Dear client,
we, the Easy Software Group SE, (hereinafter also referred to as “we” or “our Company”) hereby inform you about the principles and procedures for processing your personal data and about your rights relating to the protection of personal data in connection with offering, concluding, providing, and maintaining products and services of the relevant companies within our Easy Software Group.
Our company, as a managing person within the meaning of Section 79 of Act No. 90/2012 Coll., on Commercial Companies and Cooperatives, as amended, is the head of Easy Software Group. Therefore, the principles and procedures for processing and protecting personal data, their security, and the exercise of your rights as data subjects are set uniformly for all companies that are part of Easy Software Group, especially:
- Easy Software Ltd, residing at Kemp House, 152-160 City Road, EC1V 2NX London, United Kingdom;
- Easy Software s.r.o., residing at Jugoslávských partyzánů 736/34, Bubeneč, 160 00 Praha 6, Czech Republic; and
- Easy Software LLC, 175 Pearl St. Floors 1-3 Brooklyn, NY 11201 United States of America
(jointly referred to as “Easy Software Group Companies”).
You can also find the detailed contact and identification information of the Easy Software Group Companies in the footer of our website at https://www.easysoftware.com/. We will be pleased to answer any of your questions in any of our branch offices and/or via email: info@easysoftware.com. Where the terms “we” or “our Company” are used, these shall also be interpreted to include the relevant Easy Software Group Company with which you, as a client, enter into a legal relationship with.
The purpose of these Principles is to give you information about the particular personal data we collect, how we treat them, what sources we get them from, what purpose we use them for, whom we may provide the data to, where you can obtain information about your personal data we process, or what are your individual rights concerning the protection of personal data.
Thus, please read the contents of these Principles carefully.
1. General Information
Our Company is subject to various statutory obligations regarding the processing of client personal data that we must comply with, particularly with regard to the fulfilment of our contractual obligations or to exercise instructions/orders of official authority. In this regard, we would be unable to provide our products and services at all without being given your personal data. Also, we process personal data of clients beyond the framework of our statutory obligations for the purpose of customer care, and to address you with targeted offers of products and services. In some cases, we need your previous consent to do so. If you decide to not grant your consent in these cases, our provided products or services may be limited or otherwise adjusted, depending on the scope of data we are entitled to process. Every client is informed about the scope of limitations or adjustments.
Unless explicitly stated otherwise, all of the information contained herein also applies to the processing of personal data of prospective customers, i.e. persons with whom we are in contact but have not established a contractual relationship yet, as well as former clients (within the data retention periods as specified below). The information contained herein also applies, to a reasonable extent, to the processing of personal data of other persons, with regard to whom the Company has certain obligations, or with whom our Company is in direct contact without being in a contractual relationship (such as representatives of legal entities).
The information provided herein is of a general legally normative nature, thus it is not part of any specific contract (unless agreed otherwise) and may be supplemented by details related to a specific case of personal data processing in our mutual communication.
1.1. Personal Data Processing Principles
As part of processing your personal data, we respect the highest industry standards of personal data protection and particularly abide by the following principles:
(a) We always process your personal data for a clearly and comprehensibly defined purpose, using defined means, in a defined manner, and only for a time necessary with regard to the purpose; we only process precise personal data of clients and ensure that their processing corresponds with and is necessary for the defined purpose;
(b) We protect and process your personal data in a manner ensuring the highest possible security of the data and preventing any unauthorized or accidental access to client personal data, their modification, destruction or loss, unauthorized transfers, other unauthorized processing, or other abuse;
(c) We always clearly inform you about processing your personal data and your rights to receive precise and full information about the circumstances of such processing as well as your other related rights;
(d) At our Company we adhere to adequate technical and organizational measures to ensure a level of security matching all reasonably expected risks; all persons who come into contact with client personal data are obliged to keep confidential the information acquired in connection with the processing of such data.
