of RAYNET s.r.o., Company ID No.: 26843820, with the registered office at Hlavní třída 6078/13, Poruba, 708 00 Ostrava, Czech Republic, represented by Ing. Aleš Seifert and Ing. Jaroslav Bazala, Managing Directors, registered in the Commercial Register maintained by the Regional Court in Ostrava, File No. C 28180 (hereinafter “we/us”, the “Controller” or “RAYNET”).We take the protection of personal data very seriously. This Privacy Policy will tell you for what purpose, for what reason and how we process your Personal Data. The Policy also provides information on your rights in relation to the protection of personal data.If you have any further questions regarding the processing of your Personal Data, please do not hesitate to contact us atdpo@raynetcrm.comor by mail at our registered office.Data Protection Officer. To ensure compliance with the requirements for the protection of personal data, we regularly consult our Data Protection Officer on the protection of Personal Data.
    1. To make the text easier to navigate, we will make your reading experience easier with several terms we use in this Privacy Policy:
      Applicationis the RAYNET CRM software application through which the Service is provided; this Application may also be in the form of a Mobile App;
      GDPRRegulation (EU) 2016/679 of the EU Parliament and of the Council;
      PDPAPersonal Data Protection Act of 2012 in force and effect in Singapore;
      CCPACalifornia Consumer Protection Act of 2018;
      EEAEuropean Economic Area;
      Mobile Appis RAYNET CRM for phones, which Users can download to use our Services on a mobile phone, and which can be downloaded at:https://raynetcrm.com/mobile-crm/;
      Commercial Communicationusually an email or text message sent to promote our services;
      Personal Dataany information about the User that can directly or indirectly identify them;
      Servicethe RAYNET CRM software Application for Customer Relationship Management operated by RAYNET for the purpose of providing services consisting in the mediation of the connection between the Applications (or transfer of data between them) selected by the User for a fee, as well as in the display and transfer of data from public sources and specialized databases to target Applications;
      Agreementthe Service Agreement governed by theRAYNET Terms of Service, concluded between us and the registered User, or an agreement under individually negotiated terms;
      Data Subjecta private individual who can be directly or indirectly identified based on Personal Data;
      User / youthe private individual to whom the Personal Data is related, most commonly a customer (a person who has signed the Agreement with us and a person who has set up a user account and is provided with the Service as a result), a potential customer, or user of our website who is just browsing it;
      Controllerthe entity (in relation to your Personal Data, such entity is us) which individually or jointly with other entities determines the purposes and means of Personal Data processing;
      Processorwe use other entities, for example, to provide us with secure data storage or to send you a newsletter. During this cooperation, such entities may process the Personal Data you have provided to us;
      Personal Data Processingin simple terms, this means any handling of Personal Data – whether storing, disclosing, deleting or changing it;
      Special Categories of Personal Datadata that we understand to be the most sensitive. For example, such data includes your ethnicity, sexual orientation, membership in trade unions, health information or your religious beliefs. Genetic and biometric data is also considered a special category of personal data if it is processed for the purpose of uniquely identifying a private individual. We do not process such Personal Data.
      If you encounter other terms in this document not specified above, such terms then have a meaning defined in theRAYNET Terms of Service.Users in Singapore. If you reside in Singapore, the terms used in this Policy such as “Data Subject”, “Controller” and “Processor” correspond to the terms “Individual”, “Organization” and “Data Intermediary” used under the PDPA.Users in California. If you are located in the state of California, the terms “Personal Data”, “Data Subject”, “Controller” and “Processor” used in this Policy correspond to the terms “Personal Information”, “Consumer”, “Business” and “Service Provider” under the CCPA. In connection with the CCPA, we also state that we do not sell, rent or otherwise disclose your Personal Information for financial or other consideration under any circumstances. Should we disclose your Personal Information to a third party in any way, we do so in order to provide our Services or to comply with our legal obligations and in accordance with this Policy.
    2. Your privacy is our priority. That’s why we only request the Personal Data that is strictly necessary for the provision of our Services. Our Services comply with the standards required by the GDPR. If you entrust your data to us, we undertake to handle it in accordance with the relevant legislation that applies to you (GDPR, CCPA, PDPA, etc.). You can learn more about your rights in connection with the Personal Data below.
