Data subject rights
a) Confirmation rights
Any data subject will have a right to get information whether his or her personal data is processed, which is supported by European legislator. If such data subject is willing to use confirmation rights, he or she may contact employee any time.
b) The access right
At any time, the data subject has a right to get and copy data on his or her personal information from the controller, which is granted by legislation of EU. Moreover, European legislation grants any subject of data to have access to his or her information, including:
In addition, data subject will have a right to get information whether his or her data is used by a third party or an international institution. In such a case, data subject will be informed how the transferred information is protected.
If data subject is willing to get access to such information, he or she can contact the controller any time.
c) The rectification right
Any data subject has a right to fix all the inaccuracies in personal data, contacting the controller. Such right is granted by the European legislation. Considering the goals of processing information, all possible mistakes or incomplete files will be completed and accompanied with a supplementary note.
In case the data subject is willing to use his or her right to rectification, he or she can contact the controller any time.
d) The erasure right
Any data subject has a right to ask the controller to erase his or her personal information without any delays, which is granted by legislation of the European authority. The controller will be obliged to erase information without any delays if the following situations are applied:
If one of the mentioned reasons is viable and the subject of data wants to request erasing of personal information that is stored by CPIMobi, he or she should reach the controller any time it is necessary. CPIMobi will immediately erase information, without any questions or delays.
If the controller has made such personal information public and is obliged to delete it, he needs to use all the necessary technical measures and steps to inform other controllers, who also have access to such information, and ask them to delete all links or copies of the requested personal information. Considering all the costs of such a process, CPIMobi employees will complete all the measures in every case individually.
e) The right to restrict the processing
Every data subject has a right to get a restriction of procession of personal information, which is granted by the European legislation. It includes:
If one of the mentioned conditions exists and the subject of data is willing to request restriction of personal data processing, which is stored by CPIMobi, he may contact the controller any time. The controller of CPIMobi will complete the restriction procedures.
f) The right to move data
Every subject of data has a right, which is granted by the European legislation, to obtain personal data about oneself, which was previously given to the controller in a proper format (i.e. properly structured, readable by the computer and used publicly). Data subject will have a chance to move such information to other controllers without any obstacles from the controller, who was storing the information. This process should be based on Article 6(1) point a) and Article 9 (2) point a) of GDPR. In addition, such procession should be completed by automated technologies if the procession is not completed for public interest or using by authorities.
Moreover, according to Article 20(1) data subject has a right to transmit personal information between controllers if it is technically possible and doesn’t influence rights or freedoms of other subjects.
To use the portability right, data subject can contact CPIMobi employee any time.
g) The right to object
Every subject of data has a right, which is granted by the European legislation, to disagree or object processing his or her information depending on a particular situation at any time, based on points e) and f) of the Article 6 (1) of GDPR. This also works for profiling, based on these provisions.
In case of objection, CPIMobi won’t process personal information unless there will be legitimate facts for its procession that may override interests, freedoms or rights of the subject. This also applies to legal claims.
In case CPIMobi uses information in marketing purposes, the subject can use his or her right of objection, prohibiting usage of personal information for marketing goals. If the subject objects using personal data for direct marketing, CPIMobi won’t process personal information for such goals.
Moreover, the subject of data has the right to object information processing for research purposes, including scientific, historical or statistical ones, powered by CPIMobi. This is based on Article 89 (1) of GDPR, unless such procession is necessary for matters that are considered a public interest.
To use the right to object, the subject should contact a CPIMobi employee. In addition, he or she can context the use of society services information and Directive 2002/58/EC to use the right to object, using automated measures, using technological specifications.
h) Automatic-based individual decision-making, also profiling
Every subject of data has a right, which is granted by the European legislation, not to be subject to a certain decision, which is based on machine processing and profiling. This may have a legal or any other impact on the data subject if the decision (1) is not necessary for signing or following the contract between the subjects and a controller or (2) is not allowed by the Union legislation or a member of the state, which also includes the subject, and which also aims to accept necessary measures to protect rights and freedoms of the subject and his interests, or (3) is not based on the agreement of the data subject.
If the decision (1) is necessary for signing or following the contract between the subjects and a controller or (2) is based on the agreement of the subject, CPIMobi will take necessary measures to protect information, rights and freedoms of the subject, as well as his interests, and a right to opt for human approach from the side of the controller, and express his or her views and influence the decision.
In case the data subject is willing to use his rights on automated decision-making, he or she can contact CPIMobi employee at any time.
i) Right to retract consent on data protection
Every subject of data has a right, which is granted by the European legislation, to retract his or her compliance to process personal information at any time.
If the subject is willing to use the right to retract such consent, he or she should contact CPIMobi employee at any time.
Legal foundation for processing
GDPR article 6(1) point a) acts like a legal foundation for processing data, which is previously granted for certain processing purposes. If such processing is used for performing a contract, involving a subject of data, for example, when supply of goods or services is held, the processing is based on article (1) point b) GDPR.
