PRIVACY POLICY AND INFORMATION ON DATA PROCESSING

Gerardo Robledillo Gomez, with registered office at Šumavská 1081/10, 120 00, Praha 2 – Vinohrady, Organization Id No.: 747 10 761 as the provider (hereinafter as the "Provider") of the service (hereinafter as the "Service") under the contract on the use of the Service or the services related to comparing costs of living in different cities and countries, providing salary calculations and providing services for HR professionals (hereinafter as the "Contract") associated with website www.expatistan.com (hereinafter as the "Website") hereby informs you about the manner and scope of processing the personal data of the users of the Service (hereinafter as the "User"), including the scope of the User's rights in relation to such processing. This privacy policy is also applicable to the situation before concluding the Contract, e.g. when the User only uses the Website with an intent to conclude the Contract (including the cookies policy).

For any questions about privacy and the exercise of your rights, please use the e-mail address:

  • gerardo@expatistan.com

1. For what purpose, under what title and what personal data we process?

1.1. Conclusion and performance of the Contract

We conclude Contracts in particular with people who are looking for cost-of-living comparisons with different cities and for salary calculations and with HR professionals who are looking for information about cost-of-living. We process personal data for the purpose of concluding and implementing the Contract. To be able to do this, we need:

  • identification and contact details of the person acting on behalf of a User who is a legal person (name, surname, e-mail, phone, type of employment or other relationship with the User),
  • identification and contact details of the User - natural person (name, surname, city you want to move to, IP address, e-mail address and login credentials, e.g. an email and a password),
  • data from communication with the User (e.g. requests by the Users for password recovery, information on the conclusion of the Contract),
  • financial information (such as credit card information or information about PayPal or any other account, net income information, address for invoicing).

The processing of such personal data follows directly from the Contract and is necessary for the fulfilment of our contractual obligations.

The legal title for the processing of these data is the conclusion and performance of the Contract at the request of the User as a contracting party.

1.2. Compliance with legal obligations

We must process personal data where it is required to do so by law. For this purpose, we process personal data in particular to the extent required by the relevant legal regulations in connection with our obligation to keep accounting records and in the performance of related tax obligations.

1.3. Legitimate interests of the Provider

In justified cases, we may also process personal data on the basis of a legal title, which is the protection of our legitimate interests. However, we always carefully assess and ensure that the interest in processing your data for this purpose does not unreasonably interfere with your privacy.

Identification of persons acting on behalf of contracting party of the Contact: These are typically members of statutory bodies, employees or other authorised persons who, although not a party to the Contract, enter into the Contract on behalf of the User, communicate with us and otherwise act for the User. We need the personal data of such persons in order to communicate and deal with the User through them for the purpose of entering into and continuing to perform the Contract. For these persons, we generally process name, surname, e-mail, telephone number, delivery address, details of employment or other relationship with the contracting party and data from communications with them.

Proof of acceptance of the terms and conditions: The Contract is concluded by electronic means and thus we store the data necessary to identify the User as a contracting party in order to have a time stamp as proof of the conclusion of the Contract and of the agreement to our terms and conditions in a specific wording in case of later doubts or disputes.

Defence and exercise of legal claims: We also process personal data for the purpose of protecting our legitimate interest, which is to ensure the possibility of defending us in any legal disputes, court proceedings or inspections by state authorities or other public authorities. We process this data in order to be able to prove, if necessary, that we have acted in accordance with our contractual obligations and the law.

Analysis and improvement of the Service: In order to protect our legitimate interests, we also process the data of Users (and visitors) of the Website and Service for the purpose of protecting our legitimate interest - analysing the use of the Service and further improving it. For these purposes, we collect and further process data on the activity of registered Users within the Website (logging the activity of Users). For this purpose, we may also process, within the scope of our legitimate interest, data of registered and unregistered visitors of the Website portal obtained by means of so-called cookies or other similar technologies that store data on or retrieve data from the visitor's device; the terms of use of cookies and similar technologies by the Provider are governed by specific terms and conditions, the text of which is available here.

1.4. Sending commercial messages

In the case of Users with whom we have entered into a Contract and in connection with which we have obtained their e-mail and/or telephone number, or in the case of other persons who have actively and voluntarily subscribed to our commercial messages (e.g. on the Website), we process the personal data of these persons in the scope of e-mail for the purpose of sending information about our services and products (commercial messages).

The processing of personal data for the purpose of sending commercial messages is, in the case of persons who have actively subscribed to the commercial messages themselves (regardless of whether they are Users or not), based on their consent, which was given just by subscribing to commercial messages.

The processing of personal data for the purpose of sending commercial messages is based on our legitimate interest. The User has the possibility to refuse further commercial messages at any time, free of charge, by following the procedure indicated in each commercial message sent, or within the User’s account, or by contacting us at any time at the contact e-mail indicated above in this document.

2. From whom do we receive personal data and who we pass them on to?

We obtain personal data primarily from data subjects, which is you. We do not collect any data other than those you give us. You are required to provide only accurate data and if your personal data is changed, you must update the data.

