Privacy Policy
(hereinafter referred to as the “Policy”)
FaceUp Technology s.r.o., Company ID No.: 061 42 630, with its registered office at Údolní 567/33, Brno-město, 602 00 Brno, Czech Republic registered with the Commercial Register kept by the Regional Court in Brno, Section C, Insert 100325 (hereinafter referred to as “FaceUp” or “we”), hereby, in its capacity as a controller or processor of personal data in accordance with Regulation (EU) No. 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (hereinafter referred to as the “GDPR”), informs all visitors to the website www.faceup.com (hereinafter referred to as the “Website”), its clients and business partners, if they are natural persons, or employees of its clients and business partners, or job applicants (hereinafter referred to as “Data Subjects” or “you”) about the processing of their personal data.
This Policy sets out the basis on which we will process personal data that we obtain from you or that you provide to us in connection with your visit to the Website, if the personal data meets the specific requirements set out below.
The controller of personal data is FaceUp (hereinafter referred to as the “Controller”).
Contact details of FaceUp:
- by post at FaceUp Technology s.r.o., Údolní 567/33, 602 00 Brno, Czech Republic;
- by email at support@faceup.com; or
- by any other means as set out on the Website.
Please read the following text carefully to understand the practices regarding your personal data and how we will treat it in connection with the normal use of our Website. This Policy does not apply to the processing of personal data in connection with the use of our product, the FaceUp platform, which is used to receive and store messages (reports) from third parties (whistleblowers) via the FaceUp mobile application and/or the website www.report.faceup.com (hereinafter referred to as the “Product”). For more information about the processing of your personal data in connection with the use of the Product, please visit here.
We have a clear approach to explaining our personal data protection practices as advised by the supervisory authorities. This means that we only try to provide you with relevant privacy information in connection with your normal use of the Website, and we use a simple form of this Policy to do so. Please do not hesitate to contact us with your feedback or any inquiries.
Data we process about you
It is important for us that you are aware of which personal data we process and how and for what purposes we use it in order to operate more efficiently in providing professional information on personal data protection and to enable you to obtain the essential information on personal data protection.
We may collect and process data about you if you visit our Website or are going to use our Product and you enter into a contract with us or otherwise communicate with us for that purpose. The collection and processing of personal data in connection with the use of the Product, and not with the normal browsing of the Website, is regulated in detail in a separate privacy policy, available here.
You may also provide us with selected personal data by communicating with us, for example, by telephone, email or other means as set out on the Website.
We use selected cookies on the Website to enhance your user experience when browsing the Website and we may use them to process your personal data. The conditions for processing your personal data via cookies, as well as how to set your preferences and consent to the use of these cookies, are described in detail in the Cookies Policy.
The types of data processing are mainly the following:
Data subject | Personal data categories | Role of FaceUp |
Employees, members and/or authorized persons of newly registering business partners | Identification details (in particular, first name, surname, date of birth or birth certificate number /if necessary/, address of permanent residence or domicile or registered office, company identification number, tax identification number) Contact details (in particular, correspondence address, email address, telephone number) Billing and payment details (in particular, account number and bank details) Information regarding the engagement in particular activities Data from mutual communication | Controller and processor |
Business partners – natural persons | Identification details (in particular, first name, surname, date of birth or birth certificate number /if necessary/, address of permanent residence or domicile or registered office, company identification number, tax identification number) Contact details (in particular, correspondence address, email address, telephone number) Billing and payment details (in particular, account number and bank details) Information regarding the engagement in particular activities Data from mutual communication | Controller and processor |
Website visitors | We collect personal data when you visit the Website only in the context of normal browsing for marketing purposes, not in connection with the use of our Product, the FaceUp platform; this is typically data collected via cookies (see the Cookie Policy for more information), IP address and data on the browser, information system and resolution. However, this data is not collected in connection with the use of our Product, but only in connection with the normal browsing of our Website. | Controller |
Website visitors using chat | Email address First name and surname (if provided or if it is evident from the email address) Data from mutual communication | Controller |
Subscribers to the newsletter, e-book, etc. | Email address First name and surname (if provided or if it is evident from the email address) Telephone number Identification of your organization Data from mutual communication | Controller |
Employees and members of FaceUp bodies or collaborators with whom FaceUp has a contract | Identification details (in particular, first name, surname, date of birth, address of permanent residence or domicile or registered office) Contact details (in particular, correspondence address, email address, FaceUp platform login, telephone number) Information about the employer or relationship with the client or business partner Data from mutual communication | Controller and processor |
Job applicants | Identification details (in particular, first name, surname, date of birth or birth certificate number /if necessary/, address of permanent residence or domicile) Contact details (in particular, correspondence address, email address, telephone number) Data from mutual communication, provided when expressing interest in employment | Controller and processor |
Data processing occurs especially in cases where:
(i) it is necessary for the performance of a contract (e.g., the provision of notification services, an employment contract, a cooperation agreement or other contract) to which you or a company or other legal entity to which you have a relationship is a party, or for the performance of a pre-contractual measure (e.g., a selection process with job applicants or negotiations with potential clients and partners) (Article 6(1)(b) of the GDPR); or
(ii) we are required to do so by applicable law (e.g., employment law, tax law) (Article 6(1)(c) of the GDPR); or
(iii) you have given us your consent (e.g., email address for sending marketing communications), in which case you can withdraw your consent at any time (Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR); or
If you have given your consent to the processing of your personal data, you have the right to withdraw that consent at any time, by post to our registered office address or by email to support@faceup.com.