    3. With respect to the Services we provide, we may act both as the Controller and the Processor of Personal Data.When does this Policy apply? This Privacy Policy only applies to situations where we act as the Controller unless the wording of the Policy stipulates otherwise.
      1. RAYNET as the Controller
        When is RAYNET the Controller? We are the Controller of Personal Data in relation to the Users. You have entrusted us with certain information (e.g., your name and email address) in order for us to, for example, sign you up for an account. An overview of the Personal Data we process and the reasons for its processing are listed below. If you have any questions, please do not hesitate to contact us atdpo@raynetcrm.com.Subprocessors. In order to provide you with the best possible Service, we use other entities to help us. We have concluded the necessary agreements with all of them, and we require the highest possible protection and security standards for Personal Data. You can find the subprocessors we use at this link.
      2. RAYNET as the Processor
        When is RAYNET the Processor? We provide a Service designed to facilitate customer relationship management. As part of the Service, you enter information about your clients into our system. In relation to the clients of the Users of our Service, we may act as the Processor of Personal Data. If we process the Personal Data of your clients, we do so on your behalf only as a Processor and in accordance with your instructions (i.e., User instructions). The protection of personal data and the rights and obligations arising therefrom are regulated by the Data Processing Agreement (DPA) which is an annex to the RAYNET Terms of Service.If you are a client of our User. In the event that you are a customer of our User, who acts as the Controller of Personal Data, please contact them directly for more information on their protection of personal data. We are not liable for how our Users handle the protection of personal data.RAYNET acting as a Processor. RAYNET does not have access to the data of its Users except for authorized employees responsible for the technical administration of the RAYNET CRM infrastructure. They do not access the data itself unless the Users themselves make such data officially available or if access to such data is necessary to provide the Services. We are not responsible for the content of the Personal Data the User:
        • includes in the data processed as part of the Services provided,
        • collects, stores and distributes and how,
        • or otherwise processes.
        RAYNET acting as a Processor. We use other entities in the provision of our Services. Where we act as the Processor of Personal Data, we may use additional subprocessors in accordance with the Data Processing Agreement (DPA), which is an annex to the RAYNET Terms of Service. We and our subprocessors have very limited access to the data you store in the system, i.e., the data of your clients; however, we make sure that our subprocessors are bound to provide the same level of protection for Personal Data as we do. To provide our Services, we use AWS and DigiSign.
    4. How do we process Personal Data? We process your Personal Data only to the extent necessary to achieve the purpose for which the data was collected, and we comply with security, technical and organizational rules when processing it. The processing of Personal Data is automated, but we do not carry out profiling. The specific purposes of data processing and the categories of personal data we process for each purpose are set out in the following section.
      • First name and last name
      • Contact details (specifically, email address, phone number) and other details you voluntarily provide in your user interface
      • Data in the inquiry sent by the customer or other person
      • Billing details and bank details (data necessary for bookkeeping and payments)
      • Your comments on our social media posts (in particular, Facebook, Instagram), the name (handle) of your profile on such social media and your publicly accessible information on your social media profiles
      • Logging in to the user account and actions taken with respect to the user account (specifically, the information filled in by the User in the user account, the time of signing up, the date of last profile update)
      • Information you provide to us when communicating with us (specifically, your questions and answers to your queries, communication with you)
      • Cookies and IP address, activity data (including information about your device or operating system)
      • The information contained in your resume, which you send us if you are interested in becoming a member of our team
      Special Categories of Personal Data. We do not process any Personal Data of a sensitive nature about you.
    5. We process your Personal Data if you are a user of our website, our customer or if you are interested in becoming a member of our team. We process your Personal Data only for the necessary period; however, such period may vary depending on the applicable law under the jurisdiction where we provide our Services to you. Therefore, the information on the period of processing is indicative only.
      1. Users of our website
        If you visit our website, we process your Personal Data for the purposes set out in this table.
        Why?What data?How?For how long?
