- 1INITIAL STATEMENTS
- 1.1This Policy applies to the processing of personal data in connection with the use of the Mobile App, Services, E-Shop and Website.
- 1.2 By downloading, browsing and using the Mobile App or accessing the Mobile App, our Services or browsing the Website, you acknowledge that you have read this Policy and are familiar with its contents.
- 1.3 This Policy sets out the rights and obligations governing the relationship between us, The CO2IN, as operator of the Mobile App, provider of the Services, operator of the Website and controller of personal data, and you, as the Client.
- 2 DEFINITIONS
- In this Policy, the following capitalized terms have the following meanings unless the context otherwise requires:
- 2.1 Terms such as „The CO2IN“ or „Company“ and „we“, „us“ and „our“ mean The CO2IN, Inc, having its registered office at PobĹ™eĹľnĂ 620/3, Prague, 186 00, Czech Republic, ID No.: 094 50 050, incorporated and existing under the laws of the Czech Republic.
„E-Shop“ means the electronic shop operated by the Company at eshop.co2in.cz.
„GDPR“ means Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
„Customer“ means a user of the Mobile App, Services, E-Shop and/or Website.
„Disposal of Allowance“ means the removal of an Allowance from circulation, whereby the removal of an Allowance from circulation may indirectly reduce CO2 emissions to air.
„Mobile Application“ means the mobile application through which, among other things, (i) the Token Transfer occurs (ii) the Company enables Clients to effect the Disposal of the Allowance, (iii) the Company can provide all electronic communication (remote communication) with Clients.
„Permit“ means another property value corresponding to the right to emit the equivalent of one tonne of carbon dioxide into the atmosphere within the meaning of the Permit Trading Act.
„Token Transfer“ means (i) the issuance and settlement of a Token between a Client and the Company, and/or (ii) the exchange of a Token between Clients, and/or (iii) the exchange of a Token for goods or services of another Client, and/or (iv) the provision of a service and sale of goods to other Clients in exchange for a Token.
„Framework Agreement“ means the framework agreement for the provision of services associated with the Token under which the CO2IN Services are provided.
“Registration“ means the process of creating an Account in the Mobile App.
„Registration“ means the process of creating an Account in the Mobile App, i.e. entering into a Framework Agreement.
„Tariff“ means the Company's tariff containing the list and amount of fees charged by the Company to the Client in connection with the provision of the Services and other parameters relating to the Services.
“Services“ means all services provided by us to you through the Mobile Application pursuant to the Framework Agreement.
„Token“ means the virtual instrument „CO2IN“ which can be disposed of in accordance with the Framework Agreement and the GTC.
“Account“ means the account created in the Mobile App during Registration.
“Verification“ means the process of the Client providing the Company with all required documents for the identification and/or verification of the Client and, based on the documents provided, the Company successfully conducting a full identification and/or verification of the Client.
“GTC“ means the current version of the General Terms and Conditions for the CO2IN Services issued by the Company.
“Website“ means our website available at co2in.com.
„Allowance Trading Act“ means Act No. 383/2012 Coll. on the Conditions for Trading Allowances for Greenhouse Gas Emissions, as amended.
“Principles“ means this Privacy and Data Protection Policy, available at: https://co2in.com/.
- 3 PERSONAL DATA
- 3.1 You acknowledge that we process the personal data that you have provided or that we have collected about you for the purposes of operating the Mobile App, providing the Services and/or using our Website in accordance with applicable data processing and data protection legislation, in particular but not limited to the GDPR and any judicial or administrative interpretation of data processing and data protection legislation, any guidelines, codes of conduct or mechanisms approved for certification by competent authorities.
- 3.2Personal Data means any information about an identified or identifiable natural person, in particular you or your contact person. An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier such as a name, an identification number, location information, a network identifier or one or more specific physical, physiological, genetic, psychological, economic, cultural or social features of that natural person's identity.
