3. Scope of application
The legal relation for providing the services of the Platform is between Us and a legal entity (“Client/Clients”).
1. Platform Users – natural persons that are representatives of the Client and have registered an account on the Platform.
2. Platform Visitors and Email Senders – natural persons that only visit the site or send emails. Client Representative quality prevails over Platform Visitor and Email Senders quality.
3. Client Business Partners – natural persons (suppliers, recipients, etc.) or representatives of the Client suppliers, recipients, etc.
If you are a data subject, you can view the PD processed and your rights in the section that applies to you (Platform User, Client, Platform Visitor or Email Sender, Client Business Partners).
5. Relation between Us and the Client and between Us and the data subjects
If you are a Client, almost all of the processing of PD is done by Us as processor under your direction as controller.
In some limited cases PD (contact data, login credentials, invoicing, etc.) is processed by us as an independent controller.
We will process PD in accordance with the Client instructions. We reserve the right to refuse the carrying out of instructions of the Client that violate the GDPR or the rights of the data subjects. We will inform the Client when the instructions issued violate the GDPR or the rights of the data subjects. Please note that almost all of the relevant operations can be carried out via the Platform.
We will inform the Client and the Client will inform Us about PD requests from data subjects and both Us and the Client will ensure a legal and coherent response to the data subject requests.
We will make available upon request to the Client all information necessary to demonstrate compliance with the obligations laid down in GDPR and allow for and contribute to audits, including inspections, conducted by the Client or another auditor mandated by the controller.
If security breaches are relevant for the PD provided by the Client, We will inform the Client in his capacity as controller to ensure compliance with the GDPR.
You, the Client, authorize Us to engage sub-processors.
You, the Client, authorize Us to transfer PD to third countries outside the EU using appropriate safeguards.
You, the Client, represent and warrant that you will inform all relevant data subjects about the PD processing and their respective rights. In this regard, you will provide at least the information contained in the notices mentioned in section 3.
6. PD collected
When operating the Platform, we collect PD like: name, email, telephone, logon credentials, address, geolocation, cookies, IP, browser data, and other PD as needed for providing the service.
7. PD processing activities
The following processing activities will be carried out by us: access to PD by authorized persons, storage of PD in the physical archive or in electronic format, on our infrastructure or the infrastructure of sub-processors, transfer of PD to said third parties, other processing operations carried out for the purpose and on the basis of those grounds.
8. Use of the PD
We use the collected PD to: create the user account, to process payments, to invoice, to manage client business partners (suppliers, receivers, etc.), to add new functionalities to the Platform as they are developed.
9. Basis of PD processing
PD is processed on the basis of:
art. 6 (1) (a) GDPR – the processing is performed based on the consent of the data subject;
art. 6 (1) (c) GDPR – the processing is necessary for the fulfillment of the legal obligations of the Operator regarding archiving, taxing and other similar obligations;
art. 6 (1) (f) GDPR – the processing is necessary to achieve the legitimate interest of the Operator to pursue its business activity.
10. Sources of PD
PD is obtained from the Client, from the data subject, from the integrated services and from the cookies.
11. Storage and erasure of PD
PD is stored on our infrastructure and on the infrastructure of the service providers.
We will store the minimum amount of PD to ensure the functionality of the Platform.
The PD is stored until it is no longer needed, the law permits erasure and any legal conflict is resolved.
The PD is also erased when an erasure request is received and all the conditions above are met.
12. Transfer of PD to third parties and countries outside the EU
We transfer PD to third countries like USA, Canada, Switzerland and others based on appropriate safeguards.
We review the privacy policies, practices and technologies of our service providers periodically to ensure that such transfers are in accordance with the GDPR.
13. Rights of the data subjects