        Visit of the website. Provision of basic functions of our website, analytics, improvement of our services and promotion. You can set preferences in the cookie bar.Information about when and how you visit and view our website may include: IP address, the date and time you access our website, your operating system or language settings, history of your behavior on the website, etc. If you visit our website using a mobile phone, we may also process data concerning your mobile phone.Cookies or other technologies for tracking User behavior.The period of processing varies depending on the cookie type. Some process data only for the duration of the session, some for a longer period of time.
        Sending inquiries, telephone inquiries or completing our contact form.You can contact us at any time with your questions, and we will be happy to answer them. You can also use our contact form.First name, last name, phone number, email address, other Personal Data you provide to us.We process the Personal Data necessary for the purpose of handling the inquiry. You can also contact us using the contact form on our website, and we will get back to you. Communication takes place by phone, email or directly on our website.Closed inquiries are deleted regularly, but no later than 3 years of the date of the inquiry.
        Sending of Commercial Communications (direct marketing).You have subscribed to our newsletter. If you no longer wish to receive it, you can unsubscribe in the footer of the email.First name, last name, phone number and email address.We send a newsletter to inform you about our services and new features.The data is processed for a period of 2 years of the last active view of the newsletter unless you unsubscribed earlier.
        Webinar. If you are interested in learning more about our Service, you can sign up for one of our webinars. We will also send you a newsletter to keep you informed. If you no longer wish to receive the newsletter, you can unsubscribe in the footer of the email.Email address, first name and last name. You may provide us with certain Personal Data during the webinar.You can sign up for the webinar by completing the form. We will then get back to you with further information.The data is processed for the period of six months following the webinar. The data for sending the newsletter are processed for a period of 2 years of the last active view of the newsletter unless you unsubscribed earlier.
        Personal meeting. We can also arrange a personal meeting to tell you more about our Services.First name, last name, email address, phone number, city of residence, business name of the company, other information you provide in the note or personal data that you will share during the meeting.Complete the form on our website, and we will get back to you.Closed requests for personal meetings are deleted regularly, but no later than 3 years of the date of the request.
      2. Customers
        If you decide to use our Services or want to try them out first, we will create a user account for you. We will process your Personal Data to the extent necessary to provide you with the Service in accordance with theRAYNET Terms of Service
        Why?What data?How?For how long?
        Visit of the website. Provision of basic functions of our website, analytics, improvement of our services and promotion. You can set preferences in the cookie bar.Information about when and how you visit and view our website may include: IP address, the date and time you access our website, your operating system or language settings, history of your behavior on the website, etc. If you visit our website using a mobile phone, we may also process similar data concerning your mobile phone. All website traffic data is fully anonymized and cannot be linked to specific individuals.Cookies or other technologies for tracking User behavior.The period of processing varies depending on the cookie type. Some process data only for the duration of the session, some for a longer period of time.
        RAYNET trial version. You can try our Service first by filling out the form on our website.Your email address, phone number, and the name of the CRM instance you use.You provide us with this information when you fill out the form on our website.The data is processed for the duration of the trial version of the Service and in the case of upgrading to the full version for the term of the Agreement and for a subsequent period of 4 years of the termination of the Agreement.
        Conclusion of the Agreement. To start using the Service to the fullest, you must first conclude an Agreement with us.To conclude the Agreement, we will need your first name, last name, date of birth and address, as well as the business name of the company you represent.You provide us with this information when you complete the sign-up form and create a user account or as part of our communication related to the execution of the Agreement.The data is processed for the term of the Agreement and for a subsequent period of 4 years of the termination of the Agreement.
        User account. If you are granted access to the Service, and you create a user account, we will process your Personal Data in the extent necessary to provide you with all the features of the Service.The information you provide when logging in, Specifically, your email address and phone number. You can fill in other Personal Data in your User Account, such as your first name and last name.You provide us with this information when you log in to your user account or when you update it.We process your data for this purpose for as long as the user account exists and for a subsequent period of 4 years of the termination of the Agreement.
        Training. We organize online and offline training for all our Users, where we share tips on how to use our Service effectively. You can sign up for the training by filling out the form on our website.First name, last name, email address, phone number, address, company name, trade, Company ID No.You can fill in this information in the form on our website.We process your data for the period of 3 years after the training.
