STATEMENT ON PERSONAL DATA PROCESSING – Privacy Policy

Statement on the Processing of Personal Data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and on the instruction of data subjects (hereinafter referred to as "GDPR" – General Data Protection Regulation) As of May 25, 2018, this regulation replaces Directive 95/46/EC and the related Act No. 101/2000 Coll., on the Protection of Personal Data.

Application Name:
Miraf SongBook

Controller of Personal Data (hereinafter referred to as the “Controller”):
J a r o m í r  F r í d
M o k r é - J i h  5 3 7
L i t v í n o v i c e
3 7 0 0 1


Definition:
Personal data are defined as any information relating to an identified or identifiable natural person – the data subject (hereinafter referred to as the “subject”).

What Data We Collect About Data Subjects and for What Purpose:
Name, surname, address, country, email, phone number; in the case of a company, also company ID, VAT ID, and business name. The legal basis for this processing is the performance of a contract. This information is used for managing the user account, invoicing, contacting the data subject, handling potential complaints, delivery, and—if consent is given by the subject (which can be withdrawn at any time)—also for marketing purposes (exclusively the email address). Additionally, for evaluation and profiling purposes carried out electronically only, the IP address is processed. We use Google Analytics for website analysis.

Source of Data Obtained from the Data Subject:
Placing an order/concluding a contract, creating an account, contacting technical support, downloading a demo version, registration and online use of the software, email communication with the data subject, and the Controller’s website.

The data subject gives consent to the processing of personal data separately.:
1. For managing the user account (a necessary condition for placing an order, concluding a contract, creating an account, downloading a demo version, online software registration, contacting technical support)
2. For marketing purposes (sending news and current information) – consent to the processing of personal data for marketing purposes is not a condition that would, by itself, prevent the conclusion of a purchase contract (placing an order) or other activities.
The data subject can withdraw/change consent to the processing of personal data at any time. For this purpose, the data subject can use the Controller’s website and make changes in their user account.

Method of Processing:
The processing of personal data is carried out by the Controller. Personal data is processed in electronic form through automated methods or in printed form through non-automated methods. Data storage in electronic databases is partially pseudonymized. Access to data is secured through encryption, and for websites, it is secured with a secure certificate. Data processing is carried out using computing technology, and for personal data in paper form, it is done manually, while ensuring compliance with all security principles for the management and processing of personal data. To this end, the Controller has taken measures to ensure the protection of personal data, particularly measures to prevent unauthorized or accidental access to personal data, their alteration, destruction, loss, unauthorized transfers, unauthorized processing, as well as any other misuse of personal data. As a data processor, we use the company WEDOS Internet, a.s., Masarykova 1230, 373 41, Hluboká nad Vltavou, Czech Republic, ID: 28115708, VAT ID: CZ28115708. This company provides web hosting, data storage, and backups (hereinafter referred to as the "Processor"). Data access occurs exclusively in connection with the operation of the Controller’s website and only to the necessary extent.

Duration of Personal Data Processing:
Personal data will be processed for as long as necessary to ensure the rights and obligations arising both from the contractual relationship and from applicable legal regulations. Data that is used solely for evaluation or profiling purposes (primarily the processing of IP addresses or analysis of service usage) will be collected only for a period of 3 months from the date of acquisition.

Website – Storage and Processing of Cookies:
Cookies are small text files that are stored when visiting a website, and upon revisiting the site, they can be reloaded and processed. The term "cookies" includes various types, such as beacons, fingerprinting, plugins, and others. Our website www.miraf.cz uses technical (necessary) and statistical (analytical) cookies in accordance with the current amendment to the Electronic Communications Act. User consent is not required for the use of technical cookies. However, explicit consent from the user is required for the use of other cookies, which the user provides by accepting the pop-up banner during the first visit to the website. If the user wishes to withdraw this consent, they can simply clear the browsing history and reopen the website. Refusing to use cookies does not affect the functionality of the website or block any features or content. The purpose of using cookies is to improve the user experience, display personalized content, analyze website traffic, and identify the source of traffic. Tools such as Google Analytics and integration with YouTube are used.

Mobile Android Application:
No personal or other data is collected. The application does not store or collect any personal data.

Rights of Data Subjects:
Any data subject who finds or believes that the Controller is processing their personal data in a way that is inconsistent with the protection of their privacy and personal life or in violation of the law, especially if the personal data is inaccurate with respect to the purpose of processing, may:
- Request an explanation from the Controller.
- Request that the Controller rectifies the situation.
- If the request from the data subject is found to be justified, the Controller will promptly remedy the issue.
- If the Controller does not comply with the data subject’s request, the data subject has the right to directly contact the supervisory authority, namely the Office for Personal Data Protection.
- This procedure does not exclude the possibility for the data subject to directly address their concern to the supervisory authority.
- The Controller has the right to charge a reasonable fee for providing information, which shall not exceed the costs necessary to provide the information.

The data subject acknowledges that they are required to provide their personal data correctly and truthfully and that they are obliged to inform the Controller of any changes to their personal data without undue delay. Each data subject can view the information that the Controller stores about them in their internet account on the Controller’s website. In case of discovering more detailed information, the data subject may request information from the Controller regarding the processing of their personal data, and the Controller is obliged to provide this information.
This statement is publicly available on the Controller's website.

In Litvínovice, on June 1, 2024