A data processing agreement
When do I become a data controller?
If you have signed the Zenamu Platform Service Agreement within the General terms and conditions and are providing services on the platform, then you become a data controller under the law. This is because you can add your clients' names and emails, as well as add your team members (employees or contractors) and disclose their names.
As a result, Fyooga s.r.o., the Platform Operator, acts as a data processor by providing you with the Platform and cloud storage to store this data. Therefore, a data processing agreement is necessary between you and us.
Do we need a processing agreement?
Yes, a processing agreement is one of the most important documents required to comply with GDPR regulations. It may be subject to inspection, and failure to comply with GDPR regulations could result in liability for both parties.
Please carefully review the following Processing Agreement.
Where can I find my GDPR?
As the data controller, you (or your company) are responsible for obtaining consent for the processing of personal data and for making your GDPR accessible.
At Zenamu, we make it easy for you to manage your GDPR. Simply fill out your GDPR in Settings > Terms and Conditions , and it will appear next to your public schedule under the Terms and Conditions tab.
Your clients are informed when they register and agree to your terms and GDPR. If you add a client to the system manually, be sure to obtain their consent and mark it in the system.
- The processor referred to in this agreement is Fyooga s.r.o, registered under Company ID: 11885173, with its registered office at Janov nad Nisou 304, Janov nad Nisou, 46811, registered in the Commercial Register maintained by the Regional Court in Ústí nad Labem, section C, insert 47740. The processor will also be referred to as "Zenamu".
- The controller of personal data of users of the Zenamu Platform is the Service Provider who has entered into the Zenamu Platform Service Agreement and agreed to the Terms and Conditions. The Service Provider will be referred to as the "Controller".
- The GDPR Regulation refers to the full text of the General Data Protection Regulation and other data protection regulations.
Subject of the Contract
This Processing Agreement amends the General terms and conditions and the Zenamu Platform Services Agreement between Fyooga s.r.o. and the Service Provider.
The purpose of this agreement is to establish the Processor's obligation to process personal data of the Controller's clients, employees, or contractors, which the Processor accesses as part of fulfilling its obligations under the Zenamu Platform Services Agreement.
The Controller confirms that they are a data controller under the GDPR and that they collect, process, and manage personal data according to GDPR guidelines. The personal data specified in this Agreement is accurate, adequate, and necessary to fulfil the stated processing purpose.
Users can provide consent by checking a form element in the application or by communicating their consent through email or other means of communication with the Service Provider.
Processing of Personal Data
The Controller authorizes the Processor to process personal data of its clients and employees to the extent set out below, in connection with the performance of the Processor's obligations under the Zenamu Platform Services Agreement.
The Processor will collect and store personal data in electronic form for the purpose of performing services under the Zenamu Platform Services Agreement.
The Parties agree that the Controller is responsible for fulfilling the information obligation arising from the GDPR Regulation in relation to data subjects (clients and employees) whose personal data is processed.
The personal data processed in the Zenamu Platform for the Controller includes:
Name and surname
Any personal data recorded in the notes
Employee profile (contractual partner of the Controller)
Name and surname
* If provided
Period of Processing Personal Data
The Processor will process personal data for as long as necessary to fulfill the purpose of the Zenamu Platform Services Agreement. The processing period may be terminated according to the terms of the Zenamu Platform Services Agreement.
When the purpose of processing personal data as defined by this Personal Data Processing Agreement and the Zenamu Platform Service Agreement is no longer needed, the Processor will stop processing the personal data. In such a case, the Processor is responsible for disposing of the personal data in accordance with the instructions provided by the Controller and in compliance with GDPR.
Rights and Obligations of the Parties
The Controller and Processor must promptly notify each other of any information that may impact the timely and proper performance of their obligations under this Agreement.
The Parties must cooperate with each other to ensure that their obligations under the GDPR are fulfilled, to the extent necessary to secure the personal data processed in accordance with the Zenamu Platform Services Agreement and this Agreement.
The Processor must implement appropriate technical and organizational measures to ensure the security of Personal Data. These measures should take into account the state of the art, the cost of implementation, and the nature, scope, context, and purposes of the processing.
If there is a security breach of personal data under the GDPR, the Processor must notify the Controller via electronic communication to the email address specified in the settings. The Controller is responsible for ensuring the email address is accurate and up-to-date.
The Processor is responsible for its employees who come into contact with personal data and must maintain the confidentiality of personal data and security measures, including not disclosing any measures that could compromise the security of personal data under the GDPR.
The Processor must not make any copies or duplicates of the personal data entrusted to it without the knowledge and consent of the Controller. However, the Processor may make necessary backup copies to ensure proper processing of personal data, ensure the functionality of the system (such as database backups), or store the data.
The Processor has the Controller's permission to use other processors (subcontractors) to process personal data. A list of these subcontractors is available on the List of Subcontractors.
If the Processor needs to engage another processor in the processing, they must notify the Controller beforehand. The Controller must also inform the Data Controller of any planned changes involving additional processors or their replacement.
If there's a serious issue that threatens data security or the application's operation, the Processor has the right to change the additional processor without notifying the Administrator beforehand. The Processor must notify the Controller of any changes after the fact, but the Controller has the right to object.
Duration and Termination of the Contract
This Agreement will begin on the date of the Zenamu Platform Services Agreement between the parties and will continue indefinitely.
The Contract will end on the date of termination of the Zenamu Platform Services Contract.
If the Contract is terminated, the Processor must destroy the personal data provided to it under this Contract within the statutory period.
Contractual relations not covered by this Agreement will be governed by the laws of the Czech Republic and the GDPR.
- Website of the Data Protection Authority (Czech):
- Basic guide to data protection
- General Regulation (GDPR) in brief
- Full text of the GDPR
- EU documents
- 32016R0679 - EN - EUR-Lex
Version valid from March 1st, 2023.