Privacy Policy

Personal data controller and data subject

The controller of personal data is Kangelo Media s.r.o. , with registered office at Vlkova 679/39, Žižkov (Prague 3), 130 00 Prague, ID No.: 07951701, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 310422 (hereinafter referred to as the controller). The data subject may contact the controller at any time at the following e-mail address: info@kangelo.com.

The data subject is the natural person who has provided his/her personal data to the controller via the website www.kangelo.com and/or the Kangelo mobile application (hereinafter referred to as the Kangelo application). The data subject may also be a natural person whose personal data the controller has obtained from other lawful sources.

The controller has not appointed a data protection officer.

Scope of processing of personal data

The controller shall process personal data to the extent that they are provided to it by the data subjects or to the extent that the controller obtains them from other lawful sources. These include in particular: 

• name and surname,

• date of birth,

• nationality,

• sex,

• language skills,

• passport or ID card number,

• the name of the natural person's business,

• residence,

• the address of the registered office or place of business,

• billing and delivery address,

• identification number and tax identification number,

• e-mail,

• login name and password,

• phone number,

• payment details,

• birth number (in cases provided for by law),

• network identifiers,

• personal data obtained from cookies.

If the data subject chooses this option within the management of his or her data in his or her user profile, the controller also processes data on health (e.g. allergies, vaccinations, etc.), insurance and data on a close person (name, telephone number, e-mail) in case of emergency.

In the case of guides, the controller also processes data relating to their experience and guide activities, in particular data on the city in which the guide has lived and for how long, whether they have a guide licence, etc.

Purpose of processing personal data

The controller processes the personal data of data subjects for the purpose of enabling registration (creating a user account / profile) in the Kangelo application, using the Kangelo application, facilitating the conclusion of a contract between the data subject and a partner offering its services in the Kangelo application and for the purpose of direct marketing  sending commercial (marketing) communications.

The controller sends commercial communications only if the data subject has subscribed to newsletters or if the controller has obtained the data subject's electronic contact details in connection with the sale of its products or services. The data subject has the possibility to unsubscribe from the newsletter in a simple way and free of charge by sending an email to info@kangelo.com or by using the link provided in each individual commercial communication.

There is no automated decision-making, including profiling, referred to in Article 22 of the General Data Protection Regulation 2016/679.

Legal basis for the processing of personal data

The legal basis for processing is, in the case of processing for the purpose of sending commercial (marketing) communications, the consent of the data subjects to the processing of personal data (subscription to newsletters) or the legitimate interest of the controller (obtaining electronic contact in connection with the sale of the controller's product or service pursuant to Act No. 480/2004 Coll. for direct marketing purposes).

Personal data provided by the data subject during registration beyond the mandatory data are processed on the basis of consent to the processing of personal data. In other cases, the processing is based on the performance of a contract (use of the Kangelo application, mediation of a contract between the data subject and a partner offering its services in the Kangelo application) and the protection of the legitimate interests of the controller (assertion of contractual rights in legal proceedings, etc.).

The controller also processes the personal data of data subjects if the processing is necessary to comply with a legal obligation or for other reasons specified in applicable law.

Period of processing of personal data

The controller processes personal data for the duration of the contractual or other relationship with the data subject and subsequently for a further 10 years, taking into account the limitation periods set out in the Civil Code. In the case of personal data processed on the basis of consent, the controller shall process the personal data for a period of 10 years, or until the data subject withdraws its consent to the processing of the personal data. This is without prejudice to the controller's obligation to process personal data for the period of time provided for by or in accordance with the relevant legislation.

Withdrawal of consent to the processing of personal data

The data subject may revoke his or her voluntary consent to the processing of personal data at any time, free of charge, by sending an email to info@kangelo.com. Withdrawal of consent does not affect the lawfulness of processing based on consent given prior to its withdrawal. Withdrawal of consent also does not affect the processing of personal data that the controller processes on a legal basis other than consent (i.e. in particular if the processing is necessary for the performance of a contract, the protection of the controller's legitimate interests or a legal obligation or for other reasons specified in applicable law).

Access to personal data

The personal data of data subjects is accessible to the controller and, where applicable, to third party recipients who provide appropriate safeguards and whose processing meets the requirements of applicable law and ensures adequate protection of the rights of data subjects.

The controller transfers the necessary personal data of data subjects to partners who provide their services in the Kangelo app, if the subject requests the conclusion of a contract with this partner (sends a request for the partner's service advertised in the Kangelo app).

Other recipients of personal data are payment system providers, accounting/payroll service providers and systems, insurance companies, IT system administrators, legal and tax advice providers, marketing service providers, carriers and public authorities to whom the controller is obliged to provide personal data (e.g. tax authorities).

