We, the R-SYS s.r.o. having its seat at Rybárska 7389, 911 01 Trenčín, Slovakia, Company Reg. Number 36 014 061, as the producer, service provider and operator of MamDron application (hereinafter to as the “R-SYS” or “Controller”)
hereby declare that
to ensure the protection of the rights of the data subjects concerned, the Operator has taken appropriate personnel, technical and organizational measures for a lawful processing of personal data. Hereinafter, the Operator publishes all mandatory information contained in provisions of both the Regulation (EU) 2016/679 and the Act (SK) No. 18/2018 Coll., on personal data protection that the Operator abides to, and therefore has established a transparent filing system for record-keeping of security incidents and any queries raised by the data subjects as well as other natural persons to whom this may concern.
Personal data protection-related information can also be obtained by contacting the controller via phone No.: +421 32 7433695, or by email at: [email protected], or by this information sheet that can be found in Privacy Policy section of R-SYS website at: www.r-sys.sk.
The below information is provided pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”), as well as to the Act of the Slovak Republic No. 18/2018 Coll. of 29 November 2017 on personal data protection and on amendments to certain acts (hereinafter referred to as the “the Act”).
1. Controller
R-SYS, s.r.o.
Rybárska 7389
911 01 Trenčín
Slovak Republic
Company Reg. No.: 36014061
We, the R-SYS process your personal data for objectives arising from our position of the controller who shall specify purposes for which your personal data are collected, who shall allocate the means to be used for a processing of your personal data, and who is responsible for a proper and safe processing of such data.
2. Processors
The controller may, in certain cases, entrust one or more processors with the processing of personal data of data subjects concerned pursuant to Art. 28 of GDPR.
The processor is entitled to process personal data of data subjects concerned on behalf of the controller. The processing of personal data through a processor does not adversely affect the exercise of data subject’s rights. The controller employs only the processors they take appropriate personnel, technical, organizational and other measures so that a processing of personal data meets the GDPR requirements, and that the protection of the data subject’s rights is fully ensured.
The controller may entrust the following processors with a processing of personal data of data subjects concerned:
3. Purposes of personal data processing and their legal basis
As the MamDron controller, we gather only such your data that are essential for the MamDron legitimate operation, and also for ensuring the maximum possible protection against its potential misuse via cyberattacks. In addition, certain features and capabilities of the application enhance its usability, and thus fulfill the expectations laid to the MamDron project.
Personal data processing for purposes of MamDron application and its lawfulness includes the following:
a) Registration of a new user – personal data needed for this action are processed pursuant to Art. 6 (1) (a) of GDPR stating that personal data processing is lawful when the data subject has given consent to the processing for one or more specific purposes. So, at the registration, by checking the box “I agree to the processing of my personal data”, you give us consent to use your data for a creation of a unique account which allows you to login to the application and to use its capabilities. You can withdraw this consent at any time by submitting a written request to our technical support, thereupon your account will be automatically deleted.
b) Newsletter (news from the world of drones) – once registered in MamDron application, you can give consent to receiving marketing messages informing about the news, upcoming events and information from the technology world of drones. The legal basis for a processing of your personal data will be your consent pursuant to Art. 6 (1) (a) of GDPR (see Art. 3 a) hereinbefore). This consent can be withdrawn at any time by using “Unsubscribe” button located in the footer of each received marketing e-mail, or by submitting a written request to our technical support.
c) Location data indicating geographical position (GPS) – at the first launch of the application, you will be asked for the permission to use your GPS location data. For the sake of the maximum exploitation of MamDron capabilities, the enabled Location feature offers a faster, easier and precise visualization of the location where you want to fly your drone. Using this data, MamDron can identify a position of your drone in flight or indicate whether it occurs in a restricted area or no-drone zone, or whether your drone-zone is not in a collision with a zone allocated to another MamDron user. The legal basis for a processing of your personal data will be your implied consent you give by an activation of Location feature and a utilization of MamDron location services. This feature is optional, it can be enabled (or disabled) in Settings menu of MamDron application or of your Smart device. Nevertheless, its non-usage does not limit an access to other MamDron features in any way.
d) Flight planning & flight record-keeping – these features enable a preparation of your intended flights and archiving of the flights performed whereby certain data are processed pursuant to Art. 6 (1) (f) of GDPR stating that a processing is lawful for the purposes of legitimate interests pursued by the controller. By these features, we, as the MamDron controller, provide you with certain planning capabilities and an electronic storage location for flight record-keeping. The features are also optional, their non-usage does not limit an access to other MamDron features in any way.
e) Push notifications and/or communication with MamDron IT support – while using the application, we may need to send you push notifications for specific reasons (e.g. something happens in the zone where you want to fly, or where you are flying, or certain application features will be changed/updated, etc.). To this end, we will need to process your contact details pursuant to Art. 6 (1) (f) of GDPR (see Art. 3 d) hereinbefore) as it is in our legitimate interest to assist you, as the MamDron user, by informing you about such events in due time. Similarly, such processing of personal data will be done whenever you want to let us know your opinion, or to solve a problem via a contact form or e-mail. In our legitimate interest is also to answer questions, process the requests or complaints sent by other natural persons. You have the right to object to such processing at any time.