2. Information about the Processing of Personal Data
2.1. Information about the Controller
The Data Controller of your personal data is the relevant Easy Software Group Company with which you either come in contact with and/or with which you enter into legal relationship with (ie. via purchasing our licenses).
With respect to our website, Easy Software Ltd., residing at Kemp House, 152-160 City Road, EC1V 2NX London, United Kingdom, ID: 08960980 shall be considered the Data Controller.
2.2. Purpose and Legal Basis of Processing
2.2.1. Processing of Personal Data without Your Consent
This usually concerns situations where you are obliged to disclose certain personal data to us as a condition to let us provide you with our product or service, or where we are entitled to process your personal data acquired otherwise.
By virtue of law, we are entitled to process your personal data without your consent for the following purposes, in particular:
(i) compliance with statutory disclosures to public authorities or to comply with other relevant laws and administrative or court decisions;
(ii) compliance with archiving obligations;
(iii) conclusion or performance of a contract with you;
(iv) our legitimate interest;
(iv) protection of rights and interests protected by law, particularly in respect of resolution of any and all disputes, particularly for the purpose of court or other disputes.
2.2.2. Processing of Personal Data with Your Consent
This particularly concerns situations where you voluntarily agree that we process the provided or otherwise acquired personal data on top of the data we might already process based on a different legal title. These go above the scope of the nature of the core services and may provide you with better services both in the present and the future. As such, not granting your consent may be a reason preventing our Company from providing you with certain optional communications, products, or services.
Based on your consent, our Company processes your personal data for the following purposes:
(a) specific types of customer care; these are activities that do not stand for the performance of a contract or another legal framework of personal data processing and cannot be justified by our legitimate interest, and include the following: (i) market research; (ii) monitoring of client actions on our Company’s website in connection with the offered services (thus, this purpose does not relate to mere acquisition of information about actions of visitors to our Company’s website in the form of cookies as described below in the Article on Electronic Means of Communication and Mobile Applications);
(b) the offering of products and services which are either (i) not directly relevant to the products or services already offered, (ii) not yet provided, and/or forwarded to third parties for the purpose of offering products and services of such third parties (usually our partners that either participate in the provision of services, are Company affiliated (usually within the structure of the Easy Software group) and/or might be relevant to the interests of the clients; in particular, this includes distribution of information, offering of products and services of our Company and other parties, including product and service offers targeted at particular clients, all via various channels, such as by mail, electronic means (including electronic mail and messages sent to mobile devices via a telephone number), or by telephone, via a website.
To a certain extent, in these cases, our Company is also entitled to offer products and services to clients without obtaining their consent within their legitimate interest or as part of the fulfilment of our contractual obligations; if implied by the law, you will be informed in this regard about your right to express your disagreement with any further offering of products or services. More details are provided above in these Principles.
Furthermore, our Company may also process your personal data based on specific consent for (individually):
(a) use of cookies, pixels, and other tracking technologies in the manner and for the purposes as is (in detail) described in our Cookie Policy you can find at each of our respective product websites; or
(b) recording of our meetings, calls, and other audio/audiovisual communication and the following use of such recordings internally (ie. within the Easy Software group of companies) for purposes of advancement of our customer care and/or other lawful purposes (mainly legitimate interest and performance of contract). We further may use of the recordings via other internal or third party solutions to automate our internal processes for optimal use of the information provided by you to provide you with products and services. The consent under this letter includes the consent of the person to record shared screens as well as any other content shared in the meetings, as well as the portraits of each person included and their expressions (incl. verbal) and their further use within the foregoing purposes. For the avoidance of doubt, should the person choose to share any other information, these will be recorded as well, and consent extends to those similarly. The relevant person also grants the Company license to use his/her portrait captured in the video recording in all manners of use and to use the content of the recording for internal purposes described above. The license is granted for a definite period of the duration of the specific consent and 12 months after its withdrawal and without any territorial restrictions. Our Company shall not be responsible or liable for any use of the information recorded by the actual providers of third-party solutions. We will inform you of the actual third parties used for provision of such services on request as it might change from time to time. You can also refer to Section 2.5 below with respect to the types of recipients of your data.
