how do we collect Personal Data?
what data and for what purposes we process?
how long do we process data?
how do we ensure the security of our processed Personal Data?
what rights do data subjects have?
how to enforce your right to file a complaint about data processing?
We collect Personal Data directly from the Visitors by providing them with relevant information during their visits to the Website and/or the registration in the Booking Program, as well as by subsequent using the Booking Program (by filling in the corresponding boxes of the Booking Program).
We are guided by the provisions of Article 6 (1) of the General Data Protection Regulation, and we process the following data.
We collect and process the contact information of Visitors with the purpose of enabling them Visitors to use the Booking Program for booking the time of the relevant service provider for the Visitors, also for sending notifications to Visitors about the booked time.
To do this, we process the following contact details of the Visitors:
first name and surname;
The above Personal Data of Visitors are disclosed (transferred) to the relevant service provider, whose time is booked by the Visitor.
The service provider, having received the above Visitor’s details from us, processes them independently for the determined purposes. In order to learn more about the processing of Personal Data by service providers, the Visitor must contact the relevant service provider (on its website).
Consequences of non-provision or withdrawal of consent to the processing of data
Disclosing Personal Data of the above-mentioned Visitors is a prerequisite for us to allow them for using the Booking Program. I.e. by failing to provide Personal Data or providing inaccurate or incorrect Personal Data, as well as withdrawing the consent to process the Personal Data, the Visitor will not be able to access the Booking Program or its corresponding individual functions.
We use our cookies on our Website to improve the quality of our Website browsing, to collect statistics and marketing data.
To this end, by visiting our Website, we collect the following Visitor data:
frequency of visits to the Website;
the IP address of the device that connects to the Website.
The above Personal Data may be disclosed to our partners, which we will use for the maintenance and development of the Booking Program.
Consequences of denial of consent or refusal to process the data
Disabling or deleting cookies may increase the time it takes to browse the Website, and the Visitor may no longer have access to some features of the Website.
Third-party websites, services and products on our Website
Our Website may contain third-party advertising panels, links to their websites and services that we do not control. We are not responsible for the safety and privacy of data collected by third parties. The privacy of such data must be protected by the data subject with relevant third parties whose sites or services they use.
We are constantly developing and updating the Booking Program, and expanding its functions. We will be able to inform the Visitor about all the innovations and new functions of the Booking Program if he has given his consent to use his email and/or telephone number for direct marketing purposes.
Consequences of denial of consent or refusal to process the data
If you do not agree to use your data for direct marketing purposes or cancel your consent, the Visitor will not lose the possibility of using the Booking Program.
We will keep and process the specific Visitor's Personal Data as long as this Visitor uses the Booking Program and for another twenty years after the last use, but in any case no longer than the Visitor withdraws his consent to process his data.
In case of any likelihood of a dispute between us and the Visitor regarding the use of the Booking Program, we will keep the Personal Data of such Visitor necessary for the resolution of such a potential dispute (full name, contact details, data of the use of the Booking Program), for all relevant limitation periods set by the applicable laws (depending on possible nature of the claim) if it is longer than the above time limit.
After the expiration of the data processing deadlines, we delete the data so that they cannot be reproduced or replaced and cannot be linked to a specific individual.
In order to protect our processed Personal Data from loss, unauthorized use or alteration, we have implemented the appropriate organizational and technical means. However, we want to point out that no organizational and/or technical means can ensure complete data security.
We undertake to respect the rights of Data Subjects as they are provided in the General Data Protection Regulation:
to know (be informed) about the processing of your personal data (right to know);
to have an access to your personal data and to be informed of how they are processed (right to access);
to request to correct or supplement the incomplete personal data (right to rectify), taking into account the purposes for the processing of personal data;
to require to destroy your personal data or suspend the processing of your data (except for storage) (right to destroy and right to “be forgotten”);
to request to restrict the processing of personal data;
To data transfer;
to object against the processing of personal data;
other legal rights applicable to the processing of Personal Data.
Any application related to the processing of Personal Data may be submitted by the Visitor to us by e-mail firstname.lastname@example.org or by sending an application.
We are obliged to respond to all requests for the processing of Personal Data, within one month from receipt of the request, in accordance with the procedure established by the General Data Protection Regulation.
Every person has the right at any time to appeal against our processing of his data by submitting a complaint to the State Data Protection Inspectorate. On the other hand, we value each of our clients, so we want to encourage Visitors to contact us first without hesitation in the event of any questions or doubts regarding their processing.
SmartWay Europe Limited
Reg. Number 8898147
71-75 Shelton Street
E-mail address email@example.com
Latest actual data can be found on www.vivo.co
RULES OF PERSONAL DATA PROCESSING
FOR USING THE ONLINE BOOKING PROGRAM
These Rules (hereinafter referred to as the Rules) determine the conditions and procedures for access and use of the our online Booking Program (hereinafter the Booking Program) by various service providers available on the website www.vivo.co (hereafter referred to as the Website), their ways that they can access and use the Personal Data available in the Booking Program (as defined below) and the Rules are mandatory for anyone using the Booking Program for managing their service time bookings.