The personal data is transferred mainly within the member states of the European Union, with the exception of partners providing services within the Kangelo app who are based outside the European Union, as well as persons providing Facebook services (marketing retargeting and Facebook profiles of the controller), Google Analytics (website traffic analysis and marketing), FireBase (Google) and YouTube (Google). These providers are based in the USA. Transfers to these recipients are based on standard contractual clauses.

Proof of identity of data subjects

The controller is entitled to require proof of the identity of data subjects in order to prevent unauthorised persons from accessing personal data.

Rights of data subjects in relation to personal data

In particular, the data subject has the following rights in relation to personal data:

1. the right to withdraw consent (if given) at any time;

1. the right to rectify or supplement personal data;

1. the right to request restriction of processing;

1. the right to object to or complain about processing in certain cases;

1. the right to request data portability;

1. the right of access to personal data;

1. the right to be informed of a personal data breach in certain cases;

1. the right to erasure of personal data (right to be forgotten) in certain cases; and

1. other rights set out in the Personal Data Processing Act and the General Data Protection Regulation 2016/679.

What does it mean that the data subject has the right to object?

According to Article 21 of the General Data Protection Regulation 2016/679, the data subject has the right to object to the processing of personal data if the processing is carried out on the basis of legitimate interest, including processing for direct marketing purposes. The objection may be 

submitted to the controller in writing or by e-mail to the following address: info@kangelo.com. If the data subject objects to the processing, the controller shall no longer process the personal data unless the data subject demonstrates compelling legitimate grounds for the processing which override the interests or rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims. If personal data are processed for direct marketing purposes and the data subject objects to such processing, the controller shall no longer process the personal data to that extent.

Further information on this right is contained in particular in Article 21 of the General Data Protection Regulation 2016/679.

Obligation to provide personal data

Personal data is provided by the data subject on a completely voluntary basis. The data subject is under no obligation to provide it. If the data subject does not provide his or her personal data to the controller, he or she shall not be subject to any penalty. However, if the data subject does not provide the necessary personal data to the controller, it will not be possible to conclude a contract between the controller or the Kangelo application partner and the data subject regarding the products/services offered by the controller/partner, as they would not be able to fulfil the contract. However, it is entirely at the data subject's discretion whether or not to enter into a contractual relationship with the controller.

Security of personal data

All personal data is secured by standard procedures and technologies. Personal data that is processed in electronic form is stored within the internal system and is only accessible to authorised users working with this personal data via devices secured by a login and password. The controller uses professional antivirus protection and a firewall, which it regularly updates. The controller shall regularly check the system for vulnerabilities and attacks and shall apply such security measures as the controller may reasonably be required to take to prevent unauthorised access to the personal data provided and which, having regard to the current state of technology, provide adequate security. Personal data processed in written form shall be stored in secure premises of the controller to which only authorised persons have access. All security measures taken are regularly updated.

Although the controller secures personal data by means of appropriate technical and organisational measures, it is not objectively possible to guarantee their security completely. Therefore, it is also not possible to ensure 100% that the personal data provided cannot be accessed by third parties, copied, disclosed, altered or destroyed by breaching the controller's security measures. However, in this context, the controller guarantees that it takes all reasonable steps to keep the personal data secure and regularly checks for security breaches.

Cookies

In order to ensure the functionality of the Kangelo application, the controller uses so-called cookies, which are stored on the data subjects' devices. These cookies are mainly used to ensure the functionality of the application, marketing and for traffic analysis. With the exception of necessary technical cookies, cookies are stored only after a prior consent of the data subject. The controller uses Google Analytics for traffic analysis. If the data subject does not wish to provide data about the use of the website to Google Analytics, he or she can use a plugin provided by Google. Once installed in the browser and activated, no further data will be sent. More information on the processing and use of data can be found in Google's terms and conditions.

Standard web browsers (Safari, Internet Explorer, Firefox, Google Chrome, etc.) support cookie management. Within the settings of the browsers, the data subject can manually delete, block or completely prohibit the use of individual cookies, or block or allow them only for individual websites. For more detailed information, the data subject can use the help section of their browser.

The Administrator uses so-called temporary cookies and persistent cookies on its website. Temporary cookies are stored on the device only until the internet browser program is closed. Temporary cookies allow information to be stored when moving from one website to another and eliminate the need to re- enter certain data. Persistent cookies help to identify the device of data subjects in the event of repeated visits to the website and allow the website to be adapted to the interests of data subjects.

The following table shows the types of cookies used by the administrator:

Final provisions

The data subject has the right to lodge a complaint regarding the processing of personal data by the controller with the Office for Personal Data Protection, Pplk. Sochor 27, 170 00 Prague 7, website: www.uoou.cz. Alternatively, he/she may apply for judicial protection before a competent court.

This policy takes effect on 1 January 2022.