Personal Data Processing
We collect information from publicly available sources relating to businesses, irrespective by whom such business is operated – be it a legal entity or self-employed individual, their business-related activities and their representatives, in order to connect pieces of publicly available information to provide a transparent, clear and comprehensive overview of business activities conducted on the relevant market, including any related market development. The main focus is laid on collecting business and commerce-related data.
2. Data controller and contact details
The controller of your personal data is BizMachine s.r.o., with its registered office at Pernerova 697/35, Karlín, 186 00 Praha 8, Czech Republic, Company ID No.: 054 50 641, registered in the Commercial Register maintained by the Municipal Court in Prague, file no. C 263839.
In case of any questions, concerns or other matters regarding the personal data protection, please contact us via the following e-mail address: firstname.lastname@example.org.
3. BizMachine’s services – Core data processing activities
BizMachine’s products and services are data-driven and lie in processing of publicly available business and commercial information. When providing these services, BizMachine may collect and further process personal data.
3.1 Purpose of processing
We collect publicly available data relating to businesses, their activities and representatives to offer a diverse scope of services the objective of which is to provide clients with comprehensive and up-to-date information about the current development of the business market they operate on. The services and information provided by BizMachine help our clients make informed decisions in relation to their (potential) customers, suppliers and business partners. BizMachine provides various reports, metrics and other data compilations which help our clients with their internal processes, including lead generation, market research and segmentation, targeting and development of sales & marketing strategies.
BizMachine does not target individuals in any way. The purpose of processing the data is to gain transparent knowledge about businesses to help the public and other business players to gain the desired transparency.
The legal basis for the processing of your personal data for this purpose is our legitimate interest. We have conducted and regularly review a legitimate interest assessment to ensure that the processing does not infringe your rights and freedoms.
3.2 Scope of data processed
BizMachine focuses only on business- and commercial-related data that are publicly available in public registers and other directories and that can be accessed by anyone online. BizMachine regularly assesses which data are necessary and relevant for its clients with regard to the purpose of BizMachine’s services. BizMachine strives not to process any data that would not be crucial for its products while ensuring that the scope of processed data does not infringe anyone’s privacy.
Depending on the category of data subjects, the scope of data processed may include the following categories of personal data:
- 3.2.1 Personal data of self-employed individuals. The information collected with respect to businesses operated by self-employed individuals qualifies as personal data because it identifies or may identify the particular self-employed individual that operates the business in question. The scope of collected personal data corresponds to the scope of data included in the entry of the particular business in relevant sources accessed by BizMachine, e.g., business name, address, contact details, business ID, scope of provided services, VAT registration number, etc. The collected information is connected to the specific business based on a unique identifier such as business ID.
- 3.2.2 Personal data of representatives of legal entities. With respect to businesses that are legal entities, BizMachine also collect publicly available information relating to the ownership structure and the corporate governance of the relevant business entities, which also includes information that may identify individuals, in particular shareholders, board members, executive directors and other representatives of the legal entity. The scope of collected data will correspond to the information publicly available in relevant sources and will mainly include identification information and contact details of such representatives, such as name and surname, residence address, date of birth, business email and business phone number, title or office in the legal entity, etc.
- 3.2.3 Personal data of persons in a business relation with the business. In order to provide a comprehensive overview of the current state of the relevant market and its development, BizMachine also analyzes how individual businesses (both legal entities and self-employed individuals), shareholders and statutory representatives are mutually connected, such as whether there are any publicly announced business relationships between the relevant entities and individuals (e.g., ownership interest, performance of office or a form of partnership). For this purpose, BizMachine collects and processes information that may include personal data of (i) self-employed individuals and (ii) representatives of legal entities, as described above, or (iii) other persons that are in a business relation with a particular purpose according to publicly available sources (e.g., third-country investors). These will mainly include identification and contact information or business relations. BizMachine then compares the data recorded in different sources to ensure maximum accuracy and transparency.
- 3.2.4 Personal data of other contact persons. BizMachine may also collect other publicly available contact information of legal entities which may include both generic addresses (e.g., email@example.com) or contact details of a particular representative (e.g., firstname.lastname@example.org).
Neither special categories of personal data nor any other specific datasets which might invade data subjects’ privacy are processed. Our core services do not use personal data, which are not publicly available and thus can be accessed and looked up by any other person.
