Personal Data Processing Policy

Effective from January 28, 2025

1. Introduction

The company Wčil s.r.o., with its registered office at Lučina 117, 739 39 Lučina, Czech Republic, Company ID (IČ): 17454263, registered in the Commercial Register kept by the Regional Court in Ostrava, Section C, Insert 90215 (hereinafter referred to as the “Provider”), owns all rights and authorizations to the Infiry application, available at https://infiry.com, which is used for organizing photographs.

This Personal Data Processing Policy (hereinafter referred to as the “Policy”) provides information on how the Provider processes personal data of all users, customers, and other natural or legal persons who use the website https://infiry.com, the administration portal of the application, and the Infiry application itself (hereinafter referred to as the “System”).

The Provider ensures that the processing of personal data is lawful, fair, transparent, accurate, and confidential. Personal data are processed only to the necessary extent and are properly secured in accordance with the applicable legal regulations of the Czech Republic and the European Union, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

2. Personal Data Controller
  • Company: Wčil s.r.o.
  • Registered office: Lučina 117, 739 39 Lučina, Czech Republic
  • Company ID (IČ): 17454263
  • E-mail: info@infiry.com
  • Contact form: https://infiry.com/contact
3. What Personal Data We Process

The Provider primarily processes the following categories of personal data:

  • Identification and contact details: first name, last name, email address, billing address, company name, Company ID (IČ), VAT ID (DIČ).
  • Payment data: payment instrument details (e.g., credit card number) via the Stripe payment gateway.
  • Technical data: IP address, cookies, activity logs, information about the device and browser.
  • Data on service usage: information about the use of the Infiry application, uploaded photographs, account settings.
  • Other data: information provided through the contact form or other communication.
4. Purpose and Legal Basis of Processing

We process personal data for the following purposes:

4.1 Provision of Infiry Application Services

  • Purpose: Ensuring the functionality of the Infiry application and providing services in the Software as a Service (SaaS) mode, including management of user accounts and application instances.
  • Legal basis: Performance of a contract (Article 6(1)(b) of the GDPR).

4.2 Establishment and Management of User Accounts

  • Purpose: Registration and management of user accounts on https://infiry.com and in the Infiry application, including trial and paid versions.
  • Legal basis: Performance of a contract (Article 6(1)(b) of the GDPR).

4.3 Invoicing and Payment Transactions

  • Purpose: Processing payments, issuing invoices, and fulfilling tax and accounting obligations.
  • Legal basis: Compliance with a legal obligation (Article 6(1)(c) of the GDPR).

4.4 Communication with Customers

  • Purpose: Informing about changes to services, General Terms and Conditions (VOP), or this Policy.
  • Legal basis: Legitimate interest (Article 6(1)(f) of the GDPR).

4.5 Sending Commercial Communications (Newsletters)

  • Purpose: Marketing communication, sending news and service offers from the Provider.
  • Legal basis: Consent (Article 6(1)(a) of the GDPR).
  • Note: We only send newsletters based on your consent. You can withdraw your consent at any time in your account or by contacting us.

4.6 Improving Services and Technical Support

  • Purpose: Analysis of service usage, resolution of technical problems, improving the quality of services.
  • Legal basis: Legitimate interest (Article 6(1)(f) of the GDPR).

4.7 Compliance with Legal Obligations

  • Purpose: Fulfillment of obligations arising from legal regulations, e.g., providing data to public authorities.
  • Legal basis: Compliance with a legal obligation (Article 6(1)(c) of the GDPR).

4.8 Legitimate Interests of the Provider

  • Purpose: Protection of the rights and legally protected interests of the Provider, e.g., fraud prevention, debt collection.
  • Legal basis: Legitimate interest (Article 6(1)(f) of the GDPR).
5. Recipients of Personal Data

Your personal data may be disclosed to the following categories of recipients:

  • Processors: Entities processing personal data for the Provider based on a contract and according to the Provider’s instructions, for example:
    • IT services: Service providers for the operation and maintenance of the application and websites.
    • Cloud services:
      • Hetzner Online GmbH, with its registered office at Industriestr. 25 91710 Gunzenhausen, Germany: Servers for operating the application and storing databases.
      • Cloudflare, Inc., with its registered office at 101 Townsend St. San Francisco, CA 94107: Storage of photographs via Cloudflare R2 Object Storage.
      • Backblaze, Inc., with its registered office at 201 Baldwin Ave. San Mateo, CA, 94401: Database and log backups in encrypted and secure storage.
    • Accounting and tax services: To fulfill accounting and tax obligations.
  • Stripe Payment Gateway:
    • Purpose: Processing payment transactions and managing payment methods.
    • Data passed to Stripe: First name, last name, payment instruments (e.g., credit card number, etc.), billing information, email address, billing address, company name, Company ID (IČ), VAT ID (DIČ).
    • More information: https://stripe.com/en-cz/privacy
  • Public authorities: If required by law (e.g., courts, police, tax authorities).
6. Transfer of Personal Data to Third Countries

All personal data are processed and stored solely within the territory of the European Union. We do not transfer personal data to third countries outside the European Economic Area (EEA). Our servers and services used for running the application and storing data are located in the EU and are subject to EU and Czech legislation on personal data protection.

