PRIVACY POLICY
1. INTRODUCTION
We take your privacy very seriously and are committed to protecting your personal data. This Privacy Policy details how we, SINTAL d.o.o., Litostrojska cesta 38, 1000 Ljubljana, Slovenia, collect, use and process Personal Data.
This Privacy Policy affects your legal rights and obligations so please read it carefully. If you do not agree to be bound by this Privacy Policy, please do not provide personal data to us.
We may update this Privacy Policy from time to time at our discretion and in particular to reflect any changes in applicable laws. If we do so, and the changes substantially affect your rights or obligations, we shall notify you if we have your email address. Otherwise, you are responsible for regularly reviewing this Privacy Policy so that you are aware of any changes to it.
2. DATA WE COLLECT
Data processed for the following purposes and using the following services:
Registration and authentication provided directly by this Application
Registration
Personal Data: Full name,
Authentication: Full name, e-mail, phone number
Analytics & Crash reports
Firebase analytics
Statistical data, crash reports (no personal data)
3. DATA CONTROLLER CONTACT INFORMATION
3.1. Data Controller
SINTAL d.o.o.
Litostrojska cesta 38, 1000 Ljubljana, Slovenia
VAT No.: 65300645
Registry No. 5446252000
Data Controller contact email: dpo@sintal.si
3.2. Definition of terms
User – every person using Sintal Alarm Application,
Application - Sintal Alarm Application,
Data – all data collected by the Data Controller,
Services – all services that Data Controller provides for the User in connection with the Application.
Personal Data – all personal data collected by the Data Controller as indicated in section 7 of this Privacy Policy "DETAILED INFORMATION ON THE PROCESSING OF PERSONAL DATA"
4. PERSONAL DATA WE COLLECT
Personal Data that this Application collects, by itself, are: name and surname of the user, phone number, email address.
Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.
Personal Data may be freely provided by the User. We do not collect any special categories of Personal Data.
Unless specified otherwise, all Personal Data requested by this Application is mandatory and failure to provide this Personal Data may make it impossible for this Application to provide its services. In cases where this Application specifically states that some Personal Data is not mandatory, Users are free not to communicate this Personal Data without consequences to the availability or the functioning of the Service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact the Data Controller.
Application does not use Cookies or of other tracking tools.
5. MODE AND PLACE OF PROCESSING THE DATA
5.1. Methods of processing
The Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Data Controller. The updated list of these parties may be requested from the Data Controller at any time.
5.2. Place and safeguarding
The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved in the processing are located. Data is processed within the territory of European Union.
Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.
5.3. Retention time & complete deletion
Unless specified otherwise in this document, the Data, including Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on the Users’ consent.
In case when legal basis for the retention and processing of the Data, including Personal Data does no longer exist, we delete your Data or Personal Data.
When you delete your registered account on Application, we immediately start the process of removing it from the product and our systems. We then begin a process designed to safely and completely delete the data from our storage systems. Safe deletion is important to protect our users and customers from accidental data loss. Complete deletion of data from our servers is equally important for users’ peace of mind.
Our storage system from which data gets deleted has its own detailed process for safe and complete deletion. This might involve repeated passes through the system to confirm all data has been deleted, or brief delays to allow for recovery from mistakes. As a result, deletion could sometimes take longer when extra time is needed to safely and completely delete the Data.
6. THE PURPOSES OF PROCESSING
The Personal Data concerning the User is collected to allow the Data Controller to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), as well as the following: Device permissions for Personal Data access, Analytics, Registration and authentication provided directly by this Application.
For specific information about the Data including Personal Data used for each purpose, the User may refer to the section “Detailed information on the processing of Personal Data”.
7. DETAILED INFORMATION ON THE PROCESSING OF PERSONAL DATA
Data is collected for the following purposes and using the following services:
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
| To register you on Application | Personal data: Full name | Performance of a contract |
| Authentication | Personal data: Full name, e-mail, phone number | Consent |
| Maintenance of Application | Data: Analytical data | Legitimate interest, performance of contract |
| Maintenance of Application | Data: Crash reports | Performance of a contract |
8. FURTHER INFORMATION FOR USERS
8.1. Legal basis of processing
The Data Controller may process Personal Data relating to Users if one of the following applies:
- Users have given their consent for one or more specific purposes.
- Provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
- Processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
- Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Data Controller;
- Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller.
In any case, the Data Controller will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
8.2. Further information about retention time
Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on the Users’ consent.
Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User shall be retained until such contract has been fully performed.
Personal Data collected for the purposes of the Data Controller’s legitimate interests shall be retained as long as needed to fulfil such purposes. Users may find specific information regarding the legitimate interests pursued by the Data Controller within the relevant sections of this document or by contacting the Data Controller.
The Data Controller may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Data Controller may be obliged to retain Personal Data for a longer period whenever required to fulfil a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
8.3. The rights of Users based on the General Data Protection Regulation (GDPR)
Users may exercise certain rights regarding their Data processed by the Data Controller.
In particular, Users have the right to do the following, to the extent permitted by law:
- Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
- Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent.
- Access their Data. Users have the right to learn if Data is being processed by the Data Controller, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
- Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
- Restrict the processing of their Data. Users have the right to restrict the processing of their Data. In this case, the Data Controller will not process their Data for any purpose other than storing it.
- Have their Personal Data deleted or otherwise removed. Users have the right to obtain the erasure of their Data from the Data Controller.
- Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance.
- Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
Users are also entitled to learn about the legal basis for Data transfers abroad including to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Data Controller to safeguard their Data.
8.4. Details about the right to object to processing
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Data Controller or for the purposes of the legitimate interests pursued by the Data Controller, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time, free of charge and without providing any justification. Where the User objects to processing for direct marketing purposes, the Personal Data will no longer be processed for such purposes. To learn whether the Data Controller is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
8.5. How to exercise these rights
Any requests to exercise User rights can be directed to the Data Controller through the contact details provided in this document. Such requests are free of charge and will be answered by the Data Controller as early as possible and always within one month, providing Users with the information required by law. Any rectification or erasure of Personal Data or restriction of processing will be communicated by the Data Controller to each recipient, if any, to whom the Personal Data has been disclosed unless this proves impossible or involves disproportionate effort. At the Users’ request, the Data Controller will inform them about those recipients.
9. ADDITIONAL INFORMATION ABOUT DATA COLLECTION AND PROCESSING
9.1. Legal action
The User's Personal Data may be used for legal purposes by the Data Controller in court or in the stages leading to possible legal action arising from improper use of this Application or the related Services.
The User declares to be aware that the Data Controller may be required to reveal personal data upon request of public authorities.
9.2. Additional information about User's Personal Data
In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.
9.3. System logs and maintenance
For operation and maintenance purposes, this Application may collect files that record interaction with this Application (crash reports, system logs).
9.4. Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the beginning of this document.
9.5. Changes to this privacy policy
We may update this Privacy Policy from time to time at our discretion and in particular to reflect any changes in applicable laws. If we do so, and the changes substantially affect your rights or obligations, we shall notify you if we have your email address. Otherwise, you are responsible for regularly reviewing this Privacy Policy so that you are aware of any changes to it.
Should the changes affect processing activities performed on the basis of the User’s consent, the Data Controller shall collect new consent from the User, where required.