top of page

Privacy Policy

of Raventic AI s.r.o.

Company ID: 19662157

VAT ID: CZ19662157

Registered office: Rybná 716/24, Staré Město, 110 00 Praha 1

Registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert No. 389855

(hereinafter referred to as the "Provider")

By providing this information, we aim to comprehensively inform the company's employees, its external collaborators, customers, business partners (suppliers, subcontractors), and other individuals or legal entities with whom our company maintains relations, even without a contractual relationship, about what personal data we collect about them, how we handle it, the sources we obtain it from, the purposes we use it for, to whom we may disclose it, where they can obtain information about the personal data we process about them, and what their individual rights are in the area of personal data protection.

1. Principles

1.   Raventic AI, s.r.o. (hereinafter also referred to as "the company") collects, processes, and provides personal data:

a) Without your consent:

i. To fulfill obligations imposed by generally binding legal regulations of the Czech Republic and the European Union.

ii. Regarding the fulfillment of contractual obligations.

iii. For reasons of the company's legitimate interest.

b) With your consent:

i. For the purposes of employee and external collaborator care.

ii. To ensure internal company communication.

iii. For the purpose of publishing information containing personal data in public relations and marketing.

iv. For the purpose of publishing information containing personal data in the company's social media profile.

2.   We process personal data for a clear and understandable reason, using methods and means that ensure the purpose of their processing, and we retain personal data only for as long as necessary.

3.   We ensure appropriate security against unauthorized or accidental access to personal data, their alteration, destruction or loss, unauthorized transmission, or unauthorized processing, as well as misuse.

4.   We clearly inform all affected individuals about personal data processing and their rights to accurate and complete information regarding personal data processing.

5.   We have implemented and adhere to appropriate organizational and technical measures, internal standards, and procedures to ensure the necessary level of security corresponding to the expected risks. All individuals who come into contact with personal data are obliged to maintain confidentiality about the information obtained in connection with the processing of such data.

2. Management and Processing of Personal Data

1.   The data controller is Raventic AI, s.r.o., with its registered office at Rybná 716/24, Staré Město, 110 00 Prague 1, Czech Republic, Company ID: 19662157, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert No. 289855 (hereinafter referred to as "the Company").

2.   In certain cases, the company also handles the personal data of affected individuals on behalf of another entity (another controller). This may occur, for example, when cooperating with third parties on various projects or programs. For more detailed information in such cases, it is always necessary to contact the specific data controller, unless the company is authorized to provide information in a specific case.

3. Purpose and Legal Basis for Processing

1.   Without the consent of the affected individual, in the interest of:

a) Preventing damage to the property of the affected individuals entrusted to the company and the company's property.

b) Fulfilling notification obligations towards public authorities.

c) Fulfilling obligations arising from court decisions and/or state administration authorities.

d) Fulfilling obligations imposed on the company directly related to the services it is authorized to provide to business partners, mainly under Act No. 480/2004 Coll. on Certain Information Society Services, as amended.

e) Meeting archiving obligations.

f) Negotiating rights and obligations and fulfilling rights and obligations from concluded contracts and agreements, primarily involving the realization of rights and obligations from:

i. Employment relationships or similar relationships with job applicants or employees.

ii. Business relationships with potential customers or customers.

Personal data is necessary in such cases to be able to negotiate, conclude, and execute contractual relationships without undue legal risk, including negotiations about entering into or modifying a contract.

g) Protecting rights and legally protected interests, especially in the interest of:

i. Protecting the rights and legally protected interests of the company, authorized recipients, or other designated persons, e.g., in proving claims to third parties, collecting receivables, providing security, or asserting claims or during the development and improvement of provided services.

ii. Conducting negotiations on the transfer of rights and obligations, including related implementation and other follow-up negotiations with third parties.

iii. Managing all dispute agendas, especially for the purposes of court or other disputes (e.g., fulfilling the burden of proof).