        Communication with customer support, requests and complaints. You can send us an inquiry via email or our website or give us a call.First name, last name, phone number, email address and user account.We process the Personal Data necessary for the purpose of handling the inquiry, request or complaint. Communication with customer support takes place by phone, email or directly on our website.Closed inquiries and complaints are deleted regularly, but no later than 3 years of the date of the inquiry or complaint.
        Direct marketing, sending of Commercial Communications.If you use our Services or have subscribed to our newsletter, you will receive our newsletter. If you no longer wish to receive it, you can unsubscribe in the footer of the email.First name, last name, phone number and email address.We send a newsletter to inform you about our services and new features.The data is processed for a period of 2 years of the last active view of the newsletter unless you unsubscribe earlier.
        Accounting. We are paid the Fee, and we issue accounting and tax documents for the provision of the Service, which we then archive and continue to process for the purposes of due bookkeeping and compliance with our legal obligations.Invoice data – first name, last name, email address, billing address or other identification of the User and details of performance under the Agreement.After filling in the payment information in your profile, we will save the information to issue an invoice.We have a legal obligation to archive or keep the relevant document; the period of retention depends on legal requirements (3–10 years).
        Sending information related to the performance of the Agreement.This includes new features, planned downtime, price changes and other information.First name, last name, email address, billing address or other identification of the User and details of performance under the Agreement.We also process your Personal Data for the purpose of sending information regarding our contractual relationship. This may include a change to theRAYNET Terms of Service or the Price List.The data is processed for the duration of the contractual relationship and for a subsequent period of 4 years of the termination of the Agreement.
        Processing the request for backed-up data.We understand that your data is very precious, so we back it up regularly and send it to you upon request. To do this, we will need to verify your contact details and your identity if necessaryFirst name, last name, signature, data box ID, ID card.If you submit your request online through the CRM software, we may contact you via a video call and ask you to present your ID card. If the local legal regulations so require, we will seek your express consent first.The data are processed for the duration of the contractual relationship and for a period of 4 years of the video call.
        Compliance with legal obligations.In certain cases, we must process your Personal Data in order to comply with statutory obligations.In particular, this may include your first name, last name, email address, billing details or other identification of the User.In such a case, we process your Personal Data in order to comply with the applicable legal regulations (comply with a legal obligation).We process your Personal Data for the period stipulated by the applicable legal regulations.
      3. Users within an instance
        If you have been granted access to our Service, you will get a user account for you to log in to. We will process your Personal Data to the extent necessary to provide you with the Service in accordance with theRAYNET Terms of Service
        Why?What data?How?For how long?
        User account. If you are granted access to the Service, and you create a user account, we will process your Personal Data in the extent necessary to provide you with all the features of the Service.The information you provide when logging in, Specifically, your email address and phone number. You can fill in other Personal Data in your User Account, such as your first name and last name.You provide us with this information when you log in to your user account or when you update it.We process your data for this purpose for as long as the user account exists and for a subsequent period of 4 years of the termination of the Agreement.
        Training. We organize online and offline training for all our Users, where we share tips on how to use our Service effectively. You can sign up for the training by filling out the form on our website.First name, last name, email address, phone number, address, company name, trade, Company ID No.You can fill in this information in the form on our website.We process your data for the period of 3 years after the training.
        Communication with customer support, requests and complaints.You can send us an inquiry via email or our website or give us a call.First name, last name, phone number, email address and user account.We process the Personal Data necessary for the purpose of handling the inquiry, request or complaint. Communication with customer support takes place by phone, email or directly on our website.Closed inquiries and complaints are deleted regularly, but no later than 3 years of the date of the inquiry or complaint.
      4. Participants of our training and events
        Why?What data?How?For how long?
        Training. We organize online and offline training for all potential users of our Service and the general public, where we share tips on how to use our Service effectively. You can sign up for the training by filling out the form on our website.First name, last name, email address, phone number, address, company name, trade, Company ID No.You can fill in this information in the form on our website.We process your data for the period of 3 years after the training.
