1. Introductory provisions

1.1. These terms & conditions regulate the conditions of use of the Sloneek software accessible at the website www.sloneek.com (hereinafter referred to as the “Service”).

1.2. The provider of the Service is the company Sloneek Europe s.r.o., TĆ”borskĆ” 8, 040 01 KoÅ”ice, ID 53 319 737, a company registered in the Commercial Register kept at the Municipal Court of KoÅ”ice, section sro, insert 49934 / V (hereinafter referred to as the “Provider”). To contact us, please use the following contact details: e-mail: sales@sloneek.com, phone number: +420 776 877 441, correspondence address: TĆ”borskĆ” 8, 040 01 KoÅ”ice.

1.3. The user of the Service is any legal person who creates a user account (hereinafter referred to as “user”). To create an account, the user shall enter the login name (e-mail address) and password and fill in the userā€™s data, which will then be used in the document header.

1.4. A contract between the Provider and the user is concluded by creating the user account (the ā€œagreementā€). The agreement is concluded for an indefinite period and expires upon cancellation of the user’s account. By creating a user account, the user agrees to these terms & conditions.

1.5. The Service serves as a smart online personnel system. The Service provides complete administration associated with the registration of employees and their attendance, leave, documents for payroll processing, and other modules related to the personnel management of companies.

1.6. The current list and detailed description of the modules of the Service can be found on the website https://www.sloneek.com.

2. License Agreement

2.1. The Service is an author’s work.

2.2. Property rights to the Service belong to the Provider. This agreement does not grant the user any rights in connection with the Provider’s trademarks.

2.3. The Provider hereby grants the user a personal, non-transferable, non-exclusive license to use the Service limited in terms of the prepaid users. The license is territorially unlimited and limited in time for the period of prepaid subscription to the Service.

3. Rights and obligations of users

3.1. The user is entitled to use the Service.

3.2. The user undertakes not to use the Service in any way that would infringe the rights of the Provider.

3.3. The user may not use the Service in a way that could reduce the value of the work or damage, disable, overload or impair the operation of servers operated by the Provider or disrupt the use of these servers or Services by third parties. The user may not in any way obtain or attempt to obtain any copies of the work (even for personal use), any materials or information relating to the Service that are not or have not been publicly made available or provided through servers operated by the Provider. The user may not remove or change any trademarks, Provider’s name or Service name from the generated documents.

3.4. The user is not entitled to use the business name of the Provider, its trademarks, logos, domain names, or any other designations and business elements of the Provider in connection with the provision of the Service.

3.5. The Provider is entitled to prevent the use of the Service by a user who can be reasonably believed to be in breach of the obligations set out in this Article.

3.6. The user is not entitled to any compensation in connection with the cancellation of the user account.

3.7. The Provider is entitled to cancel the account if the user has not logged into the account for more than 12 months.

3.8. The user is obliged to ensure that each person to whom the user allows access to the service will comply with the obligations and restrictions specified in these Terms & Conditions.

4. Cookies

4.1. These websites, the Sloneek Service itself, e-mail messages, online Services, advertisements, and interactive applications may use so-called “cookies” in order to optimize the Services.

4.2. A cookie is a file that we send to your browser via our internet server. The purpose of cookies is to enable our internet server to provide the user with the website and the Sloneek Service so that their use is adapted to the user’s habits.

4.3. We use the following cookies on the www.sloneek.com website:

  • 4.3.1. functional (essential cookies), which are necessary for the website to display safely and correctly and to perform its basic functions; and
  • 4.3.2. analytics cookies, which help us to analyze how the website works from a user perspective so that we can improve it.

4.4. We process essential (functional) cookies on the basis of legal requirements, but in the case of analytical cookies we need your consent. You can select your preferences in the so-called cookie bar, which is displayed to the user when visiting our website.

4.5. The Analytical cookies are provided by Google Analytics, Ads, and Doubleclick by Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, in accordance with its terms and conditions, which can be found here.

5. Payment for using the Service

5.1. Use of the Service is charged by the price list published on www.sloneek.com. The Provider reserves the right to change the price of the Service.

5.2. Payment for the Service is non-refundable. The user pays for the service in advance monthly or in advance annually.

5.3. The minimum number of licenses is 10. Regardless of whether these licenses will be used or not.

5.4. All prices quoted are exclusive of VAT. VAT will be added to the price for the service in accordance with the rules, regulations, and VAT levels in the specific tax domicile. The User shall be solely responsible for the payment of any taxes, duties, tariffs, or other charges imposed, levied, or collected by or under any governmental authority arising out of the provision of the Services by Provider under this Agreement.