2.   With the consent of the affected individual:

a. Generally involves situations where the affected individual voluntarily consents to the company processing personal data provided by the individual or obtained otherwise. If the individual does not provide consent, the company may not be able to provide services, products, or programs or may have to adjust the availability, scope, or conditions of the provided services, products, or programs for justified reasons. Based on the affected individual's consent, the company processes personal data for the following purposes:

i. Employee care (job applicants, former employees) or customer care (potential customers, former customers) within activities that do not constitute the performance of work, business, or other contracts or are not based on another legal framework for processing personal data, including:

  • Market research.

  • Monitoring customer behavior on the company's website related to offered services or products (this purpose does not cover simply obtaining information about the behavior of users visiting the company's website); monitoring the behavior of employees, external collaborators, and selected business partners using internal systems such as CRM, Trello, Notion, Confluence.

  • Marketing communication through channels like Google, Meta, Seznam, RTB House, Criteo, Performio, Microsoft (Bing), eHub, Taboola, Mailchimp.

  • Maintaining courtesy contact, relationships, and communication.

ii. Some forms of mutual communication among cooperating entities in matters of subcontractor relationships, where the company can act as both a main contractor and a subcontractor. To some extent, the company is entitled to participate in the mutual exchange of certain information between cooperating entities without obtaining the consent of the affected individuals.

iii. Offering products and services, including disseminating information, offering company products and services, and mediating offers from other entities, including products and services specifically targeted at individual customers through various channels, such as mail, electronic means (including emails and messages sent to mobile devices), phone calls, and websites. In certain cases, the company may offer products and services to affected individuals (customers) even without their consent, provided it is permissible by law, and affected individuals will be notified of their right to object to further offers. In this context, personal data of affected individuals may also be provided to third parties to disseminate information and offer products and services of these third parties.

4. Scope of Personal Data Processing

1.   The company processes personal data to the extent necessary to fulfill the above purposes. It primarily processes contact and identification data, data reflecting creditworthiness, trustworthiness, and payment discipline, descriptive and other data, and, to the necessary and justified extent, data about other individuals, typically obtained from public sources.

2.   Specific categories of personal data and their processing methods:

a. Personal Identification Numbers: According to the law, the company is obliged to process personal identification numbers of its employees. The employee's personal identification number, if assigned, must be processed for tax, social, and health insurance purposes. If the personal identification number were to be processed for other purposes, this would only be with the consent of the affected individual.

b. Copies of Documents: Due to legal obligations and the legitimate interest of the company to properly identify job applicants and employees, it is necessary to process certain data about their documents (including type, series and number of the identification document, the issuing state or authority, and document expiration date). With the consent of the affected individuals, the company makes copies of such documents.

c. Communication Records: The company monitors and records selected communication with customers. If recording is not based on legal regulation (e.g., Sections 88, 89, 562, and 1730 of the Civil Code No. 89/2012 Coll.), the company will always notify the affected individual beforehand. The content of this communication is confidential, and the company uses it exclusively for legal compliance, contract conclusion and performance, protection of rights and legally protected interests, and, with the consent of affected individuals, for customer care purposes.

d. Video Recordings: The company records video footage as part of providing specific services to customers. Video recordings are made exclusively for the purpose of user testing of designs, prototypes, or production versions of applications or their functional parts. Unless video recordings are deemed necessary for the development of designs, prototypes, or production versions of applications at the request of the customer and with the consent of affected individuals, the company continuously deletes them. The assessment is carried out without undue delay, but no later than thirty (30) calendar days from the recording date. For recordings retained for the reasons mentioned above, the necessity of their further retention is assessed continuously.

5. Personal Data Processing Methods

1.   The company processes personal data manually and automatically, including algorithmic processing, within the company's information systems.

2. Personal data is mainly processed by the company's employees. It is also processed by third parties to the necessary extent, to whom the processing of personal data has been entrusted based on a special written agreement concluded before any transfer of personal data to the third party. This special agreement contains the same guarantees for personal data processing that the company itself adheres to in accordance with its legal obligations.

