I. Introductory Provisions

  1. These contractual terms apply to the purchase and use of a license for the Mango Songbook application on the website www.mangosongbook.com (hereinafter "Application"), operated by Adam Motvička, ID: 74500431 (hereinafter "Operator"), contact email: adam@motvicka.cz.
  2. The application user is any natural or legal person who creates a user account (hereinafter "user"). Creating a user account involves entering an email address and password.
  3. The application is a web service primarily used for storing songs in your own songbook.
  4. We may continuously modify or supplement these Privacy Policy terms. We will always inform you in advance by email, 30 days before these changes take effect. If you do not agree with the changes, you have the right to terminate the service agreement without any penalty.
  5. These Policy terms describe how we handle users' personal data, while complying with Regulation (EU) 2016/679 of the European Parliament and Council, the General Data Protection Regulation, also known as GDPR (hereinafter we will use the abbreviation "GDPR").

II. Mangosongbook.cz is the Data Controller

  1. By granting consent in the application, we begin processing your personal data. We are therefore the data controller. Browsing the website may also result in the collection of personal data. We always process exclusively personal data obtained only from you.
  2. We process the following personal data within the meaning of Article 4(1) GDPR:
    • electronic mail address (email)
    • IP addresses of devices from which login to the application occurred
    • billing data, in case of subscription payment
  3. We process the above-mentioned personal data for the purpose of fulfilling the contract according to Article 6(1)(b) GDPR, which means providing services by making the application available, informing about planned maintenance outages of software and hardware, handling your inquiries through customer support, and informing about changes in the application or its use.
  4. For the purpose of protecting servers from attacks and user accounts from misuse by third parties within the meaning of Article 6(1)(f) GDPR
  5. For the purpose of being able to inform you, within our interest, about what's new in mangosongbook.com, what improvements and news we plan, what related products we are developing, so that you always have an up-to-date and accurate overview of the application status.
  6. We always store email communication with customer support for 12 months so that we can provide better quality services and help you immediately and effectively in cases of recurring application problems.
  7. We process personal data for the duration of the contract, i.e., for the duration of the user account existence, but no longer than 10 years. After its termination, in case of a dispute arising regarding the relationship between the company and the user related to the Terms of Use of the mangosongbook.com application or these privacy policy terms regarding compensation for damages.
  8. When providing services, we use the following processors whose operation is in accordance with European personal data protection standards. You agree that we may transfer your personal data to them to fulfill the above-mentioned purposes. Google Firebase, Google's cloud environment (all data in the application), Mailgun and MailChimp - for sending all emails and Google Analytics statistics services, and ComGate as a payment service provider.

III. Data Processing Based on Your Consent

  1. We may further process your data mentioned above when you give us voluntary and informed consent within the meaning of Article 6(1)(a) GDPR. Using the application is never conditional on providing consent. However, it is advisable to give consent at least for processing data directly related to the application's operation.
  2. Consent in the application most often takes the form of a checkbox, email, or you grant it to us through an active step required in the email (clicking a button).
  3. You can grant us consent for different purposes individually each time.
  4. We may process personal data based on consent for the duration of service provision, i.e., for the duration of the user account existence. The processing period may be shorter if you withdraw consent.

IV. Withdrawal of Consent

  1. You can withdraw consent for processing personal data according to the previous paragraph at any time in your user account (in user settings) or by sending a request to adam@motvicka.cz.
  2. If you do not want to receive emails from mangosongbook.com, you can always unsubscribe by clicking in the footer of each email. Unfortunately, this is not possible for emails that are necessary for the application's operation (e.g., password reset).
  3. Unsubscribing from the newsletter is always considered as withdrawal of consent within the meaning of Article 7(3) GDPR or filing an objection according to Article 21 GDPR in case of emails through which we inform you about related services and products of mangosongbook.com.
  4. Consent granted according to the above paragraphs also applies to companies appointed as processors.