5.5. The monthly subscription takes place exclusively by payment card. The price of the monthly subscription is determined by the product of the unit price for the license listed in the price list and the number of active licenses of the Service on the part of the User in a given calendar month.

5.6. At the beginning of each monthly payment period, the current number of active licenses is recorded. If additional licenses are added during the active monthly period, their price will be set on an aliquot basis.

Example of subscription calculation process: 1.4. There are 20 licenses in the account for 5 EUR per month. 15.4 additional 10 licenses are added to the account. For these 10 licenses, Ā½ of EUR 5/license/month, i.e., EUR 2.5, will be charged in the current month. The subscription for April is 125 EUR (520+102.5). The payment of EUR 100 will be deducted from the payment card on 1.4. And the payment of EUR 25 will be deducted from the card on 16.4.

1.5. There are 30 licenses in the account for 5 EUR / license / month. The subscription for May is set at ā‚¬150 for 30 licenses.

5.7. A tax document (invoice) will be issued by the Operator to the User after payment of the prescribed payment. The payment is considered to have been made when the relevant amount is credited to the operator’s account.

5.8. Annual payment by invoice takes place in advance on the basis of an (advance) invoice. The price of the annual subscription is determined by the product of the unit price for the license specified in the price list and the number of licenses of the Service on the part of the User in a given year.

5.9. The operator issues a deposit to the user for the annual rental of the Service in advance for 12 months. If the User adds additional licenses during the given 12 months, these will be invoiced gradually until the end of the license (the last day of the last month of the Order) according to the number of months remaining until the end of the license. (Example: Licenses added from the 7th month will be invoiced for 6 months in advance).

5.10. The operator is entitled to suspend the provision of the service to the extent that the user is in arrears with the payment of any amount that the user is obliged to pay to the operator in connection with the use of the given service, although he was invited to pay and was given an additional payment period of at least seven (7) days.

5.11. The user can terminate the subscription at any time. In such a case, the last subscription period will be charged according to article 5. Access to the Service will be granted only until the last day of the paid subscription period.

6. Warranties

6.1. The Provider does not provide any warranty for the Service. The Service is provided “as it is” without warranty of any kind.

6.2. All risks associated with the use of this Service are borne by the user. The Provider is in no case liable for damage caused by the use of the Service, whatever it may be.

6.3. The Provider is not responsible for the compliance with the applicable legal requirements of the generated documents. It is the userā€™s responsibility to ensure the completeness and accuracy of the documents.

6.4. Use of the Service is at the user’s own risk. The Provider is not liable for any direct or indirect damage or injury, including loss of stored data, which is the result of the use or inability to use the Service.

6.5. The Provider is not responsible for the impossibility to access or limited access of the Service caused by failures of the Internet, as well as for other circumstances of a technical nature, which the Provider is unable to influence or whose solution requires the cooperation of third parties. (e.g., unavailability of the server used by the Provider to run the Service).

6.6. The Provider is not liable for errors caused by third-party interventions into the Service or as a result of use contrary to its purpose. When using the Services, the user must refrain from using mechanisms, software, scripts, or other procedures that could adversely affect its operation and must refrain from any activity that could allow the user or third parties to tamper with or misuse the software or other components forming the Service and to use the Service or any part thereof in a manner that is contrary to its intended purpose.

6.7. The Provider is not responsible for the content of the user. The user is fully responsible for ensuring that the content entered by the user is correct and does not infringe the rights of third parties.

6.8. If, in spite of the above, the obligation of the Provider to compensate for damage, is limited only to the amount of payment for the Service for the last 30 days of the subscription.

7. Processing of personal data

7.1. In order for the Provider to be able to provide the Service in a quality manner and in accordance with the Terms and Conditions, the Provider processes personal data. We may process personal data of the employers ā€“ natural persons or their contact persons in the scope of billing data and contact data. In addition, the Provider may process personal data related to visits to our website, sending newsletters, or participation in our events. We process this personal data for billing purposes, for communication with the client in connection with the performance of the service, for the enforcement and/or protection of legal claims, or for marketing purposes. We may only share personal data with our contractual partners who provide services in connection with the processing of this personal data. We will process the personal data for the duration of the service provision and for the duration of the general limitation period after the end of the service provision. In connection with the processing of personal data, we guarantee the right to access personal data, the right to erasure of personal data within the limits of the GDPR, the right to modify or correct outdated personal data, the right to restrict the processing of personal data within the limits of the GDPR, the right to the portability of personal data to third parties, or the right to object to the processing of personal data on the grounds of legitimate interest of the controller, i.e., in particular, processing for marketing purposes, including sending commercial communications. The right to file a complaint with the Data Protection Authority is not affected.

