Back to Home

Privacy Notice and Personal Data Processing Agreement (attachment 1)

  1. The Provider, PromethistAI a.s., company incorporated and existing under the Czech law, with its registered office at Salvátorská 931/8, Staré Město, 110 00 Praha 1, Identification Number 08671281, entered into Commercial Register maintained by the Prague City Court, Section B., Insert No. 24826, processes the following personal data in relation to operation of the Platform:

    1. personal data you entered when creating your account within the Platform, such as your name, surname, e-mail and other contact details; with respect to such data the Provider acts as independent data controller;
    2. personal data concerning you as data subject which you enter to the Platform when interacting with the Platform (i.e. data included in the conversations within the Platform; owth respect to such data the Provider acts as independent data controller; and
    3. personal data related to other data subjects which you process as independent controller and which is entered to the Platform when interacting with the Platform (i.e. data included in the conversations within the Platform); with respect to such data the Provider acts as personal data processor.

    Please note that personal data related to the payment for the use of the Platform, such as credit card details are collected and processed by the payment services provider, Stripe Inc. or its local affiliates, please see their Privacy Policy at https://stripe.com/en-cz/privacy for more information.

  2. The legal title and purpose of the above data processing is performance of the contract between you and the Provider, in particular operation of the Platform in accordance with its specification. The Provider may also process personal data to pursue its legitimate interest such as prevention of fraud or maintenance and development of the Platform. The Platform is not intended for processing special categories of personal data such as data related to sexual orientation, political opinion or health of an individual (sensitive data). You are strongly discouraged from entering any sensitive personal data to the Platform, however, if you do so, you agree that such data will be processed and stored within the Platform as necessary for your interaction with the Platform and its use.

  3. The Provider shall process personal data only for the period necessary to achieve the above purpose of data processing, in any case no longer than for the duration of the contract with you, unless it is required to retain personal data for longer period under any applicable laws or for resolution of claims.

  4. In case where the Provider acts as personal data processor,

    1. the Provider shall process the personal data only on documented instructions from you, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by applicable law to which the Provider is subject; in such a case, the Provider shall inform you of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest. This shall not affect the processing of anonymized data under Article 3.3 of the Terms.
    2. The Provider shall ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
    3. The Provider shall ensure to take all measures pursuant to Article 32 of the GDPR.
    4. The Provider shall be entitled to engage another processor to process Personal Data only with your prior written consent. Should such consent be granted, the Provider shall adhere to its obligations under Article 28, paragraph 2 and 4 of the Regulation. By accepting these Terms you consent to engagement of sub-processors set out in Section 1.5 below.
    5. While processing personal data, the Provider shall take into account the nature of the processing, assists you by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the your obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR and ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to the Provider.
    6. The Provider undertakes to, at your choice, delete or return all the personal data to you after the end of the provision of services relating to processing, at the latest upon termination of the contract and delete all existing copies unless any applicable law requires storage of the personal data.
    7. The Provider shall make available to you all information necessary to demonstrate compliance with the obligations laid down in this Attachment as well as in any applicable laws and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you.

  5. The Provider may transfer to personal data to other recipients acting as processors of personal data, in particular providers of technologies used for operation of the platform, including the following entities:

    Microsoft Corporation | One Microsoft Way | Redmond, WA 98052 | United States

    OpenAI, L.L.C. | 3180 18th St | San Francisco, CA 94110 | United States

    ElevenLabs Inc. | 169 Madison Avenue, Suite 2484 | New York, NY 10016 | United States

    You acknowledge and agree that these entities may transfer personal data outside the European Economic Area (in particular to the United States of America) based on the applicable legal title for such transfer (such as, in particular, the EU-US Data Privacy Framework or the Standard Contractual Clauses).

  6. Each data subject has the following rights: (a) right of access: i.e. right to obtain confirmation from the data controller as to whether or not personal data concerning such data subject are being processed, and, where that is the case, to access such personal data and obtain information as to scope, method, purpose and duration of such processing; (b) right to rectification: i.e. to request correction of inaccurate or amendment of incomplete personal data related to such data subject, (c) right to erasure (right to be forgotten): i.e. the right, under the conditions set out in GDPR, to have personal data related to such data subject erased for example in cases when such data are no longer necessary in relation to the purposes for which they were collected, consent to their processing has been withdrawn, objection to their further processing has been made or they were processed unlawfully; (d) right to restrictions of processing for example when the accuracy of personal data is contested or the personal data were unlawfully processed, (e) right to data portability: i.e. right to receive the personal data provided above in a structured, commonly used and machine-readable format and to transmit those data to another controller, under the conditions set out in GDPR and to the extent of technical capabilities of the data controller; (f) right to object to further processing of personal data by the data controller for example in cases where the processing is based on legitimate interest of the data controller; (g) right to withdraw consent: in case where the data processing is based on consent of data subject such consent may be withdrawn at any time without affecting lawfulness of processing carried out before such withdrawal and (h) right to file complaint at the data protection authority (Office for Protection of Personal Data).