7. Retention Period for Personal Data

We retain personal data for the period strictly necessary for the purpose of their processing:

  • Provision of services: For the duration of the contractual relationship and subsequently for 2 years after its termination, for the purpose of protecting the Provider’s rights.
  • Inactive accounts: Accounts without activity and without ties to data are deleted after 2 years of inactivity. The account owner can request the Provider to delete the account sooner, provided that there are no longer any links to photos, instances, or other data within the Infiry application. Such a request can be made by contacting the Provider at info@infiry.com.
  • Payment data: We retain them for the period required by tax and accounting regulations (2 years from the last payment made).
  • Cookies: We retain them for the period necessary for the website and application functionality (see Section 10).
  • Customers without a subscription: If a customer does not have an active subscription or instance, they can deactivate the account themselves. We permanently delete the account after 2 years have passed.
8. Data Subjects’ Rights

You have the following rights in connection with the processing of your personal data:

  • Right of access: You can request confirmation as to whether we process your personal data and request a copy of such data.
  • Right to rectification: You can request correction of inaccurate or incomplete personal data.
  • Right to erasure: You can request the deletion of personal data if the conditions of the GDPR are met.
  • Right to restrict processing: You can request that the processing of your personal data be restricted.
  • Right to data portability: You can obtain your personal data in a structured, commonly used, and machine-readable format and transfer them to another controller. When exporting photographs, we proceed in accordance with our current General Terms and Conditions, Part X. Data Export.
  • Right to object: You can object at any time to processing based on legitimate interest.
  • Right to withdraw consent: If processing is based on consent, you can withdraw it at any time.

To exercise these rights, please contact us at info@infiry.com or in writing at the Provider’s registered address.

9. Withdrawing Consent
  • Electronically: Send an email to info@infiry.com.
  • In writing: To the Provider’s registered address (Wčil s.r.o., Lučina 117, 739 39 Lučina, Czech Republic).

Withdrawal of consent does not affect the lawfulness of processing prior to its withdrawal. In the event of consent withdrawal, the provision of certain services may be limited or terminated.

10. Cookies

10.1 What are cookies

Cookies are small text files that websites store on your device when you visit them. They serve to ensure the website’s functionality and enhance the user experience.

10.2 Which cookies we use

  • Essential technical cookies: These cookies are necessary for the proper functioning of the website and application, for example, for logging in and storing your cookie consent. Without these cookies, the website would not function correctly.

10.3 Managing cookies

You can adjust your cookie settings in your web browser. You can block or delete cookies, but please note that some parts of the website or application may not function properly without them.

More information:

  • www.allaboutcookies.org
  • www.aboutcookies.org
11. Security of Personal Data

We have implemented appropriate technical and organizational measures to ensure the security of your personal data and to protect them from unauthorized access, loss, misuse, or destruction.

12. Changes to the Policy

We may update this Policy at any time. In the event of significant changes, we will inform you by email or via the Infiry application. If the changes require your consent, we will request it from you. You are obliged to inform all users of your instance about these changes.

13. Contact
  • E-mail: info@infiry.com
  • Contact form: https://infiry.com/contact
  • Address: Wčil s.r.o., Lučina 117, 739 39 Lučina, Czech Republic
14. Complaints

If you believe that your personal data protection rights have been violated, you have the right to file a complaint with:

  • The Office for Personal Data Protection
    • Address: Pplk. Sochora 27, 170 00 Prague 7
    • Website: www.uoou.cz
15. Specific Provisions

15.1 Customer

  • Definition: A natural or legal person with an account at https://infiry.com who pays a subscription for using the Infiry application or uses the Free Plan according to the General Terms and Conditions (VOP).
  • Account deletion: In order to delete an account, you must not have an active subscription or an existing instance. You can deactivate your account after logging in at https://infiry.com/login. After deactivation, we permanently delete the account after 2 years for the purpose of retaining consents and fulfilling legal obligations.
  • Data retention: We may retain certain data for 2 years due to invoice retention and tax obligations.

15.2 Users in the Infiry Application

  • Creating an account: An account may be created by setting up a subscription or by being added by the owner or administrator of an instance. When activating an account, it is necessary to enter the first name, last name, and to agree to the General Terms and Conditions (VOP) and this Policy.
  • Deactivating access: The administrator or owner of the instance may deactivate access to the instance.

15.3 Deleting Data

  • Inactive accounts: Accounts without database connections and without activity are deleted after 2 years.
  • Deleting photographs: Photographs can be deleted by moving them to the trash; they are permanently deleted after 30 days or immediately after permanent deletion within 72 hours.

15.4 Shared Links

  • Recipients’ consent: A user who creates a shared link must have the recipients’ consent for the processing of their email addresses if such addresses are entered.
  • Data retention: We retain this information for functionality and for the retrospective traceability of shared links.
  • Link deletion: Links can be deleted at any time by the author, the administrator, or the owner of the instance.

15.5 Deleting an Instance

  • Procedure: When an instance is deleted, all data including photographs are deleted, except for user accounts, which are deleted according to the above rules.
  • Reasons for deletion: An instance may be deleted after non-payment of the subscription, expiration of the trial period, violation of the General Terms and Conditions (VOP), or cancellation of the plan.

15.6 Contact Form

  • Consent: By sending a contact form, you agree to the processing of the data you provide in order to respond to your inquiry.
  • Prohibitions: It is prohibited to send spam or illegal content via the contact form.
16. Final Provisions
  • Validity and Effect: This Policy is valid and effective from January 28, 2025.
  • Legal Order: Legal relations between the Provider and data subjects are governed by the legal order of the Czech Republic.
  • Dispute Resolution: In the event of disputes, the parties agree to resolve them primarily by amicable means. If that is not possible, the competent courts of the Czech Republic have jurisdiction.