DECLARATION ON THE PROCESSING OF PERSONAL DATA

Declaration on the processing of personal data within the meaning of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR").

1. Personal data administrator

The administrator of personal data is the company Soulmio s.r.o., ID number 09873163, with its registered seat at Bělehradská 858 / 23,120 00 Prague 2 - Vinohrady, Czech Republic, registered at the Municipal Court in Prague under file number C 343864 (hereinafter the "Administrator"). The GDPR informs about the principles of personal data processing and about the rights of data subjects.

As part of the processing of personal data, the Administrator respects the applicable rules and standards of personal data protection and observes in particular the following principles:

The Administrator always processes personal data for a purpose clearly and comprehensibly determined in advance, by specified means and in a manner only for the time that is strictly necessary;

Personal data is collected only to the extent necessary and is not passed on to third parties, except for those persons who are directly involved in the processing of this data;

All persons who come into contact with personal data (eg employees, suppliers, subcontractors, etc.) are contractually obliged to fully comply with the principles of personal data processing of the Administrator.

2. Scope of personal data processing

Personal data are processed to the extent that the person concerned has provided them to the Administrator, especially in connection with the conclusion of a contractual or other legal relationship with the Administrator, due to the legitimate interest of the Administrator, or which the Administrator has otherwise collected and processes in accordance with applicable law or to fulfil the legal obligations of the Administrator.

3. Sources of personal data

The Administrator processes personal data obtained mainly directly from data subjects, from its clients and contractual partners and further obtained from publicly available sources (public records, lists and registers, etc.).

4. Categories of personal data that are subject of processing

identification data that can serve to uniquely and unmistakably identify the data subject (especially name, surname, title, birth number, date of birth, permanent residence address, ID number, VAT number, bank account number, etc.) and data enabling contact with the data subject (contact details - eg temporary residence address or delivery address, telephone, e-mail address, etc.);

IP addresses, telephone numbers, login data and other operational and location data resulting from the provision of services by the Administrator collected and stored for the purpose of fulfilling the legal obligations of the Administrator;

data necessary to fulfil the obligations under the contract;

data provided in addition to the relevant legal provisions processed within the express consent granted by the data subject (processing of photographs, use of personal data for the purpose of personnel procedures, etc.)

5. Purpose of personal data processing

the purpose of the data subject's consent;

negotiating a contractual relationship;

fulfilment of obligations under the contract;

protection of the rights of the Administrator, the beneficiary or other persons concerned (eg recovery of the Administrator's receivables);

fulfilment of the legal obligations of the Administrator;

competitions for job and similar positions.

6. Method of processing and protection of personal data

The processing of personal data is performed by the Administrator. Processing is carried out mainly at its registered office, establishments and branches by authorized employees of the Administrator, or by a processor designated for that purpose. Personal data is processed through computer technology and similar technologies, or also manually in the case of personal data collected in paper form, always in compliance with all security principles for the management and processing of personal data. To this end, the Administrator has taken appropriate measures to ensure the protection of personal data so that unauthorized or accidental access to personal data by an unauthorized person, their change, destruction or loss, unauthorized transfers, their unauthorized processing and other forms of misuse of personal data cannot occur.

All entities to which the collected personal data may be made available to the Administrator are obliged to respect and defend the rights of personal data subjects to the protection of their privacy and are obliged to comply with valid and effective legal regulations concerning personal data protection.

7. Time of personal data processing

In accordance with the deadlines arising from the relevant legal regulations, the personal data of the data subjects are processed for the time strictly necessary to ensure the proper fulfilment of the rights and obligations arising from the relevant legal regulations or from the concluded contractual obligation. After the termination of the contractual relationship, personal data are kept only for the time strictly necessary for a legitimate reason of the Administrator or for the purposes of fulfilling the legal obligations of the Administrator, but for a maximum period of 10 years.

8. Transfer of personal data to other persons

The Administrator shall make the personal data of data subjects available to other persons only to the usual extent and only to processors or other recipients, typically suppliers of external services, exclusively in compliance with all principles arising from applicable legislation, in particular GDPR. In addition, personal data may be disclosed to the extent necessary to the Administrator's legal, economic and tax advisors. Personal data may also be passed on to the relevant administrative or law enforcement authorities.

9. Transfer of personal data abroad

The personal data collected will be processed mainly in the EU. In the event that personal data is transferred outside the EU, all obligations under the GDPR will be respected.

10. Legal basis of personal data processing

The Administrator processes personal data with the consent of the data subjects, except in cases stipulated by law where the processing of personal data does not require such consent.

11. Rights of data subjects

According to the GDPR, the data subject has in particular the following rights:

obtain confirmation from the Administrator whether the personal data concerning him are or are not being processed and, if so, he has the right to obtain access to the following personal data and information referred to in Article 15 of the GDPR:

if personal data are transferred to a third country or an international organization, the data subject has the right to be informed of the appropriate safeguards under Article 46 of the GDPR that apply to the transfer;

according to Article 16 of the GDPR, the right to have the Administrator correct or supplement inaccurate personal data concerning him without undue delay;

the Administrator to delete personal data concerning the data subject without undue delay and the Administrator is obliged to delete the personal data without undue delay if one of the reasons provided for in Article 17 of the GDPR is given;

the Administrator to limit processing in cases under Article 18 of the GDPR;

obtain personal data concerning him provided to the Administrator in a structured, commonly used and machine-readable format, and the right to transfer such data to another administrator without being prevented from doing so, in cases provided for in Article 20 of the GDPR;

object to the processing under Article 21 of the GDPR;

file a complaint with the supervisory authority.

12. Right to object

If the legal reason for the processing of personal data is the so-called legitimate interest, the data subject has the right to raise a factual objection to such processing of personal data at any time. In such a case, personal data will not be further processed unless there are serious legitimate reasons for their processing that outweigh the interests of the entity or its rights and freedoms, or unless they are processed to determine, exercise or defend the legal rights of the Administrator.

13. Contact information

Administrator contact details:

Soulmio s.r.o., ID: 09873163, registered seat: Bělehradská 858 / 23,120 00 Prague 2 - Vinohrady, Czech Republic, represented by Simona Zábržová, CEO, email: simona@soulmio.com
Tel. no.: +420 777 285 544