1. The personal data of users (also „personal data“) are collected, stored and used in conformity with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
2. The personal data are collected, stored and used by the business organization Citace.com, s. r. o., Lidická 700/19, 602 00 Brno, Czech Republic, that provides the software CitacePRO (also „the provider“).
3. The rules of personal data handling can be changed in conformity with effective law and the update version of rules is available on the provider's website.
4. The provider is entitled to collect, store and use only the personal data that are indispensable for the proper functioning of the system.
Collected personal data
1. The personal data that the provider may collect and hold because of a user's use of the software and services may include:
- identification number;
- email address;
- phone number;
- contact preferences;
- list of citations;
- technical data, which may include IP address, the types of devices a user is using to access the website and the software, device attributes, browser type, language and operating system.
2. When ordering or registering on the provider's website or the software, a user may be asked to enter personal data such as the name or the email address. A user may be also asked for further personal data including his or her mailing address, phone number, contact preferences and credit card information. The provider does not store credit card information as payments are processed through third parties using external payment gateways.
3. The provider may only collect and store the user's personal data for the following purposes:
- to enable a user to access and use the software and services;
- to provide a user with the information and services that he or she requests;
- to operate, improve and optimise the software and services to better serve the users;
- to send support and administrative messages, reminders, technical notices, billing, updates, security alerts, and information to the users;
- to facilitate payment transactions;
- to enable the provider to respond promptly to the users' requests.
Retaining personal data
1. The provider will retain the user's personal data for the period necessary to fulfil the fixed legal purposes. In most cases, it is generally not possible for the provider to specify in advance the exact period for which the user's personal data will be retained. In such cases, the provider will determine the period of retention based on the period required by applicable law.
2. If the user's personal data are no longer required by the provider for the purpose for which they were collected and are no longer required by law to be retained by the provider, the provider will destroy or de-identify the information.
Data subject rights
If a user is a “data subject” under applicable data protection law in the EU or United Kingdom, he or she will have the following rights in relation to his or her personal data held by the provider:
1. Right to Access: a user may request confirmation from the provider as to whether he processes his or her personal data, and if so, a user may request a copy of that personal data.
2. Right to Rectification: a user has the right to request that the provider rectify or update any personal data that are inaccurate, incomplete or outdated without undue delay.
3. Right to Erasure: a user has the right to request that the provider erase his or her personal data without undue delay in certain circumstances.
4. Right to Restriction of Processing: a user has the right to request that the provider restricts the use of his or her personal data in certain circumstances.
5. Right to Withdraw Consent: a user has the right to withdraw his or her consent to process his or her personal data.
6. Right to Data Portability: a user has the right to request that the provider provides him or her with a copy of his or her personal data in a structured, commonly used and machine-readable format in certain circumstances.
Third parties to whom the provider may disclose users´ personal data
1. The provider may disclose the user's personal data to third parties for the purposes listed above:
- Payment services providers in relation to financial transactions relating to provider's services, including processing payments.
- In relation to disclosure necessary for compliance with a legal obligation applicable to the provider, the provider may also disclose the users' personal data in circumstances where necessary in legal proceedings, whether in or out of court.
Security of personal data
1. The provider has implemented security measures to protect the user's personal data from misuse, loss, and from unauthorised access, modification and disclosure.
2. The provider does not sell, trade, or otherwise transfer to third parties the users' personal data for the purposes of direct marketing.
3. If a user has any questions, complaints or concerns about how the provider handle his or her personal data or think that his or her privacy has been affected, he or she is allowed to contact the provider at: firstname.lastname@example.org.
4. If a user remains unsatisfied with the way in which the provider handles his or her personal data or answered his or her request, he or she may contact the relevant data privacy regulator:
Úřad pro ochranu osobních údajů
Pplk. Sochora 27
170 00 Praha 7
phone no.: +420 234 665 111