These Rules are based on the provisions of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27-04-2016 (hereinafter referred to as the General Data Protection Regulation).
By using the Booking Program to manage your service time bookings, you automatically and unconditionally agree to, and commit to comply with and abide with these Rules.
If the provisions of these Rules are totally or partially unacceptable, incomprehensible or unclear, you are not entitled to use the Booking Program to manage your service time bookings. If you are in doubt as to the provisions of these Rules, you must consult a lawyer or a personal data protection specialist before using the Booking Program.
Terms used in the Rules
The terms given in this clause below have the following meaning:
Personal Data – the personal data of data subjects using the Booking Program for booking with service providers, provided to and stored in the Booking Program: customer's name, telephone number and/or email address;
General Data Protection Regulation – the European Parliament and Council Common Data Protection Regulation (EU) 2016/679 of 27-04-2016;
Internet website – our website www.vivo.co owned, administered and maintained by us;
We are a private limited liability company SmartWay Europe Ltd established under the laws of the United Kingdom, legal entity code 8898147, registered address 71-75 Shelton Street, London, United Kingdom, e-mail firstname.lastname@example.org;
Service provider – a business entity providing services and accepting the User bookings through the Booking Program;
Booking Program – an online booking program available on the Website, which is a platform for various service providers to offer their time of service, and for service users to reserve their respective time for the provision of services (to book with the relevant service provider);
Rules – these Rules, as well as any additions and supplements thereto;
Consumers – service users who use the Booking Program to book their time with the respective service provider (to reserve the time for the provision of services).
The terms “data subject”, “data processing”, “data processor” and “personal data security breach” are used in these Rules are to be understood and interpreted as defined in the General Data Protection Regulation.
Where the context requires, the terms used in these Rules in singular shall have the same meaning in plural and vice versa.
Purpose of personal data use
When the Consumer books you through the Booking Program (upon booking the time for the provision of your services), you will automatically be provided with the Consumer's Personal Data that you can use only to provide your services to the Consumer within his booked time.
Duration of Personal Data processing
You may not use Personal Data for a longer period than the provision of booked service to the Consumer.
By using Personal Data, you become a data processor within the meaning of the General Data Protection Regulation and you must:
process Personal Data only in accordance with our instructions provided in the General Data Protection Regulation, other applicable laws, these Rules and instructions provided in writing (including the electronic form); if you do not receive our documented instructions on the processing of Personal Data that are necessary for your obligations regarding the processing of Personal Data, you must immediately inform us of this and before you receive the instructions, to act in such a way as to ensure the best protection of our interests. In any case, you must process the Personal Data in such a way that there is no reason to assume that we have violated the law;
to process the Personal Data only for the purpose specified in these Rules and only to the extent necessary to achieve this purpose;
without any undue delay, but in any case before performing the relevant actions referred to below, inform us if, under the General Data Protection Regulation or other applicable law, you are prohibited from processing Personal Data or, on the contrary – you are required additional Personal Data processing not provided for in our written instructions and/or these Rules;
without any unreasonable delay to inform us if, in your opinion, our instruction to process Personal Data is potentially in violation of the General Data Protection Regulation and/or other applicable legislation;
provide us free of charge with all information necessary to prove that all of the obligations and conditions provided for in these Rules and/or in the General Data Protection Regulation and/or other applicable law are fulfilled and to help ensure our right to conduct your inspections and/or audits in order to verify and collect evidence that the Personal Data is being processed in a lawful and proper manner.
Restrictions on the authorisations (actions) of the data processor
By using the Booking Program, you undertake to guarantee that:
you will not process Personal Data for any purpose other than those provided for in these Rules (especially for direct marketing purposes) unless we provide a written order, explicitly stating the opposite;
you will not disclose Personal Data to any third parties;
you will not transfer your rights and obligations regarding the processed Personal Data to any third person and/or will not assign any third parties (sub-processors) to fulfil your obligations under these Rules without our prior express written permission;
you will not change the nature of processing of Personal Data except if you receive a our written order, explicitly stating the opposite;
you will not copy and/or otherwise recover any Personal Data;
you will not include Personal Data (you will not provide them for inclusion) into any data files or databases.
The use of a particular Consumer's Personal Data based on the consent directly from the Consumer is not considered to be the violation of the above-mentioned guarantees of you.
By using the Booking Program, at the same time, you undertake at your own expense to ensure the confidentiality of Personal Data and guarantee that access to Personal Data will be granted only to your employees or authorized persons who need such access for the performance of their functions, and only the authorised actions will be performed with the Personal Data.
By using the Booking Program, you at the same time undertake to ensure that the persons authorized by you to process Personal Data will be properly informed about the confidentiality of Personal Data, will be properly trained to perform their duties and comply with the requirements for the processing of Personal Data, including the requirements provided in these Rules and/or our separate instructions, as well as the applicable legislation, and will be committed to ensuring the confidentiality of Personal Data without limiting the duration of their legal relations with you.
By using the Booking Program, you at the same time confirm that you are clearly aware that the obligations regarding the confidentiality of Personal Data shall remain valid and termination of legal relations with us.
