Privacy Policy 

INTRODUCTORY PROVISIONS

The subject of this document is the protection of personal data that you provide to us, which we process in accordance with the Regulation of the EP and Council (EU) 2018/679 of April 24, 2016 on the protection of natural persons in the processing of personal data and on the free movement of such data (hereinafter referred to as " Regulation"), with Act no. 18/2018 Coll. on the protection of personal data, with Act no. 452/2021 Coll. on electronic communications and other generally binding legal regulations and standards (hereinafter referred to as "the Law").

The operator responsible for processing personal data is AFINES GROUP j.s.a. ID: 51675315 with registered office Kvetná 1506/6C, 900 41 Rovinka, Slovakia, e-mail: info@afinesgroup.com, represented by: Marek Sárinec, Chairman of the Board of Directors (hereinafter referred to as the 'operator', 'we' or 'our'). We process the data you provide us in the premises of our headquarters at the above address (hereinafter referred to as the "headquarters") and/or through the mobile application "BAF" located in Google Play for the Android platform and in the App Store for the iOS platform.

You have the obligation to provide your data correctly and truthfully and to inform us without undue delay about their change. You can do so by sending an email to gdpr@afinesgroup.com. We do not process personal data that is not relevant, incomplete or that you have sent us by mistake.

When processing personal data, we comply with the relevant provisions of the Regulation, the Act and other relevant generally binding legal regulations and standards. We will make personal data available to other entities only in cases where this is permitted by law. We implement all necessary security, technical and organizational measures to protect the personal data we process. We protect databases containing personal data against their damage, destruction, loss or misuse.


BASIC TERMS

• For the purposes of this document, personal data means any data that you provide to us, that we obtain about you, and based on which we can directly or indirectly identify you.

• Processing of personal data is any processing operation or set of operations with personal data or sets of personal data, in particular their acquisition, recording, arrangement, structuring, storage, change, search, browsing, use, provision by transmission, rearrangement, restriction, or deletion.

• The transfer of personal data means the communication, publication or other making available of data (intentionally, unintentionally and/or negligently) by the sender to whom the Regulation applies, in such a way that the recipient of the personal data has access to the transferred data.

• The affected person is a natural person whose personal data is processed.

• Operator is understood as anyone who, alone or jointly with others, defines the purpose and means of processing personal data and processes personal data on their own behalf.

• An intermediary is anyone who processes personal data on behalf of the operator.

• A client is a natural person, legal entity or other entity that is in a contractual relationship with us based on a contract concluded in accordance with the relevant provisions of the Commercial Code as amended, and that carries out its activity for the purpose of performing a profession or business activity.

• A third country means a country that is not a member state of the European Union or a contracting party to the Agreement on the European Economic Area (EEC/EEA).

• An international organization means an organization and its subordinate entities that are governed by public international law, or any other entity that was established by an agreement between two or more countries or based on such an agreement.

• A third party is anyone who is not a data subject, an operator, an intermediary or another natural person who processes personal data on the authority of an operator or an intermediary.

• The recipient is anyone to whom personal data is provided, regardless of whether it is a third party.


COLLECTION OF PERSONAL DATA

Our company provides services in the field of information technologies. These services are mainly intended for organizations registered in the commercial register; entities that do business on the basis of a trade license; entities that do business on the basis of a different than trade license according to special regulations and affected persons who do not act within the scope of their business activity, employment or profession. We provide services to clients on the basis of the Agreement on electronic services concluded in accordance with the relevant provisions of the Commercial Code as amended.

PURPOSE AND LEGAL BASIS OF PERSONAL DATA PROCESSING

• In accordance with the above, you provide us with your data in the scope of name, surname, photo, gender, and your contact information for the purpose of creating and managing your account, to provide customer support, to respond to your requests, to communicate with you about our services and to execution of your transactions. We process the personal data provided by you in accordance with Art. 6 par. 1 letter b) Regulations. Personal data will be provided to the following recipients: companies performing information technology management and support, external service providers, telecommunication service providers, data storage providers. We only retain your personal information for as long as necessary for legitimate business purposes (as set out in this point above) and as permitted by applicable law. Please note that in the event of your inactivity for a period of two years, we will automatically archive your account. After archiving the account, we will delete your personal information in the following way. For the protection and safety of users, we apply a protection period of three months after the account is archived. During this period, we retain information in case it is necessary to investigate illegal or malicious conduct. The legal basis for the storage of information during this protection period is our legitimate interest, as well as the legitimate interest of any injured third parties. After the expiration of this protection period, we will delete your data and only retain a limited amount of information for the purposes listed below. We retain a limited amount of information based on our legitimate interest, for five years we retain customer care records and supporting data, as well as imprecise collection/purchase location, to support our customer care decisions.

