PRIVACY POLICY

Information on Personal Data Processing

POINT.X Software s.r.o., IČ 48950548, with its registered office Malátova 12, 15000 Praha 5, C 29317 registrered with the Municipal Court in Prague, represented by the Managing Director Petr Franěk (hereinafter referred to as the ‘Company’”), is committed to protecting the personal data you provide to us. Your personal data is processed in accordance with applicable data protection legislation, in particular the General Data Protection Regulation (EU) 2016/679 (“GDPR”), in a responsible and transparent manner. You have the right to request access to your personal data, including information about its processing, as well as the right to request rectification or erasure of your personal data where the processing is based on your consent. You also have the right to restrict processing, the right to data portability, and the right to object to processing, in accordance with the GDPR. If you have any questions or requests regarding the processing of your personal data, you may contact us in writing at the address of the Company’s registered office.

The mobile application RescueNavigator for JSDH 2022 (hereinafter referred to as “RN”) requires permission for continuous access to location data. The collection of location data is necessary because, during an active deployment, this information is transmitted to KOPIS for the purpose of monitoring the position of equipment at the incident site. Location data must also be transmitted when the RN application is running in the background, for example while navigation to a destination is active or when any other application is being used via RN.

 

Privacy Policy

The Company is committed to complying with these Privacy Policy principles:

• lawfulness, fairness, and transparency we always process personal data only on the basis of a legal ground, and in a transparent manner towards the data subject.
• accuracy, the personal data processed correspond to the data provided by the data subject
• data minimization, the scope of personal data processed is limited to what is adequate for the purpose for which it is processed
• integrity and confidentiality, personal data are protected both technically and organizationally against misuse
• purpose limitation, personal data are collected only for specific and legitimate purposes and are processed solely in a manner compatible with those purposes
• storage limitation, personal data are kept in a form that allows identification of the data subject only for as long as necessary and for the purposes for which they are processed

 

Protection of Your Personal Data

The Company is committed to ensuring the security of the personal data you provide to us. We have implemented appropriate technical and organizational measures to protect your data, taking into account the nature, scope, and purpose of its processing, as well as the associated risks. Access to your personal data is strictly limited to authorized personnel, and your data is not disclosed to third parties for further processing without your consent, except where required by law or necessary to safeguard our legitimate legal interests.

 

Right to Access Information

You have the right to request, in writing, by letter sent to the Company’s address POINT.X Software s.r.o., Malátova 12, 15000 Praha 5, information about the personal data we process about you, including the scope and purpose of such processing. We will provide this information free of charge within 30 days of receipt of your request, or, in exceptional cases, within 90 days. In such exceptional cases, we will inform you in a timely manner of any extension of the deadline. When requesting information about the personal data we hold, we must first verify that you are indeed the data subject to whom the information relates. Therefore, please include sufficient identification in your request. If necessary, we may ask for additional information to confirm your identity before providing the personal data we process about you. We reserve the right to refuse requests for information that are manifestly unfounded, excessive, or repetitive, or where providing the information would require disproportionate effort, such as retrieving data from backup systems or archives

 

Updating Your Data – Right to Rectification

Since personal data may change over time (for example, changes in surname, residence, or mailing address), we kindly ask that you inform us of any such changes so that your personal data remains accurate and up to date, preventing any potential errors. Providing updated information is essential for us to properly carry out our duties as the Data Controller. This also relates to your right to rectification of the personal data we hold about you. If you find that the data we have is no longer accurate, you have the right to request that it be corrected.

 

Right to Data Portability – Right to Restrict Processing

You have the right to obtain the personal data you have provided to the Company. These data will be provided to you in a structured, commonly used, and machine-readable format. You are entitled to transfer these data to another data controller, provided that the processing is based on your consent or on a contract concluded between you and the Company and is carried out by automated means. You also have the right to request that your personal data be transmitted directly by the Company to another controller, where technically feasible, for example via a secure data mailbox. Furthermore, you have the right to request the restriction of processing of your personal data by the Company if you have objected to the processing, or if you consider the data to be inaccurate or incomplete, as well as in other cases prescribed by applicable law.

 

Objections

If you believe that your personal data is not being processed in accordance with applicable Czech and EU legislation, you have the right to lodge an objection, and we will subsequently review the validity of your request. Please note that you also have the right to file a complaint regarding the processing of your personal data with the competent supervisory authority for data protection at the following address: Úřad pro ochranu osobních údajů Pplk. Sochora 27 170 00 Praha 7 web: https://www.uoou.cz/

 

Right to Erasure – Right to Withdraw Consent

If you have given the Company your consent to process your personal data, you have the right to withdraw that consent at any time. In such cases, the Company is obliged to erase any personal data processed solely on the basis of your consent. The right to erasure does not apply to personal data that are processed for the performance of a contract, legal obligations, or legitimate interests. If certain personal data are stored in backup systems intended for data loss protection in case of system failures, the Company may not be able to erase such data from these backups, and in many cases, it is technically not feasible. However, such data are no longer actively processed and will not be used for further processing purposes. Requests for erasure or withdrawal of consent must be submitted in writing to the Company’s address and must include the following information:

• Applicant’s identification details – first name, last name, permanent residence (or registered office) address, correspondence address (if different from the residence or registered office), date of birth
• Identification of the withdrawn consent – specify which particular consent for data processing is being revoked
• Applicant’s Signature

The Company is, after the withdrawal of consent, still entitled to process those personal data for which consent is not required.