(iv) the processing is necessary to protect the vital interests of the Data Subject or of another natural person (Article 6(1)(d) of the GDPR) or the processing is necessary to protect the vital interests of the Data Subject or of another natural person where the Data Subject is not physically or legally able to give consent (Article 9(2)(c) of the GDPR); or
(v) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (e.g., in the case of the obligation to inform a child’s statutory representatives in the event of suspected bullying at school) (Article 6(1)(e) of the GDPR) or the processing is necessary for reasons of substantial public interest based on Union or Member State law which is proportionate to the aim pursued, respects the essence of the right to data protection and provides suitable and specific safeguards for the protection of the fundamental rights and interests of the Data Subject (Article 9(2)(g) of the GDPR); or
(vi) it is our legitimate interest in the interest of improving the quality of our services provided to you, in connection with the provision of follow-up information on news regarding FaceUp and NNTB towards our clients or, for example, to protect the network against harmful conduct (Article 6(1)(f) of the GDPR).
We respect the principle of data minimizing where we only retain that personal data which is reasonable, relevant and limited to the extent necessary in relation to the purposes for which it is processed.
Use of information
We use the information we collect about you, in particular, to provide you with our Product, to fulfil our contractual obligations to you or our business or other partners, to comply with our statutory obligations, to notify you of changes to the Product and/or to improve our Product.
We only ever use your personal data for the purposes for which we collected it.
We also use your selected data (email address) for direct marketing purposes. These activities include, in particular, the use of your email addresses for the purpose of sending you our newsletters if you have consented to such newsletters. You may quickly, easily and at any time unsubscribe such newsletters by using the “unsubscribe” link contained in each newsletter. Alternatively, please inform us at the email address listed below.
When processing your personal data, there is no decision based solely on automated processing, including profiling, which might legally affect you or have a similarly significant impact on you.
Disclosing your information
We do not intend to disclose your personal data provided to us in connection with your normal browsing of the Website to anyone except as described in this Policy. The disclosure of personal data provided by you in connection with your direct use of the Product is covered in detail in a separate privacy policy, available here.
Recipients or categories of recipients of personal data
We ensure the highest possible standard of security for your personal data. In exceptional cases, we may share your personal data with FaceUp’s contractual partners (e.g., IT services, attorneys, etc.) to the extent necessary for the performance of the contractual relationship or for the normal operation of FaceUp and/or the Website. However, the prerequisite for such sharing of your personal data is always the conclusion of a data processing agreement with each such FaceUp contractual partner, which will guarantee the highest standard of protection of your personal data.
If required by law or our legitimate interests, we may, in exceptional cases, transfer your personal data to the extent necessary to state authorities (in particular, investigative, prosecuting and adjudicating authorities, courts and tax authorities), but always in accordance with the law and only if the law imposes such an obligation on us or if it is necessary to protect our legitimate interests.
Your personal data collected in the course of normal browsing of the Website, but never in connection with the use of the Product – the FaceUp platform, may be transferred to and further processed by explicitly permitted processors and sub-processors, which are especially the following, in addition to the above:
- Google LLC (web analytics and online marketing tools);
- Facebook Ireland Ltd. (online marketing tools);
- Hotjar, Inc. (web analytics tools);
- ECOMAIL.CZ, s.r.o. (online marketing tools);
- Pipedrive Inc. (CRM tools);
- Microsoft Corporation (online marketing tools);
- Seznam.cz, a.s. (online marketing tools);
- Imper CZ s.r.o., operator of the Leady.cz website (online marketing tools);
- Crisp IM (customer support tools); and
- other newly engaged processors and sub-processors, if any, which we will notify to the Controller in writing, including by email, where the Controller has the right to object to these new processors and sub-processors, and we are obliged to take such objections into account.
We will only entrust the processing of the personal data to processors or sub-processors that provide a sufficient level of security of personal data at least to the extent required by the applicable and effective data protection and privacy laws.
Personal data of third parties
Personal data of third parties, which means personal data of employees and partners or associates of clients or business partners of FaceUp and other natural persons involved in cooperation with FaceUp, or other data that FaceUp receives from a client or business partner in connection with the conclusion or performance of a contract, shall always be processed in accordance with applicable data protection legislation.
Data protection
We provide adequate processes to prevent unauthorised access to personal data and its misuse.
In order to protect and secure the provided personal data, we use necessary and appropriate systems and processes. We also employ security procedures and technical and physical restrictions on access to and use of personal data on our servers. Only authorized personnel working with the data has access to the personal data.
