Privacy policy

The last update is in effect from: 1. 9. 2019

We at FaceUp take your privacy very seriously. Currently, we comply with the Regulation No. 2016/679, the General Data Protection Regulation, also known as GDPR, which sets the highest privacy and data protection standard in the world.

On this page you will find information about the processing of personal data, both personal data contained in the notice and personal data of persons within the school registration.

This Privacy Policy applies to any data processing done by us in connection to the use of our services, both through our website www.faceup.com and through our application FaceUp, which is currently available on Google Play or App Store.

Who are we and how can you contact us?

FaceUp Technology, s.r.o., Business ID: 06142630, with its registered office at Udolni 567/33, 602 00 Brno, Czech Republic, incorporated in the Companies Register administered by the Regional Court in Brno, Section C, Insert 100325 (hereinafter referred to as “FaceUp”) is the personal data administrator. In some cases, it may also be a personal data processor for another controller, typically a school.

If you still have further questions after reading this page, please feel free to contact us:

E-mail: info@faceup.com Address: Udolni 567/33, 602 00 Brno, Czech Republic

Terms used in this Privacy Policy

Personal data:
any information that can be assigned to a particular natural person

Processing of personal data:
any personal data operation (including collection, storage, use and deletion).

Anonymization:
operation with personal data, after which it will no longer be possible to associate the data with a particular person (such data are no longer personal data within the meaning of GDPR)

Pseudonymization:
An operation with personal data, after which it will not be possible to associate the data with a particular person without the use of additional information (we use pseudonymization when processing alerts as described below).

Controller:
determines the purposes and means of processing of personal data (or are determined by law).

Processor:
processes personal data for the controller.

Sensitive personal data:
“Special categories of personal data" - health, racial or ethnic origin, religion or philosophical beliefs.

What personal data included in the report we process?

Categories of personal data
Within the report, the user shall enter:

the name of the person, who is the victim

the class from which the victim is, where the harm occurs

and a description of what is happening.

Personal data processed within the report are therefore the name of the victim, class and possibly personal data included directly in the description of what has been happening, in particular therefore personal data of the person who hurts, who else knows about what has been happening, or the names of teachers or other persons.

Legal title (reason) of personal data processing
The legal title, therefore, what entitles us to process personal data under current legislation is in the case of personal data processing within a report that such processing is necessary to protect the vital interests of the data subject or another natural person. This processing of personal data is also a task in the public interest (it is the interest of the whole company to eliminate risky behaviour).

Purpose of personal data processing
The purpose of personal data processing within the framework of the report is to submit the report to the school to resolve the situation and thus to protect the victim, who is a data subject in the sense of the legislation.

Anonymization and pseudonymization (encryption)

Encryption (pseudonymization)
The report we receive is at first encrypted by the application on our server so that unauthorized users cannot access its content.

Only this modified report is sent to the school registered in FaceUp, which will display it in the decrypted form in secure administration.

A school registered in FaceUp can use the services of a psychological online counselling, in which case the complete report including personal information is displayed to the psychologist. Of course, the psychologist is bound by secrecy.

Reports are submitted to the school:

If the school is registered in the FaceUp, the reports will be displayed in the secure administration. It will obtain a notification via e-mail. Reports in this administration will be displayed, including personal data that were hidden (encrypted) during processing on the FaceUp server.

Anonymization
Anonymization is the complete deletion of all identification data that makes it possible to associate information with a particular individual. This operation is irreversible, so there is no way to reassign information to a particular person. Anonymization is performed after the purpose of processing personal data or the time limit set for processing such data has passed, as described below.

What personal information included within the school registration we process?

Register at www.faceup.com and use of FaceUp services
When registering a school for the FaceUp project on our site and using the FaceUp services, the following personal data must be entered in addition to the name of the legal entity carrying out the school's activities:

Name and surname of two or more persons from school and their contact details (e-mail and telephone)

Individuals, whose personal data are entered within the registration must be advised of their personal data processing as set out in this document and must agree with it.

