Privacy Notice – customers, suppliers, visitors of the website and profiles on social media
Streemline s. r. o.
We take privacy very seriously.
This Privacy Notice (“Privacy Notice”) describes the manner in which we, at Streemline (“Streemline” or “we/us“), process and protect the personal data of: (i) our (potential) customers, (ii) our (potential) suppliers, (iii) the persons authorized to act on behalf of our (potential) customers and suppliers, (iv) the contact persons of our (potential) customers and suppliers and (v) visitors of our websites biteberry.com and streemlinestudio.com (“Websites”) and our profiles on social media.
We process personal data in compliance with the EU general data protection regulation, i.e. the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR“) and the respective applicable local data protection acts implementing the GDPR.
In this document, we explain what type of data we process about you, the legal basis allowing us to do so, the purposes for which the data are being processed, by whom they are accessible, how you can monitor the manner of their processing, and what technical and security measures in general we use to protect your personal data. Also, you will learn about the rights in relation to processing of your personal data, and how you can exercise those rights.
By this Privacy Notice, we fulfill the obligation to inform you (in your capacity as data subject) pursuant to Article 13 and/or 14 of GDPR.
1. Who are we and how can you contact us?
Streemline s. r. o. with its registered seat at:
S. H. Vajanského 3616/23,
940 02 Nové Zámky,
Corporate ID (IČO): 55 353 690 registered in the Commercial Register maintained by the District Court Nitra, Section: Sro, Insert No.: 60199/N
If you have any questions regarding processing of your personal data, please, contact us via e-mail at email@example.com or via registered mail at the address of our registered seat (above).
2. What is personal data? What kind of personal data do we process and how do we collect them?
Personal data is any information allowing to establish your identity as individual, or any information specific to you.
We collect and process only such personal data which are necessary for us to:
- conclude contracts with customers and suppliers and perform obligations arising thereof,
- comply with our statutory obligations and
- protect our legitimate interests.
If it is not absolutely necessary, we do not process any special categories of personal data within the meaning of Article 9(1) of GDPR.
Particular scope of personal data we collect and subsequently process depends on what type of data subject you are.
We obtain personal data either directly from you (e.g., when you, or the company you act on behalf of, conclude a contract with us either as customer or supplier), or indirectly from other subjects (e.g. from the delivery channel through which you have ordered the food from the restaurant using the application developed by us).
3. What categories of personal data do we process, for what purposes and on what legal basis? How long do we store your personal data? Is disclosure of your personal data to us mandatory or voluntary?
4. To whom do we disclose your personal data?
We do not make your personal data public. We neither disclose, nor provide your personal data to any entities other than those described below.
- External suppliers
We provide your personal data to some of our suppliers. In doing so, we ensure
that the selection of our suppliers and their processing of your personal data is fully compliant with the GDPR.Such external suppliers include providers of the following services:
- Providers of cloud computing solutions (having servers in EU) – e.g. AWS
- Standard software providers (e.g. Microsoft, Google)
- Law firm providing legal services (based in the EU)
- Provider of development, management and technical support of our website (based in the EU)
- Webhosting provider (based in the EU)
- Provider of management of social media profiles (based in the EU)
- Social network platform operators – e.g. LinkedIn
- Transport, courier and postal companies
- Providers of other software solutions used by us in connection with operation of the Application, e.g. Auth0, Twilio
- Providers of payment processing services, e.g. Stripe
- Provider of accounting services (based in the EU)
- Compliance with Obligations Resulting from Legal regulations
We may also provide your personal data to other persons in order to comply with our obligations resulting from the applicable legal regulations or lawful requests received from public authorities.Such categories of recipients include various public authorities, including authorities competent to exercise control over our activities, or other authorised bodies in connection with archiving of documents.
- Asserting and defending legal claims
We may also disclose your personal data to other persons for the purpose of asserting our legal claims or defending ourselves effectively against claims brought against us.Such categories of recipients include, in particular, courts (including arbitrators and arbitration tribunals), executors, notaries, translators, experts or other relevant public authorities.
- Our Employees
Your personal data can also be accessed by our employees. Our employees might have access to your personal data on a strictly need-to-know basis typically governed and limited by working position of the particular employee.
- Prospective investors
If we sell any part of our business or our assets, we may need to disclose your personal data to prospective investors for due diligence purposes.
5. Transfer of personal data to third countries or international organizations
By default, we seek not to transfer your personal data to a third county outside EU and/or European Economic Area (“Third Country”).
However, some of our external suppliers specified in Section 4.1 above or their suppliers/processors might have servers located in Third Countries, e.g. in the United States of America (“U.S.”).
Any transfer of personal data outside EU or European Economic Area is done by us only under strict compliance with GDPR. In case of recipients in Third Countries which (under the opinion of the European Commission) not ensure adequate level of protection of personal data, we insist on concluding EU model Standard Contractual Clauses (SCC) with us or follow equivalent safeguards in place. In respect of transfer of personal data to U.S., most of our external suppliers are members of the EU-U.S. Data Privacy Framework.
We do not intend to transfer personal data to any international organization.
6. How do we protect your personal data?
We continuously evaluate and modernize our implemented safety, technical and organizational measures to secure a safe processing of your personal data. We protect the personal data storing database against damage, destruction, loss and unauthorized use. Should you wish to receive more information concerning the security of your personal data, do not hesitate to contact us at firstname.lastname@example.org.