        Offline events. We organize offline events for the general public. If you are interested in attending such an event, you can apply via the form on our website.First name, last name, email address, company, phone number.You can fill in this information in the form on our website.We process your data for the period of 3 years following your participation in an offline event organized by us.
        Sending of Commercial Communications (direct marketing).If you have signed up for our training or event, we may send you our Commercial Communications unless you expressly disagree with it. If you no longer wish to receive it, you can unsubscribe in the footer of the email.First name, last name, phone number and email address.We send a newsletter to inform you about our services and new features.The data is processed for a period of 2 years of the last active view of the newsletter unless you unsubscribe earlier.
      5. Mobile app users
        Why?What data?How?For how long?
        Visiting the website related to the Mobile App.On our website, you can find out basic information about the Mobile App and download the Mobile App via a link on Google Play or the App Store. The Mobile App is our supplementary Service and you must already have a User Account with us to use it.Information about when and how you visit and view our website, which may include: your IP address, the date and time you accessed our website, your operating system or language settings, your website behavior history, etc. When visiting via mobile phone, we may also process similar data in relation to your phone. However, all data from website traffic is fully anonymized and cannot be linked to specific persons.Cookies or other technologies for tracking User behavior.The period of processing varies depending on the cookie type. Some process data only for the duration of the session, some for a longer period of time.
        Visiting the website related to the Mobile App.On our website, you can find out basic information about the Mobile App and download the Mobile App via a link on Google Play or the App Store. The Mobile App is our supplementary Service and you must already have a User Account with us to use it.Information about when and how you visit and view our website, which may include: your IP address, the date and time you accessed our website, your operating system or language settings, your website behavior history, etc. When visiting via mobile phone, we may also process similar data in relation to your phone. However, all data from website traffic is fully anonymized and cannot be linked to specific persons.Cookies or other technologies for tracking User behavior.The period of processing varies depending on the cookie type. Some process data only for the duration of the session, some for a longer period of time.
        User account in the Mobile App. If you are granted access to the Service, and you create a user account, we will process your Personal Data in the extent necessary to provide you with all the features of the Service.The information you provide when logging in, Specifically, your email address and phone number. You can fill in other Personal Data in your User Account, such as your first name and last name.You provide us with this information when you log in to your user account or when you update it.We process your data for this purpose for as long as the user account exists and for a subsequent period of 4 years of the termination of the Agreement.
        Communication with customer support, requests and complaints.You can send us an inquiry via email or our website or give us a call.First name, last name, phone number, information about the concluded Agreement, email address and user account.We process the Personal Data necessary for the purpose of handling the inquiry, request or complaint. Communication with customer support takes place by phone, email or directly on our website.Closed inquiries and complaints are deleted regularly, but no later than 3 years of the date of the inquiry or complaint.
        Processing of specific data. When operating the Mobile App, the company may process some of the Personal Data that Google identifies as sensitive in its terms. This data is treated as sensitive and handled only to the minimum extent necessary for the functionality of the Mobile App. This is done on the basis of the User's informed consent in the Mobile App, it also helps with the performance of the Agreement.This may include the following data: microphone recording, captured photos, accessing data from the phone's storage, accessing the device's location, data to diagnose app crashes to Google Firebase servers. When accessing the Mobile App, the following may also be processed by the phone, but this data is not processed by us as an Administrator: inventory of other apps on the User's phone, biometrics (fingerprint scan and Face ID).This data is used to improve the functionality of our Mobile App and the overall Services.We process this data to the minimum extent necessary for the use of the Mobile App, so it is processed only for the duration of the use of the Mobile App and the existence of the User Account or Agreement and then for 2 years after its valid termination.
        Direct marketing, sending of Commercial Communications.If you use our Services or have subscribed to our newsletter, you will receive our newsletter. If you no longer wish to receive it, you can unsubscribe in the footer of the email.First name, last name, phone number and email address.We send a newsletter to inform you about our services and new features.The data is processed for a period of 2 years of the last active view of the newsletter unless you unsubscribe earlier.
        Sending information related to the performance of the Agreement. This includes new features, planned downtime, price changes and other information.First name, last name, email address, billing address or other identification of the User and details of performance under the Agreement.We also process your Personal Data for the purpose of sending information regarding our contractual relationship. This may include a change to theRAYNET Terms of Service or the Price List.The data is processed for the duration of the contractual relationship and for a subsequent period of 4 years of the termination of the Agreement.