The same terms are used for processing pre-contractual operations. They may include inquiries on services or products. Our company is subject to official obligations, required for processing personal information and fulfilling tax requirements. Such processing is based on Article 6 (1) point c) of GDPR.
Rarely, processing personal information is necessary to protect basic interests of the data subject or another individual. For example, this may be a case if a person is injured in our office and we will need to pass his data (name, age and insurance) to a hospital or a third party. In such situation, processing will be based on Article 6 (1) point d) of GDPR.
Processing can also be based on Article 6 (1) point d) of GDPR. It is used, when processing cannot be covered by any of the legal situations mentioned above, if processing is used for legal interests of our company or third parties. However, only if such interests do not interlink with the rights and freedoms of the data subjects, including protection of their personal information. Such operations are allowed, because they have been stated by the European legislation. Legitimate interest can be assumed if the subject is controller’s client (Recital 45, Sentence 2 of GDPR).
Legitimate interests of the controller or of the third party
In cases, when personal data processing is completed on the basis of Article 6(1) point f) of GDPR, legitimate interest lies in conducting business in favor of employees and shareholders.
Storage period of personal information
Under the storage period of personal information is understood a legally supported retention period. When such period expires, information is erased if it is no longer needed for completion of the contract or its initiation.
Cookies consist of so-called cookies ID. It is an identifier of every cookie, which contains a string of characters, which can link websites and pages with a particular browser, on which cookies are stored. Such system helps the website to distinguish one web browser from another, which have different cookies. Any browser can be identified, as it has its own, unique cookie ID.
By using cookies, CPIMobi provides easily accessible services, which wouldn’t exist without a cookie system. With its help, all the offers and services are customized according to every user, as the system is able to identify a particular browser.
However, the data subject can make changes in the settings of the Internet browser to prevent storage of personal information and saving cookies. The subject may also delete previously saved cookies through the browser or any other program at any time. Such feature is available on all types of browsers.
Although some functions of our website may not be available if the data subject decides to deactivate this function.
Collection of general information and data
CPIMobi website collects various information and data, when the subject or a certain system is using the website. Such data is kept on server log files. Collected information (1) may include the type of the browser and its version, (2) operation system of the accessed device, (3) the website, which was used to enter the website (also called referrers), (4) sub websites, (5) time and date, when the website was entered, (6) IP address, (7) provider of Internet services, which is used to log in to the website and (8) other similar details, which can be used to prevent attacks on systems of the website.
CPIMobi doesn’t make any conclusions on the subject, when collecting such general information. Such data is necessary to (1) correctly deliver website’s content, (2) improve website’s content and its ads, (3) provide viability of all the systems and technologies of the website, and (4) to provide authorities with all the required information to prevent criminal actions, like cyberattacks.
CPIMobi completes analysis of the collected information to increase protection of data and security of the company, and to provide a quality protection of every individual. All the log files are stored separately from personal information, provided by the subject.
All the users have a chance to subscribe to CPIMobi newsletters. An input mask is used to track what personal information is shared and the time, when the controller sends such a newsletter.
CPIMobi uses subscription to inform customers and partners on the latest news and offers. The subject may receive a newsletter in case (1) the subject has an e-mail address and (2) he or she has registered for a newsletter subscription. When the data subject decides to activate the subscription, he or she will receive a confirmation email or for any other legal procedures. Such emails are used to make sure that the subject has really decided to receive newsletters.
When the subscription is agreed, we store IP address of subject’s computer, as well as the date of registration. Such information is needed to protect the subject and the company for misuse of the newsletters and protect the controller in the future.
Personal information is used only to send out newsletters. Subscribers will also be notified on the changes in the system, newsletters or various offers. Personal data will never be sent to third parties. Subscription may be brought to an end at any time. The subject may also cancel storage of personal information any time it is necessary.
If the subject decides to reject the newsletter or cancel the storage, he or she may simply press a corresponding link in the bottom of every newsletter. There is also a chance to unsubscribe from the website or ask the controller to unsubscribe the user.
CPIMobi newsletters contain tracking pixels. Such pixels are graphic elements of e-mails, which are sent in a HTML format to record log files and analyze them. Such analysis allows tracking the results of marketing campaigns. In such a way, CPIMobi may see when the e-mail was opened and which links the data subject used.
Such information is collected and analyzed by the controller to improve the delivery of newsletters, adapting the future content or improving its quality. Such information will never be shared with third parties. Data subjects can cancel a corresponding declaration, which was issued by the double-opt procedure. After canceling, personal information will be deleted from the system. CPIMobi considers such withdrawal, as a refusal to receive newsletters.
Please contact CPIMobis’ Data Protection Officer at: firstname.lastname@example.org for further information.