PRIVACY POLICY
GDPR Compliant Data Protection Privacy Policy
Mário Vadás (hereinafter the „controller“, understood to be the “Provider“ under the Terms of Service and End-User Agreement [http://www.virtusica.com/termsofuse.html], guarantees, as a data controller of personal data and provider of its services, the security and protection of any personal data received, in compliance with the Regulation (EU) No. 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation and hereinafter „GDPR“), as amended.
Any entity wishing to use Virtusica Website and/or Virtusica Application understood to be the “Software“ under the Terms of Service and End-User Agreement is considered data subject under the GDPR with respect to any personal data collected for the purposes of processing, (hereinafter the „data subjects“) of the conditions of data processing.
In order to satisfy the above duty to inform, as per Arts. 12-22 GDPR, the controller issues this Privacy Policy and Conditions of Personal Data Processing (hereinafter the „Policy“). Any data subject may familiarize himself/herself with this Policy, whereas the controller will make a copy of this Policy available to the data subject before provision of any services and will make other copies available to the data subject on request.
The controller is required to ask any data subjects to confirm that they are familiar with the below conditions of data processing.
1. CONTROLLER’S SERVICES AND PERSONAL DATA. The controller is a natural person – Provider of the Software providing the Software and services connected with the use of the Software as specified by the Terms of Service and End-User Agreement. For the purposes of provision of the controller’s services, the controller must necessarily process personal data of any data subjects who are Users of the Software.
1.1 LAWFULNESS. For the purposes of provision of his services, the controller must and is entitled to process personal data of its clients. The legal basis of processing are, therefore, primarily the necessity to enter into contractual relations with the data subject, at the data subject’s request and performance of an agreement with the data subject and/or for any pre-contractual obligations thereof; (Art. 6 par. 1 lett. b) GDPR), and in certain exceptional cases the legitimate interests of the controller (Art. 6 par. 1 lett. f) GDPR).
1.2 PURPOSE. The purposes of processing of data subjects‘ personal data based on the necessity to enter into contractual relations with the data subject are mainly, but not limited to: managing the User accounts (logging into the Application and/or user-restricted Webpage areas) obtaining data for use in decision-making on part of the controller, Analytics and Crash-lytics, Managing support and contact requests.
The purposes of processing of data subjects‘ personal data based on the controller’s legitimate interests are mainly, but not limited to: the potential enforcement of the controller’s legal claims, monitoring possible violations of lawful conduct, detecting any malicious or fraudulent activity, unauthorized uses of User accounts or security breaches when using the Software.
1.3 NECESSITY AND TERM OF PROCESSING. The provision of personal data by the data subject to the controller is voluntary, it is, however, a necessary requirement for processing personal data for the purposes stated in par. 1.2 of this Policy. In case the User as a data subject wishes to use the Software, the controller must necessarily obtain and retain data provided pursuant to this Policy for the purposes of provision of User account and due performance of the controller’s services; the relevant data subject remains entitled to erasure of such data at any time, however, no services may be provided hereunder without User’s personal data; such User will not be able to log in to the Application and/or user-restricted Webpage areas.
The controller is legally entitled to processing the data subject’s personal data for the whole duration of the valid and accessible User account, or until the data subject objects to processing where his/her objection is lawful. In case the controller loses lawful access to the data subject’s personal data, the data subject may no longer be considered entitled to use the Software.
1.4 CATEGORIES OF DATA. The personal data of the data subject processed by the controller are mainly the following: contact data: e-mail address, User account login and passwords, in case of direct contact by the User: phone numbers, correspondence address; as well as other data provided by the data subject.
1.5 LEGITIMATE INTERESTS. The legitimate interests of the controller relating to processing of data subjects’ personal data are mainly, but not limited to: improving the quality of services, monitoring possible violations of lawful conduct, detecting any malicious or fraudulent activity, unauthorized uses of User accounts or security breaches when using the Software, potential enforcement of legal claims.
Personal data submitted to the controller hereunder will not be subject to profiling and the controller will not take any decisions important to data subjects in an automated fashion based on such personal data.
1.6 ACCURACY. By voluntarily submitting personal data to the controller, the data subject declares that any and all such data is accurate, correct and up to date and follows from true and uncompromised underlying documents. Otherwise, the data subject shall be responsible for any damage incurred by the controller based on the submission of false, untrue and/or obsolete personal data. The data subject shall be required notify the controller of any changes or amendments to his/her processed personal data.
1.7 DATA RETENTION. The controller shall process personal data pertaining to any data subject for the whole duration of the existence of User’s account or the use of the Software whatever expires as latter, or in case of any dispute between the controller and data subject, until the final resolution of all disputes. In case the controller loses lawful access to the data subject’s personal data, the data subject may no longer be considered authorized User of the Software.
1.8 DATA TRANSFERS. Personal data pertaining to data subjects may be:
1.8.1 transferred to third parties – to the lawfully appointed processors acting on behalf of the controller, and in case of any dispute to state and local authorities, including courts,
1.8.2 transferred to third parties and state and local authorities in countries both within and outside the EEA (third countries) to the extent absolutely necessary, if required by the due provision of Software services and where the data subject has been informed of the cross-border transfer in an explicit manner (e.g. if a third-party entity represented by the controller and indicated on the website is the ultimate beneficiary of the selection process and resides outside of the EEA), while respecting at all times appropriate safeguards based on decisions of the European Commission on the adequacy of data protection in the destination country, or based on standard contractual data protection clauses or other safeguards.