        Processing the request for backed-up data.We understand that your data is very precious, so we back it up regularly and send it to you upon request. To do this, we will need to verify your contact details and your identity if necessary.First name, last name, signature, data box ID, ID card.If you submit your request online through the CRM software, we may contact you via a video call and ask you to present your ID card. If the local legal regulations so require, we will seek your express consent first.The data are processed for the duration of the contractual relationship and for a period of 4 years of the video call.
        Compliance with legal obligations.In certain cases, we must process your Personal Data in order to comply with statutory obligations.In particular, this may include your first name, last name, email address, billing details or other identification of the User.In such a case, we process your Personal Data in order to comply with the applicable legal regulations (comply with a legal obligation).We process your Personal Data for the period stipulated by the applicable legal regulations.
      6. Job applicants
        Why?What data?How?For how long?
        Job offers. You can find currently available job offers on our Website.This includes the information you provide in your resume. First name, last name, address, date of birth, phone number, email address, social media account, if applicable, information on former employment, education, interests, skills and certifications, photo.We will take a look at the documents you submit to us that contain Personal Data and get back to you based on our evaluation.We have a legitimate interest in retaining the Personal Data of job applicants for a period of 3 years. This is because we may have a compelling job offer for you later on.
      7. Job applicants
        Why?What data?How?For how long?
        Job offers. You can find currently available job offers on our Website.This includes the information you provide in your resume. First name, last name, address, date of birth, phone number, email address, social media account, if applicable, information on former employment, education, interests, skills and certifications, photo.We will take a look at the documents you submit to us that contain Personal Data and get back to you based on our evaluation.We have a legitimate interest in retaining the Personal Data of job applicants for a period of 3 years. This is because we may have a compelling job offer for you later on.
      8. Developers and integrators
        Why?What data?How?For how long?
        Technical information for developers/integrators.You can sign up to receive API-related news athttps://raynet.cz/developer.Email addressWe send out a newsletter in which we inform about news for developers/integrators.The data is processed for a period of 2 years of the last active view of the newsletter unless you unsubscribe earlier.
    6. Lawfulness of processing. We obtain and process all Personal Data in a lawful manner. We process Personal Data:
      • based on your consent (e.g., when you subscribe to our newsletter),
      • for the purpose of performing theAgreement (so that we can provide you our Services),
      • in order to comply withlegal obligations (e.g., in the case of inspection by a supervisory authority) and
      • on the basis of ourlegitimate interest (e.g., if you are our customer, we can then inform you about our new offers or features, etc.).
      In the event that we provide the Service to you outside the European Economic Area (EEA), the legal basis for the processing of Personal Data may differ.
    7. Our Service is available to persons over 16 years of age. We do not knowingly process the personal data of children and minors under the age limit above. If we find out that we have received Personal Data from a child without parental or legal consent, we will take appropriate steps to remove such information as soon as possible.We have drawn up this Policy to be as clear as possible. However, if you are a User of our Service under 18 years of age and this Privacy Policy is not sufficiently clear to you, please contact us at dpo@raynetcrm.com.
    8. Processors. We only use verified Processors with whom we have concluded a written agreement and who provide us with at least the same guarantees as we provide to you. You can find their listat this link. We use such Processors as the Controller.Legal obligations. We may disclose Personal Data to third parties other than the Processors above if required to do so by law or in response to lawful requests of public authorities or a court order in litigation.
    9. Our customers can control the extent of processing associated with the provision of the Service by custom settings in their User Account.Technical and organizational Measures.Security is of the utmost importance to us, and we put continuous effort into keeping your Personal Data safe. We take into account the scope of processing, the associated risks and the state of our equipment when selecting the appropriate measures.Technical measures. We have adopted and are committed to complying with the following measures:
      • HTTPS. We use a secure https protocol. The data on our servers is encrypted. We encrypt data using SSL/TLS (“Secure Sockets Layer/Transport Layer Security”) in all cases of data transfers.
      • Backup. We perform a complete backup of all data and files every day.