7.2. The Provider is according to the General Regulation on Personal Data Protection No. 2016/679 (“GDPR”) in the position of a processor of personal data stored in the Sloneek application.

7.3. According to the GDPR, the controller and the processor are obliged to conclude a contract on the processing of personal data. The conditions for the processing of personal data are set out in Annex 1 to these terms & conditions and form an integral part of it.

8. Final provisions

8.1. The subscription period will automatically renew for additional periods of the same duration unless either Party provides a notice of non-renewal to the other Party no less than thirty (30) days prior to the end of the current period of the Plan Term. The Order Form Term will automatically renew for additional periods of the same duration unless either Party provides a notice of non-renewal to the other Party no less than thirty (30) days prior to the end of the current period of the Order Form Term.

8.2. In the event that either party breaches any obligation under the applicable law or these Terms & conditions or is more than seven (7) days in default with any payment for the Service, the other party has the right to restrict the use of the Service and/or withdraw from the Agreement.

8.3. In the event of withdrawal from the Agreement, the User is not entitled to a refund of an aliquot part of the price paid for the use of the Service.

8.4. The Terms & conditions may be unilaterally amended by the Provider, always with effect in 14-days period from the date of publication of the notice on the change of the contractual agreement on www.sloneek.com.

8.5. Legal relations established before the date of entry into force of the amended Terms & conditions are governed by the amended Terms & conditions, however, the emergence of rights and obligations that occurred before the date of entry into force of amended Terms & conditions are governed by the existing Terms & conditions.

8.6. If any provision of the Terms & conditions becomes invalid or ineffective, this does not affect the validity or effectiveness of other provisions of the Terms & conditions.

8.7. The Agreement is governed by Slovak law, in particular by Act No. 513/1991 Zb.Coll., the Commercial Code, as amended.

8.8. All disputes arising out of and in connection with this Agreement shall be finally decided by the Arbitration Court at the Economic Chamber of the Slovak Republic and the Agrarian Chamber of the Czech Republic in accordance with its rules by three arbitrators.

Annex 1

Conditions for personal data processing

pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) (“GDPR”)

For the purposes of this document, personal data means any information relating to an identified or identifiable data subject. A data subject is considered to be determined or identifiable if he can be identified, directly or indirectly, in particular by number, code or one or more elements specific to his physical, physiological, mental, economic, cultural or social identity.

 

The data subject means the natural person to whom the personal data relates, i.e. users of the Sloneek Service.

Any person who creates a user or company account is considered a user of the Sloneek Service. The Sloneek user declares that he is aware of his role as the Personal Data Controller, as well as the rights and obligations arising from this role. The user grants an explicit informed consent with this Data Processing Agreement (DPA).

The Processor of personal data is the company Sloneek Europe s.r.o., TĆ”borskĆ” 8, 040 01 KoÅ”ice, ID number 53 319 737, a company registered in the Commercial Register kept at the District Court of KoÅ”ice I, section sro, insert 49934 / V (hereinafter only the Company). The Company may entrust the management and processing of personal data to a third party for the purpose of operating and administering the Sloneek Service.

 

1.Ā Ā Ā Ā  Definition of processed personal data

Based on the Contract, the Processor processes personal data for the Controller to the following extent:

 

Purpose of processing:Ā 

Purpose of processing

Ā 

Scope of personal data

Ā 

Special categories of personal data Categories of data subjects
HR agenda management Name and surname of a natural person; date of birth of natural person, sex, job position, internal employee number, work mobile and / or fixed telephone number;Ā work email; photo; the date of joining the company, the date of leaving the company, the type of employment and the type of employment relationship. no employees
Management of the agenda of holidays and other types of absence Dates of drawing on absence events (holidays, sick days, benefit days, etc. ā€“ other events according to the system settings by the employer) no employees
Registration and calculation of employee meal vouchers The amount of the right to a meal voucher in a given month no employees
Shift planning, work activity planning Dates of work activities based on the definition of activities by the employer (e.g. work in the office, work at the client / customer, etc.) no employees
Employee attendance records In the case of using the Sloneek mobile application for entering arrival and departure to work (this is an optional functionality), the application stores the GPS coordinates of the mobile device at the time of entering arrival or departure.