Retention period of your personal data
When handling your personal data for specific purposes, we respect the principle of storage limitation, whereby we keep your personal data only for the necessary period of time, usually five (5) years from the date of the submission of the report.
FaceUp processes the personal data of third parties for the duration of the legal basis for processing and further for the period of time provided for by special legal regulations, if any. The data will be kept for a longer period of time if there is a justified need to keep the data in relation to a specific case.
We retain your personal data for the duration of our contractual relationship for the purpose of exercising our rights and obligations under it, and after its termination for other necessary purposes such as compliance with our legal and contractual obligations, dispute resolution, legal enforcement of legitimate claims, or for possible administrative procedures. These needs vary depending on the specific reason for retention, and therefore the retention period for different types of your personal data varies significantly in specific cases, and can be up to five (5) years from the end of the contractual relationship, except in cases of longer retention required by law (e.g., payroll records).
In exceptional cases, such as litigation, the protection of our legitimate interests may cause longer retention of some of the documents containing your personal data. Particularly, these are cases where we might have to present these documents as evidence in litigation, administrative procedure or due to the enforcement of a decision.
Your rights
As a data subject, you have legal rights in relation to the processing of your personal data, which you can exercise at any time. These are the right (i) to access your personal data, (ii) to rectification and completion of inaccurate and incomplete personal data, (iii) to erasure of your personal data (the so-called “right to be forgotten”), (iv) to restriction of processing of your personal data, (v) to data portability and (vi) to object.
- Right of access to personal data – you have the right to obtain information from us as to whether or not we are processing personal data relating to you and, if so, you have the right to access that personal data.
- Right to rectification of personal data – if you believe that we are processing inaccurate or incomplete personal data concerning you, you have the right to rectification, or you have the right to complete incomplete personal data, including by providing an additional statement.
- Right to erasure of personal data (right to be forgotten) – if you ask us to erase your personal data, we will do so without undue delay, in particular if:
(i) your personal data is no longer needed for the purposes for which it was collected or processed;
(ii) your personal data is processed on the basis of your consent and you withdraw that consent and there is no other legal basis for processing;
(iii) you object to the processing of your personal data and there are no overriding or legitimate grounds for processing your personal data;
(iv) your personal data is processed unlawfully;
(v) a statutory obligation to process the data under European Union law or national law has ceased to exist.
- Right to restriction of processing of personal data – you have the right to ask us to restrict the processing of your personal data if:
(i) you deny the accuracy of the personal data;
(ii) the processing is unlawful, but you have refused to have the personal data erased and request a restriction on its use instead;
(iii) we no longer need your personal data for the purposes of processing, but you still require it for the establishment, exercise or defence of legal claims;
(iv) you have objected to the processing of your personal data and it has not yet been verified whether our legitimate grounds outweigh your legitimate grounds.
- Right to data portability – you can exercise your right to personal data portability. Upon your request, we will transfer your personal data to you or another controller in a structured, commonly used and machine-readable format, which we will process on the basis of a contract or consent you have provided to us. If the exercise of this right should adversely affect the rights and freedoms of others, we will not be able to comply with your request.
- Right to object – you have the right to object to the processing of your personal data for public interest purposes or for the purposes of our legitimate interest. If the processing of your personal data is based on our legitimate interest (including direct marketing), you can object to that processing if the processing relates to the purpose under objection. In that case, your personal data will no longer be processed for that purpose.
Please also note that if you have given your consent to the processing of your personal data, you have the right to withdraw that consent at any time, by post to our registered office address or by email to support@faceup.com.
We would also like to draw your attention to the possibility of filing a complaint with the competent supervisory authority for the protection of personal data, which in the Czech Republic is the Office for Personal Data Protection, address: Pplk. Sochora 727/27, Holešovice, 170 00 Prague 7, email: posta@uoou.cz, if you believe that the processing of your personal data violates a legal regulation or your rights.
If you wish to exercise any of your rights, please contact us by email at support@faceup.com or by post at our registered office address.
Please note that due to the specific nature of FaceUp’s activities (in particular, the provision of services under the Whistleblower Act), the exercise of certain rights of Data Subjects may be significantly restricted.
Changes to our Privacy Policy
Any changes we may make to this Policy in the future will be posted on this page and, where appropriate, we will also notify you by email. Please check the Website to learn about all new updates and changes to our Privacy Policy.
Contact us
You can contact us at any time regarding the processing of your personal data by sending an email to support@faceup.com or by post to our registered office address.
All communications and statements on the rights exercised by you are provided free of charge. However, if the request is obviously unreasonable or inappropriate, in particular, because it has occurred repeatedly, we are entitled to charge a reasonable fee reflecting the administrative costs associated with the provision of the requested information. When a request for copies of processed personal data is applied repeatedly, we reserve the right to charge a reasonable administrative fee for this reason.
We will provide you with a statement and, where appropriate, information on the measures taken as soon as possible, but no later than one (1) month after the delivery of the complete communication. That period may be extended by two (2) further months, if necessary, taking into account the complexity and number of requests. We will inform you about any eventual extension accompanied by the reason therefor.
This Policy is effective as of 20 January 2023.
