This Privacy Policy applies to the website and e-shop at woodler.eu (hereinafter referred as the Website) and to processing of personal data related to the operation of Woodler software (hereinafter referred to as the Software and the purpose of this Privacy policy is to inform the visitors of the Website, customers of the e-hop and users of the Software about processing of personal data according to the Regulation (EU) 2016/679 General Data Processing Regulation (hereinafter referred to as GDPR).

Controller:

Woodler s. r. o.
ID: 44 732 503
Registered office: Pribinova 4, 811 09 Bratislava, Slovak Republic

Registered in the commercial register maintained by the District court of Bratislava 1 under file Sro 151073/B
(hereinafter referred as the Controller)

1. Purposes and legal bases

Controller might collect and process the personal data of Website visitors, customers and authorised users for the following purposes that will be explained in detail below:

  • Analysis of the visits and use of the Website and to improve the visitors experience;
  • Management of orders and payments on the e-shop and fulfilling the contracts;
  • Management of customer and authorised user accounts;
  • Provision of customer support;
  • Operation of the Software;
  • Sending of marketing communication;
  • Other business communication;
  • Protection of business interest, processing of claims and complaints;

1.1 Website analysis

The Website uses website analytics service for gathering aggregated statistical data about usage of the Website. The Controller uses this data to improve the Website and your user experience and to improve the reach of the services. The Controller uses the Google Analytics service and more information on transfer of persona data can be found in section 2 of this Privacy Policy.

The service uses cookies that are set up in your browser according to your browser settings. We interpret these settings as a consent to set up the cookies. If you do not want us to set the cookies, please change your browser settings. For more information about cookies please see section 3 of this Privacy Policy.

1.2 E-shop management

The Controller uses the Website to offer services and products to customers. In order to process orders, conclude contracts and fulfil the contracts certain personal information might be collected, processed and stored. This data might include identification information of customers and persons authorised to act on behalf of the customers, delivery information, contact information (e-mail, phone, address), payment information, credit card information, invoices, orders, contract information and other similar data.

This data about customers is processed as necessary to negotiate the contracts and to fulfil the contracts. If personal data of other persons acting on behalf of the customers are collected and processed, the processing I based on legitimate interest of the Controller to conduct business and to negotiate and fulfil the contracts that those persons negotiated of behalf of the customers.

The data is stored for the duration of the contract and for 5 years after the contract is concluded in order to handle any claims and issues that might arise out of the contracts.

1.3 Accounts

Certain services or products might require the customer to register a customer account and to register authorised user accounts. These accounts are mainly used to manage the customers orders, subscriptions and to manage and operate the Software. Information collected and processed relating to the customer and authorised user accounts include e-mail addresses, name, surname, identification information of the customer, credentials, permissions, account settings, orders, subscriptions and log of user activity.

This data about customers is processed as necessary to negotiate the contracts and to fulfil the contracts. Information about authorised users is collected and processed based on legitimate interest of the Controller to fulfil the contracts with customers that designated those authorised persons.

The data is stored for the duration of any contracts and subscriptions and for 1 year after all of the contracts and subscriptions were terminated for the purpose of seamless renewal of the subscriptions.

1.4 Customer support

Controller provides a customer support services through the helpdesk services available through the Website. In order to process the customer support ticket the Controller needs to collect information about the subject matter of the ticket, detailed description of the problem, priority, any documents relevant to the ticket (attachments such as screenshots, website links etc.), contact information and any other information provided by the customer. The Controller uses third party software Jira for handling the helpdesk operation and more information on transfer of persona data can be found in section 2 of this Privacy Policy.

This data is processed based on legitimate interest of the Controller and customer in processing the customer support tickets and to fulfil any contract the customer support might be provided upon.

This data is stored until the support ticket is resolved and for 6 months afterwards and if it is related to a contract then for the duration of this contract and 1 year after the termination of such contract.

1.5 Operation of the Software

Certain Software might require connection to the Controller’s system in order to initialize and to operate properly. Information such as installation details, metadata, settings, customers details, subscription details, authorised person’s identification, e-mail and credentials might be processed in order to ensure the proper operation of the Software.

Information is processed based on legitimate interest of the Controller and the customer to fulfil the contracts with customers and to ensure the Software proper operation.

This data is stored only for the duration of the Software operation and are disposed of afterwards unless needed for other described purpose.

1.6 Marketing communication

The controller might send the customers an e-mail from time to time about recent news, new products and services, changes to the Software and other relevant information about the Controller and its business if the customer or authorised person registers for the newsletter.

The e-mail newsletter is sent based on the consent of the customer or its authorised person.

The e-mail address will be kept in the mailing list until the person opts-out of the mailing list or until the connected customer account or authorised person account is closed. The option to opt-out is offered at the account settings and in every message.

1.7 Business communication

Upon your request made by the published contact details the controller will get back to you with your inquiries and other communication. Usually contact details (e-mail, address or phone), name, surname and content of the communication is processed. Appointments and calls may be scheduled via the Calendly service. More information on transfer of persona data can be found in section 2 of this Privacy Policy.

