator’s registered office.
The user is under no obligation to provide personal data. However, the provision of personal data is a necessary requirement for the conclusion and performance of the contract and without the provision of personal data it is not possible to conclude the contract or its performance by the Provider.
VI. Collection of operational and other data
In addition to the personal data described above, the Controller also collects and processes other data on the basis of which the users of the Website and/or the Application (whether registered and/or unregistered) cannot be identified in any way (“Other Data”).
This Other Data is used to send notifications to the device in question and to facilitate the correction of errors in the code of the Application and/or the Website. In particular:
- device ID (UDID)
- date and time of first access
- date and time of last login
- platform (Android/iOS)
- device model
- mobile app version.
We also collect analytics data and information about the use of the App/Website. Here, this data includes in particular:
- related to the frequency of visits to a particular section,
- the number of “clicks” on a certain button of the Website / App.
This data is anonymous from the outset, it is used purely to identify potential problems and errors in the Application (Website) and to improve it for a more comfortable and smoother user experience.
All such other data is retained indefinitely. The User does not have the ability to view this data, nor does the User have the ability to delete this data. If the user uninstalls and reinstalls the application, new data is generated.
This policy is effective as of 1 October 2021.
Start using FreshFlow today
It is free for individual users:
All you need is your email address