 

Namely:

  1. Google Ireland Limited, se sídlem Gordon House, Barrow Street, Dublin 4, Irsko;

  2. Lerika Tax & Accounting, Sokolovská 81/55, 186 00 Karlín, Czech Republic;

  3. Pipedrive, Pernerova 697/35, 186 00 Karlín, Czech Republic

  4. Amazon Web Services, Inc. 410 Terry Avenue North, Seattle, United States

  5. Sellexa, spol. s.r.o., Příčná 1892/4, Nové Město, 110 00 Praha, Czech Republic

6. Recipients of Personal Data

1.   Personal data of affected individuals (employees, job applicants, former employees) or customers (potential customers, former customers) or business partners (potential or former business partners) are made available to authorized employees of the company to the necessary extent in connection with the performance of their job duties, where it is necessary to handle personal data. The observance of all security measures is ensured. In addition, personal data of affected individuals are disclosed to third parties involved in personal data processing under a special written agreement, or personal data are made available to them for another reason in compliance with the law.

2.   In accordance with relevant legal regulations, the company is entitled or obliged to disclose personal data without the consent of the affected individual to:

a. Relevant public administration bodies, courts, and law enforcement authorities for the purpose of fulfilling their legal obligations and for enforcement purposes.

b. Other persons to the extent specified by legal regulations, such as third parties for the purpose of collecting the company's receivables from affected individuals.

3.   With the consent of the affected individual, based on which the company is authorized to handle confidential information, trade secrets, banking secrets, and other information classified under Act No. 412/2005 Coll., on the Protection of Classified Information and Security Capability, we may further disclose personal data to:

a. Entities financially linked to the company for the purpose of complying with legal obligations, contract conclusion and performance, offering products and services, protecting rights and legally protected interests of the company, and customer care, reflecting customers' creditworthiness and trustworthiness.

b. Entities belonging to the group of entities financially linked to the company's customer, if agreed upon in a written business contract with the company's customer.

c. Other persons for the purpose of disseminating information and offering the company's products and services; such disclosure will be conducted in full compliance with other conditions mentioned in this document, particularly concerning purposes, scope, and processing period of personal data. In such cases, only the necessary identification and contact data will be disclosed.

7. Duration of Personal Data Processing

1.   The company processes the personal data of affected individuals only for the necessary duration concerning the purposes of their processing, unless the processing period is prescribed by law. Responsible persons appointed by the company continuously assess whether the need to process certain personal data for a specific purpose still exists. If the company determines that they are no longer needed for any of the purposes for which they were processed, the data will be destroyed.

2.   The company has internally evaluated the usual duration of the usability of personal data concerning certain processing purposes. After this period, the company carefully assesses the need to process the relevant personal data for a given purpose. In this context, personal data processed for the purposes of:

a. Contract performance is processed for the duration of the contractual relationship with the customer; thereafter, the relevant personal data is usually usable for ten (10) years.

b. Mutual information exchange of cooperating entities within a subcontractor relationship is processed for the duration of the contractual relationship; thereafter, the relevant personal data is usually usable for ten (10) years.

c. Offering products and services is processed for the duration of the contractual relationship; thereafter, the relevant personal data is usually usable for ten (10) years. If personal data is disclosed to third parties in this context, the company determines the processing duration by the third party in compliance with applicable legal regulations and the rules mentioned in this information.

d. Customer care is processed for the duration of the contractual relationship with the customer; thereafter, the relevant personal data is usually usable for ten (10) years.

8. Right of the Affected Individual to Withdraw Consent

1.   In this part of the document, the company explains why it needs the personal data of affected individuals and that it may only process it for certain purposes with their consent. Affected individuals are not obliged to grant consent for the processing of their personal data to the company and have the right to withdraw already given consent at any time. If the affected individual withdraws consent, the company will cease processing the relevant personal data for the purposes requiring the relevant consent but may still be entitled or even obliged to continue processing the same personal data for other purposes based on the appropriate legal basis.