The communication is based upon your consent implied by contacting the Controller.

The data is kept only for reasonable duration to handle the communication and to reflect upon it and in any case no longer than 1 year after the communication ceased.

1.8 Protection of business interest, processing of claims and complaints

Any data collected and processed by the Controller might be used to protect the Customer from claims, to enforce claims of the Controller and to settle disputes and complaints.

Processing pursuant this purpose is based on legitimate interest of the Controller to protect its business interests, enforce its claims and defend against claims of third persons and to settle disputes and complaints.

Any data might kept even after the above mentioned retention periods expire if it is necessary for this purpose and shall be kept until the purpose is fulfilled.

2. Transfers of personal data

Any data collected and processed by the Controller is kept secure and in confidentiality. The Controller shall never sell your data to third parties without your express consent. The data might be shared with third parties where it is a statutory obligation of the Controller and where the Controller uses third party services to outsource part of the processing to processors. The processor are selected with diligence and are bound to protect the data under data processing contracts.

In general, the Controller employs the following categories of processors:

  • accounting, tax and legal advisers;
  • IT infrastructure services (cloud computing, webhosting, e-mailing service etc.);
  • payment service providers;
  • web analytics services;
  • helpdesk service;
  • scheduling service providers;
  • contractors (e.g. customer support operators);

2.1 Google Analytics Service

The Controller uses the Google Analytics services for the Website analytics. Google Analytics service is provided by Google LLC a company established in the USA. The Controller has concluded a data processing contract according to the GDPR with the Google LLC based on the standard contractual clauses approved by the European Commission.

Follow these links in order to find out more about the Google Analytics service and how the Google LLC handles the data:

2.2 Stripe payment processing

To process payments the Controller uses the Stripe payment processing service provided by the Stripe, Inc. a company established in the USA. The Controller has concluded a data processing contract according to the GDPR with the Stripe, Inc. based on the standard contractual clauses approved by the European Commission.

Follow these links in order to find out more about the Stripe payment processing service and how the Stripe, Inc. handles the data:

2.3 Calendly scheduling

To automatically schedule appointments and calls the Controller uses the Calendly scheduling service provided by the Calendly LLC a company established in the USA. The Controller has concluded a data processing contract according to the GDPR with the Calendly LLC based on the standard contractual clauses approved by the European Commission.

Follow these links in order to find out more about the Calendly scheduling service and how the Calendly LLC handles the data:

2.4 Jira helpdesk service

To handle the customer support tickets the Controller uses the Jira Service Management by the Atlassian Pty Ltd a company established in Australia. The Controller has concluded a data processing contract according to the GDPR with the Atlassian Pty Ltd based on the standard contractual clauses approved by the European Commission.

Follow these links in order to find out more about the Jira Service Management and how the Atlassian Pty Ltd handles the data:

2.5 Service providers for the Website

The Website uses some third-party services that use cookies or similar technologies that may collect and store data. This data might be used by the third-party providers as processors or controllers. The Controller ensures that only compliant services are used and that contracts safeguarding the protection of the shared data are in place. If the transfer of data happens inside the European Union or to countries with adequate data protection laws a data processing contracts under GDPR are used and if the transfer happens outside these countries then standard contractual clauses approved by the European Commission are used. Further information on these services can be found in the next section of this Privacy Policy.

3. Cookies

3.1 What are cookies in general

Cookies are small text files that are stored in your browser. They are used by web developers to help users navigate their websites efficiently and perform certain functions. Due to their core role of enhancing/enabling usability or site processes, disabling cookies may prevent users from using certain functionality of the Website. To find more about cookies you can visit the allaboutcookies.org or related wikipedia page.

3.2 List of important cookies

The Website uses the following cookies custom cookies:

Cookie Description Expiry
cookieHidden Stores information about cookie confirmation 365 days
PHPSESSID Information about currently logged in user 14 days

3.3 Third party services

The Website uses several third-party services that use cookies either as first party or third-party cookies.

3.3.1 Google Analytics

Google Analytics service uses collected cookies to analyse how the Website is used. The information generated by the cookie about use of the Website (including IP address) will be provided by Google, Inc. uploaded and stored on Google, Inc. servers All data obtained in this way will be processed anonymously. For more information on cookies used by Google analytics follow the link provided.

3.3.2 Google AdSense

AdSense uses cookies to improve advertising. Cookies themselves contain no personally identifiable information. Depending on the publisher’s and the user’s settings, information associated with cookies used in advertising may be added to the user’s Google account. For more Information on the Google AdSense cookies follow the link provided.

3.3.3 Google Doubleclick

Google Doubleclick cookies are used by the Google Marketing platform and Google Ad manager to improve advertising. Cookies themselves contain no personally identifiable information. For more information on the Google Doubleclick cookies follow the link provided.

3.3.4 Lead Forensics

Lead Forensics cookies are used to generate leads for potential business opportunities from the Website visits. Data collected by these cookies might be shared with Lead Forensics, a company based in United Kingdom of Great Britain and Northern Ireland. For more information on the Lead Forensics cookies and how the service works follow the link provided.