- 3.3 The processing of personal data is lawful if at least one of the following conditions is met during the processing:
- a)you have given us your consent to process your personal data in accordance with Article 6(1)(a) of the GDPR for one or more specific purposes and you have not withdrawn that consent since the processing of your personal data began;
- b)the processing of personal data is necessary for the performance of a contract concluded between you and us or for the implementation of measures taken before the conclusion of the contract at your request pursuant to Article 6(1)(b) GDPR
- c)the processing of personal data is necessary for the performance of our statutory obligations; or
- d)processing of personal data is necessary for the purposes of our legitimate interests under Article 6(1)(f) of the GDPR.
- 3.4 We process personal data for the following purposes:
- a)for the purpose of providing services and fulfilling our obligations under the contract, we may process personal data that you have provided to us, that you provide to us in the future or that we obtain ourselves through our own activities in connection with the use of our services; this processing of personal data is necessary for the performance of the contract concluded between you and us;
- b)we are authorised to process personal data that is necessary for the exercise of our potential claims and also for the protection of our rights, where such processing of personal data is in our legitimate interest;
- c)to ensure the operation of the Website;
- d)to ensure the operation of the E-Shop;
- e)fulfilling our obligations imposed by law;
- f)if you give us consent to process your personal data, the purpose of such processing is stated directly in that consent.
- 3.5 We retain the personal data processed under Article 3.4(a) for the purpose of providing services and fulfilling contractual obligations, for the duration of the contractual relationship between you and us.
- 3.6Personal data pursuant to Article 3.4(b) is retained by us for the purpose of protecting our rights for as long as our legitimate interest continues.
- 3.7We retain personal data under Article 3.4(c) for the purpose of the smooth operation of the Website, for as long as you visit the Website.
- 3.8 We retain the personal data referred to in Article 3.4(d) for the purpose of the smooth operation of the E-Shop, the performance of our obligations under contracts concluded within the E-Shop and/or the management of the user account, for the duration of your visit to the E-Shop, the duration of the obligations under the concluded contracts and/or the existence of the user account.
- 3.9 We retain the personal data referred to in Article 3.4(e) for the period of time required by law.
- 3.10We will retain personal data under Article 3.4(f) for the purpose specified in the consent, for the period specified in the consent.
- 3.11 We will only retain personal data for as long as necessary to exercise the rights and obligations arising from the law, the legal relationship between the parties to the contract, between you and us, or until your consent to the processing of personal data is withdrawn. After this period, the personal data is anonymised or deleted.
- 3.12 We hereby confirm that we have taken all appropriate technical and organisational measures to safeguard the personal data we process. The technical and organisational security measures we use are designed to ensure that all data is protected from both unwitting and deliberate manipulation, loss, destruction or access by unauthorised persons. The security measures adopted are continuously developed and improved in line with technological developments.
- 4MOBILE APPS
- 4.1 The Mobile Application is the platform through which, among other things, (i) Token Transfers occur, (ii) the Company enables Clients to liquidate Permits in exchange for Tokens, and (iii) the Company can provide all electronic communication (remote communication) with Clients. In connection with these activities, as well as other processes related to the Mobile Application and the Services provided not listed herein, the Company processes personal data.
- 4.2 The Mobile App can only be installed on devices equipped with iOS and Android operating systems.
- 4.3 You acknowledge that for the purposes of operating the Mobile Application and performing the Agreement, we process personal data in the scope of (i) first and last name, (ii) date of birth, (iii) telephone number, (iv) email address, (v) bank account number, (vi) profile photo and (vii) other data related to your identification (Verification) and address provided by you in connection with the use of the Mobile Application and the use of the Services.
- 4.4 We use facial recognition and identification tools for Verification purposes. For this purpose, we collect a picture of your face that you provide via the mobile app (i.e., a selfie) and a photo or scan of an identification document. We use this technology for Verification purposes only. For the purpose of Verification, we process the following personal data of the Client or his/her representative: (i) first and last name, (ii) residential address, (iii) place of birth, (iv) date of birth, (v) identification document number, (vi) gender, (vii) nationality, (viii) photo or scan of the identification document (including other personal data on it), (ix) photo of the face, (x) bank account number, (xi) information on any sanctions and political exposure of the Client or his/her representative. We process the personal data thus obtained for the period of time prescribed by law.
