Important: If you represent a legal entity, the term “you”, “Processor” or “Customer” in these Terms and Conditions refers to that legal entity. By entering into a contract with Jetveo, you confirm that you are authorised to act for that legal entity, that you have carefully read these Terms and Cinditions and that you agree to them.
Jetveo is a web platform and service owned and operated by Jetveo s.r.o. (hereinafter only as “Jetveo”). The Jetveo Platform is a low-code programming tool available on the website Jetveo designed for developing web applications, which includes, in addition to a user environment containing components, modules, functions, templates and elements generating part of the programme code for the User, a service which enables running the applications, their settings and access settings for End Users of the applications, available in the Jetveo environment or in the User’s environment (hereinafter only as the “Platform”).
These Jetveo Personal Data Processing Terms and Conditions (hereinafter only the “Terms and Conditions”) govern the rights and obligations for processing personal data arising from the contract between concluded the Customer and Jetveo, where the Customer is the Controller and Jetveo is the Processor of the personal data. These Terms and Conditions shall form an integral part of the contract between the Customer and Jetveo.
The terms used in these Terms and Conditions shall have the same meaning as those used in the General Terms and Conditions of the Jetveo Platform.
Personal Data shall mean personal data within the meaning of Article 4 of the GDPR, processed by Jetveo on your behalf, which occurs during the operation of the Platform
The Contract shall mean a contract concluded between the Customer and Jetveo, the subject matter of which consists in providing the Platform’s services.
The terms Data Subject, PersonalData Breach, Processing and Supervisory Authority shall have the same meaning as in the GDPR.
Status and Guidelines for Processing Personal Data
Jetveo undertakes to process personal data for you solely on the basis of your documented instructions, unless Jetveo is already required to do so by European Union or Member State law to applicable to Jetveo.
In particular, a Contract concluded in writing between the Contracting Parties on the basis of which processing Personal Data takes place shall be deemed to be documented instructions.
If you are in fact the Processor of all or some of the Personal Data within the meaning of the GDPR, you warrant to Jetveo that your instructions and actions in relation to the Personal Data, including the authorisation of Jetveo as an additional Processor of such Personal Data, have been agreed in writing by the relevant Controller.
By concluding a Contract you declare and confirm that you have thoroughly read these Terms and Conditions and their contents, that you understand them and that you agree to them.
Length of Personal Data Processing
Processing Personal Data under the Terms and Conditions will be carried out until all Personal Data is deleted in accordance with this article.
Jetveo will permanently delete all Personal Data and existing copies thereof upon the expiry of 1 month from the date of termination of the Contract, regardless of the manner or reason for termination, except for the Personal Data or copies thereof required to be stored by European Union or Member State law applicable to Jetveo.
If you serve onto Jetveo a written request for the transfer of the Metadata and End User Data in accordance with Clause 6.8 of the General Terms and Conditions within 20 days upon the termination of the Contract, we will transfer the Metadata and End User Data to you in accordance with this provision of the General Terms and Conditions, including any Personal Data which such Metadata and End User Data may have included. This data will be provided to you in a machine-readable form. In the event that the time limit under this paragraph expires in vain, we will permanently delete the Personal Data in accordance with the preceding paragraph.
Nature and Purpose of Personal Data Processing
Jetveo will process Personal Data in manners consistent with the Contract and the Terms and Conditions, solely for the purpose of providing the Platform services, unless otherwise agreed between the parties.
The nature of processing shall include all operations necessary to achieve the purpose of the Contract concluded between Jetveo and the Processor.
Personal Data Types and Data Subject Categories
Jetveo will process the Personal Data on your behalf:
Provided by the Customer when opening the Customer Account or using the Platform;
Entered by the User into the Platform for the purpose of developing an Application; and
Entered by End Users into the Application.
The provisions of the preceding paragraph shall not prevent Jetveo from processing other Personal Data of the Data Subject as their Controller, in accordance with all legal provisions. The Personal Data processed may include, yet not limited to, the name, company name, company ID number, VAT number, contact and identification addresses, email, payment data, user names, or any other personal data that Data Subjects voluntarily provide to Jetveo for processing as requested.
The Personal Data shall apply to the following categories of Data Subjects:
Employees, associates or partners of the Customer;
Platform Users; and
End Users of Applications.
Jetveo will not process for the Controller any special categories of Personal Data within the meaning of Article 9 GDPR or Personal Data relating to criminal convictions and criminal offences within the meaning of Article 10 GDPR.
In the case of processing Personal Data referred to in Clause 5.5 of these Terms and Conditions or processing other types of Personal Data than specified in Clause 5.1 of these Terms and Conditions, your are required to notify in writing Jetveo without undue delay and at the same time, provide any cooperation so that any such data may be properly processed in accordance with the general legal regulations. At the same time, you undertake to bear increased costs associated with processing any such data.
Rights and Obligations of the Parties
You are required to and you are fully liable for:
Notifying the Data Subject about the processing of Personal Data, obtaining the Data Subject’s consent to the processing of Personal Data, if required, and for dealing with requests from the Data Subject relating to the exercise of their rights under Articles 15-21 GDPR;
Complying with all notification obligations to the Supervisory Authority in relation to the processing of personal data, in particular for reporting Personal Data Breaches and notifying Data Subjects of Personal Data Breaches.
You will bear the sole liability for familiarising yourself with the Terms and Conditions and evaluating the adopted security measures and commitments made by Jetveo with respect to your needs, in particular in relation to security obligations under generally applicable legal regulations.