1.8.3 Transfer of personal data outside the EU. Any transfers of personal data to third countries shall be subject to appropriate safeguards based on adequacy decisions of the European Commission, or standard contractual data protection clauses issued by the European Commission.
1.9 DATA PROTECTION OFFICER. The controller has not appointed a data protection officer pursuant to Art. 37 GDPR.
1.10 Minimization of Processing. The controller shall at all times endeavor only to process personal data to the minimum extent absolutely necessary to the Arrangement as defined in the Terms of Service and End-User Agreement and functioning of the Software.
1.11 Confidentiality and Security declaration. The collector is obligated to ensure that any persons that access or may access systems or lists of personal data processed under this Privacy Policy are subject to a duty of confidentiality, and to reasonably inform such persons about their rights, duties and liability, mainly, but not exclusively pertaining to personal data protection and confidentiality.
Furthermore, the collector shall be obligated to ensure that industry-standard security practices and protocols are in place during any and all processing on its part, including appropriate encryption, pseudonymization, anonymization and deletion of sensitive data where applicable and reasonable.
1.12 METHODS OF PROCESSING
The collector takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the personal data of data subjects. The data processing is carried out using computers and/or IT enabled tools. Processing is carried out following organizational procedures and modes strictly related to the purposes indicated. In some cases, the personal data may be accessible to expert affiliates of the collector such as legal, bookkeeping or system administration third-party technical service providers, mail carriers, hosting providers, appointed, as Data Processors by the collector. The collector informs the data subjects about there Processors on demand.
2. RIGHTS OF THE DATA SUBJECT. The rights of data subjects pertaining to protection of personal data are governed mainly by provisions of Articles 15 to 22 GDPR, as amended.
If you are a data subject, you have the right particularly to the following, applicable by means of written communication to the address of the controller):
- the right to obtain confirmation from the controller as to whether or not personal data c oncerning you is being processed, and, where that is the case, access to such personal data, as well as rectification of such data without undue delay,
- the right to restriction of processing of your data, particularly if the accuracy of such data is contested or if processing is unlawful and you request restriction of processing,
- the right to erasure of your data, particularly if the data has been processed unlawfully, where you have revoked consent, where erasure is required by law or where the data is no longer necessary in relation to the purposes for which it was collected, unless the controller has compelling legitimate interests to retain such data,
- the right to receive personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller, where technically feasible and lawful,
- where the processing is based on your consent, the right to revoke your consent with immediate effect, after which your data may no longer be processed for related purposes; however, this does not affect the lawfulness of processing before you revoked your consent,
- the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, after which your data may no longer be processed unless the controller demonstrates compelling legitimate interests to retain such data,
- the right to object to processing of your personal data for the purposes of profiling, direct marketing and unsolicited communication, applicable by means of written communication to the address or e-mail address of the controller); you may also voice your objection to communication that is not required for the provision of the controller’s services, by using an unsubscribe link in an e-mail message sent by the controller.
You may also exercise your above rights by writing to the address: Mário Vadás, Kalinèiakova 9, 831 04 Bratislava, Slovakia, or to the e-mail address contact@virtusica.com.
You also have the right to lodge a complaint or inquiry, mainly at the supervisory authority, in particular in the member state EEA of your habitual residence, place of work or place of the alleged infringement, e.g. the Office for Data Protection of the Slovak Republic as the competent supervisory authority for Slovakia, should you have suspicions as to the lawfulness of processing of your data.
Your above rights may be restricted, if such a restriction is mandated by applicable law, or if the exercise thereof would result in violation of your rights or rights and legitimate interests of other data subjects.
3. SPECIFIC PROVISIONS – THIRD PARTIES
3.1 Payments
Any personal data connected with online payments, subscriptions, trials and refunds are NOT collected nor processed by the collector and are exclusively governed relevant provisions of terms and conditions for online payments of relevant content provider application store (Google Play, Appstore).
3. 2 Google Analytics
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services. The controller shall specifically, by virtue of the Terms of Service and End-User Agreement, have the data subjects consent to appoint any operator or operators of the Google Analytics as a sub-processor with respect to the processing of Users’ personal data for the purposes of Website/App/Software analytics and crash-lytics (corresponding privacy policies may be found at https://policies.google.com/privacy). Place of processing: US
3.3 Google Firebase
The controller shall specifically, by virtue of the Terms of Service and End-User Agreement, have the data subjects consent to appoint any operator or operators of the Google Cloud Platform as a sub-processor with respect to the storage and computational processing of Users’ personal data (corresponding privacy policies may be found at https://policies.google.com/privacy).
4. EFFECTIVE DATE. This Policy is effective as of December 1, 2021. The controller reserves the right to modify and amend this Policy, without prejudice to specific rights and obligations already extant based on previous privacy policies.
Contacting us
If you have any questions, concerns, or complaints regarding this Privacy Policy, we encourage you to contact us using the details below:
Email: contact@virtusica.com
Address: Mário Vadás, Kalinèiakova 9, 831 04 Bratislava, Slovak Republic
This document was last updated on December 01, 2021