4. Personal data to be processed
Following specific events/operations will require a processing of your personal data within MamDron application:
a) Registration of a new MamDron user
– First name, surname, e-mail address, phone number, access password
b) Subscription to newsletters
– E-mail address
c) Location Services
– Your current position
d) Flight planning & Flight record-keeping
– Date/time, location, flight length (start and end time), zone/volume of the space allocated for the planned flight
e) Push notifications & communication with IT support
– Name, e-mail address, phone number (optional), information conveyed (message content).
5. Duration of the processing and retention period of personal data
Personal data processed pursuant to Art. 6 (1) (a) of GDPR – by giving your consent to the processing of your personal data, the data will be processed for a period of 3 years, or until the consent withdrawal. Before an expiry of first data processing period, we contact the user by e-mail requesting whether he/she wishes to renew the consent for additional 3-year period or not. If you withdraw from the consent to renew the purpose of processing, or if you fail to respond to the request until the processing period expiry, we will no longer proceed in processing your personal data – your personal details will be automatically discarded by deleting electronic data from the file system, and by physical destroying the printed copies, if any.
Personal data processed pursuant to Art. 6 (1) (f) of GDPR – as it is in our legitimate interest to grant you a comfortable and trouble-free usage of our services, your personal data obtained when responding to your requests, questions, suggestions or solving problems within a technical support, will be immediately discarded once the purpose of their processing will be met.
We, as the controller, will ensure an erasure of your personal data without undue delay upon an occurrence of any of the following, whichever applicable:
– All contractual relations between you and the controller have been terminated; or
– All your obligations toward the controller have ceased to exist; or
– All your complaints have been settled and your requests have been cleared; or
– All rights and duties between you and the controller have been settled; or
– All lawful purposes of personal data processing, or other processing purposes for which you (as the data subject) gave us consent have been satisfied; or
– The processing period for which the consent was given has expired or the data subject has withdrawn his consent; or
– An justifiable request of the data subject for an erasure of personal data has been approved by the controller; or
– The decisive legal fact for the termination of the processing purpose has occurred and, at the same time the protective retention period defined with regard to the principle of minimizing the period of personal data storage has expired; and concurrently
– The legitimate interest of the controller does not persist any longer, all obligations of the controller stipulated by mandatory statutes requiring a storage of personal data of the data subject concerned (especially for archiving purposes, tax audit, etc.) or obligations which could not be fulfilled without personal data storage have ended.
In no case, we do systematically process any accidentally obtained personal data for any our own purpose. If we incidentally obtain personal data that are out of the scope of the processing purposes herein, we will inform the data subject to whom they belong about such data obtaining and, provide all necessary coordination leading to a restoration of control over his/her personal data as appropriate. After taking these steps aimed at a restoration of your control, we will immediately dispose all the accidentally obtained personal data in a safe manner.
If you want to receive more information about the specific retention period of your personal data, please contact us via the contact form on our website.
6. Publicity of personal data
The controller makes, in no way, the personal data of MamDron data subjects publicly available.
7. Cross-border transfer of personal data
The cross-border transfer of personal data, is currently not allowed and likewise we will proceed also in the future.
8. Rights and obligations of the data subject
We will do our best to respond to your requests as soon as possible, but within 30 days of receiving your request at the latest. Applicable legal regulations, including the Directive 95/46/EC (GDPR) and the Act No. 18/2018 Coll./SK (Act) allow you the following:
Right of access by the data subject – you have the right to obtain from us a confirmation as to whether your personal data are being processed or not, and if so, to obtain a copy of such data including additional information pursuant to Art. 15 of GDPR, and § 21 of the Act. In the event, that we have collected a large amount of your personal data, we may request you to specify a kind of data you are interested in.
Right to rectification – so that to always process only your up-to-date personal data, we kindly request you to notify us of any change or incompleteness of your personal details as soon as possible. If your data are incomplete or inaccurate, you have the right to have them completed or corrected.
Right to erasure – pursuant to Art. 17 of GDPR and § 23 of the Act, you have the right to obtain from the controller the erasure of your personal data in the case that your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, or you have withdrawn consent for your personal data processing, or your data have been unlawfully processed, or the processing purpose no longer exists. The period for deletion is 60 days, during which you can request cancellation of the deletion of the data. After the 60-day period has expired, the data will be irreversibly deleted. However, your data cannot be deleted if they are necessary for the establishment, exercise or defence of legal claims.
Right to restriction of processing – pursuant to Art. 18 of GDPR and § 24 of the Act, you have the right to obtain from the controller the restriction of your personal data processing in the case that you complain the correctness of your personal data, or the processing is unlawful, however do not want us to erase the data and request the restriction of their use until you exercise your rights. We will continue processing your data if there are grounds for the establishment, exercise or defence of legal claims.
Right to data portability – if the processing is based on your consent or on a contract between you and the controller, and the processing is carried out by automated means, you have the right to receive from the controller your personal data in a commonly used and machine-readable format. On your request and where technically feasible, we can transmit your personal data directly to another controller. That right cannot be applied to processing necessary for the performance of a task carried out in the public interest or in exercising a public authority.
