Welcome to gjirafatech!

We at GjirafaTech take your privacy very seriously. We encourage you to read our Privacy Policy below to understand how we will use your personal data and your rights over your data.

This privacy policy describes how we handle and protect your personal data as a controller in these situations:

  • Contact forms/request a demo/any other inquiry
  • Business Partner (in case of a natural person)
  • Contact person of Business Partner
  • Data subject request
  • Recruitment

Please refer to our separate document of Cookie Policy describing the use of cookies and data processing in connection with the use of cookies.

This Privacy Policy does not apply to situations where we act as a data processor on behalf of our customers (the data controller) who use our products and services. While using our products and services, our costumers share with us the information about their end-users (typically identification and contact information, data about their device, how they interact with the products and services, content they upload). We process such data only according to Customer´s instructions, most of them are entailed in data processing agreement which we conclude with every Customer for whom we process the data.

Therefore, in this case we are only involved to a certain extent in the processing carried out by the Customer. Hence, the detail information about how the Customer handle and protect your personal data or how you can submit the data subject request can be found in its privacy policy typically placed on Customer´s website/app or within its products/services.

Who will process my data?

The controller of personal data (in the case of our cookies) is GjirafaTech s.r.o., ID No.: 05754143, with registered office at Komunardů 1584/42, 170 00, Prague 7, registered in the Commercial Register maintained by the Municipal Court in Prague, file C 270169. Contact details: privacy@gjirafa.tech, www.gjirafa.tech.

"We", "us", "our company" in this document refers to GjirafaTech s.r.o.

What personal data will be processed and what is the purpose and legal basis for this processing?

Situation Purpose and Duration of Processing Categories of Personal Data Legal Basis
Contact forms Request a Demo Other Inquiries To be able to respond to your inquiry/request, to ensure our business operation, communication and development For a period of max. 2 years upon accommodating the inquiry/request. Identification and Contact Information, Content of Correspondence Art. 6.1(f) - legitimate interest of GjirafaTech (Business communication and Development).
Business Partner (in case of Natural Person) To ensure performance of a contract or to pre-contractual process, bookkeeping/accounting, to keep records of contracts and proofs of contract performance, to protect Legal Rights For a period of 10 years upon contract termination, in certain cases (assets of permanent or long-term value) the contracts can be archived for a longer period of time or permanently (according to their nature). Identification and Contact Information, Contract and Related Relevant Information for the Provision of Products/Services, Billing and accounting Information Art. 6.1(b) GDPR – performance of the contract Art. 6.1(c) GDPR – compliance with a legal obligation (Bookkeeping, Accounting) Upon the end of the Contract Art. 6.1(f) GDPR - legitimate interest of GjirafaTech (Protection of our Legal Rights).
Contact Person of Business Partner To ensure mutual communications related to the business activities (in case of current business partners) and to ensure our business development/to provide you marketing communication (in case of former/potential business partners) For a period 5 years upon the end of contractual relationship (in case of current/former business partners) or for a period of 2 years upon Your inquiry or upon our acquisiton of Your contact (in case of potential business partners). In any case unless you opt-out from the communication. Identification and Contact Information, Job Position, Company, Content of Correspondence Art. 6.1(f) - legitimate interest of GjirafaTech (business development, direct marketing).
Data Subject Request To handle requests from data subjects For a period of 4 years from the processing of the request Identification and Contact Information, Subject of the Request, Content of the Correspondence Art. 6.1(c) GDPR – compliance with a legal obligation Art 6.1 (f) GDPR - legitimate interest of GjirafaTech (protection of Legal RIghts and proof of legal compliance).
Recruitment To select the most suitable employee/co-operator for the open job position. For a maximum period of 6 month upon the end of the recruitment for the respective position. Identification and Contact Information, Resume and other information submitted within Job Opening/Interview Art. 6.1(f) GDPR - legitimate interest of GjirafaTech (filling a job position with a suitable candidate, business operation).

Mainly, we obtain the personal data directly from you as a data subject. However, some information we may acquire from public authorities or publicly available registers (e.g. commercial register etc.).

Under certain circumstances, the controller may transfer your personal data to so-called recipients (other controller, processor) and third parties. Personal data may be disclosed to the following recipients: our supplier, in particular for the purpose of providing legal or accounting services, telecommunications and technical support services, administration and development of the information system and the performance of external audits. In addition, personal data may be disclosed to public authorities in accordance with the applicable regulation. The list of recipients will be communicated to you upon your request.

We, or our processors (typically suppliers), processes your personal data primarily in the European Economic Area, where uniform data protection is guaranteed in each member country. In some cases, your personal data may be processed outside the EEA. However, we choose our suppliers carefully to reach similar degree of protection (based on adequacy decision or concluding standard contractual clauses as adopted by European Comission).

What are my rights in relation to the processing of personal data?

You have the right to request access to your data at any time - this means that we will provide you, upon your request, with information about what personal data we process, for what purpose, from what source the personal data was obtained and for how long it will be processed.

You have the right at any time to request the rectification of inaccurate personal data or to have it completed if it is incomplete. You also have the right to request the erasure of personal data that are no longer necessary for the purpose for which they were originally collected or that the controller is no longer entitled to use them for other reasons (e.g. they have been processed unlawfully, their erasure is required by law etc.).

You have the right to request a restriction of the processing of your personal data - this means that you can ask us not to delete your data where we would otherwise be obliged to do so, and you can also ask us not to process your personal data any further until it is clear whether the data processed is accurate or whether your objection to the processing of your personal data has been raised on reasonable grounds (see right to object below).

You have the right to the portability of your personal data - this means that you can request that we provide you with the personal data processed by us (if processed by automated means) in electronic form so that it is easily transferable to another controller (service provider). This right only applies to personal data that we have obtained in electronic form, either on the basis of your consent or on the basis of a contract.

You have the right to object to the processing of your personal data based on our legitimate interest - in which case we will only continue to process your data if it is demonstrated that there are compelling legitimate grounds for doing so.

How can i exercise my rights?

Generally, you exercise your rights (including the right to object or withdraw the consent) with the data controller,  which is our company. You can contact us in writing or by e-mail at the contact details stated above.

How to proceed if i believe that the processing of my personal data has violated the law or the European Data Protection Regulation?

You can always approach us with any privacy matter at privacy@gjirafa.tech. In any case, you have the right to lodge a complaint with the Data Protection Authority of your member state (if you are from EU). Principally, such complaint is handled by Czech Data Protection Authority (UOOU), Pplk. Sochora 27, 170 00 Prague 7, phone +420 234 665 111, e-mail: posta@uoou.cz, website: https://www.uoou.cz.