3.3.5 LinkedIn

LinkedIn plugin on the Website uses cookies to identify the user and to handle the request made by user using the plugin and the Website. The data collected by these cookies might be shared with LinkedIn, a company based in the USA. For more information on the LinkedIn cookies follow the link provided. The full list of LinkedIn cookies can be found in the LinkedIn cookie list.

3.3.6 Facebook Pixel

Facebook Pixel cookies are used to improve advertising. The collected information might be shared with Facebook, a company based in the USA through its Ireland based subsidiary. For more information on the Facebook cookies follow the link provided.

3.4 Your choices

3.4.1 Settings in your browser

You can set your browser to reject all cookies or just the ones you select. Your setting might be interpreted as your consent with storing and using cookies. You can learn how to set your browser preference in the Help section of your browser. Should you decide to reject all cookies, please remember that the Website and our application might not function properly.

You can also delete any cookies from your browser after you visit of the Website to maximise tour privacy.

3.4.2 Google Analytics

You can opt-out of the Google Analytics by using the Google Analytics Opt-out Browser Add-on.

3.4.3 Google Ads Settings

You can opt-out of targeted advertising from Google using this website.

3.4.4 Facebook Pixel

You can manage your Facebook cookie preferences from your Facebook account. Instructions are provided in the Facebook Cookie Policy.

3.4.5 Technical and security cookies

The cookies used to handle authentication and technical cookies used for e-shop operation and user accounts operation are necessary for proper operation of certain functions of the Website. If you reject all cookies or set your browser to not store any cookies then some functions of the Website might not work properly or might not work at all and some services might be unavailable.

4. Advice on rights

You have the following rights in connection with processing of your personal data: (1) the right of access to personal data, (2) the right to rectification of inaccurate personal data, (3) the right to restriction of processing, (4) the right to erasure of personal data, (5) he right to object to processing of personal data, (6) the right to revoke your consent, (7) the right to data portability and (8) the right to lodge a complaint with a supervisory authority.

Controller might need to verify your identity when you make a request to exercise any of the rights mentioned above and is entitled to request further information in order to comply with your request.

4.1 Right of access

In relation to processing of personal data, you have the right to obtain, upon your request, information about the processing and the copy of your processed data.

4.2 Right to rectification

When you have reason to believe your personal data are inaccurate, outdated or incorrect in any way, you have the right to contact the Controller and the controller will ensure due rectification when provided with accurate, up to date and correct information.

4.3 Right to restriction of processing

In cases presumed in Article 18 of GDPR, e.g. where the processed personal data are inaccurate or you have objected to the processing, you have the right to request restriction of the processing of the personal data.

For the period of the restriction, personal data shall only be stored with and may not be subject to any other operation without your consent. The restriction of processing lasts for the duration of any of the above described situations. You shall be informed of the termination of such restriction.

4.4 Right to erasure (right to be forgotten)

In cases presumed in Article 17 of GDPR, e.g. when you withdraw your consent or the personal data are no longer necessary, you have the right to their erasure.

Nevertheless, in some cases the right to erasure is limited. For example, personal data processed for compliance with legal obligations imposed on the Controller must not be erased before the expiry of the retention period specified in law.

4.5 Right to object

In case of the processing based on legitimate interests and/or for the purposes of direct marketing, you may lodge a reasoned objection to the processing. The grounds for the objection will be assessed and you will be notified of the decision. Based on the assessment the processing shall be either ceased or the objection shall be dismissed.

4.6 The right to withdraw consent to processing of personal data

In case of processing of personal data based on consent, this consent may be withdrawn at any time.

4.7 Right to data portability

Where the processing of personal data provided by you is based on consent or on a contract and is carried out completely by automated means and the personal data are stored in a structured, machine-readable format, you have the right to receive these personal data in a structured, machine-readable format.

4.8 Right to lodge a complaint with a supervisory authority

If you consider that your personal data are not processed according to law, you have the right to lodge a complaint with a supervisory authority of your habitual residence, place of work or place of the alleged infringement.

Default supervisory authority for the Controller is:

Úrad na ochranu osobných údajov Slovenskej republiky

Postal Address: Hraničná 12, 820 07 Bratislava 27

E-mail: statny.dozor@pdp.gov.sk

Phone: +421 /2 3231 3214

5. Effective date and changes to the Privacy Policy

5.1 Changes to the Privacy Policy

Controller reserves the right to change this Privacy Policy as the Website and business of the Controller evolves. Controller shall publish any changes to this Privacy Policy on the Website and shall notify the registered customers and authorised users about the changes of this Privacy policy by e-mail at least one moth prior the changes take effect.

5.2 Effective date

This Privacy Policy shall be effective from 31/03/2021.

6. Contact details

If you have any questions related to the privacy and personal data processing feel free to contact the Controller on these contacts:

E-mail: helpdesk@woodler.eu
Phone: +421 948 299 095
Postal Address: Pribinova 4, 811 09 Bratislava, Slovak Republic