Personal Data Safety
By using the Booking Program, you at the same time undertake at your own expense to ensure the protection of Personal Data being processed by implementing the appropriate technical and organizational measures to protect the Personal Data being processed from accidental or unlawful destruction, damage, alteration, loss, disclosure, and any other unlawful processing. Your measures must provide the necessary level of protection that is consistent with the nature of the Personal Data being processed, and the risks associated with its processing, and which is appropriate in view of the level of development of technical possibilities, the nature, scope, context and objectives of the data processing, and the risks caused by the processing to the rights and freedoms of data subjects whose Personal Data are being processed.
Assistance of the data processor
By using the Booking Program, you at the same time undertake to provide as with all necessary information, documents and assistance necessary for us to comply with all requirements of the General Data Protection Regulation, in the cases provided for in the General Data Protection Regulation, at no additional cost, at our request and within the reasonable time indicated by us, and in accordance with other applicable laws and to demonstrate compliance with such requirements. By providing the assistance specified in this clause, you must be able to:
upon our request, without any undue delay, to submit the records on the activities of processing of Personal Data;
upon our request, without any undue delay, to provide the information on the applicable technical and organizational measures to safeguard and protect the rights of the data subject under the General Data Protection Regulation and other applicable legislation;
upon our request, without any undue delay, to provide us with copies of Personal Data processed;
upon our request, without any undue delay, to correct Personal Data immediately, to restrict their processing or to delete them;
provide assistance by reporting on Personal Data security breaches, assessing the effect on data protection in pursuit of prior consultation.
In the event that the authorized public authorities or any other person, including the data subject, requests you to submit Personal Data, you must submit such a request to us without any undue delay (in any case within the reasonable time before the expiration of such request).
You must not disclose Personal Data or any other information related to the processing of Personal Data without our prior written consent, unless you are required to disclose such information in accordance with the mandatory provisions of the applicable law. In the latter case, you will have to notify us immediately, unless such notice violates the mandatory provisions of the law.
Violation of personal data security
In the event of, or in case of any suspicion that Personal Data security breach has occurred or any proceedings of the supervisory authorities related to the processing of Personal Data have been initiated against you, you must, without undue delay, in any case, no later than twenty four (24) hours from becoming a work, to notify us thereof free of charge. In the notification, you must provide us with all information that is required by the data controller in accordance with the applicable law to enable it to properly fulfil the obligation to notify the supervisor and the data subjects and to eliminate and reduce the consequences of data security breach.
You are encouraged, in agreement with us, to promptly resolve the issue and prevent further damage, as well as mitigate the consequences of such an incident.
The General Data Protection Regulation empowers us, as every data controller, to perform inspections and/or audits during your normal business hours, without interrupting your activities and free of charge, at your home office, by providing you a notice in advance. Such audits or inspections may be carried out by our employees or by other persons bound by our authorized confidentiality obligations. We shall assume the cost of our audit or inspection. However, if during the course of an audit or inspection we find that you fail to comply with statutory obligations or our requirements in part or in full, we will be entitled to claim the reimbursement of the costs of audit or inspection from you.
Disclosure of Personal Data to third parties, sub-processing
You have no right to disclose Personal Data to any third party or to use sub- processors to process Personal Data without our express prior written permission. If such permission is granted, your disclosure of Personal Data shall not violate any of the General Data Protection Regulations, other applicable laws and/or the provisions of these Rules, and the applicable sub-processor shall be bound in writing to comply with such obligations of Personal Data protection and other obligations, as you are bound by these Rules. At our request, you will have to present of the relevant proof to us without any undue delay.
Regardless of the permission we have issued, the responsible persons will remain liable for the lawfulness of the disclosure of Personal Data to third parties and/or the use of the sub-processor, as well as for the obligations of the sub-processor (irrespective of whether they arise from contracts or are established by the applicable law).
We reserve the right, at any time and without indicating the reasons, to cancel any of your permission to disclose your Personal Data to third parties and/or to use the sub-processor.
Our commitments and representations
We confirm that the processing of Personal Data that is entrusted to you under these Rules is legal and is in compliance with the provisions of the General Data Protection Regulation and other applicable laws.
We undertake, upon receipt of your request, without any undue delay to provide you with the necessary information that is required for the processing of Personal Data.
End of Personal Data processing
Unless otherwise expressly provided in the mandatory provisions of the applicable law, upon the expiration of the deadline for processing Personal Data, you must either return the Personal Data to us or delete them (destroy them).
You shall bear any costs and losses that we and/or data subjects will incur due to your non-performance or improper performance of your obligations under these Rules or the applicable law.
The lack, shortage of clarity or incompleteness of anything indicated in these Rules and/or our instructions does not relieve you from the fulfilment (compliance) with your obligations under the General Data Protection Regulation and/or other applicable laws.
Applicable law. Jurisdiction
These Rules are drawn up on the basis of the laws of the United Kingdom. The legal relations arising from the Rules are governed by the laws of the United Kingdom.
Any legal disputes related to the application of these Rules will be settled in the court of the United Kingdom according to the address of the Service Provider, unless the applicable law contains different provisions.