The purpose is to perform the contract, i.e. the obligation to provide you with our services, which you have ordered by registering on our website, in particular so that we can properly provide the services, communicate with you, invoice and enable support in solving any problems. We cannot provide you with our services without the provision of the specified personal data.

Legal title: personal data processing within the framework of registration and use of FaceUp services by the school, i.e. at the provision of services to the school, is necessary to fulfil the obligations arising from the agreement for the provision of these services.

Additional data processed when using our Services
Within the use of our services through our website, other information may be passively collected, which may have the nature of personal data (IP address, browser type, type of operating system). Our website also uses cookies and navigation data. The mobile app may receive information about the use of services on your device.

Preventing fraud and meeting legal obligations is also important for FaceUp: At FaceUp, we closely monitor how our Services are used to ensure a high level of privacy. We do this especially to be able to detect and prevent fraud and misuse of our services, and to help you use our services without worries.

Additional data may be collected from phone calls to our customer line, which may be recorded (you will always be informed of any recording at the beginning of the call).

Purpose: proper provision of services (performance of the Agreement), analysis of the quality of the services provided and their improvement, protection against fraud. Legal title: performance of the agreement, legitimate interest of the controller.

Data obtained from publicly available sources
We obtain personal data (name and surname of the school principal, contact e-mail and telephone) from publicly available sources (directory of schools and school facilities and other websites), especially at schools that are not registered in FaceUp.

Purpose: to inform a school not registered in FaceUp that one of their pupils or parents would like to use this platform at school

Legal title: Personal data processing when searching for contacts in order to transmit a communication that one of the pupils or parents would like to use this platform at school is necessary to protect the vital interests of the data subject or another natural person. This processing of personal data is also a task in the public interest (it is the interest of the whole society to eliminate risky behaviour or at least to alert about it).

Marketing communications (direct marketing)
We also use the email address listed in the school registration to send you information about the offer our services that may be of interest to you. You can unsubscribe marketing messages at any time by clicking the "unsubscribe" link at the end of each such email message, or simply email us at the address above.

Purpose: to inform about current FaceUp offers.

Legal title: to process personal data for the purposes of direct marketing allows us a legitimate interest, under the conditions stipulated by the Act on Certain Information Society Services, and we may of course process such personal data also on a basis of consent.

Other cases of personal data processing
In some cases, we process personal data with the consent of the data subject. In such a case, the information relating to such processing shall always be provided at the latest when such consent is given.

The length of time we process personal data

We only process and store personal data for as long as is necessary for the purposes described above, or as long as so that we can comply with legal requirements. After this period expires, we will delete or anonymize your personal information.

Deadlines for storing personal data:

we keep the reports concerning the registered school and the personal data contained therein for the duration of the school registration and further for the period of 3 years from the end of registration (in order to resolve any disputes or problems after the registration expiry) however no longer than 9 years (throughout this period personal data in the reports are encrypted as described above)

we store personal data in the school registration for the duration of the registration

other personal data will be deleted or anonymized after the expiry of 3 years, unless we are prevented from doing so by legal regulations.

Transmission of personal data

We pass on reports and hence personal data contained therein to the school the user has selected from the list of schools when writing reports.

Otherwise, we do transfer any personal data, the processing of which is described above, to any third party. An exception may be if such a transfer is imposed by the applicable legislation (e.g. transfer to law enforcement authorities, etc.).

This personal data may be processed with the help of our subcontractors as described below.

Personal data processing and their security

The processing of personal data takes place manually and automatically in electronic information systems, in electronic or paper form.

We have taken appropriate organizational and technical measures to protect personal information from any accidental loss, destruction, misuse, corruption and unauthorized or unlawful access.