2.   If the affected individual does not grant or withdraws their consent, the company may:

a. Adjust the availability, scope, or conditions of its products or services accordingly, or

b. Refuse to provide its products or services to the affected individual if it determines that such consent is necessary for the provision of the product or service under the given conditions.

3.   If the affected individual wishes to withdraw their already given consent for personal data processing, they may contact the company:

a. In writing at Rybná 716/24, Staré Město, 110 00 Prague 1,

b.  By email at info@raventic.com,

c.  Or by phone at +420777481225.

9.  Sources of Personal Data

1.   The company obtains personal data of affected individuals primarily from:

a. The affected individuals themselves, either directly, e.g., when providing documents for negotiations and contract conclusion related to employment relationships or provided products or services, or indirectly, e.g., when using the company's products or services or when providing information about products and services to affected individuals, e.g., via the company's website.

b. Publicly available sources (public registers, records, or lists).

c. Third parties authorized to handle the affected individual's personal data and provide it to the company under the set conditions.

d. Potential interested parties in the company's services or products during marketing events and campaigns.

e. The company's own activities, through processing and evaluating other personal data of affected individuals.

10. Right of the Affected Individual to Access Personal Data and Protection of Their Rights

1.   If the affected individual requests information from the company regarding the processing of their personal data, the company will provide all information about the data processed without undue delay. Such information is usually provided free of charge. For certain specific cases, the company reserves the right to request reimbursement of reasonable costs incurred directly in connection with providing such information.

2.   If the affected individual finds or believes that the company or a third party involved in personal data processing is processing their personal data in a manner that contradicts the protection of their private life or violates the law, especially if their personal data is inaccurate, the affected individual may:

a. Request an explanation from the company or the third party involved in personal data processing.

b. Request the company or the third party involved in personal data processing to remedy the defective state, particularly by requesting the correction or supplementation of incorrect personal data. If necessary, the company will temporarily block or destroy incorrect personal data.

3.   If the company finds the request of the affected individual justified, the company or the third party involved in personal data processing will immediately and free of charge remedy the defective state.

11. Electronic Communication Means and Mobile Applications

1.   As part of its care for all affected individuals, the company develops its technologies to allow affected individuals to use its products, services, and programs to a corresponding extent and in an appropriate manner using modern electronic communication means and online applications. This mainly involves services related to internet usage, social media usage, and various online applications. All personal data obtained about affected individuals in this context is processed by the company in accordance with the conditions and principles stated in this information.

2.   Social Media: The company communicates with affected individuals, especially for commercial purposes, through various social media platforms. These communication channels are primarily used as marketing tools.

3.   Cookies: When engaging in commercial communication through websites and social media, the company also uses cookies, i.e., small text files stored on the affected individual's computer upon the first loading of a web page. These files help the company more easily identify how affected individuals interact with the content on its websites and subsequently communicate more responsively or more effectively target marketing activities.

a) Types of cookies processed:

i. Necessary cookies: These are essential for the proper functioning of the website, so no consent is required for their processing.

ii. Preference (functional) cookies: These help maintain the same way of functioning of the pages for the user throughout their usage, such as language or region selection, and require consent for their processing.

iii. Analytical cookies: These allow tracking aggregate information about website traffic and the use of individual features. These are only statistics. The data is anonymized and cannot identify specific users; consent is also required for processing these cookies.

iv. Marketing cookies: These allow for displaying and targeting ads, measuring their effectiveness, etc. These cookies can only be processed after obtaining consent.

a) List of used cookies 

i. Analytical cookies 

-ga (set by Google Analytics to collect statistical data about the use of the site - validity 2 years) 

12. Validity and Effectiveness of Information

This information becomes valid and effective as of January 1, 2024.

bottom of page