Records of the employeeā€™s hours worked within his working days.

no employees
Library of labour law documents This is a repository of documents in which employees and the employer can store their labour law documents. The user who saved the document is responsible for saving these documents to Sloneek. no employees
Signing documents Employees confirm documents with their electronic signature. no employees
Administration of the employeeā€™s profile In addition to the employeeā€™s identification data, the employee can also upload his / her images. no employees
Google Calendar Events The Service automatically handles events recorded in Google Calendar. no employees
User and application support Data stored in the Sloneek application no employees
Setting up a trial account Name and surname of a natural person, work email, mobile and / or fixed telephone number. no Employee setting up a trial account

1.1.Ā Ā Ā Ā  The processor will process personal data in electronic form in accordance with this Agreement

1.2.Ā Ā Ā Ā  The processor undertakes to process Personal Data with professional care.

 

2.Ā Ā Ā Ā  Independence of the processor and instructions of the Controller

2.1.Ā Ā Ā Ā  The Processor will process Personal Data separately in order to achieve the specified purpose of processing according to the Article 1.1. and, with the exercise of professional care, to independently decide on the execution of individual acts within the processing of personal data, which must be performed in accordance with the applicable legal regulations.

2.2.Ā Ā Ā Ā  The Processor processes the personal data only on documented instructions from the Controller and is bound by them.

2.3.Ā Ā Ā Ā  Instructions for the processing of personal data may be communicated on behalf of the Controller and accepted by the authorized person on behalf of the Processor, in written (electronic) form.

2.4.Ā Ā Ā Ā  Processors are not bound by the Controller’s instructions, which are:

  • 2.4.1.Ā Ā Ā Ā  Ā made by a person other than the authorized person and addressed to a person other than the authorized person,
  • 2.4.2.Ā Ā Ā Ā  made in a form other than written (electronic),
  • 2.4.3.Ā Ā Ā Ā  contrary to the applicable law.

2.5.Ā Ā Ā Ā  If any case arises where the Processor is not bound by the Controller’s instruction, the Processor is obliged to inform the Controller of such a fact without undue delay.

3.Ā Ā Ā Ā  Storage and security of personal data

3.1.Ā Ā Ā Ā  The Processor undertakes to store and process Personal Data securely and to use all reasonable security systems and procedures suitable for the processing of Personal Data.

3.2.Ā Ā Ā Ā  The Processor undertakes to prevent or take all possible steps to prevent unauthorized access, copying, modification, storage, reproduction, publication or distribution of Personal Data.

3.3.Ā Ā Ā Ā  The processor declares that it has adopted and complies with the technical and organizational measures for the protection of personal data defined in Annex No. 1 to this DPA.

3.4.Ā Ā Ā Ā  If the Processor uses the security elements in connection with the provision of the Services, it is obliged to maintain confidentiality about the security elements, it is not entitled to share them with third parties, transfer or otherwise misuse them.

3.5.Ā Ā Ā Ā  The Processor creates backup copies of databases (weekly database backup), we save the last 4 backups. Restoration of data from the backup is charged at CZK 30,000.

3.6.Ā Ā Ā Ā  In the event that either Party finds that:

  • 3.6.1.Ā Ā Ā Ā  there has been an unauthorized or illegal processing of Personal Data;
  • 3.6.2.Ā Ā Ā Ā  the Personal Data has been lost, damaged or destroyed or otherwise degraded;
  • 3.6.3.Ā Ā Ā Ā  there has been a case of security breach;
  • 3.6.4.Ā Ā Ā Ā  a third party has gained unauthorized access to any of the security features; it is obliged to notify the other Party without undue delay and to provide maximum co-operation for redress.

3.7.Ā Ā Ā Ā  In providing quality Sloneek Services, we are assisted by processors who work in accordance with European standards of personal data protection. The processing of personal data by these third parties is governed by their own terms of service.

