INFORMATION ON PERSONAL DATA PROTECTION

This document covers our Leadspicker service except our Google Chrome extensions, which have separate privacy policy documents:

I. Opening statements

  1. The company WEB Project, s.r.o., ID No.: 28596935, registered seat at Dlouhá 730/35, Staré Město, 110 00 Praha 1, the Czech Republic, incorporated in the Commercial Register maintained by the Municipal Court in Ostrava, section C, file 44123 (hereinafter referred to as the “controller“) is providing online services using online form of platform Leadspicker through webpages leadspicker.com and aplicationform.io.

  2. The controller is concluding contracts with its clients pursuant to Terms and Conditions of the Leadspicker Online Service using the online form on webpages leadspicker.com and aplicationform.io. Based on these contracts the controller connects its clients with business accelerators, incubators and third parties that organize events, competitions, trade shows or other activities for start-ups, and also with investors or other organizations that provide grants, subsidies or other means of funding to start-ups, as well as with providers of services that are essential or useful for further development or operation of start-ups. The controller informs clients on possibilities to participate in programs of business accelerators and incubators and other events, competitions, trade shows or similar activities focused on development and innovations for start-ups, or even on possibilities of funding their activities, especially using grants and subsidies, as well as on other services related to development and further operation of start-ups and providers of such services, all that with respect to identified needs of start-ups in respective phase of their development.

  3. The controller is duly fulfilling its obligations arising from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter as “GDPR“). Since the personal data might be processed in connection with conclusion of the contract using the online form, the controller pursuant to GDPR hereby informs clients who are data subjects (hereinafter as “data subjects”) on processing thereof.

  4. The controller is entitled to store and to process cookies while operating its webpages stated in Sec. 1 in order to facilitate and optimize providing of its services to clients. Cookies are stored within clients’ devices. Clients can deny cookies from storing in their devices by adjusting their browser settings.

II. Information pursuant to Art. 13 of GDPR

  1. According to Art. 13 of GDPR the controller shall provide the data subject with following information and the data subject acknowledges understanding thereof by ticking off the following check box within the webpage interface: „I have acquainted myself with information on personal data protection.“

Identity of the controller and contact details:

WEB Project, s.r.o.
ID No.: 28596935
registered seat at Dlouhá 730/35, Staré Město, 110 00 Praha 1, the Czech Republic
postal address: Vodičkova 30, Praha 1 – Nové Město, 110 00, the Czech Republic
E-mail address: info@leadspicker.com
In order to communicate with the controller data subjects shall use primarily e-mail or also postal service.

Processed categories of personal data:

  • contact details of clients – especially names, addresses, e-mail addresses, contact detail to social networks, IP addresses or phone numbers;
  • Cookies

Legal basis of processing:

The processing is essential in order to fulfil contracts pursuant to Terms and Conditions of the Leadspicker Online Service and related provision of services to data subjects.

Purposes of processing:

The purpose of processing is conclusion of the contract with the data subject and related provision of services pursuant to Terms and Conditions of the Leadspicker Online Service.

Legitimate interest of the controller or a third party:

The legitimate interest of the controller is processing of personal data for purposes of direct marketing – sending information and advertisements to clients.

According to Art. 21 of GDPR a data subject can express an objection. In case a data subject expresses an objection against processing of personal data for purposes of direct marketing the controller shall not process personal data of the data subject for such purposes anymore.

Recipients or categories of recipients of the personal data:

The controller shall provide personal data to third parties in order to connect its clients with business accelerators, incubators and third parties that organize events, competitions, trade shows or other activities for start-ups, and also with investors or other organizations that provide grants, subsidies or other means of funding to start-ups, as well as with providers of services that are essential or useful for further development or operation of start-ups.

The period for which the personal data will be stored and the criteria used to determine that period:

Personal data shall be stored by the controller over the term of the contract concluded with the client.

Cookies are stored within clients’ devices and therefore with data subjects. The web interface cannot utilize this personal data unless the data subject revisits webpages of the controller. Clients can delete cookies from their devices at any time.

Rights of data subjects:

According to GDPR a data subject is endowed with following rights:

Right of access by the data subject

According to Art. 15 of GDPR the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) of GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Right to rectification

According to Art. 16 of GDPR the data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (‘right to be forgotten’)

According to Art. 17 of GDPR the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) of GDPR, or point (a) of Article 9(2) of GDPR, and where there is no other legal ground for the processing;
  • the data subject objects to the processing pursuant to Article 21(1) of GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of GDPR;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which - the controller is subject;
  • the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of GDPR.

Right to restriction of processing

According to Art. 18 of GDPR the data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • the data subject has objected to processing pursuant to Article 21(1) of GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to object

According to Art. 21 of GDPR the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on legitimate interest of the controller.

In this particular case the legitimate interest consists solely of processing personal data for purposes of sending information and advertisement to clients.

In case a data subject expresses an objection against processing of personal data for purposes of direct marketing the controller shall not process personal data of the data subject for such purposes anymore, unless the data subject provides the controller with unrestricted and informed consent.

The right to lodge a complaint with a supervisory authority:

According to Art. 77 of GDPR every data subject shall have the right to lodge a complaint with a supervisory authority. The supervisory authority in the Czech Republic is Úřad pro ochranu osobních údajů. Webpage of the supervisory authority: https://www.uoou.cz/

Legal or contractual obligation to provide personal data, possible ramifications of non-compliance:

Provided personal data are fundamentals of the contract on provision of online services and therefore must be provided in order to conclude such contract.

Contact details are mandatory contractual requirement in order to execute the contract, i.e. in order to connect clients with business accelerators, incubators and third parties that organize events, competitions, trade shows or other activities for start-ups, and also with investors or other organizations that provide grants, subsidies or other means of funding to start-ups, as well as with providers of services that are essential or useful for further development or operation of start-ups.

The only ramification of non-providing of personal data is inability to conclude and to fulfil the contract on provision of online services.

Automated decision-making and profiling:

No automated decision-making and profiling shall take place.