Privacy Policy

1. General provisions

  • We put a strong emphasis on protecting personal data. This privacy policy (hereinafter referred to as "Privacy Policy") provides you with the necessary information on how OAK’S LAB s.r.o., Identification Company No. 052 18 390, with its registered seat at Old Town Square 14, 110 00 Prague 1 (hereinafter referred to as “OAK’S LAB”, “we”, “our”, “us”) as a controller of the personal data, receives, stores and further processes your personal data and how we protect such personal data.
  • Personal data is any information relating to an identified or identifiable person, therefore you, as our client, or our client's employee, or a person who acts on behalf of our client, or a potential client, or potential employee, or partner, or vendor, who is a natural person (hereinafter referred to as “you”).
  • This Privacy Policy explains and informs you about (i) how we collect and process your personal data and (ii) your rights and how you can exercise them.
  • This Privacy Policy provides you the information that is in compliance with Regulation (EU) of the European Parliament and of the Council of 27 April 2016, No. 2016/679 (hereinafter referred to as “GDPR”).

2. Controller of personal data

  • Under the laws of GDPR, we are the controller of your personal data.
  • You may reach us on our email hello@oakslab.com, our telephone number +420 777 749 649 or on our address Old Town Square 14, Prague 110 00, Czech Republic (hereinafter referred to as “Contact Details”).
  • We are not obliged by law to designate a data protection officer in accordance with Sec. 37 of the GDPR.

3. Terms and definitions

  • Personal Data – means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, surname, date of birth, location data, email;
  • Processing of Personal Data – means any operation or set of operations which is performed on your personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • Controller – means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purpose and means of the processing of personal data; where the purposes and means of such processing is determined by the Union or Member State law, the controller or the specific criteria for its nomination may be provided for by the Union or Member State law; for means of this Privacy Policy it is OAK'S LAB;
  • Processor – means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  • Purpose – is the reason why the controller is processing your personal data;
  • Legitimate Interest –processing is necessary for the purposes of the controller, processor or other entity except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data;
  • Recipient – the person that receives the personal data;
  • Third Party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
  • Consent – a freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to you.

4. Categories of personal data processed by us

  • Basic Personal Data. The data that is necessary for our collaboration, in particular:
  1. Name
  2. Surname;
  3. Company identification no.;
  4. Permanent or registered office address;
  5. Date of birth;
  6. Payment information details; and
  7. Signature.
  • Contact Personal Data. The data that is necessary for us to contact you, in particular:
  1. E-mail;
  2. Telephone Number; and
  3. Address.
  • Candidate Personal Data. The data that is necessary for us to review if you want to work for us, in particular:
  1. CV;
  2. Data on gained trainings; and
  3. Data of acquired education and qualification.
  • Candidate Personal Data. The data that is necessary for us to review if you want to work for us, in particular:

5. Purpose, method, and period of time processing personal data

  • Performance of the Contract, Legal Obligations and Legitimate Interest
  1. Performance of the Contract
  2. When we process your personal data, it is for the purpose of fulfilling the agreement between you and OAK'S LAB for our services. The legal basis is the fulfillment of the contract or legitimate interest (for example if you are an employee of our client and we do not have any contract concluded directly with you). For such purposes, the personal data is processed in accordance with Sec. 4.1 to 4.3 of this Privacy Policy.
  3. Personal data for this purpose is being processed only for the period of the contractual relationship between you and OAK'S LAB. After its termination, the personal data is processed on the basis of legitimate interest or statutory obligation of OAK'S LAB.
  4. We inform you that as your processors of personal data we also process data about your customers and about the users of your application. The full details of how we process your customer’s data is incorporated into the master service agreement between you and OAK'S LAB.
  5. Legitimate Interest
  6. In case you would not have fulfilled your obligations toward us or you would have caused us damage or harm, we may further store your personal data on the basis of the legitimate interest consisting of recovery of our claims against you and/or to protect and enforce our claims. For this purpose, we can process your personal information for the period of time corresponding to the statutory limitation period.