• If you report a lost dog and/or you report a seen dog, we will process: name, surname, your contact information and the location of your device for the purpose of providing the service based on Art. 6 par. 1 letter b) Regulations. Personal data will be provided to the following recipients: companies performing information technology management and support, external service providers, telecommunication service providers, data storage providers. We only retain your personal information for as long as necessary for legitimate business purposes (as set out in this point above) and as permitted by applicable law. Please note that in the event of your inactivity for a period of two years, we will automatically archive your account. After archiving the account, we will delete your personal information in the following way. For the protection and safety of users, we apply a protection period of three months after the account is archived. During this period, we retain information in case it is necessary to investigate illegal or malicious conduct. The legal basis for the storage of information during this protection period is our legitimate interest, as well as the legitimate interest of any injured third parties. After the expiration of this protection period, we will delete your data and only retain a limited amount of information for the purposes listed below. We retain a limited amount of information based on our legitimate interest, for five years we retain customer care records and supporting data, as well as imprecise collection/purchase location, to support our customer care decisions.

• If there is a match between the lost and found dog, we will process: name, surname, your contact details and the location of your device in order to contact the owner of the dog about the match in the form of a push notification within the mobile application based on Art. 6 par. 1 letter b) Regulations. Personal data will be provided to the following recipients: the user of the BAF mobile application who has registered a dog in his profile, companies performing information technology management and support, external service providers, telecommunication service providers, data storage providers. We only retain your personal information for as long as necessary for legitimate business purposes (as set out in this point above) and as permitted by applicable law. Please note that in the event of your inactivity for a period of two years, we will automatically archive your account. After archiving the account, we will delete your personal information in the following way. For the protection and safety of users, we apply a protection period of three months after the account is archived. During this period, we retain information in case it is necessary to investigate illegal or malicious conduct. The legal basis for the storage of information during this protection period is our legitimate interest, as well as the legitimate interest of any injured third parties. After the expiration of this protection period, we will delete your data and only retain a limited amount of information for the purposes listed below. We retain a limited amount of information based on our legitimate interest, for five years we retain customer care records and supporting data, as well as imprecise collection/purchase location, to support our customer care decisions.

• The purpose of personal data processing is, among other things, the fulfillment of our legal obligations, such as accounting or business agenda, which follow from us by law, including the provision of such data to third parties (e.g. financial administration, social insurance, etc.). The legal basis for processing is Art. 6 par. 1 letter c) Regulations. In such a case, we will process data such as the business name, registered office and ID number of the company with which we concluded the contract; data required for payment (e.g. bank account number or IBAN, SWIFT, name and surname of the account holder); name, surname and contact details of the person authorized to act on behalf of the given company and/or the person responsible for issuing the given accounting document. Recipients of personal data are: external service providers, accountant, tax office, financial administration, other public authorities, attorney, persons performing audits, companies performing information technology management and support, telecommunication service providers, data storage providers. The retention period for personal data is 10 years from the termination of your obligations from the contractual relationship with us, or the exercise of legal or contractual rights.

• For the purpose of comfortable use of the services provided by us and higher security, you have the option of logging in and managing a client account. Every time you access the mobile application, information is sent via the Internet of your end device to the server of our website. This information mainly includes the date and time, the name of the page called up, the IP address of your device and a number of other transmitted data. We process this data according to Art. 6 par. 1 letter b) Regulations or in some cases pursuant to Art. 6 par. letter f) Regulations. Personal data will be provided to the following recipients: external service providers, companies performing information technology management and support, telecommunication service providers, data storage providers. These personal data will be temporarily stored in the so-called login files and are automatically deleted after the above purpose is achieved.

• For the purposes of proving, applying and defending legal claims, it is our legitimate interest to process data according to Art. 6 par. 1 letter f) Regulations. Recipients of personal data are: external service providers, accountant, tax office, financial administration, other public authorities, attorney, persons performing audits, companies performing information technology management and support, telecommunication service providers, data storage providers. The period of storage of personal data runs until the statute of limitations expires, or the exercise of legal or contractual rights.

• For the purpose of fulfilling the obligations arising from the Regulation or the Act, we maintain an agenda of the rights of the affected persons. We process this data according to Art. 6 par. 1 letter f) Regulations. Recipients of personal data are: external service providers, tax office, financial administration, other public authorities, attorney, persons performing audits, companies performing information technology management and support, telecommunication service providers, data storage providers. The period of storage of personal data is until the statute of limitations of a legal or other claim, or the exercise of legal or contractual rights.

In justified cases, the recipients of parts of personal data may be courts, law enforcement authorities, tax authorities in the performance of their legal obligations, or state and other authorities that exercise supervision, or resolve disputes or issue decisions.


YOUR RIGHTS

As a data subject whose personal data we process, you can request from us:

• access to personal data concerning you and a copy thereof;
• correction of incorrect data;
• completion of incomplete personal data;
• deletion of personal data (the so-called right to be forgotten);
• limitation of personal data processing;
• withdrawal of consent.

To apply your request, you can send us your request by email to: gdpr@afinesgroup.com.

If you believe that the processing of personal data concerning you is contrary to the Regulation or the Law, you have the right to file a complaint with the supervisory authority, which is the Personal Data Protection Office of the Slovak Republic, Hraničná 12, 820 07 Bratislava, www.dataprotection .gov.sk or any other supervisory authority in the member state of your habitual residence, place of work or place of alleged violation.

We do not transfer personal data to a third country or international organization, including subsequent transfers of personal data from the relevant third country or international organization or from the relevant international organization to another third country.

By using our mobile application, you confirm that you have been familiarized with our terms of personal data protection and that you accept these terms in their entirety. We are entitled to change or modify this document at any time, the current version is valid from 01.01.2024.