7. How long do we store your data?
We store your personal data only for periods of time as may be required to attain the purpose for which your data have been collected. If we process your personal data on the basis of our legitimate interest, they continue to be processed until the reason for the processing ceases to exist, or until you exercise your right to object to the processing. However, please note that even if a reason for processing of your personal data ceases to exist, this does not automatically mean that we erase your personal data. As a matter of fact, we may – and in certain cases we are required to – continue processing personal data for a different purpose (e.g., archiving) supported by another legal basis.
For more detailed information concerning personal data storage periods, please see table in Section 3 above.
8. What are your rights?
As we process your personal data, you can exercise a number of rights against us as set out below. You can exercise these rights by filling in this online form or sending an email to email@example.com. We will inform you of the manner of disposal of your request within 30 days of its delivery. In justified cases, this time limit may be extended to 60 days; in such a case, we will notify you in advance.
- Right of access
You have the right to request access to your personal data according to Article 15 of GDPR. In simple terms, you have the right to obtain from us a confirmation whether we do, or do not process your personal data. If we do, you have the right to be provided with access to such personal data, as well as the information about the categories of your personal data we process, for what purpose(s), to whom were your personal data disclosed, from what source we have obtained the data (unless we have obtained them from you), whether they were transferred to a Third Country, period of their storing, as well as how to request rectification, erasure or restriction on the processing of your personal data, the right to object to such processing and the right to file a complaint to the relevant supervisory authority.
- Right to rectification
You have the right to rectification according to Article 16 of GDPR. We really care that we process only correct and complete personal data. If, however, you discover or believe that this is not the case, you have the right to request that we either rectify, or update your personal data.
- Right to erasure (Right to be forgotten)
You have the right to erasure of personal data according to Article 17 of GDPR. This means that you may request that we erase personal data concerning you that we process, provided that no exemption stipulated by law applies, and that one of the following conditions is satisfied:
- your data are no longer needed for the purposes for which they have been collected;
- you withdraw your consent to processing of personal data and, at the same time, there is no legal basis backing their processing;
- you raise an objection to the processing of your personal data backed by one of our legitimate interests and, at the same time, there are no overriding legitimate interests backing their continuing processing, or you raise an objection to their processing for direct marketing purposes;
- personal data were processed unlawfully. Also, we will inform other recipients of your personal data that you have exercised your right of erasure. Accordingly, those additional recipients should erase all references/links to your personal data if this is feasible, having regard to the available technology and the costs of implementation of those steps.
- Right to restriction of processing
You have the right to restriction of processing according to Article 18 of GDPR. In simple terms, you may request that we restrict processing of your personal data, as long as one of the following reasons is concerned:
- if you believe that your personal data we process are incorrect, until their accuracy is verified;
- processing of your personal data is unlawful and you chose to request restriction of their processing rather than their erasure;
- we no longer need your personal data for their processing; however, you may still need those data to evidence, enforce and defend your legal claims;
- if you object to processing of your personal data, until it is established whether legitimate reasons for their processing overrides your legitimate interests. If your objection is successful and processing of your personal data is to be restricted, we will inform you in advance if restriction on processing is lifted.
- Right to data portability
You have the right to data portability according to Article 20 of GDPR. Briefly speaking, if we process your personal data based on your consent (Article 6 (1) (a) of GDPR) and/or based on a contract concluded with you (Article 6 (1) (b) of GDPR) and the processing is performed through automated means, you have the right to obtain those data in a structured, commonly used and machine-readable format. You may transfer those data also to third persons and, on your request, we will thus transfer your data directly to a processor of your choice, provided that this is technically feasible.
- Right to object
You have the right to object against processing (including profiling) based on legitimate or public interest and the right to object against the processing for direct marketing purposes (including profiling) according to Article 21 of GDPR. This means that (on grounds relating to your particular situation) you have the right to object to processing of your personal data carried out on the basis of our legitimate interest, including profiling based on our legitimate interest. Unless we demonstrate compelling legitimate grounds for the processing which override your rights and freedoms, we are no longer allowed to process your personal data. If we process your personal data for direct marketing purposes, you have the right to object at any time to such processing (including profiling) to the extent that it is related to such direct marketing. If you object to such processing, we will no longer be allowed to process your personal data for those purposes. In each marketing-related e-mail (if any), we will offer you the possibility to unsubscribe if you no longer wish to receive marketing information from us. You can do so by clicking on the “Unsubscribe” link located at the bottom of our marketing e-mails.
- Right to withdraw consent
If we process your personal data under a consent given by you, you are entitled to withdraw such consent at any time e.g. by sending an official letter to the address of registered seat of Streemline, by sending an e-mail to firstname.lastname@example.org or by filling in this online form. However, please be aware that withdrawal of your consent has no bearing on legitimacy of any processing of your personal data under your consent prior to its withdrawal.
- Filing complaints
If you believe that we process your personal data in breach of the applicable legal regulations governing the protection of personal data, you are entitled to lodge a complaint with our principal supervisory authority, namely the Office for Personal Data Protection of the Slovak Republic at the following address:
Úrad na ochranu osobných údajov Slovenskej republiky
820 07 Bratislava 27
https://dataprotection.gov.sk/uoou/sk.If your habitual residence or place of work is in another Member State of the European Union, you may lodge your complaint also with the supervisory authority in that member state.
- Right of access
9. Existence of automated decision-making, including profiling
We carry out profiling for the purpose of predicting your future interests and displaying targeted advertising. We create individual profiles based on the analysis of your personal data (which you have provided to us directly, which we have obtained from your browsing on internet, or which our suppliers have provided to us) in order to provide you with offers that are relevant and interesting to you.
10. Personal data concerning minors
We do not, and do not intend to process personal data of persons below 16 years of age. Should we become aware of any processing of such data, this will be immediately discontinued and those personal data will be erased.