2.3. Scope of Processed Client Personal Data
Our Company processes your personal data to an extent necessary to meet the above purposes. We particularly process contact and identification data. Detailed information about the scope of processed personal data of clients is stated in Annex 1 to these Principles.
2.4. Personal Data Processing Methods
The method of how our Company processes your personal data includes both manual and automated processing, including algorithmic processing, in our Company’s information systems. However, you shall not be subject to any automated decision-making or profiling.
Your personal data are mainly processed by employees of our Company and, to an extent as required, by third parties. Before any disclosure of your personal data to a third party, we always enter into a written agreement with the third party, containing the same warranties in respect of personal data processing as adhered to by our Company and/or at least warranties in line with its statutory obligations.
2.5. Recipients of Personal Data
Your personal data are made available particularly to our Company’s employees in connection with the performance of their professional duties requiring work with the personal data of clients, however, always exclusively to an extent necessary in the particular case and in compliance with all security measures.
In addition, your personal data are disclosed to third parties participating in the processing of personal data of our Company’s clients, or such personal data may be made available to them on other grounds in line with the law. Before any disclosure of your personal data to a third party, we always enter into a written agreement with the third party to stipulate the processing of personal data as was already described above. Our Company strives to achieve the same warranties in respect of personal data processing by third parties as adhered to by our Company and in line with the relevant statutory obligations. Besides such agreement, our Company does not disclose your personal data to companies located in countries that do not provide sufficient guarantees for protection of personal data in line with the GDPR.
You hereby give us consent with the following categories of third parties (our data processors) to whom we may disclose your personal data within the above purposes and where necessary for the proper provision of Services and/or fulfilment of other purposes described in these Principles:
- Server and hosting providers;
- Accountants, Tax Advisors and Attorneys;
- Mailing system providers (e.g. Mautic);
- External system providers (e.g. Smartsupp);
- Internal system providers (e.g. Leexi.ai - https://www.leexi.ai/en/ for call recordings, Google for reCAPTCHA, etc.);
- Affiliates and intra-group (Easy Software Group) companies;
- our other subcontractors who participate in the provision of Services to clients.
For the avoidance of doubt, the above consent with the types of data processors by no means results in all of the client information being transferred to all of the data processors. It is a general consent to use certain types of data processors, however, limited exclusively to the manners where such use is necessary to fulfil the purposes of the processing of personal data described in these Principles, ie. accountants of the Company only receive accounting information, Leexi only processes the relevant recordings, etc. We always share data exclusively on a need-to-know basis.
In accordance with applicable legislation, our Company is entitled, or directly, without your consent, obliged to disclose your personal data to:
- relevant state authorities, courts, and law enforcement authorities for the purpose of performance of their obligations and for the purpose of enforcement of judgment;
- other parties to an extent stipulated by legislation, such as to third parties for the purpose of collection of our receivables from clients.
2.6. Disclosure of Personal Data to Foreign Countries
Your personal data are processed exclusively in the territory of the Czech Republic, other states of the European Union and/or other foreign countries where Easy Software Group entities are seated (ie. the United States of America), and which either share the same personal data protection standard as the Czech Republic and the United Kingdom or provide sufficient guarantees that such standards will be upheld irrespective of the national statutory obligations. Neither our Company nor the entities participating in the processing of client personal data disclose the personal data of clients to countries outside the European Union unless such companies and/or countries provide sufficient guarantees with regard to your personal data (incl. EU-US Data Privacy Framework Program and other adequacy decisions, standard contractual clauses and other means in compliance with the data protection regulations). In that case, certain personal data might leave the EEA and be processed in different countries, especially within the United Kingdom and with respect to our third-party providers also in the United States of America (ie. Google Analytics).