      • Data center. RAYNET Cloud CRM uses one of the largest and most modern IT infrastructures in the world: Amazon Web Services (AWS). AWS data centers are the world leader in physical and software security, they are able to withstand emergencies such as natural disasters, massive hacker attacks or power failures. Of course, regular stress and penetration tests are carried out as well.
      • Data insurance. In terms of data protection, we go one step further than is common for the largest ICT service providers. All data stored in the Service is insured against damage, theft or disclosure.
      • Monitoring and minimization. Access passwords to information systems (where Personal Data will be processed) and access to Personal Data are controlled at the individual level. All access to data is monitored.
      • Secure access. Wherever possible, access to the systems is safeguarded using two-factor authentication (2FA). Access to the Service’s infrastructure is allowed only via a private network (VPN) and by using a hardware security key, which is uniquely paired with dedicated devices.
      • Updates. We regularly perform infrastructure updates.
      • Security at the Application level. Access to the application is protected by a unique username and password. The strength of the password and the frequency of its changes can be configured in the system administration. Optionally, a two-factor authentication mode can be enabled. Due to the nature of the application, it is easy to define permissions to access data.
      • Other measures. We take other internal hardware, software and procedural measures to increase data security.
      Organizational measures. We, as a Processor of your data, have adopted and are committed to complying with the following measures:
      • Confidentiality. Our employees are bound by the confidentiality obligation.
      • Staff training. Our employees are duly trained and undergo further training on a regular basis regarding the protection of Personal Data, and are familiar with safety rules for working with work devices.
      • Personal Data Processing Logging. We use systems that allow us to uniquely identify which persons have accessed individual Personal Data, when and how individual Personal Data has been changed or when and by whom it has been deleted, even retroactively for the period of 30 days.
      • Controlling access to Personal Data. We undertake to take such measures to ensure that only authorized users can access Personal Data and that such users can only access the Personal Data within the scope of their competence, insofar as this is possible given the nature of the Personal Data Processing.
      • Safe store. We store passwords in the operating environment at a separate location (Safe store) with recorded logs so that we can monitor employee access to individual Personal Data of the Users.
      • Strong passwords. All of our passwords are of sufficient length and format to prevent password cracking as much as possible. These passwords are not entered manually but via Safe store.
      • Pseudonymization of Personal Data. We undertake to process Personal Data in such a way that it can no longer be attributed to a specific Data Subject without using additional information, provided that such information is kept separately.
      • Control of the transfer of Personal Data. We have taken measures to ensure that Personal Data cannot be read, copied, altered or deleted during their transfer, transmission or storage.
      • Internal audit. We regularly evaluate how we can minimize Personal Data Processing and what the appropriate measures to take are.
    10. In the event that we use Processors based abroad, we make sure that they comply with the requirements of the applicable legal regulations. In particular, where data is transferred from the EEA to other countries, we ensure a high standard of Personal Data protection by means of standard contractual clauses approved by the European Commission or, where applicable, the equivalent standard contractual clauses for the United Kingdom, for transfers to countries that are not subject to the decision on the adequacy of measures of the European Commission or your local legislator.We follow the GDPR standards and the protection of Personal Data is our top priority. We provide our Services outside the EEA market as well, so your rights associated with the protection of Personal Data depend on the relevant legislation that applies to you.
      1. California consumer privacy act
        If you are a resident of California, you are subject to the California Consumer Privacy Act of 2018, and you have the right to know how we handle your informationWhat data do we process? In order to provide you with our Services, we need your data. This allowed us to collect data on consumers in California over the past 12 months. You can learn what personal information we process and the purposes for the processing above. We may retain this personal information for as long as necessary for the purposes for which it was collected and only for as long as necessary. This period depends on our business, legal and regulatory needs, but it is always a reasonable period of time.
        What are your rights?The CCPA guarantees you the following rights:
        Right to information.You have the right to request information on what personal information we collect, use, disclose, share and sell, where we obtained it and for what purpose we process it.
        Right to erasure.You have the right to ask us to delete your personal information and to ask our Processors to do the same. We will delete your personal information unless we have a legal obligation to retain your data or one of the other exceptions applies.