 

Where to Contact – Data Controller and the Data Protection Officer of the Data Controller

You can direct your questions regarding personal data protection to the Data Controller by email at pointx@pointx.cz or to the registered office of our Company at:POINT.X Software s.r.o., IČ 48950548, se sídlem Malátova 12, 15000 Praha 5

Data Protection Officer

The Company does not employ a Data Protection Officer to enhance oversight and control over the processing of personal data or to ensure compliance with data protection regulations.

Personal Data Processing

The Company processes your personal data based on the following legal grounds:

a) Performance of a contract - Pursuant to Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”)
b) Compliance with legal obligations established by applicable law, i.e., based on Article 6(1)(c) of the GDPR

 

Purpose of Personal Data Processing

The Company processes personal data for the following purposes:

a) The Company processes the personal data of its clients in connection with the provision of services and related activities, to the extent permitted by the Company’s business authorization.

Personal data are processed i) without the client’s consent in cases where providing such data is a necessary prerequisite for the Company to deliver services for the benefit of the client, from the moment the client requests the service until the service is fully provided, or ii) based on the client’s consent. Such consent is always voluntary; however, granting consent is a fundamental condition for the Company to provide the service to the client.

b) Personal data are processed in connection with the fulfillment of legal obligations.

c) Personal data are processed in connection with the legitimate interests of the Company.

The Company is entitled to process personal data without the client’s consent for its legitimate interests, which under certain circumstances may override the client’s interest in protecting their personal data. This includes, but is not limited to, reasons arising from archival obligations, the Company’s liability for damages, debt collection, and similar purposes.

d) Personal data may be processed in connection with the client’s granting of specific consent.

Such consent relates to purposes other than those listed above, for example, the marketing use of personal data. Providing this specific consent is voluntary, can be withdrawn at any time, and its withdrawal—or the decision not to provide it—does not affect the Company’s ability to provide services to the client.

 

Categories of Personal Data Processed

The Company primarily processes identification data (permanent residence, contact addresses), date of birth, contact email and phone number, data obtained from accounting documents (contracts, orders, invoices/tax documents, proof of payment, etc.), VAT identification number, and other data necessary for the provision of services, i.e., for fulfilling the purpose of processing. The Company does not process personal data falling into special categories of personal data. Personal data are processed manually exclusively by the Company and its employees, either in written form or within the Company’s information system. Employees have access to clients’ personal data only to the extent necessary to perform their work duties for the Company and according to their job responsibilities. All security regulations, procedures, and measures are strictly observed during the processing of clients’ personal data, and employees have been thoroughly informed about these requirements.

 

Disclosure of Personal Data and Recipients

Personal data may be disclosed to third parties who participate in their processing or may have access to them in accordance with the law, provided there is an objective reason for such disclosure. If no legal authorization for disclosure exists, the Company will always conclude a written data protection agreement with the third party before transferring personal data. This agreement sets out the conditions under which the personal data are transferred, processed, stored, and secured against misuse or loss. The agreement includes both organizational and technical requirements and obligations for the processor—the third party. The Company does not transfer personal data to third parties abroad, except to individuals who are legally authorized to receive the data under applicable law. The Company is, however, entitled, or in certain cases required, to disclose personal data to government authorities, public bodies, or other parties in connection with protecting its rights or fulfilling its obligations (for example, to authorized legal representatives for debt collection, enforcement offices, courts, etc.). Such disclosure does not require your consent. The Company is also entitled to transfer personal data without your consent to its business partners who process your personal data as independent controllers of your data.

 

Retention Period of Personal Data

The Company ensures that your personal data are processed only for as long as necessary to fulfill the purpose of processing. If personal data are processed for multiple purposes, the Company retains the data for the duration corresponding to the purpose with the longest retention period. For all other purposes, the personal data will no longer be used. The following retention periods apply to each specific purpose of processing:

a) Purpose: Provision of Services by the Company to Clients - Personal data are processed for the duration of the service(s) provision.

b) Purpose: Compliance with Legal Obligations - The Company processes personal data for the period required by applicable law.

c) Purpose: Legitimate Interests of the Company - Personal data will be processed until the last day of the fifth calendar year following the termination of services provided by the Company. However, this period may be extended in justified cases, for example, in the event of an ongoing tax authority audit, legal proceedings before a court, or other situations that affect mutual obligations and claims between the Company and you, or the contractual or legal liability of the Company toward you. In such cases, personal data will be processed until these purposes and reasons for processing have ceased to apply.

d) Purpose: Processing Based on Consent - Personal data processed on the basis of your consent are processed until the consent is withdrawn or for the period for which the consent was granted, if it was given for a specific duration.

 

Validity and Effectiveness of the Personal Data Processing Policy

This Personal Data Processing Policy has been effective since 1 October 2020.