Right to object – you, as the data subject, have the right to object, at any time a processing of your personal data if such processing is carried out in the public interest or in the exercise of a public authority vested in the controller, or if demonstrated that the processing is carried out in legitimate interest of the controller or the third parties. Once you submit an objection to the processing of your personal data, we will restrict their processing and unless we demonstrate compelling legitimate reasons for processing that override your interests, rights and freedoms or grounds for the establishment, exercise or defence of legal claims, we will not continue processing and we will erase your personal data. You have the right, at any time to object to the processing of personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing. Where you will object such processing for direct marketing purposes, we will no longer process your personal data for such purpose.
Right to lodge a complaint – if you, as the data subject, consider that the processing of your personal data infringes provisions of the GDPR or the Act, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. For the territory of the Slovak Republic, the supervisory body is the Office for Personal Data Protection, with its seat at: Hraničná 4826/12, 820 07 Bratislava, the Slovak Republic, web: www.dataprotection.gov.sk, tel.: +421 /2/ 3231 3220.
Right to consent withdrawal – if the processing of your personal data is based on your consent, you, as the data subject have the right to withdraw the consent at any time. The consent withdrawal shall not affect the lawfulness of processing arising from the consent given before its withdrawal. If you will decide to receive business and marketing information about our products and services again, you may renew your revoked consent at any time by any of the above contact details (see Art. 8 hereof).
9. Contact details of the Office for Personal Data Protection
Office address:
Hraničná 12
820 07, Bratislava 27
Slovak Republic
Company Reg. No.: 36 064 220
Filing room:
Monday – Thursday: 8:00 – 15:00
Friday: 8:00 – 14:00
Telephone consultations concerning GDPR: Tuesday and Thursday: 8:00 – 12:00 at: +421 2 323 132 20
President’s office: Tel. No.: +421 2 323 132 11
Secretariat of the Office: Tel. No.: +421 2 323 132 14; Fax: +421 2 323 132 34
Spokesperson:
Mobile phone No.: +421 910 985 794
E-mail: [email protected]
E-mail address for:
a) general inquiries : [email protected]
b) for providing information under Act No. 211/2000 Coll.: [email protected]
c) web site: [email protected]
d) consulting issues regarding personal data protection (intended for children, young people, students, teachers, parents who suspect that their personal data have been misused): [email protected]
To submit a request for a provision of information pursuant to Act no. 211/2000 Coll. on free access to information, use the online form.
A template of the application for an initiation of personal data protection proceedings can be found on the Office’s website at: (https://dataprotection.gov.sk/uoou/sk/content/konanie-o-ochrane-osobnych-udajov).
10. Security of website and MamDron application
Our Website and MamDron application use an encrypted SSL connection whenever a user logs-on and transfers any data, SSL prevents third parties from accessing the data during their transfer via Internet and the modification of such data by third parties. The controller’s databases containing personal data are protected by encryption and non-public access data in accordance with the latest technical standards.
11. Cookies policy
This information about using cookies is provided pursuant to § 55 (5) of the Act No. 351/2011 Coll. of the Slovak Republic on electronic communications, as amended. In addition, an attention is drawn to a modification of settings of your Internet browser in case that the current settings for using cookies do not suit you.
What are cookies?
Cookies are small text files that can be sent to the Internet browser when you visit a website and stored on your device (computer or other device with Internet access, such as a smartphone or tablet), particularly, they are stored in a folder containing Internet browser files. Cookies usually contain the name of the website from which they originated, the origination date and information helping the site to “notice” certain inputs, settings and preferences (such as user login, speech, font size and other display preferences) over a period of time, so they do not need to be re-entered on subsequent visits of, or when navigating on the page. Cookies can also be used to track how you use the site and to analyse it. There are session cookies which are deleted after closing the browser window, and permanent cookies which are stored on your hard disk until deleted after an elapse of a specified time.
Why do we use cookies and their legal basis
We use cookies in order to constantly improve our services, customize them to your demands and needs, improve their structure and content, as well as to deliver interesting offers for you. By using cookies, we, as the controller, do not use your contact details for communicating (via post, e-mail, or telephone). The extent to which data are processed by individual implemented cookies is carried out pursuant to Art. 6 (1) (a) of the GDPR – based on given consent to maintain the best possible functionality and optimization of the website.
How can you change cookie settings?
Most internet browsers are set to automatically accept cookies. You can change this setting by blocking cookies or by a notification when cookies are to be sent to your device. Instructions for changing cookies can be found in Help option contained in each browser. If you use various devices for an access to the site (computer, smartphone, tablet, etc.), we recommend you to adjust your cookies preferences of the browser for each such device.
Why keep cookie settings?
Používanie cookies a ich povolenie vo webovom prehliadači je na vašom rozhodnutí. V prípade zmeny ich nastavenia však môžu mať niektoré naše webové stránky obmedzenú funkčnosť a znížený užívateľský komfort.
It is on your free will whether you enable using cookies in the web browser or not. However, if you change cookies settings, some of our websites may provide limited functionality and a reduced user comfort.