        The right to opt out of the sale and sharing of data.You have the right to opt out of us selling your data. As we share personal information with our Processors, this may be considered a “sale” of personal information under the CCPA.
        Right to rectification.You have the right to ask us to rectify inaccurate personal data. You can correct certain information by yourselves in your user profile.
        The right to restrict the use and disclosure of sensitive personal information.You may ask us to use your sensitive personal information (birth certificate number, bank account details, etc.) solely for the purpose of providing the Services.
        Non-discrimination.You have the right not to be discriminated against as a result of exercising your rights.
        How can you exercise your rights? You can exercise your rights by emailing us atdpo@raynetcrm.com or by mail at the registered office.We may require verification of your identity in order to process your request, depending on the nature of the right you wish to exercise. In the event that a representative is exercising rights on your behalf, we will need proof of their authorization to do so. We will also need your representative to identify themselves. We take these steps to ensure the highest possible standard of protection for your personal information.
    11. If you are residing in the EEA, you may exercise your rights under the GDPR as set out below.You can exercise your rights by emailing us at dpo@raynetcrm.com or by mail at the registered office.How quickly can we process your request? We will get back to you within one month at the latest. If providing the information would compromise the privacy of others or would be disproportionate to the risks or costs of providing it, we may not be able to comply with your request. In order to process your request as quickly as possible, we may need to verify your identity. In the case of repeated requests, the Controller is entitled to charge a reasonable fee for the copy of the Personal Data.
      Right of accessWe will confirm whether we are processing your Personal Data. You have the right to be informed about the purposes of the processing, categories of personal data, the recipients to whom the data is disclosed, the period of processing and to a copy of your Personal Data. You have the right to know whether any of the rights have already been exercised. A prerequisite for this is that the rights and freedoms of others are not adversely affected.
      Right to rectificationYou have the right to ask us to rectify inaccurate personal data. You can correct certain information by yourselves in your user profile.
      Right to erasureIf there is no other reason to continue processing this data, we will delete or anonymize the data you require.
      Right to restriction of processingPlease contact us if you believe that we are processing your data incorrectly, whether in terms of the reasons for their processing or the scope of their processing.
      Right to notification of rectification, erasure or restriction of processingIf you contact us with your request, we will inform you of the outcome. Sometimes, we may not be able to comply with your request (e.g., the email address you sent your request from is no longer functional).
      Right to data portabilityWe will provide the Personal Data that you have provided to us in a structured and machine-readable format to another controller upon your request.
      Right to objectIn case we process your data on the basis of a legitimate interest (e.g., sending a newsletter to Users). It is up to us to demonstrate our legitimate interest. In case your objection is justified, we will cease processing your Personal Data.
      Right to withdraw consentIf you have changed your mind, please let us know. Consent to processing for marketing and commercial purposes may be revoked at any time.
      Automated decision-making, including profilingYou don’t want a machine to make decisions concerning you? We respect your right, and therefore we do not carry out profiling. We provide a Service, and your Personal Data may be processed automatically.
    12. This Privacy Policy may only be amended in writing. You will be informed of such a change on our website. For this reason, please check this Policy regularly. Your continued use of our Service indicates your acceptance of the changes to this Policy.If you have any questions regarding our Privacy Policy, please contact us at dpo@raynetcrm.com.If you are dissatisfied, you may, at any time, file a complaint with:
      • The Office for Personal Data Protection, with the registered office at Pplk. Sochora 727/27, 170 00 Prague 7 – Holešovice, Czech Republic (more athttps://www.uoou.cz/) or
      • The Office for Personal Data Protection of the Slovak Republic, with the registered office at Hraničná 12, 820 07 Bratislava 27, Slovak Republic (more information athttps://dataprotection.gov.sk/uoou/) or
      • Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit, with the registered office at Graurheindorfer Straße 153, 53117 Bonn, Germany (more information at https://www.bfdi.bund.de) or
      • Datenschutzbehörde, with the registered office at Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna, Austria (more information athttp://www.dsb.gv.at) or
      • another data protection authority in your usual place of residence.
      This Privacy Policy is effective as of August 12, 2024.
    raynet