2.7. Term of Personal Data Processing
Our Company processes the personal data of clients only for a time necessary with regard to the purposes of processing. From time to time, we evaluate the existence of the need to process certain personal data required for a particular purpose. Once we detect that the data are no longer required for any of the purposes, for which they have been processed, we destroy the data. However, in respect of certain purposes of personal data processing, we have internally evaluated the usual term of usability of personal data, after expiration of which we must carefully assess the need to process such personal data for the particular purpose. In this regard, it also holds that personal data processed for the purpose of:
(a) execution of contracts are processed over the term of the contract negotiations with the client; then the relevant personal data are usable for up to 12 months within our legitimate interest to contact clients with whom we were in negotiations (unless objected by the client);
(b) performance of contracts are processed over the term of the contractual relationship with the client; then, the relevant personal data are usable for up to 12 months depending on the offboarding process;
(c) legitimate interest to participate in the defence of our own claims as well as protecting ourselves against the claims of our clients are processed for up to 3 years after the contractual relationship ended for civil cases and can be increased to up to 15 years in criminal cases depending on the statute of limitations period; such period might be prolonged for the duration of the judicial and other administrative proceedings concerning such claims;
(d) offering of products and services relevant to the products and/or services already used by the client are processed over the term of the contractual relationship; then, the relevant personal data are usable for up to 24 months or until objection from the client is raised whichever earlier; if personal data are disclosed to us by third parties, the term of processing is defined by the third parties in accordance with applicable legislation and legal title obtained by the third party;
(e) offering of products and services not directly relevant to the products and/or services already used by the client are processed for the duration of the relevant consent, usually for the duration of up to 2 years or until consent withdrawal whichever earlier;
(f) recording of calls, meetings and other communications are processed for the duration of the contractual relationship with the client; then, the relevant personal data is usable for up to 6 months or until the data is pseudonymized and aggregated or anonymized;
(g) customer care are processed over the term of the contractual relationship with the client; then, the relevant personal data are usually usable for up to 12 months;
(h) compliance with archiving obligations are processed for the duration of up to 10 years depending on the legal obligations of the relevant Easy Software Group Company.
2.8. Right to Revoke Consent
In these Principles, we tried to explain why we need your personal data and that for certain purposes we may process them with your consent only. You are not obliged to grant consent to our Company to process your personal data and you are also entitled to revoke your consent. At this point, we would like to remind you that we are also entitled to process personal data for certain purposes without your consent (as was already described above). If you revoke your consent, we will discontinue the processing of the relevant personal data for purposes requiring the relevant consent; however, we may be entitled or even obliged to process the same personal data for other purposes.
If you wish to revoke your consent to the processing of personal data, please refer to any of our branch offices, send us a letter to any of the Easy Software Group Companies, or contact us via email: info@easysoftware.com or via form on the web pages of Easy Software Group.
2.9. Sources of Personal Data
We acquire the personal data of clients particularly from:
(a) the clients, directly, such as when concluding contracts related to the Company’s products or services provided, and/or indirectly, such as during the use of the Company’s products or services by the clients, or as part of making information about the Company’s products and services available to the clients, such as through the Company’s website, etc.;
(b) prospective customers interested in services of our Company as part of marketing events and campaigns;
(c) own activities through processing and evaluation of other personal data of the clients, ie. during the provision of Services from our own internal systems and tools for purposes described above.
2.10. Your Right to Ask for Access to Personal Data and Protection of Client Rights
If you ask us for information related to the processing of your personal data, we will provide you with all information about the data we process about you without undue delay. We are entitled to claim reasonable compensation corresponding with expenses incurred in order to provide such information. If you find out or think that our Company or a third party participating in the processing of your personal data does so in conflict with the protection of your private life and/or in conflict with the law, in particular, if your personal data are inaccurate, you may:
(a) request an explanation from our Company or the third party participating in the processing of data;
(b) request remedy of the defective state; in particular, you may request correction or amendment of the personal data; if needed, the data will be temporarily blocked or destroyed.