We use the following processors to process your personal data:

  • company Google Ireland Ltd, Gordon House Barrow Street Dublin 4, D04E5W5 Ireland as a processor via the service G Suite for document creation, e-mail services, calendar management, etc.; data may be transferred to the USA;
  • company PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg as a processor via the service Braintree and PayPal for payment services; data may be transferred to the USA;
  • company Linode LLC 249 Arch St. Philadelphia, PA 19106, USA, as a processor via Hosting and Web Infrastructure; data may be transferred to the USA;
  • company Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA, for data backups purposes; data may be transferred to the USA;
  • Honeybadger Industries LLC 11410 NE 124th Street #246 Kirkland, WA 98034, USA, monitoring and alerting service that allow us to handle errors and outages in the Service; data may be transferred to the USA;
  • company Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA, as a processor via the service Mandrill for messaging and emailing services to deliver e-mail messages to you; data may be transferred to the USA.
  • company Expat Taxes s.r.o., ID: 016 14 908, Zahradníčkova 1220/20a, Košíře, 150 00 Prague 5, Czech republic, as a processor for taxes and accounting purposes;

The Provider transfers personal data to third countries (e.g. USA, in the scope of the above-mentioned services) only if the processing of personal data is carried out in accordance with European security standards and law. If personal data is to be transferred to a third country, the Provider shall, at its own expense and responsibility, take all steps to ensure that the transfer of personal data to the third country complies the necessary standards.

3. How do we process the personal data?

We use the data supplied from you to present you the cost-of-living comparison and salary calculation via the Service. This processing is done on an automated basis. We do not perform any profiling or automated decision making.

The personal data of the User may be processed also manually and may involve our employees or other persons working for us, including for the purpose of removing errors, inaccuracies, etc. However, such persons may process personal data only under the conditions and in the scope above and are bound by the obligation to maintain confidentiality of personal data and security measures whose disclosure would threaten the security of personal data.

We always process personal data in accordance with applicable laws and we provide them with due care and protection. We take care that you never suffer any harm to your rights, in particular the right to the preservation of human dignity. We also protect you from unauthorized interference with your private and personal life.

4. How long do we process the personal data?

4.1. Contract with User

We keep the personal data which you provided during concluding the Contract and during its performance for the duration of the Contract.

Even after the termination of the Contract, however, we are authorized to continue processing personal data, of which processing is necessary for the following purposes:

4.2. Compliance with legal obligations

We process personal data processed due to our legal obligations within the time limits set by these laws.

Personal data required by law must be processed for accounting and tax purposes (or for archival purposes). The processing period is 5 (five) years from the end of the accounting period, in the case of documents relevant to VAT payments it is (ten) 10 years from the end of the taxable period in which the transaction took place.

4.3. Legitimate interests

We also process personal data to protect our legitimate interests, i.e. to defend ourselves against any claims of our customers, even before a court (for example, during the respective limitation periods that may be in the Czech Republic up to 15 (fifteen) years from the occurrence of a relevant event). In this context, the Provider processes your email and data about the performance of the Contract (its content, information about its fulfilment).

We cannot delete this data even at the request of the User because they are not processed by consent. However, based on your request, we will review whether personal data is no longer needed.

4.4. Sending commercial messages

We send commercial messages as described above and process personal data for these purposes until you unsubscribe in accordance with the procedure set out in paragraph 1.4 of this document.

4.5. Longer processing

Personal data may be processed for longer than the above if there is a relevant reason for further processing, typically an administrative or legal proceeding for which the personal data is relevant.

5. What are your rights?

In the first place, you have the right to ask us for access to your personal data, including a copy of all your personal data. You can do this by using the e-mail address provided at the head of this document.

Withdrawal of consent to processing: if we process your personal data on the basis of your consent, you may freely and free of charge withdraw your consent to processing at any time by using your User account, the contact e-mail mentioned above or otherwise as stated elsewhere in this document. In this case, we will no longer process your personal data processed on the basis of your consent.

For personal data that is not processed on the basis of consent, it is not possible to withdraw consent to processing. However, we will always assess, on the basis of your request, whether it is still necessary to process your personal data for any of the above purposes.

Your rights:

We will always keep you informed about:

  • the purpose of the processing of personal data,
  • the personal data or, where appropriate, the categories of personal data processed, including any available information on their source,
  • the nature of the automated processing, including profiling, and the information relating to the procedure followed, as well as the significance and foreseeable consequences of such processing for the data subject,
  • the recipients or categories of recipients of your personal data, and, in the case of a transfer of personal data to a third country, the appropriate safeguards applicable to the transfer to ensure the security of the personal data,
  • the time at which the personal data will be stored or, if it is not possible, the criteria used to determine that time,
  • any available information about the personal data source, unless it is obtained from you.

Your other rights are:

  • ask us for an explanation,
  • require us to eliminate the situation, in particular, it may be blocking, correcting, supplementing, limiting or deleting personal data (the right to be forgotten);
  • request personal data that concern you in a structured, commonly used, and machine-readable format, and pass on these data to another controller without an obstruction, in any way,
  • to ask a question, i.e. a complaint to the Office for the Protection of Personal Data of the Czech Republic, with registered office at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, posta@uoou.cz , www.uoou.cz
  • object to the processing of personal data that concern you.

6. How do we protect your personal data?

We take our commitment to protect personal data very responsibly. We use SSL Encryption for all communications with our servers, data is stored in reliable datacentres with state of the art security measures, data is only accessible through a secret password and our employees only have access to your data on a need-to-know basis.

Updated: 12 September 2022

Make a different comparison:

Compare cost of living between cities:
vs