We process personal data by our employees in some cases with the help of our subcontractors such as IT providers, providers of hosting and marketing services, providers of statistical, database and other software tools and possibly other services. We always carefully select each such a subcontractor and contractually commit him to keep absolute confidentiality and secrecy with regard to the personal data made available to him, as well as to take sufficient technical and organizational measures to protect personal data before commencing cooperation. Our employees are also bound by the confidentiality of all facts they learn while working for FaceUp, including personal data and measures to protect them.

Rights of the data subject

Any person, whose personal data are processed by the controller (hereinafter referred to as the "data subject") has the following rights. They can then be claimed by the legal guardian for a child.

Right of access
Everyone has the right to know whether or not his data have been processed - if so, then he has the right to gain access to these data and to information about the purposes, categories of data, recipients, storage time, right to file a complaint, source of data (in case they are not provided by the data subject), information that automated decision-making is taking place, and further the right to obtain a copy of these data.

Right to information
The controller is obliged to inform the data subject about the processing of his personal data. The data subject shall also have the right to ask the controller to provide information on the processing of his personal data and the controller shall comply with it.

Right to repair
The data subject shall have the right that the controller corrects inaccurate personal data concerning him without undue delay. Taking into account the purposes of processing, the data subject has the right for the completion of incomplete personal data.

Right of erasure ("right to be forgotten")
The data subject shall have the right that the controller erases personal data concerning him without undue delay and the controller shall erase them. However, a condition for the erasure is the fulfilment of one of the conditions laid down by GDPR:

personal data are no longer needed for the purpose, for which they have been collected

the data subject withdraws his consent and there is no other legal reason (title) for processing

the data subject objects to the processing and there is no prevailing reason for the processing

personal data are processed unlawfully

erasure is imposed by law

in case of data on a child collected in connection with the information company services

Right of processing limitation
The data subject has the right that the controller limits the processing of personal data in cases specified by GDPR (the subject denies the accuracy of the data; the processing is illegal but the entity refuses the erasure; the controller does not need the data for the original purpose, but the subject requires them to exercise his claims; the data subject has raised an objection). In such a case, the processing of data shall be limited to their storage, unless the subject's consent to other processing is given.

Right to data portability
The data subject has the right to obtain personal data relating to him which he has provided to the controller, in a structured, commonly used and machine-readable format and to transmit such data to another controller without the original controller preventing from doing so. This right applies to cases explicitly mentioned in the GDPR, i.e. when the data are processed by consent or agreement and at the same time if the data are processed automatically. This situation does not normally occur in the case of personal data processed by FaceUp.

Right to object
The data subject has the right to object to the processing of personal data and the controller shall no longer process such data if:

it is the case of processing of personal data necessary for the performance of a task in the public interest or the case, in which the controller has a legitimate interest, and the controller fails to prove the prevailing interest in processing over the rights and freedoms of the data subject.

it is processing for direct marketing purposes.

Right to withdraw consent
If the processing of personal data is based on the consent to the processing of personal data provided by the data subject, that data subject shall have the right to revoke that consent at any time.

Right to file a complaint
If the data subject believes that there has been a breach of the law in relation to the protection of his personal data, he has the right to file a complaint with the Office for Personal Data Protection.

Method of exercising rights
If you choose to exercise any of the above rights to us, please write us to the email or postal address listed above. Please note that if you exercise your right, we must be sure of your identity. Therefore, in some cases we may ask you to provide evidence. If any of the above rights are exercised, we will inform you in writing without undue delay of the manner of processing your application.

Pixel tags

Some sections that you visit at our website may also collect information using so-called pixel tags that can be shared with third parties that directly support our marketing activities and the development of our services. However, the information collected using these pixel tags does not allow information to be associated with a particular person, and is therefore not personal information.

Changes to information about the processing of personal data

We may edit or update this personal data processing information in the future. If we make changes, you will learn this, among other things, by the fact that the last modified date at the beginning of this information is updated, or we will inform you about it in another appropriate way.