Terms of Service Privacy Policy Data Processing Agreement

Privacy Policy

1. Definition of Terms

1.1. The terms "Provider" and "Customer" have the same meaning as defined in the Terms of Service, and the terms "GDPR", "data controller", "data processor", "personal data", "processing", "appropriate technical and organizational measures" have the meaning defined in the Personal Data Protection Regulations.

1.2. The Provider and the Customer have entered into a contract by the Customer agreeing to the Terms of Service when establishing an account in the Provider's system.

1.3. Within this legal relationship, the Provider will be the controller of the Customer's personal data for the purpose of fulfilling the contractual relationship and for marketing purposes.

1.4. The terms "data controller", "data processor", "personal data", "processing", "appropriate technical and organizational measures" used in this text are to be interpreted in the context of GDPR.

2. What Personal Data the Provider Manages About the Customer

2.1. To provide the service and its support, the Provider manages the following data:

  • First name
  • Last name
  • Company name
  • Billing address (city, street, house number)
  • VAT ID (DIČ)
  • Company ID (IČ)
  • Email address
  • Correspondence via email
  • Activity records (logs)

2.2. The Provider uses cookies to evaluate traffic.

2.3. In the administration interface, cookies are used to manage login sessions to the system and are an essential part of its functioning.

2.4. Furthermore, the Provider manages data uploaded by the Customer via SSH, SFTP, FTP protocols, and via the program interface managed by the Customer.

2.5. If the Customer does not agree with the use of cookies in the Provider's systems, they can delete and disable cookies in their browser for domains:

  • rosti
  • *.rosti.cz

2.6 The Provider does not guarantee the functionality of the service if cookies are deactivated in the Customer's browser.

3. What the Provider Does with Data and How It Is Processed

3.1. Personal data (First name, Last name, billing address, ID, VAT ID, and email address) are used for billing.

3.2. The Provider uses the email address to communicate with the Customer for the purpose of ensuring the ordered services.

3.3. The Provider uses the phone number to verify the user account in the service administration interface.

3.4. Activity records (logs) are stored by the Provider for the purpose of resolving service issues and ensuring security.

3.5. The Provider does not keep activity records (logs) for longer than one year.

3.6. The email address may be used for marketing purposes (sending commercial communications) if the Customer has explicitly allowed this in the Provider's administration interface.

3.7. The Customer grants the Provider a general authorization to involve another personal data processor in the processing. The Provider must impose on its subcontractors in the position of data processor the same obligations for personal data protection as set out in these terms.

3.8. List of the Provider's subcontractors:

  • DigitalOcean – we host part of the infrastructure for administration and DNS servers here
  • Fakturoid – billing data processing
  • Slack – internal communication
  • Mailgun – email communication
  • Google – email communication and documents
  • SmartSupp - online chat

4. Customer Rights

4.1. The Customer has the right to access their personal data, the right to information about the processing of their personal data for all the purposes mentioned above, the right to correct them, and the right to erase them. If the Customer believes that their personal data is processed unlawfully, they also have the right to demand explanations and removal of the defective state from the Provider.

4.2. If the Customer requests information about the scope or method of processing their Personal Data, the Provider is obliged to hand over this information immediately, but no later than one month from receipt of the request by the Provider at the address podpora@rosti.cz.

4.3. The Provider is entitled to charge a reasonable fee for the administrative costs associated with providing physical copies of the processed Personal Data in case of repeated and groundless requests.

5. Data Erasure

5.1. Upon termination of the service - typically when the Customer cancels the service or their account - the Provider is obliged to delete the Customer's account data, unless it is obliged to store personal data on the basis of a specific law.

5.2. Customer account data is deleted immediately upon termination of the service.

5.3. Within 60 days of deleting the account, the Provider erases the Customer's account data also from the application backups.

5.4. The Provider deletes application activity logs (logs) no later than 1 year after the termination of the service.

5.5. The Provider retains email correspondence with the Customer after the termination of the Customer's account.