This policy describes the protection of rights of individuals regarding the processing of their personal data. The purpose of this policy is to guarantee the inviolability of personality and privacy by ensuring protection of individuals in case of unauthorized processing of their personal data, in the process of free movement of data.
1. General Terms
1. This statement defines the management, maintenance and protection of personal data that includes private information of users of RM Messenger and is contained in the Personal Data Register ("Register").
1.2. The obligations of RM Messenger staff processing personal data ("Data Controller") and their responsibility when fulfilling these tasks.
1.3. The required technical and organizational procedures by the Data Controller for the protection of personal data from unlawful processing (accidental or unlawful destruction, loss or change, unlawful disclosure or access, non-regulated alteration or distribution, as well as all other unlawful forms of processing personal data).
2. Personal Data Collected in the Register
2. The following types of personal data are kept in the Register:
2.1. Names, phone number, email address, personal preferences, pictures, GPS position, IP addresses, information about device used.
3. Purpose of Register
3. The Register collects and stores personal data from the RM Messenger users:
3.1. For contacting users by phone and to send correspondence regarding completion of requests in regard to the RM Messenger services.
3.2. For bookkeeping and direct marketing.
3.3. To investigate and prevent fraudulent transactions, unauthorized access to the RM Messenger Software and other illegal activities.
3.4. To provide you with notices about your account.
3.5. To carry out the Company's obligations and enforce its rights arising from any contracts entered into between you and the Company, including for billing and collection, photo verification, ID verification and written authorizations.
3.6. To notify you about changes to RM Messenger or any products or services the Company offers or provides through RM Messenger.
3.7. To allow you to participate in any interactive features on RM Messenger.
3.8. To monitor and analyze trends, usage and activities in connection with RM Messenger and for marketing or advertising purposes.
3.9. To personalize the RM Messenger content, features or advertisements.
4. Register Management
4. The Register is kept in electronic form.
4.1. The Register is kept in electronic form and the personal data is stored in secured computer servers.
4.2. Access to the Register servers is controlled by secured passwords known only to the Data Controller staff authorized to process personal data. Data processing software is used when working with this data.
4.3. The protection of the Register from unauthorized access; corruption, loss or destruction of the data is ensured by maintaining up-to-date antivirus software and regularly scheduled backups.
5. Collection, Processing and Storing of Personal Data
5. Personal data is collected when a person who is a user in compliance with RM Messenger Terms of Service places requests in the RM Messenger online tools (the App).
5.1. In all cases, the individuals, whose data are subject to personal data processing, shall submit, via online forms, the necessary personal data to the Data Controller appointed for processing personal data.
5.2. The need for collection of the personal data and the purposes for its use will be communicated to the individual placing the order by the Data Controller.
5.3. To rectify the personal data collected, the individual must submit an official request to the Data Controller.
6. Automatic Data Collection
6.1. The Company may use automatic data collection technologies to collect certain information about your equipment and patterns, including:
6.1.1. Details of your visits to the Software, including traffic data, location data, logs and other communication data and the resources that you access and use on the Software.
6.1.2. Information about your mobile device, including the device's unique device identifier, IP address and operating system.
6.2. The Company may also use these technologies to collect information about your online activities in RM Messenger over time.
6.3. The information the Company collects automatically is statistical data and does not include personal information, but the Company may keep it or associate it with personal information the Company collects in other ways or receive from third parties. It helps the Company to improve the Service and to deliver a better and more personalized service, including by allowing the Company to:
6.3.1. Estimate audience size and usage patterns.
6.3.2. Store information about your preferences, thus allowing the Company to customize the Software according to your individual interests.
6.3.3. Recognize you when you return to the Service and the App.
7. Access of Individuals to Their Personal Data
7.1. The right to access one's personal data contained in the Register shall be exercised by submitting a written application to the Data Controller.
7.2. The application may also be submitted in electronic form.
7.3. The application for access shall be filed personally by the individual or by explicitly authorized person with a power of attorney certified by a notary public.
7.4. The RM Messenger Data Controller reviews all requests for access. The time limit for reviewing an application is 14 days from the day of submission or 30 days if more time is needed to collect the person's personal data due to unexpected difficulties in the Data Controller's ability to make the data accessible.
7.5. The decision shall be delivered personally after signature or by mail with advice of delivery.
7.6. Where the data does not exist or cannot be provided on a specific legal basis, the applicant shall be notified of refusal to access and the reasons for refusal. The refusal to grant access may be disputed by the person in front of the respective authority and in accordance with the legal deadline.
7.7. Only authorized Data Controller staff has access to the personal data with a file access password.
7.8. In addition, access to the personal data must be provided by the Data Controller staff to the officials directly involved in the clearance and verification of the legality of the documents of the requesting individual: manager, chief accountant or anyone performing technical accounting processing operations on the documents. Data Controller staff are required to provide access to them on request.
8. Access to the Register by Third Parties
8.2. The information in the Register can only be accessed the authorized Data Controller staff. Third parties do not have the right to access the Register unless required by the legal authorities (courts, prosecutors or investigative bodies). The law permits these authorities access to the personal data of the individuals.
8.3. No consent is required if the processing of the personal data is only carried out by or under the control of a competent state authority for personal data relating to the commission of legal offenses, administrative offenses or unauthorized access. Such persons shall be granted access to the personal data and, where necessary, shall be provided with appropriate working conditions in the premises of the company.
8.4. The access by state authorities to an individual's personal data requires duly legitimated relevant documents, such as written orders of the respective body, that state the names of the individuals and the reasons for access.
8.5. In case of changes in the Data Controller company's status (transformation, liquidation, etc.), requiring the transfer of the Register by the company to another data controller, the transmission of the Register shall be done after permission of the State Commission for Personal Data Protection.
8.6. The decision to grant or deny access to personal data for the person concerned shall be communicated by the Data Controller to the third parties within 30 days of the submission of the request.
9.1. When introducing a new personal data processing software, a specific committee shall be set up to test and verify the capabilities of the new product to meet the requirements of the Personal Data Protection Act and to make sure maximum protection against unauthorized access, loss, damage or destruction.
9.2. The non-fulfillment of the obligations incumbent by the respective officials under these Regulations and the Personal Data Protection Act, are subject to disciplinary sanctions under the Labor Code. When the non-fulfillment of the respective obligation has been established and established by a competent authority, as provided by the Personal Data Protection Act, an administrative penalty or fine may be imposed. If, because of the actions of the data subject, personal injury has resulted in damage to a third party, the latter may be held liable under the general civil law or criminal procedure if it is a more serious offense for which criminal liability is provided.
9.3. Archiving of personal data on a technical medium is done periodically every 30 days by the Data Controller to keep the Register information up to date.
10. Additional Provisions
For the purpose of this Statement:
10.1. The Data Controller is RM Media GmbH
10.2. Data processors are the staff or third-party contractors, trained and authorized for personal data management and protection.
10.3. For further information about your rights and personal information stored by RM Messenger, please contact:
Rechtsanwalt Dr. Daniel Kötz
10.4. This Policy shall come into force on 5 Sep, 2019.