- 4.5 You further acknowledge that we also process personal data that you have not provided to us but is directly related to the use of the Mobile Application and the Services provided. This includes, for example, the status of funds and movements in your Account, individual transactions, a summary of fees paid, as well as transaction history and other data of a similar nature. We obtain or verify some personal data ourselves, such as information about possible sanctions or the existence of a politically exposed person.
- 4.6 When using the Mobile Application, it is possible to use facial or fingerprint recognition functionality (Touch ID, Face ID, etc.) for login purposes. This operation does not involve the processing of personal data on our part, as the biometric data used is matched directly by the Client's device, not by us.
- 4.7We may make audio recordings during telephone communication with the Client. The Client is always informed of this in advance and may use another means of communication if he/she does not agree to the audio recording.
- 5 WEBSITES
- 5.1When you visit the Website, information about your use of the Website is automatically collected and evaluated. Thus, for statistical research purposes and to ensure system security and stability, data that may contain personal data is evaluated and stored on our server each time you visit the Website. For technical reasons, your Internet browser automatically provides data to our server when you access the Website. This includes, among other things, the date and time of access, the URL of the referring website, the file viewed, the volume of data sent, the type and version of the browser, the operating system and the IP address of the visitor's device. This data is stored separately from other data you enter when using the Website.
- 5.2 In operating the Website, your personal data is thus collected and processed in order to determine traffic or information about the operation of the Website, as well as to improve its content.
- 5.3 In addition to the above, we only collect and process data that you provide to us by entering it in our contact form, in particular your name and email address. The purpose of such processing is to deal with your enquiry or comment, whereby the personal data is stored until your enquiry or comment has been dealt with, but for no longer than 2 months.
- 6.1 When you visit the E-Shop, information is automatically collected in the same way as when you visit the Website, as the E-Shop is part of the Website.
- 6.2 In connection with the operation of the E-Shop and the conclusion and performance of contracts, we process personal data about E-Shop customers to the extent necessary for the performance of the contract, in particular name and surname, delivery address, email address and telephone number, bank and accounting data, as well as information on the history of orders placed.
- 6.3 In order to conclude and perform the contract, it is necessary for you to provide us with some of your personal data that we need to process your order. For this reason, the data that is necessary to provide in connection with the creation of an order and the creation of an account is mandatory, all other data is optional.
- 6.4 In addition to the above, we only collect and process data that you yourself provide to us by entering it in our contact form located on the E-Shop, in particular your name and email address. The purpose of such processing is to deal with your enquiry or comment, whereby the personal data is stored until your enquiry or comment has been dealt with, but no longer than 2 months.
- 7.3You can change your preferences and refuse certain types of cookies to be stored on your computer when you browse the Website. You can also delete any cookies that are already stored on your computer, but keep in mind that removing cookies may prevent you from fully using parts of the Website.
- 8.1 We transfer personal data to cooperating processors of personal data, in particular, but not exclusively, to those who provide financial, technical and other services to us, always in accordance with the above purposes and applicable law.
- 8.2 In the context of transferring personal data to our processors, we also transfer personal data outside the European Union (to third countries). Transfers of personal data to a third country may take place if the EU Commission has determined that the third country, a particular territory or one or more specific sectors in that third country provide an adequate level of protection. In the absence of such a decision for that third country, processors provide us with appropriate safeguards (in particular through standard data protection clauses), ensuring that the enforceability of data subject rights and effective legal protection of data subjects is ensured.
- 8.3 We use the tools of Jumio Corporation, located at 395 Page Mill Road, Suite 150, Palo Alto, CA 94306, United States of America, www.jumio.com.  to perform Verification;
- 9 THIRD PARTIES
- 9.1 Our Mobile Apps, Services and Websites may contain links to third parties and third party search results. By using these links, you may provide information, including your Personal Information, directly to the third party, to us, or both. You hereby acknowledge that we are not responsible for how these third parties collect or use your information.
- 10 UNLICENSED USERS
- 10.1 Our Mobile Apps and Services are not intended for persons under the age of 18.
- 10.2 We are not responsible for any information provided by you not being true, as age is verified based on information and documents provided by the user.
