GDPR privacy policy

Intermediary: TABI Corp., s.r.o.
Jozefa Herdu 1
917 01 Trnava
Company ID: 44 374 631

1. Definition of terms

GDPR - General Data Protection Regulation - European Union data and privacy legislation applicable as of 25.05.2018. It aims at increasing the standard of Personal data protection and strengthening the rights of the EU citizens in this regard.
PD - personal data.
Operator - processes personal data on his behalf - e.g., data on the company employees or customers.
Intermediary - processes personal data for other companies and on their behalf - e.g. companies enabling data storage in the cloud, those that process payroll for other companies, etc.

2. Subject matter

The Contracting Parties agree to govern their cooperation under the Privacy Policy and the GDPR to meet the requirements of Act no. 122/2013 Coll. on the protection of personal data and on the amendment of certain acts as amended by Act no. 84/2014 Coll.
Processing time: one year after the end of the trial period, if the customer does not request its shortening and immediate deletion, or ten years in the case of invoicing.
Purpose of processing: to guarantee the functionality of the Offeris information system.

3. Rights and obligations of the Operator

The Operator operates his database(s) / information systems so that his users follow the principles of security and adequate personal data protection. He undertakes to comply in particular with the following rights and obligations:

  • To familiarize himself with the security project and other relevant documentation related to personal data protection.
  • To store his access data for all systems with maximum regard for their security. The data is always unique for each employee, and he is legally responsible for any misuse.
  • In the event the Intermediary performs a service intervention in the system, the Operator unblocks the service user and immediately blocks this user after the service intervention has ended.
  • To maintain confidentiality about the processes, data, and documents of the Intermediary.
  • To ensure adequate protection of personal data, he comes into contact with during the performance of his work.
  • In case that the access data misuse or theft of computer technology or data is detected, he reports this condition to the Intermediary immediately, but no later than within 36 hours from the discovery of the incident.
  • The Operator has the right to perform a security audit of the Intermediary regarding personal data protection. Such an audit must be notified at least 3 working days in advance.
  • The Operator has the right to request the Intermediary's cooperation in reading logs and monitoring security incidents.

4. Rights and obligations of the Imtermediary

The Intermediary guarantees the technical functionality of the systems which the Operator leases from him. Such a system is mainly the Offeris system.
Intermediary undertakes to comply in particular with the following rights and obligations:

  • If the Intermediary engages with another intermediary, the “original” intermediary remains fully responsible to the operator for fulfilling the duties of that other intermediary.
  • To familiarize himself with the security project and other relevant documentation related to personal data protection.
  • To store his access data for all systems with maximum regard for their security. The data is always unique for each employee, and he is legally responsible for any misuse.
  • To regularly update his antivirus software as well as the operating system.
  • Not to store any of the Operator's personal data on the computer.
  • In the event of a service intervention in the Operator's system, he always requests the blocking of the service user after the service intervention has been completed.
  • To maintain confidentiality about the processes, data, and documents of the Operator.
  • To ensure adequate protection of personal data he comes into contact with during the performance of his work.
  • In case the access data misuse or theft of computer equipment or data is detected, to address this situation immediately according to the Plan for Reporting and Subsequent Resolution of Incidents. Involving a privacy breach.
  • The Intermediary undertakes to provide the Operator with all information necessary to demonstrate compliance with the obligations under the GDPR and enables him to carry out an audit.
  • The Intermediary has implemented appropriate security measures to protect the personal data (e.g. pseudonymization, encryption, regular testing, and evaluation of the effectiveness of technical and organizational measures, or the ability to restore personal data on time and access them in the event of a physical or technical incident).
  • The Intermediary undertakes to delete all personal data of the Operator after the termination of the provision of services or to return them to the Operator and delete existing copies.

5. Final provisions

  • Changes and extensions to the subject of the contract can be implemented based on a written amendment to this contract and must be textually accepted by both parties.
  • The Contracting Parties agree not to make information available or allow the disclosure of information arising from this Agreement in any form to a third party and to not use such information of the other Party for any purpose other than the one following from this Agreement. Each Party agrees to take appropriate steps to ensure that this information is not made available or further spread by their employees or third parties.
  • Neither Party is liable for any delay or non-performance of their obligations under this contract if this is caused by a reason beyond the control of that party (force majeure).
  • The Contracting Parties may terminate this contract by a written agreement or a notice of either party.
  • The reason for the termination of this contract is a breach of the provisions of clauses 3 and 4 of this contract. The notice period is 3 months and begins on the first day of the calendar month following the month in which the written notice was delivered to the other party.
  • This contract enters into force and effect on the day of its signing by both parties, respectively, on the day of signature by the party who signs the contract second.
  • All changes and extensions of this contract are possible only in the form of written amendments to this contract agreed by both parties.
  • The Contracting Parties declare that they have not concluded the contract under duress or noticeably disadvantageous conditions.
  • Issues not covered by this contract are governed by the relevant provisions of the Commercial Code, as amended.

In Trnava, on 19.4.2018