V. Data Processing Agreement

  1. The user always enters into a gratuitous personal data processing agreement with the company, the content of which is determined by the following provisions, according to Article 28(3) GDPR.
  2. Users provide the application with the following personal data: email (login to the application), optionally also first or last name, in case of purchase billing data necessary for issuing a tax document.
  3. The company undertakes to process personal data exclusively for the purpose of storing and ensuring data transfer to storage and based on user instructions.
  4. The company has an obligation to establish a sub-processor relationship and appoint Google, or other sub-processors, if necessary for the application's functionality.
  5. The company will ensure the functionality and operation of the application, undertakes its regular maintenance and makes it available to the user.
  6. Maintenance and service of the application performed by the company are purely incidental, consisting of the need to fix errors and maintain systems.
  7. The user agrees to the use of additional processors, especially Google, whose processing consists of storing data on cloud servers, and self-employed persons, if necessary for security or ensuring application functionality. No additional processor will be involved in processing without user consent or without concluding a contract that binds the sub-processor to substantially similar obligations regarding personal data processing to which the company is bound.
  8. If the company intends to involve another processor in processing, the company is obliged to inform the user. All instructions for additional processors will be in accordance with personal data protection legislation. The company will always ensure appropriate selection of processors.
  9. The company undertakes to ensure that additional processors or persons participating in processing on behalf of the company always meet a high standard of trust, primarily by concluding a confidentiality agreement.
  10. The company undertakes to secure personal data in accordance with Article 32 GDPR. The parties declare that as of the date of contract conclusion, the company has adopted technical measures ensuring personal data security by encrypting data transmission using HTTPS protocol.
  11. The user acknowledges that they have full control and responsibility for data they enter into the application. The requirement for accuracy, adequacy, time limitation, and minimization of stored data must be fulfilled by the user. If the user performs data deletion, these are deleted. The company does not make copies or otherwise backup user data, nor does it interfere with data transfer between the user and Google.
  12. The parties are obliged to provide mutual cooperation in case of suspicion of misuse of data subjects' personal data. The parties will make maximum effort and take such measures to prevent the risk of personal data misuse.
  13. Upon termination of this agreement, i.e., upon user account termination, all entered data will be destroyed within 7 days. The user always has the option to export stored data and save it to their own storage to prevent irreversible loss of entered data. Neither the company nor appointed processors are responsible to the user for damage caused by loss of data entered into the application, after 7 days from user account termination.
  14. This agreement also includes the provisions of the Privacy Policy that follow.

VI. Additional Provisions on Personal Data Protection

  1. We do not process personal data of children or special categories of personal data, so-called sensitive personal data, within the meaning of Article 9 GDPR.
  2. Processors that we appoint for processing must meet a high standard of protection and will always handle data within the limits of these principles.
  3. Through the website, we may collect and use technical data and related information, including technical information about the user's device, system and application software and peripheral devices, which are regularly collected to facilitate providing software updates, product support and other services related to the application. We may use this information, as long as it is in a form that does not personally identify the user, to improve our products or provide services or technologies, and only for the necessary period.
  4. After termination of service provision or cessation of the reason for data processing, we will destroy personal data.
  5. We will always make maximum effort to prevent unauthorized processing of personal data by other persons, however, we are not responsible to the user or other data subjects for damage caused by unauthorized processing of personal data by a third party.
  6. All data from the web application is stored on Google's servers in Germany. No data sent by cloud applications leaves the territory of the European Union. Data entered by users is not duplicated, checked or modified.
  7. Emails that we will send to you are not considered by us or you as unsolicited commercial communication within the meaning of Act No. 40/1995 on advertising and Act No. 480/2004 on certain information society services.
  8. In case we learn of a security risk related to personal data, we will notify you without undue delay.
  9. We undertake that in case of damage related to personal data breach or other circumstances that lead to damage, we will provide the user with cooperation and legal assistance in claiming compensation from responsible processors. However, the company itself is not responsible for errors of processors appointed by it.
  10. You confirm to us that the provided personal data is true, accurate and relates exclusively to you or that you have provided data whose use did not interfere with the rights of third parties. Always notify us of changes in personal data so that only current and complete data is processed, either at our request or without request. If we ask you to do so, always provide us with current and truthful data.
  11. Personal data will be processed in electronic form in a non-automated manner. Anonymized personal data may also be processed automatically. Data subjects will not be subject to individual automated decision-making within the meaning of Article 22 GDPR.

VII. Support in Handling Personal Data

  1. If you believe that we are processing your personal data in violation of the protection of your private and personal life or in violation of the law, especially if personal data is inaccurate with regard to the purpose of their processing, you can always request an explanation from us at adam@motvicka.cz, file an objection against processing for legitimate interest purposes by email to adam@motvicka.cz, or request information about the scope or method of processing your personal data. We will provide you with the data within an adequate period (max. 30 days). You can also contact the data protection authority directly.

VIII. Final Provisions

  1. All private law relationships arising from or in connection with personal data processing are governed by the legal system of the Czech Republic, regardless of where access to them was realized. Czech courts, which will apply Czech law, are competent to resolve any disputes arising in connection with privacy protection between the user and the company.
  2. These Privacy Policy terms take effect on March 1, 2019.