 

4.Ā Ā Ā Ā  Description of processing purposes:

  • Hubspot for sending bulk messages, notifications and customer support services (https://legal.hubspot.com/privacy-policy)
  • Zendesk Inc. for bulk messaging, notifications and customer support (https://www.zendesk.com/company/agreements-and-terms/privacy-notice/)
  • Smartlook for analytics of userā€™s behavior within the Application (https://help.smartlook.com/en/articles/3244452-privacy-policy)
  • Stripe for payment method services ( https://stripe.com/en-cz/privacy)
  • Google Analytics and Google Tag Manager statistics Services (https://policies.google.com/privacy/partners?hl=en).
  • Cloud infrastructure Services operated by Amazon (Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg). The data centres are located in Frankfurt, Germany.
  • Service Sentry for better analysis of data Sentry.io (https://sentry.io).
  • Service OpenAI for smart analysis of data (https://openai.com/policies/privacy-policy/).

 

5.Ā Ā Ā Ā  Declarations by Parties

5.1. The Processor declares and warrants to the Controller that

  • 5.1.1.Ā  fulfils all legal obligations arising for him from the GDPR and other legal regulations;
  • 5.1.2.Ā  will process personal data for the Controller for the entire duration of the Agreement in accordance with Slovak law, in particular in accordance with the GDPR;
  • 5.1.3.Ā  will keep proper records of Personal Data processing activities within the meaning of Article 30 of the GDPR for the entire duration of the Agreement;
  • 5.1.4.Ā  will process only personal data in relation to defined data subjects in accordance with this Agreement to the extent and for the purpose specified by the Controller or in accordance with the purpose of this Agreement;
  • 5.1.5.Ā  will always process Personal Data on the basis of a valid legal ground, if it is a part of the
  • 5.1.6. Google Workspace APIs are not used to develop, improve, or train generalized AI and/or ML models.

6.Ā Ā Ā Ā  Personal Data Collection Services by the Processor;

6.1.Ā Ā Ā Ā  will process accurate Personal Data in accordance with this Agreement and will update it regularly. Personal data that are inaccurate with regard to the purposes for which they are processed shall be deleted or corrected by the Processor after the prior instruction of the Controller;

6.2.Ā Ā Ā Ā  will store Personal Data for the necessary time according to the Controller’s Instruction. The processor undertakes to regularly check the deadlines for the liquidation of personal data and to ensure the liquidation of personal data, if the conditions are met;

6.3.Ā Ā Ā Ā  is able to guarantee that during the processing of personal data for the Controller it will not behave in such a way as to reduce the level of personal data protection ensured by this regulation.

 

7.Ā Ā Ā Ā  The Controller declares and guarantees to the Processor that:

7.1.Ā Ā Ā Ā  at the time of the transfer of Personal Data, the Personal Data is current and there is a valid legal title for their processing;

7.2.Ā Ā Ā Ā  is not aware of any risk of violation of valid legal regulations in connection with the current processing of Personal Data.

7.3.Ā Ā Ā Ā  agrees to allow further processing of personal data by other processors who undertake to protect personal data to the minimum extent provided for in this contract. To the same extent as regards the purpose of processing and to the minimum extent as regards ensuring the security of the processing of personal data processed.

 

8.Ā Ā Ā Ā  Cooperation

8.1.Ā Ā Ā Ā  Co-operation in fulfilling the Controller’s obligation to respond to requests for the exercise of data subjects’ rights.

8.2.Ā Ā Ā Ā  The Processor undertakes to provide the Controller with the necessary cooperation, which can be fairly requested, especially in the case of:

  • 8.2.1.Ā Ā Ā Ā  implementation and maintenance of appropriate technical and organizational measures to secure personal data;
  • 8.2.2.Ā Ā Ā Ā  security breach reporting;
  • 8.2.3.Ā Ā Ā Ā  assessment of the impact of processing on the protection of personal data, if the Controller decides that an assessment of the impact of processing within the meaning of Article 35 of the GDPR is necessary;
  • 8.2.4.Ā Ā Ā Ā  fulfilment of the obligations of prior consultation with the Office for Personal Data Protection within the meaning of Article 36 of the GDPR in the event of legal conditions.

8.3.Ā Ā Ā Ā  At the request of the Controller, the Processor undertakes to provide, within a specified period of time, which may not be less than thirty (30) working days, the necessary information necessary to prove that the processing of personal data under the Contract is carried out in accordance with applicable law.

8.4.Ā Ā Ā Ā  The Processor undertakes to allow the Controller and his representatives, at his request, within a reasonable period of time, which may not be less than thirty (30) working days:

  • 8.4.1.Ā Ā Ā Ā  access to records on Personal Data processing activities;
  • 8.4.2.Ā Ā Ā Ā  check the technical and organizational security measures of the Personal Data;

9.Ā Ā Ā Ā  Duration of processing

9.1.Ā Ā Ā Ā  The Parties have agreed that the Processor will process personal data under this DPA for a definite period of time for the duration of the agreement on the use of the Sloneek internet Service. If the Controller does not continue to use the Service after the end of the trial period, the Processor will process the personal data of the person setting up the trial account within 30 days from the end of the trial period.

9.2.Ā Ā Ā Ā  Upon termination of this Agreement, the Processor reserves the right to permanently delete the entire Controller’s account, including all existing copies of personal data.

10.Ā  Confidentiality

10.1.Ā Ā  The Contracting Parties declare that all data, information and facts related to this DPA and its performance and provision of Services under this DPA, in particular personal data processed under the DPA, including the content of the DPA (except information that is or becomes publicly known other than breach of this DPA and information held by the relevant party prior to its receipt from the other party) is confidential information (“Confidential Information”). The Parties undertake not to provide the Confidential Information to a third party and not to use it for any purpose other than the performance of this DPA, except:

  • 10.1.1.Ā  their advisers bound by professional secrecy to the same extent as the Parties, or
  • 10.1.2.Ā  the competent national and other administrative authorities and courts, where the parties are required by generally binding rules to provide them with this information, or
  • 10.1.3.Ā  information that is or becomes publicly available other than in violation of this DPA.

10.2.Ā Ā  The Processor undertakes to bind its employees and other associates in a contractual relationship with the Processor who perform activities related to this DPA and its performance and provision of Services under this DPA.

10.3.Ā Ā  The obligation of confidentiality under this DPA continues even after the termination of this DPA. The Parties are not entitled to disseminate or use confidential information within the meaning of this DPA in any way after the termination of the DPA or to enable their dissemination or use.

 

11.Ā  Issues related to personal data protection

If you have any questions or comments regarding the processing of the Company’s personal data, please contact us.

 

Last update on 15/8/2024

 

 

 

 

List of technical and organizational measures taken to protect personal data

  1. The data created by the Customer and the Users during the use of the Service is stored on a cloud-based data storage facility in Frankfurt am Main, Federal Republic of Germany, provided by a third party, Amazon Web Services (“AWS”), which guarantees data leak resistance and exceptional service availability.
  2. The Supplier declares that it has entered into the relevant contracts and agreements with AWS under which it is entitled to use the services of AWS and guarantees the security of the Customer’s data required by this Agreement with 30 days backup of data
  3. The data in the database layer is stored in Amazon RDS and is encrypted with an asynchronous algorithm. All software parts of the infrastructure are hidden in the internal AWS VPC private network. The vendor adheres to all protection standards such as SSL certificate, authentication and authorization algorithm based on RBAC (Role Based Access Control) using JWT and Refresh token with 5 minute expiration.
  4. Access to our web application is secured against eavesdropping through advanced data encryption and security protocols. We use SSL and TLS to encrypt data transmitted between your device and our servers, ensuring confidentiality and integrity. Regular security audits and updates are conducted to protect against emerging threats. Your data privacy and security are our top priorities.
  5. Direct access to server administration is allowed only through the encrypted SSH interface, or through the Amazon console, which is protected by two-factor authentication.
  6. Confidential documents within the optional Document module are asymmetrically encrypted, no private key is stored on the server or in the application database. It is distributed only to the user roles “Owner” and “Document Manager” at the time of its one-time generation.
  7. GPS coordinates used within the “Attendance” module are stored in the database only at the moment of starting a user action, which records the arrival to work or departure from work. For the avoidance of doubt, we add that the mobile application does not store ongoing data on the user’s location in any case.
  8. User access rights are automatically verified using username and password, Single Sign-On (SSO) with Active Directory, Google Workspace, or Okta. Unauthorized or unvalidated access attempts are promptly denied.
  9. If the application license expires for more than two months, access to the user data is blocked.
  10. User accesses and all significant operations are recorded in the application in the audit log (Audit Log)
  11. Each user logs in to their own account. Sharing an account / access with another user is not allowed and is not supported.
  12. The minimum password length is set. The change of the initial password is forced at the first log in. The new password is issued only after verifying the user’s identity through access to the work e-mail box.
  13. Data in non-electronic form are stored and / or archived only in safes or lockable cabinets within lockable areas.
  14. When transporting data outside the Processor’s internal network, the use of encryption and authentication mechanisms is recommended.