- 10.3If you are a person under the age of 18, you must not use the Mobile App or the Services.
- 11 MARKETING COMMUNICATIONS
- 11.1 Based on our legitimate interest, we are authorized to send you marketing communications regarding the Mobile App and the Services.
- 11.2You may choose to receive newsletters, surveys, offers and other promotional materials from us via email or messages.
- 11.3We will provide each such message or email with an unsubscribe link so that you can unsubscribe at any time.
- 11.4If you unsubscribe from marketing messages or emails, we may continue to deliver notifications to you within the App. You can turn off these in-app notifications at any time depending on the device you are using.
- 12 YOUR RIGHTS WHEN PROCESSING PERSONAL DATA
- 12.1 You may exercise the following rights against us in relation to the processing of personal data:
- a)Right of access to personal data
You have the right to know whether your personal data is being processed. If we are indeed processing your personal data, you have the right of access to your personal data and the right to be informed about the processing.
The right of access to personal data also includes the right to be provided with a copy of your personal data. We will provide you with the first copy of your personal data free of charge. If the right of access to personal data is abused by you, e.g. by repeatedly making unjustified requests, we are entitled to require you to pay a fee equivalent to the administrative costs of processing the request before processing such a request.
- b)Right to rectification or completion of personal data
If you believe that the personal data we process about you is inaccurate or incomplete, you have the right to have it corrected.
- c)Right to erasure of personal data
As part of the right to erasure, you have the right to request that we erase your personal data if any of the following grounds are met: (i) your personal data is no longer necessary for the purposes for which we processed the personal data; (ii) you withdraw your consent to the processing of your personal data and we have no further reason for processing it; (iii) you object to the processing of your personal data and there is no other legitimate interest on our part for processing your personal data; (iv) we process your personal data in violation of generally binding legal regulations; (v) we have been obliged to delete your personal data.
We will not delete your personal data if there are other reasons for processing your personal data. This is where the processing of your personal data is necessary for the establishment, exercise or defence of our legal claims or the performance of our legal obligations imposed on us by generally binding legal provisions.
- d)Right to limit the processing of personal data
You have the right to request that we restrict the processing of your personal data if one of the following grounds is met: (i) you object to the accuracy of your personal data that we process, for as long as we verify the accuracy of your personal data; (ii) you object to the processing of your personal data, for as long as we examine the validity of your objection; (iii) the processing of your personal data is contrary to generally binding legal regulations, but at the same time you do not wish us to delete your personal data; (iv) we need your personal data to establish, exercise or defend your legal claims.
- e)Right to portability of personal data
The right to portability is your right to require us to transfer your personal data that you have provided to us in a structured and machine-readable format to another controller, where technically feasible.
- f)Right to withdraw consent to the processing of personal data
If we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time.
- g)Right to lodge a complaint with the relevant supervisory authority
If you believe that the processing of your personal data has violated your right to data protection or any other right under related legislation, you may lodge a complaint with the relevant supervisory authority. For the territory of the Czech Republic, the supervisory authority means the Office for Personal Data Protection (www.uoou.cz), with its registered office at Pplk. Sochor 27, Prague 7, Postcode: 170 00, Czech Republic, e-mail: firstname.lastname@example.org.
- 12.2 In order to exercise any of these rights, you may contact us at the Company's registered office at The CO2IN, a.s., PobĹ™eĹľnĂ 620/3, Prague, 186 00, Czech Republic, or by e-mail at email@example.com. We will provide you with every assistance in exercising your rights.
- 12.3 The supervisory activity in the field of processing and protection of personal data in the Company is carried out by the Data Protection Officer. The Company's Data Protection Officer may be contacted at the following addresses: (i) at the delivery address of The CO2IN, a.s., at the hands of the Data Protection Officer, PobĹ™eĹľnĂ 620/3, Prague, Postal Code: 186 00, Czech Republic, or (ii) at the e-mail address firstname.lastname@example.org. The Data Protection Officer may be contacted by anyone on all matters relating to the processing and protection of personal data by the Company.
- 13 CONTRACTING PROVISIONS