3.3 Source of data processed
All data are collected from publicly available sources, which can be accessed by anyone. BizMachine collect pieces of information relating to businesses, their activities and representatives shattered and fragmented across publicly available online sources to ensure maximum accuracy and transparency.
In particular, the public sources may include the following categories:
Official public (government) registers
Local business online directories
Articles and media mentions
3.4 Regular updates
BizMachine regularly updates its data and verifies the information against various sources, which ensures that up-to-date information is processed and provided to the clients.
The customers are always provided with the latest version of the processed data. It is our policy and dedication to have data as accurate and up-to-date as feasible, which is ensured by regular synchronization with all the publicly available data sources in use. BizMachine has implemented internal processes and mechanism to ensure that all data are updated as frequently as possible, in accordance with the update scheme of the source of the data. BizMachine therefore strives to enhance its techniques to deploy cutting-edge technologies ensuring that the data it processes are up to date and accurate.
4. Ancillary data processing operations
We may further process personal data for other purposes that are not tied to our core services (as described in Chapter 3 above), however, directly relate to our business activities and communication with our customers, vendors or other persons. We particularly process such personal data for the following purposes:
4.1 Purposes of processing
- 4.1.1 Fulfilment of contractual obligations. If you or your company or organization entered into an agreement with us, we may process your personal data for the purpose of performance of the agreement and fulfilment of our contractual obligations under the agreement. That also covers scenarios when your employer (our customer) provides us with your email to give you access to our services and tools.
The legal basis for such processing is the performance of the contract for which the personal data are necessary and/or related legitimate interest to store such data. The retention period for the processing of the personal data will correspond to the duration of the contractual relationship.
- 4.1.2 Effective communication. We also process your personal data for the purpose of ensuring effective communication between you and us, as well as for the purpose of ensuring effective administration of our contractual relationship, if applicable.
For this purpose, your personal data are processed on the basis of our legitimate interest. The personal data necessary for this purpose is retained primarily for the period of the duration of our relationship.
- 4.1.3 Fulfillment of statutory obligations. Some personal data may be included in documents that we are required to store under applicable legislation, in particular with respect to accounting (e.g., applicable tax or accounting rules).
For this purpose, your personal data are processed on the basis of our legal obligation. The duration of the period for which we will process your personal data is set out by the relevant legislation; in principle, the retention period will not exceed the period of 10 years from the collection of the personal data.
- 4.1.4 Determination, exercise and defense of our legal claims. Following the termination of our contractual relationship, if applicable, we may continue to process the personal data that are necessary for the protection of our rights and for the potential defense of our legal claims, including collection of outstanding payments.
For this purpose, your personal data, will be processed on the basis of our legitimate interest, and for a period of time in which the relevant legal claims may can be pursued under applicable law.
- 4.1.5 Our marketing activities. In the course of our contractual relationship and/or if you give us your consent (such as to receive our newsletters), we may contact you to inform you about the BizMachine news, services, features, and special offers and to invite you to our events that we believe may be of interest to you. For that purpose, we process your data on the basis of your consent or our legitimate interest, as applicable, including the sending out of marketing communication within the limits prescribed by law.
The processing will be limited to the duration of our contractual relationship and a reasonable period afterwards, unless you grant us your consent to receive our marketing communication in which case your personal data will be processed for the duration of your consent, typically not exceeding the period of 3 years.
Your marketing communication preferences may be changed at any time. If you would like to unsubscribe from an email sent to you, please follow the "unsubscribe" link and/or instructions placed at the foot of every BizMachine email. You can also unsubscribe by contacting us via the contact details.
4.2 Scope of data processed
If you or your company have entered into a contractual relationship with us, we process the personal data necessary for the conclusion of the contract and for the effective communication with you, namely your and your company’s identification and contact details, payment information, the content of the communication and other information you may have shared with us for the purpose of the performance of the contract.
If we are required to retain some personal data for statutory purposes, the scope of personal data will be limited to the content of the respective documents and will mostly contain only identification and contact details and payment-related information.
The scope of data processed for the purpose of determination, exercise and defense of our legal claims will be limited to the information we processed during our contractual relationship.
In regard to our marketing activities, we will only process your business contact details given to us, namely your name, surname, email address, phone number and company.
4.3 Source of data
For all purposes of processing set out in Section 4.1 above, we obtain the personal data directly from you as a data subject (or from your employer being our contractual partner), in particular in the course of our contractual relationship.