6. Transfer of personal data to third persons and beneficiaries of the personal data

  • We may transfer your collected personal data to third persons to ensure the performance of our obligation, including administration or IT support, organization and storage of the personal data, etc. These subjects are in the position of processors of your personal data.
  • The data that we collect from you may be transferred to and stored at a destination outside of the European Economic Area (EEA). It may be transferred to third parties outside of the EEA for the purpose of administrative support. It may also be processed by personnel operating outside of the EEA who work for us or one of our suppliers. This includes personnel engaged in, among other things, our recruitment services and administrative support. By submitting your personal data, you agree to this transfer, storing, or processing.
  • Beneficiaries of the collected personal data are in particular the following subjects: Our suppliers of IT systems and applications, who may have in specific cases access to your personal data, including the provider of our cloud services where we store all of our data; Our external providers of accounting services that are necessary for fulfilling our legal obligations; and our external providers of legal services that are necessary for the enforcement of our claims and for the protection of our legal entitlements. (hereinafter referred to as “Processors”) Our partner companies: OAK’S LAB DIGITAL s.r.o., with its registered office at Staroměstské náměstí 604/14, 110 00 Prague 1, Czech Republic, Identification Company No. 052 183 90; ‍OAK’S LAB DIGITAL LLC, with its registered office at 401 Ryland St Ste 200-A, Reno, Nevada, NV 89502, the United States of America, Identification Company No. 84-4552751;‍OAK’S LAB BOOST - Taurus s.r.o., with its registered office at Branická 213/53, 14700 Praha 4, Czech Republic, Identification Company No. 083 30 433; and OAK’S LAB Academy s.r.o., with its registered office at Staroměstské náměstí 604/14, 110 00 Prague 1, Czech Republic, Identification Company No. 068 72 522 (hereinafter referred to as “Partner Companies”). The personal data is shared inside the Partner Companies for the purpose of administrative support.
  • We provide you with a guarantee that we have concluded a contract on the processing of personal data with the Processors and a contract on personal information sharing within our Partner Companies listed above which ensure the same level of safety for your personal data as those described in this Privacy Policy.
  • We, including the Processors, are obliged to keep all the personal data confidential. The exemption is the duty to report your personal data to the designated public authorities and other entities who are entitled to request the personal data by law (i.e. Police of the Czech Republic, Tax authority, etc.).

7. Security of your personal data

  • We have introduced to our system necessary technical and organizational measures of internal control and processes of safety of the information that are in compliance with best practices corresponding to the potential risk to you. At the same time, we take into consideration the perspective of future technological progress in order to protect your personal data from unauthorized disclosure, access, or its loss. These measures include, but are not limited to, personnel’s data protection training, regular backups of data, data recovery procedures, a mechanism of responsibility for an infringement of protected data, software and hardware protection, and two-factor authorization logins to access data, where applicable.

8. Your rights as a subject of personal data

  • If you exercise your right in accordance with this Sec. 8 of the Privacy Policy or in accordance with other applicable legal provision, we will inform every Processor who is processing such data, if such communication to the Processor is possible and/or does not require unreasonable effort about the adopted measure of your personal data.
  • If you wish to exercise your rights or to receive the relevant information, contact us via one of our Contact Details. When you contact us, we have to ask you to provide us with your identification information or other personal data, which you have provided us earlier. The provision of such information is necessary for the verification that it is you who has actually sent us such a request. We will provide you with an answer no later than (20) twenty business days after receiving such a request, whereby we retain the right to extend the length of response by (40) forty business days.
  • Your Rights. In accordance with the applicable law you may require access to your personal data, which we, as a controller of personal data, process. You may also exercise your right for rectification, erasure or transferability, right to lodge a complaint and right to require the restriction of the processing. At any time you may withdraw your consent for us to process your personal data.
  • Rectification of your Personal Data. In accordance with GDPR you have the right for the rectification of the personal data that you share with us. If you have a request for rectification of your personal data, you may contact us with a request via one of our Contact Details. We accept measures to ensure that you have your personal data up-to-date and correct. Anytime you may contact us with a request if we still process your personal data.
  • Erasure of your Personal Data. Anytime you may provide us with a request to erase your personal data. After you contact us with such a request we will erase all your personal data from our databases without undue delay, unless we process some of your personal data for the purpose of performance of the contract, because of our legal obligation, or if it is in our legitimate interest. Further, we, as well as all the Processors, will erase your personal data if you withdraw your consent to process personal data or if the law requires it.
  • Withdrawing the Consent to Processing your Personal Data. Anytime you may withdraw consent for us to process your personal data that you granted us. If you want to withdraw your consent let us know via one of our Contact Details and we will erase your personal data in accordance with the Sec. 8.5 of this Privacy Policy. Please take into account that the withdrawal of the consent does not affect the lawfulness of the previous processing on the basis of given consent.
  • Access and Transferability of your Personal Data. You have the right to receive the personal data you have provided to us. If you require, we can transfer all or only part of your personal data (processed on the basis of the contract or consent) directly to a third person (other controller of personal data), whom you mention in your request for the transfer of the personal data, if such request will not have a negative effect on the rights and freedom of other persons and will be technically feasible.
  • Restriction of Processing. If you request us to restrict the processing of your personal data, especially in cases when you doubt the accuracy, lawfulness, or our need to process your personal data, we will restrict the processing of your personal data to the necessary minimum (processing for assessment, enforcement or defense of our legal claims or because of the protection of right of another natural or legal person). However, if the restriction of the processing is canceled and we will continue processing your personal data, we will give you a notice about this without undue delay.
  • A Complaint at the Office for Personal Data Protection. You have the right to lodge a complaint regarding our processing of personal data at the Office for personal data protection (in Czech “Úřad pro ochranu osobních údajů”), with its registered office at Pplk. Sochora 27, 170 00 Prague 7.

9. Privacy Policy updates

  • We reserve the right to change or modify this Privacy Policy at any time without prior notice. Any changes to this Privacy Policy are effective after the revised version of this Privacy Policy is made publicly available on our website www.oakslab.com. Please check the latest information posted herein to inform yourself of any changes.