You undertake that you have thoroughly reviewed and evaluated the security measures implemented and maintained by Jetveo before entering into the Contract and accepting the Terms and Conditions, taking into account the state of the art, the cost of implementation, the nature, scope, context and purposes of the processing, as well as the risks with varying likelihood and seriousness concerning the rights and freedoms of natural persons. By entering into the Contract, you confirm that the security measures implemented and maintained by Jetveo, as set out in the Terms and Conditions, provide an adequate level of protection for Personal Data with respect to the risks involved.
If Jetveo receives any request from a Data Subject in the course of processing Personal Data, Jetveo will notify the Data Subject to contact you directly with the request. You, as the Controller, shall bear the liability for dealing with any such request.
In order to protect your Personal Data, Jetveo undertakes that for the duration of the processing of Personal Data under the Terms and Conditions:
It will adopt and maintain the agreed technical and organisational measures as specified Annex A to these Terms and Conditions (security measures) in order to ensure the required level of security of Personal Data;
It will take appropriate steps to ensure compliance with the security measures by its employees, other collaborators or contractors to the extent appropriate to their activities, including ensuring that persons authorised to process Personal Data are bound by an obligation of confidentiality or are subject to a legal duty of confidentiality;
To the extent proportionate to the nature of the processing and the information at its disposal, the Processor shall assist the Controller in ensuring appropriate technical and organisational measures for the security of Personal Data, in reporting Personal Data Breaches to the Supervisory Authority, in notifying Personal Data Breaches to the Data Subject, in assessing the impact on the protection of Personal Data and in prior consultation with the Supervisory Authority;
It will provide the necessary information which may be reasonably required from Jetveo to comply with your obligations to respond to requests to exercise the Data Subject’s rights under generally applicable legal regulations related to Personal Data protection;
It will provide all information necessary to demonstrate that the Processor’s obligations under Article 28 GDPR have been complied with and to facilitate and contribute to audits, including inspections, carried out by the Controller or another auditor mandated by the Controller; and
It will keep records of all categories of processing activities carried out on your behalf and be prepared to produce these records on request by the Supervisory Authority.
Jetveo shall be liable for the breach of the Terms and Conditions by all persons it has entrusted with the processing of Personal Data (for example, employees, other persons in a similar in relation to the Processor or the Processor’s supplier), and all other Processors it has engaged to process Personal Data.
Jetveo may engage other Processors in the processing of Personal Data, unless you object to their involvement.
Jetveo will notify you of any intended changes regarding the engagement or replacement of additional Processors sufficiently in advance of the intended change. During this period, you may raise your objections to the change. If you do not raise your objections, you will be deemed to have accepted the change. Any changes will be notified to the contact email address provided in your user account.
Jetveo undertakes to keep an up-to-date list of other Processors at all times.
In the event that Jetveo engages another Processor to process Personal Data in accordance with these Terms and Conditions, Jetveo shall ensure that the other Processor complies with these Terms and Conditions when processing Personal Data (including the obligation to allow the other Processor to audit and inspect the other Processor’s compliance with this Contract).
You may raise your objections to the engagement of another particular Processor in the processing of Personal Data at any time, even after the expiry of the term referred to in Clause 7.2 of these Terms and Conditions. In this case, the Parties will agree on the manner of resolving the situation (for instance, by replacing the other Processor, accepting appropriate safeguards or withdrawing the objections).
Rules for Performing Audits and Inspections
Once Jetveo receives a request from the Controller for an audit or inspection, the Parties shall agree in advance on (a) the possible term of performing the audit, security measures and the manner of ensuring compliance with confidentiality obligations during the audit; or (b) the anticipated start, scope and duration of the inspection, security measures and the manner of ensuring compliance with confidentiality obligations during the inspection.
If the Parties fail to agree on all the necessary details of the audit or inspection in accordance with Clause 1 of this Annex within 2 weeks of Jetveo’s receipt of the Controller’s request, Jetveo shall determine the date, course and other details of the audit or inspection, taking into account the equitable interests of the Controller.
For the purposes of an audit or inspection, Jetveo will make available to the Controller or the Controller’s authorised auditor all premises, facilities, storage and systems where Personal Data is processed for the Controller.
Jetveo may object in writing to any auditor who has been appointed by the Controller if, in the opinion of the Processor, the auditor is not sufficiently qualified, is not independent, is in a competitive position with the Processor, is otherwise manifestly unsuitable, or without specifying a reason. On the basis of these objections, the Administrator shall first select another auditor. In the event that objections are subsequently raised with the other auditor, the Controller shall consider the objections and, if it finds them to be justified, carry out the audit itself.
The fee of the auditor appointed by the Controller shall be borne by the Controller. However, if an audit or inspection reveals a material breach of the Terms and Conditions by Jetveo, Jetveo shall pay the auditor’s fee. If violations by both Parties are found, the Controller shall pay the entire auditor’s fee.
The costs and damage associated with the audit or inspection shall be borne by each Party. However, if the audit or inspection (1) is conducted for the second time or more frequently in a calendar year and (2) fails to reveal a material breach of the Terms and Conditions by Jetveo, the Controller shall compensate Jetveo for the damage caused by the audit or inspection (including, without limitation, the costs associated with curtailment of service and compensation for lost time).
These rules shall also apply to audits and inspections performed with other Processors involved in Jetveo’s processing in accordance with the Contract and the Terms and Conditions.
Valid from: 1.10.2021
Effective from: 1.10.2021