Privacy Notice
We guarantee your data privacy
Effective Date: 20 June 2024
This Privacy Notice (also "Notice") provides detailed information about the personal data processing practices followed by NextGenAI s.r.o., registration No. 21477116, legal address: Osadní 869/32, Holešovice, 170 00 Prague 7, Czech Republic (also "Company" or "we"). Here you will find information about the types of personal data being processed, respective purposes and legal bases, how personal data is protected, as well as other important information related to the processing of your personal data. Please review this document carefully to understand our practices related to personal data processing.
If you have any questions, contact us as indicated in the last section ("CONTACT INFORMATION") of this document.
By using our services, you agree to the provisions stipulated by this Notice. For any inquiries, please contact us. If you disagree with anything stated in this document, please discontinue the use of our services.
DATA CONTROLLER
The Company acts as the data controller, which means it decides how and why your personal data is processed. It also ensures that all data processing activities comply with applicable data protection laws, including the General Data Protection Regulation (GDPR).
DATA COLLECTION SOURCES
We collect personal data from various sources, including direct interactions where you provide information, such as when creating an account or making purchases. Additionally, we collect data automatically through cookies and similar tracking technologies. We also obtain data from third-party service providers (e.g., payment processors), state authorities and publicly available sources.
TYPES OF DATA COLLECTED
We may process the following categories of personal data:
1) User Account Data: including, usernames, photos, avatars, passwords, account settings, activity logs, referral links, referral IDs, information about your workplace, your job role, etc.
2) Contact Information: including, email, phone number, address.
3) Identification Data: including, full name, date of birth, personal identification numbers, details of identification documents, etc.
4) Technical Data: including, IP address, device type, browser details.
5) Transaction Data: including details on your orders, purchases, subscriptions and other transactions.
6) Payment Data: including payment history, payment card details, bank account details, etc.
7) Marketing Data: including, preferences and participation in marketing and loyalty programs.
8) User Generated and Uploaded Content: including any data and documents uploaded through your user account or otherwise shared with us or our services.
9) Compliance Data: including any information required for legal and regulatory compliance (e.g., in the field of anti-money laundering (AML), counter-terrorist financing (CFT), know-your-customer (KYC) and other similar processes).
10) User Support: including any information generated in the result of user support issues (e.g., type ogtechnical issue occurred, resolution status, support agent engaged, etc.).
11) Communication Data: including any records of your communications with us (e.g., using email, online forms, chats, phone calls, etc.).
12) Video-Surveillance Data: including data received from on-site video surveillance activities conducted in our office.
PURPOSES AND LEGAL BASES FOR PROCESSING
We utilize your personal data to ensure you receive the highest quality experience with our services. The following outlines how and why we process your data:
1) Providing Services: To deliver the services you request, in accordance with our agreement with you.
2) Setting Up and Managing Your Account: To establish and administer your user account, as it is essential for fulfilling our contractual obligations to you.
3) Verifying Your Identity: To confirm your identity, which is necessary for compliance with legal requirements and to protect our legitimate interests.
4) Processing Orders: To process and manage your orders, as it is integral to our contractual obligations.
5) Managing Transactions: To conduct and oversee transactions, in line with our agreement and legitimate interests.
6) Complying with Laws: To adhere to legal and regulatory requirements, as it is a legal obligation.
7) Engaging with You: To communicate with you, provide support, and deliver service-related information, which is essential for fulfilling our contractual obligations and safeguarding our legitimate interests.
8) Managing Risks: To assess and manage risks and make informed business decisions, in accordance with our contractual obligations, legal requirements, and legitimate interests.
9) Marketing and Personalization: To send you marketing information and personalized content, based on your consent and our legitimate interests.
10) Troubleshooting: To identify and resolve technical issues with our website and services, as it is essential for fulfilling our contractual obligations.
11) Preventing Fraud: To prevent fraud and misuse of our services, which is necessary for compliance with legal requirements and to protect our legitimate interests.
12) Handling Disputes: To manage claims and resolve disputes, in line with our contractual obligations, legal requirements, and legitimate interests.
13) Ensuring Security: To protect our information and assets, in line with our contractual obligations, legal requirements, and legitimate interests.
14) Improving Services: To enhance and develop our services, in accordance with our legitimate interests.
RECIPIENTS OF PERSONAL DATA
We may share your personal data with trusted partners for the provision of our services, such as payment processors. Additionally, we may disclose your data to state authorities if required by law.
DATA RETENTION
We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Notice or as required by law. Specifically, we keep data to ensure compliance with legal obligations, such as anti-money laundering (AML) regulations, for a period typically up to 5 years. Additionally, to protect our interests, we may retain data for the duration of the limitation period for claims against the company, which in the Czech Republic is usually up to 10 years.
Once your personal data no longer serves any legitimate purpose, we ensure it is securely deleted or anonymized to protect your privacy.
If you have any questions or concerns about our data retention practices, please feel free to contact us.
INTERNATIONAL DATA TRANSFERS
Your personal data may be transferred and processed outside the European Economic Area (EEA). When such transfers occur, we ensure compliance with data protection laws through appropriate safeguards such as Standard Contractual Clauses (SCC).
NECESSITY TO PROVIDE PERSONAL DATA
Certain personal data is required for the functionality and availability of our services. Failure to provide mandatory information may limit your access to some features. Optional information can be provided in line with your preferences, as well as managed via account settings. Whenever provision of data is mandatory, special marking will be added to make sure you are informed accordingly.
SECURITY MEASURES
We take the security and confidentiality of your personal data very seriously and implement a range of technical and organizational measures to protect it. These measures include advanced encryption techniques, strict access controls, and ongoing training for our employees on data protection practices.
We also encourage you to play a role in maintaining the security of your personal data. You can help by using strong, unique passwords and staying vigilant against potential online threats.
If you have any questions or concerns about our security measures, please feel free to contact us. Your privacy and data security are of the utmost importance to us.
DATA SUBJECT RIGHTS
You have the following rights regarding your personal data:
Access: You can request access to your data and obtain a copy of it.
Rectification: If your data is inaccurate or incomplete, you have the right to correct it.
Erasure: Under certain conditions, you may request the deletion of your data.
Restriction: You can request that we limit the processing of your data in specific situations.
Objection: You have the right to object to certain types of processing, such as direct marketing.
Portability: You can receive your data in a commonly used and machine-readable format and transfer it to another controller.
Withdrawal of Consent: If you have given consent for the processing of your data, you can withdraw it at any time.
Please note that these rights are not absolute and may be subject to legal preconditions. Additionally, to protect your privacy and security, we may need to verify your identity before processing your request.
To exercise any of these rights, please contact us using contact information provided in this Notice.
AUTOMATED DECISIONS AND PROFILING
We do not make automated decisions with legal effects. However, profiling may be used to provide personalized content and recommendations.
LODGING A COMPLAINT
If you have any concerns about our data processing activities, please do not hesitate to contact us. We are committed to addressing your concerns and ensuring your satisfaction. Additionally, you have the right to lodge a complaint with the supervisory authority if you feel that your data protection rights have been violated. In the Czech Republic, the relevant authority is the Office for Personal Data Protection (Úřad pro ochranu osobníchúdajů).
CHANGES TO THE PRIVACY NOTICE
We may update this Privacy Notice to reflect changes in our practices. The updated version will be published on our website. Significant changes will be communicated to you separately through appropriate communication channel.
CONTACT INFORMATION
For any questions, contact us at: hello@feastly.co
1