6. Sharing and transfer of personal data (recipients of personal data)
6.1 Sharing data with customers within BizMachine’s services
After conducting the structuring, cleansing and subsequent analysis, your personal data may be primarily shared with our customers who use our services to obtain relevant reports and metrics in, where possible, an aggregated form or are provided with access to relevant data. The customers are always provided with the latest version of the processed data and the scope of personal data (if any) transferred to the customers is limited to a minimum of personal data relating to the particular business, as described in section 3.1 above. The customers are provided only with data which they could collect from the publicly available sources themselves; BizMachine does not collect any data (all the more not so personal data) which would not be publicly available at the moment of collection.
6.2 Sharing data for ancillary operational purposes
To ensure our business operations, we may process your personal data for some ancillary operations. For those reasons, your data may be further shared (to the extent applicable, without limitations) with:
- companies of the same group, which BizMachine is a member of, e.g., SharpGrid s.r.o. (Company ID No.: 095 40 385)
- service providers and external auditors, consultants, tax advisors and legal representatives bound by a confidentiality obligation
- public prosecution bodies, courts, and administrative authorities in accordance with our legal duties.
Where applicable, we have entered into data protection agreements with our processors to ensure adequate protection of your personal data.
6.3 Data transfers outside the EU
When using certain service providers (such as for software tools), we may, at some instances, transfer some of you persona data outside the EU, in particular to the USA. Should your data be transferred outside the European Union or European Economic Area, all data transfers are conducted in accordance with Chapter V. of GDPR — in particular, in accordance with adequacy decisions issued by the European Commission and standard contractual clauses (Model Clauses) supplemented by appropriate safeguards, as deemed necessary given the nature of the personal data processed.
7. Data security
We have implemented and maintain appropriate technical and organizational measures, internal controls and information security processes in accordance with legal requirements and market standards corresponding to a possible threat to you as the data subject. We also take into consideration the state of technological development in order to protect your personal data from accidental loss, destruction, alterations, unauthorized disclosure or access. Such measures may, among other things, include taking reasonable steps to ensure the liability of relevant employees who have access to your data, training of employees, regular backups, procedures for data renewal and management of incidents, software protection for devices on which personal data are stored, etc.
8. Your rights as a data subject
If you wish to exercise any of your rights according to this Section or according to applicable legislation, please contact us using the contact information listed in section 2 above.
8.1 Access to your personal data
You have the right to obtain confirmation as to what personal data we process or do not process with respect to you.
You can access your personal data via contact details.
8.2 Withdrawal of consent
When you have given us your consent to marketing communications, you can also withdraw your consent by clicking on subscribe button in a particular email communication (see Our marketing activities). Please note that the withdrawal of your consent does not affect the lawfulness of processing conducted on the basis of consent prior to its withdrawal.
8.3 Rectification of your personal data
According to applicable legislation, you have the right to rectification of your personal data that we are processing if you find that they are inaccurate or incomplete.
To request rectification of your personal data, please contact us via the aforementioned contact details.
8.4 Erasure of your personal data
You can request erasure of your personal data at any time. The scope within which we can comply with your request for erasure of personal data may be limited by our statutory obligations to store some personal data, particularly on the basis of accounting and tax regulations, etc. Further, we will also erase all of your personal data (and ensure erasure thereof by the processors that we engage) if you withdraw your consent.
The request for restriction of processing can be made using the aforementioned contact details.
8.5 Restriction of processing
If you request us to restrict the processing of your personal data, for example when you contest the accuracy, lawfulness or our need to process your personal data, we will limit processing of your personal data to a necessary minimum (storage), and if applicable we will only process this data to establish, exercise or defend legal claims or where necessary in order to protect the rights of another person, or for other limited reasons required by the applicable law. In case the restriction is lifted, and we continue processing your personal data, you will be informed accordingly without undue delay.
The request for restriction of processing can be made using the aforementioned contact details.
8.6 Objections to processing
You can object to data processing. If we do not demonstrate any compelling legitimate reasons for the processing which would override your interests or rights and freedoms, we will no longer process your personal data and will delete it without undue delay.
When we use your contacting details for our direct marketing activities, you can also object to such use by clicking on subscribe button in a particular email communication.
Objections to processing can be raised using the aforementioned contact details.
8.7 Complaint to a Data Protection Authority
You have the right to lodge a complaint pertaining to processing of data conducted by us with the competent data protection authority, i.e., in Czech Republic the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7; website: www.uoou.cz.