Who processes your personal data?
The administrator of personal data according to Article 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons in connection with the processing of personal data and on the free movement of such data (hereinafter: “GDPR”) is Sanakvo foundation, with permanent residence: Oberdorfstrasse 51, 3930 Eyholz, Switzerland (hereinafter: “Administrator”) and as administrator will process your personal data according to the conditions below. The administrator has not appointed a personal data protection officer.
What personal data do we process?
Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be directly or indirectly identified, in particular by reference to a certain identifier, for example a name, identification number, location data, network identifier or to one or more special elements of physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person. We only process personal data that you provide to us in connection with the use of our services as part of a subscription order for one of our titles.
This is most often the data you give us when filling out the contact form:
- name and surname,
- telephone number,
- other data voluntarily filled in by you.
And further data we obtain from you using our services:
- IP address,
- cookies (in the case of online services) – you can find more about cookies here,
- or another online identifier.
Why do we process personal data and on what basis?
The legal reason for processing personal data is:
- performance of the contract between you and the controller pursuant to Article 6 paragraph 1 letter b) GDPR,
- process your personal data based on the fulfillment of our obligations arising from the law (for example, archiving of accounting records), even without your consent,
- legitimate interest of the controller in the provision of direct marketing (especially for sending commercial messages and newsletters) according to Article 6 paragraph 1 letter f) GDPR
The purpose of personal data processing is:
- processing your inquiry,
- performing analyzes and measurements to display content that corresponds to your individual needs,
- sending business messages and doing other marketing activities.
There is no automatic individual decision-making on the part of the controller in the sense of Article 22 of the GDPR.
Who will have access to your data and for how long?
The administrator declares that he has taken all appropriate technical and organizational measures to secure your personal data. Only authorized persons have access to personal data. The partners to whom we entrust your data are also able to ensure such technical and organizational security that unauthorized or accidental access to your data or their other misuse cannot occur.
Third parties that may have access to your personal data to the extent necessary are:
- persons involved in the delivery of goods/services and the realization of payments,
persons to whom we provide data for the purpose of analyzing traffic to our websites,
- persons who ensure the security and integrity of our services for us, the technical operation of a certain service, technology operators and other services that we use in connection with the operation of the e-shop and web services,
- operators of advertising systems in connection with targeted advertising,
- when setting up a recurring payment, the customer’s payment data will also be stored on the side of the relevant payment gateway or bank,
- under certain, precisely defined conditions, we are then obliged to transfer some of your personal data to public administration bodies.
The administrator does not intend to transfer personal data to a third country. All data is stored on the territory of EU countries or countries that are established by the EU as safe.
The administrator stores personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the administrator and to assert claims from these contractual relationships, and subsequently for a period of 10 years from the termination of the contractual relationship. You can exercise any of your rights described below at any time. After the personal data retention period has expired, the administrator deletes the personal data.
Is my personal information safe?
We approach the protection of personal data with the utmost care. All personal data is secured by standard technologies and procedures, which we continuously check and update. In order to better secure your personal data, access to this data is password protected and sensitive data is encrypted during transmission between your browser and our website.
It is necessary to realize that even maximum security is not a guarantee of 100% protection of personal data against access, copying, disclosure, alteration or destruction by a third party. Without your help and responsible behavior, we are unable to fully ensure the security of your data. So keep your passwords to our services secret and choose such a password that is not easy to derive. Follow basic safety principles.
Can we process your personal data even without your consent?
We can process your personal data even without your consent. The legality of such processing results directly from applicable legal regulations. This is a case where your personal data is necessary:
- for the fulfillment of all obligations arising from the contract between us, the provision of a service or product,
- in order to comply with all generally binding legal regulations, we must process some personal data regardless of your consent for the period set by the relevant legal regulations or in accordance with them and after any withdrawal of your consent,
- processing that is necessary for the purposes of our legitimate interests (e.g. to ensure the security of our websites).
What rights do you have in relation to the protection of personal data?
Please note that you are not obliged to provide us with any data and providing them is voluntary. However, we will not be able to provide you with our service without providing the data marked as mandatory.
According to Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC, you have the right with our company, as administrator of your personal data:
- request access to the personal data that we process about you and exercise the right of access to this personal data and to other information listed in Article 15 of the Regulation,
- request the correction of personal data that we process about you if they are inaccurate, request the erasure of personal data (the right to be “forgotten”) in certain cases,
- request restriction of data processing,
- obtain personal data relating to you in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another administrator,
- you have the right to raise an objection or complaint against the processing in certain cases,
- the right to be informed of a breach of personal data security in certain cases,
- other rights stipulated in the Act on the Protection of Personal Data and in the General Regulation on the Protection of Personal Data No. 2016/679 after its entry into force.
You can exercise each of these rights on the contact details below. If we receive your request, we will inform you of the measures taken without undue delay and in any case within one month of receiving the request. If necessary, this deadline can be extended by another two months, taking into account the complexity and number of applications. Every user using our services has the opportunity to get an overview of all the personal data we record about him.
In the event that your application is not accepted, we are obliged to inform you immediately and no later than one month after acceptance about the reasons for not accepting the measure. In certain cases where your request is unreasonable or unjustified (especially in cases of unreasonable repetition of the request), we are not obliged to grant your request in whole or in part according to the Regulation. In such cases, we may charge you a reasonable fee that takes into account the administrative costs associated with providing the requested information or communication or taking the requested actions. As a data subject, you always have the right to contact the supervisory authority, which is the Office for Personal Data Protection.
If we receive your request but have reasonable doubts about your identity, we may ask you to provide additional information necessary to confirm your identity.
In the event that you believe that our company processes your personal data without authorization or otherwise violates your rights, you have the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection, or you have the right to request judicial protection.
How can you contact us?
In case of any questions or if you want to exercise your legal rights or express your disagreement with the further sending of our commercial communications, you can contact us via e-mail email@example.com.
In order to verify your identity, we may require you to provide us with appropriate proof of your identity. This is a preventive security measure to prevent unauthorized persons from accessing your personal data.