If we find your request legitimate, our Company or the third party participating in the processing of data will remove the defective state free of charge and without undue delay.
2.11. Company as a processor of personal data
In certain cases, our Company also handles client personal data by authorization of another party (another data controller). For detailed information, it is always necessary to contact the particular data controller of personal data, unless our Company is authorized to provide information in the particular case.
More importantly, our Company acts as a data processor by authorization of you, our clients, where such clients provide our Company with any information concerning third parties that are not in a contractual relationship with our Company, typically end-users and customers of our clients as well as any of their employees and subcontractors accessing our products and/or services. In such cases, our client is fully responsible (and as a consequence liable) that all the data provided to our Company are legally obtained and processed, that the legal purposes for their processing and their transfer to our Company are met and that any other obligations relevant to the processing of personal data by the client of our Company are being fulfilled. You shall indemnify and hold harmless our Company from and against any and all reasonable claims, losses, injuries, damages, charges, costs, or expenses arising out of or in connection with the performance (or lack of) of the duties and obligations of yours, where such claim(s) result from the default, negligence, or intentional or wilful acts or omissions of your with respect to the processing of personal data provided to our Company.
2.12. Electronic Means of Communication and Mobile Applications
Customer care. As part of customer care, our Company develops technologies to let you use modern electronic means of communication and mobile applications to access and use Company’s products and services. In particular, these include services related to the use of the Internet, social networks, and various mobile applications.
Social networks. Also, you can address us through various social networks. We particularly use these communication channels as marketing tools; our products and services are not provided through social networks at this moment. If the social networks are used, please be advised to check their respective privacy settings and policies to inform yourself of your privacy and relevant rights guaranteed by their operators and/or providers. We do not guarantee, nor shall we be responsible or liable for the data processing that occurs by the relevant social networks independently. Unless necessary for other relevant purposes, e.g. performance of a contract with you, we do not store such communications elsewhere (outside the social network accounts).
Cookies. We do not store Cookies in your computer (with the exception of purely functional cookies) without your previous consent. You can learn more about cookies in a Cookie Policy present at each relevant product website.
2.13. Principles
These Principles are valid and effective as of 1.8.2024. The current version of the Principles is published on our Company’s website and is also available at our branch offices.
The official version of these Principles has been drafted in English and shall be considered the only binding version. Any versions of these Principles translated into other languages are provided solely for the convenience of the User through machine translation and do not carry any legal weight. In the event of any discrepancies or conflicts between the English version and any translated version, the English version shall prevail in all matters.
Annex 1 – Scope of Processed Personal Data
Identification data – these include data such as name, surname, date, email, phone number, employer or. represented company; for clients who are natural persons – entrepreneurs, also the identification number and tax ID. Other possible identification data include, for example, information about the IP address of the computer used, and files of specific authentication data we agree to use.
Contact data – name, surname, contact addresses, telephone numbers, email addresses, or other similar contact data. Other similar contact data may be the IP address of the used computer and files of specific authentication data we agree to use.
System data – system logs and other technical, usually pseudonymized, data that are stored automatically by our systems or by CDN and hosting providers to protect us from potential attacks.
Recording data – name, surname, nicknames, account IDs (related to the type of meeting/call), as well as any other data shared on the meetings/calls from which the recording was taken. We also process the recording metadata for privacy purposes.
Communication data – any further information disclosed to us during the communications related to any of the purposes described in these Principles.
In the event that you withdraw a submitted application for a product or service, we also process the application withdrawal date along with the data provided before the withdrawal.
Data arising out of the performance of obligations under contracts – depending on the nature of the provided product or service, we process information related to the provided product or service. In this category, we process personal data such as the terms of the contract, identification data of the relevant personnel, and other personal data acquired during our interactions. In particular, these include:
(i) data serving to secure communications;
(ii) records of your preferred communication language, expressed interest in a product or service, your strategies, or your specific requirements disclosed to us.
Previous version: