CVS MOBILE, informacijske rešitve d.d., seated at Ulica Gradnikove brigade 11, 1000 Ljubljana, Slovenia (hereinafter referred to as “CVS MOBILE”, “we”, “us”) is a leading provider of innovative telematics and fleet management solutions and services in Central and Eastern Europe and is also the owner of the mobileWEB cloud-based platform, mobileCHAT application, mobileMAP application, mobileNET application and other CVS MOBILE applications.
At CVS MOBILE we respect your right to privacy and take personal data protection extremely seriously, as we would like to provide you with the highest level of protection of the personal data that you have trusted us.
This Personal Data Protection Policy (hereinafter referred to as: “Policy”) is based on relevant legislation on the protection of personal data, in particular the Personal Data Protection Act and the EU General Data Protection Regulation.
In this Policy, we define ways of collecting your personal data, the purposes for which we collect it, the security measures we use to protect it, the persons with whom we share it, and your rights regarding the protection of personal data.
This general policy is limited to the processing of personal data associated with the use of our cloud-based platform mobileWEB available at https://mobileweb.cvs-mobile.com/.
We tried to write our entire Personal Data Protection Policy as understandable as possible. If you still have any questions concerning personal data, do not hesitate to contact us.
In order to enable you to quickly and efficiently find information you need, we have created an interactive index, designed to provide you with information about a topic that you are interested in in one click:
Controller of the personal data (as specified in this privacy policy) being processed within our cloud-based platform mobileWEB is CVS MOBILE, informacijske rešitve d.d., seated at Ulica Gradnikove brigade 11, 1000 Ljubljana, Slovenija.
As a data controller, CVS MOBILE shall be responsible for processing and storing of your personal data.
In order to further upgrade the level of personal data protection, CVS MOBILE has appointed an authorized person for the protection of personal data, which ensures that the handling of personal data is at all times consistent with the relevant legislation.
In CVS MOBILE, we appointed the following person as an authorized person for the protection of personal data: Mr. Bojan Jelen. The authorized person for the protection of personal data can be reached through the following e-mail: support@cvs-mobile.com.
If you have any questions regarding the use of this Policy or with regards to the exercise of your rights arising from this Policy, please contact us through the email defined above.
This Policy is for:
We remind you that this Policy does not directly apply to the use of applications issued by CVS MOBILE, which are only available to registered users (defined in Chapter 4 of this policy). The protection of personal data relating to the download and use of these applications is subject to the Privacy Policy for these applications, which are available at http://docs.cvs-mobile.com/privacy-policy/.
When reading this policy Users and Clients must distinguish between the Controller (CVS MOBILE) as defined in this Policy and the Controller of personal data regarding information they put in our platform when and for the use of the Client. In relation to data, that Clients and users enter into our platform while using services that we offer, CVS MOBILE is treated as data processor. Data processing is based on Data processing agreement. For any questions regarding information that Users and Clients enter into our platform, users should contact directly the Client (which is the Controller of this data as defined in Chapter 4: “Content of Clients”).
Here you can find an explanation of the basic concepts that we use in our Policy.
Each particular concept defined below has the meaning within this Policy as defined in this section.
Personal data means any information that refers to a specific or identifiable individual (for example, the name, surname, e-mail address, telephone number and identifiers that are specific to the individual's physical, physiological, genetic, economic, mental, cultural or social identity, etc.).
Controller means a legal entity that determines the purposes and means of processing of your personal data.
Processor means a legal or natural person who processes personal data on behalf of the controller.
Processing means collecting, storing, accessing and all other forms of use of personal data.
EEA means the European Economic Area, which identifies all the Member States of the European Union, Iceland, Norway and Liechtenstein.
Client means a legal or natural person who signs a Contract (hereinafter referred to as “Contract”) for the use of the mobileWEB platform that is issued by CVS MOBILE. After an initial registration procedure, the Client receives master credentials to access in the mobileWEB platform. Master access in the mobileWEB platform enables the creation of new mobileWEB users and assign them specific access rights in mobileWEB platform.
User means any individual who has received an invitation via e-mail to access mobileWEB platform and has finished the registration procedure. Any User, who has the credentials to access mobileWEB platform, can use those credentials to access and use mobileMAP, mobileCHAT or others CVS MOBILE applications.
Entry point is any application function that an individual uses and where personal data is collected.
Content of Clients means any information, file or data published by clients in mobileWEB database, which is not under the control of CVS MOBILE. In relation to these data the Client designates CVS MOBILE as its personal data processor.
At CVS MOBILE, we process your personal data solely on the basis of clearly stated and legitimate purposes, securely and transparently.
We collect your personal data when you provide it to us (for example, using our platform, inquiring by e-mail, telephone or writing to our address or by any other means in which you provide us with your personal data).
Your personal data can also be obtained through your interaction with the platform; such information can be obtained by using cookies and a cookie-like technology that allows us to customize and personalize our platform to your needs.
Your personal data can be obtained directly from you when you provide us with this information (for example, by registering and logging into a mobileWEB etc.). We can also obtain your personal data through the use of our services (e.g. e-news).
This data is obtained by using a cookie-like technology that identifies your device accessing a platform. With this technology, we can obtain the following information (the IP address of your device, data location, as well as the information about your use of our services, such as the content you have viewed on our platform, the time you have spent browsing the page, and the data regarding the response to our emails).
Certain cookie-like technology is indispensable for the operation of our platform (permanent cookies), but we also use other types of cookie similar technology to ensure the following features of our platform and other services:
To use certain technologies, we will ask for your consent, and you will be notified about it in advance in a separate notice.
At CVS MOBILE, we carefully protect the principle of the minimum amount of data provided by law, and therefore we collect only data that is appropriate, relevant and limited to what is necessary for the purposes for which they are processed. The purposes for which we collect personal data are defined in Chapter 5.3.
In accordance with the legislation governing the protection of personal data, we may process your personal data on the following legal bases:
Is the provision of personal data mandatory?
The provision of personal data is mandatory in certain cases. In most cases, you provide us with personal data on a voluntary basis. It is obligatory to provide only the personal data that we collect on the basis of the requirements of the legislation.
The provision of personal data that we need to fulfill the Contract is voluntary. However, in the event that you do not provide us with all the personal data that we need to execute the Contract we will not be able to provide full services (for example we cannot create Client’s accounts without information on e-mail address).
CVS MOBILE will only process your data for specified, explicit and legitimate purposes. We undertake not to process your personal data in a manner incompatible with the purposes defined in this Policy.
The purposes for which we can use your personal data are defined below. CVS MOBILE may use your personal data for one or more of the purposes identified below.
The purposes for which we will use your personal data are the following:
In the event that there is a need for further processing of personal data (for a different purpose than for the purpose for which personal data were originally obtained), we will inform you in advance and, when necessary, request for consent.
We keep your personal data in accordance with the relevant legislation. We will keep your personal data:
When personal data is obtained on the basis of your consent, we keep it permanently or until you revoke this consent. We will delete the information collected on the basis of your consent before your revocation, in case the purpose for which the data was collected has been achieved.
When the retention period for certain personal data expires, we will delete these personal data or anonymize them so that the reconstruction of personal data will no longer be possible.
The retention periods for each category of personal data are defined in Annex 1.
For any additional information, please contact us at any of the contact details defined in Chapter 2 of this Policy.
At CVS MOBILE we protect your personal data against illegal or unauthorized processing and/ or access, and against unintentional loss, destruction or damage. We undertake all measures according to our technological capabilities (including the cost of implementing certain measures) and the impact assessment on your privacy.
In order to ensure that your personal data is safe, we have undertaken the appropriate technical and organizational measures at CVS MOBILE, in particular:
In the event of a violation of the protection of personal data, we will notify without delay about any such violation the competent supervisory authority, represented in Slovenia by the Information Commissioner. You can read more about the competent authority on their website https://www.ip-rs.si/.
If there is a suspicion of a criminal offense regarding the violation of personal data, CVS MOBILE will also report such violations to the police and the competent state prosecutor's office.
In the event of a violation of data protection that may cause a high risk to the rights and freedoms of individuals, we will inform you of such an event without undue delay.
Your personal data may be, exclusively in order to achieve the purpose for which it was collected, transmitted, or we may just allow access to them to certain third parties defined below. Such third parties may only process your personal data for the purposes for which they were collected.
Accordingly, any third party to whom we transmit personal data is bound to comply with the applicable law as well as to the provisions of this personal data protection policy. With external processors, however, the protection of personal data is further defined by the contract.
Your personal data may be transmitted to:
We may transmit your personal data to third parties (defined above) outside the European Economic Area (EEA), where personal data processing occurs. In any transmission outside the European Economic Area, we will undertake specific additional measures to ensure the security of your personal data.
Such measures consist mainly of agreements with third parties on the establishment of binding rules in the field of personal data protection, verification that an approved certification mechanism is in place, which meets our standards for the protection of personal data and the conclusion of relevant contractual obligations that regulate the protection of personal data.
You have the following rights regarding the personal data processing:
Contacts for the exercise of rights:
If you have any questions regarding the use of this Policy or with regards to the exercise of your rights arising from this Policy, please contact us at any of the following contacts:
You have the right to file a complaint against us with the Information Commissioner, who is the competent authority for the protection of personal data.
The integrity of personal data processed and regular updating is a priority for CVS MOBILE. Please kindly inform us of any change of your personal data to the above contacts. We will take care of the correction or supplementing your personal data in the shortest possible time.
In case of exercising any of the rights, we may require additional personal data (such as name, surname, e-mail address) for identification purposes. We will only need additional information when the information you provide is not sufficient for reliable identification (in this way, we want to prevent your personal data from being transmitted to a third party due to unreliable identification).
At CVS MOBILE, we can change this Policy at any time. We shall notify you of the change of the Policy on our web site. We shall consider that you agree with the new version of this Policy if, after the new version enters into force, you continue to use our platform and other services defined by this Policy.
The current version of this Policy will be available on our website:
http://docs.cvs-mobile.com/privacy-policy/.
Annex 1: Definition of retention periods
| Processing purpose | Legal basis | Retention period |
|---|---|---|
| Enabling registration and logging for Clients into our platform mobileWEB | Contract | 10 years |
| Enabling registration and logging for Users into our platform mobileWEB | Contract | 10 years |
| Communicating with you to provide quality responses to your inquiries | Legitimate interest | 10 years |
| Processing of paymentss | Contract | In accordance with law |
| Informing about our services and offer | Law | Until revoked |
| Distribution of digital materials | Contract | 10 years |
| Transmission of personal data to third parties | Contract | 10 years |
| To enforce any legal claims and to settle disputes | Law | For the time of the procedure and 10 years from the finality of a legal decision |
| For the purposes of statistical analysis | Legitimate interest | 10 years |