Data Processing Terms
Last updated: July 14, 2025
Basic Information
Under the Terms of Service or under a separate Service agreement, we as Pointee Interactive s.r.o. (the "Pointee", "We" or "Us") provide a SaaS platform designated especially for automation development teams under which we provide analysis of automated processes (the "Services").
During provision of the Services, We may process personal data. By personal data We mean personal data of data subjects, which are in particular Your employees and other associates and other data subjects whose personal data have been transferred to Us for the purpose of providing the Services and fulfilling other obligations under the Terms (the "Personal Data"). This DPT regulates the conditions for the processing of personal data by Us as a processor of personal data within the meaning of Article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the "GDPR").
Capitalized words have the same meaning as stated in the Terms, unless stipulated otherwise in the DPT.
Please do not forget that our Services are not mainly focused on processing of Personal Data, so this DPT is applicable only in cases where You designate Us to do so.
What Is the Scope of This DPT?
Firstly, some basic information:
- We are the processor or sub-processor of Personal Data,
- You are the controller or processor of Personal Data,
- we both undertake to fulfil obligations under the applicable legislation applicable to the processing of Personal Data.
If You act as a processor, You guarantee Us that the competent controller has approved instructions and actions in connection with Personal Data, including the mandate of Us as another processor.
We will process Personal Data in accordance with applicable law and for the purpose of providing the Services, and as further stated in other written instructions given by You. Instructions should be made via e-mail or other means of communication, tool etc., that we chose or agree on.
For How Long We Process Personal Data?
The rule is simple: We will process Personal Data only for the duration of the provision of Services under Terms or Service agreement or until all Personal Data are deleted by Us according to this DPT. Please note down, that your account will be archived for 90 days, so during this period, We may still process Personal Data.
Why We Process Personal Data and How We Do That?
For the purposes of providing the Services, We may process Personal Data in electronic form through Our Platform, Website or through other means determined by You, while the subject-matter of the processing will be viewing Personal Data, storage of Personal Data, logging of Personal Data, analysis of Personal Data, providing support services and other activities necessary for providing the Services.
Types of Personal Data
The following Personal Data may be processed in accordance with this DPT:
- identification data;
- log data;
- information gathered from automated processes analysis;
- information provided by robotic processes;
- other data that will be made available in connection with the provision of the Service.
Categories of Data Subjects
Personal Data will cover the following categories of data subjects:
- Your employees;
- Your data subjects that are processed by robotic processes;
- other data subjects about which You have obtained Personal Data and which was transmitted to Us in connection with the provision of the Services.
Rights and Obligations
We declare and undertake to:
- if We become aware of a breach or impending breach of the security of Personal Data, accidental or unlawful destruction, loss, alteration or unauthorized provision or disclosure of the processed Personal Data, immediately, but no later than 48 (forty-eight) hours, inform You in writing and describe as best as possible the resulting or imminent security risk, informing You of appropriate measures to prevent or minimize the breach of the security of the Service and taking all necessary measures to minimize damage;
- Personal Data shall be secured in accordance with the security section of this DPT;
- Personal Data will be processed only in accordance with this DPT or on the basis of Your other written instructions;
- assist You in implementing and maintaining appropriate technical and organizational measures to secure Personal Data, reporting Personal Data breaches to the supervisory authority or data subject, assessing the data protection impact assessment and in previous consultations with the supervisory authority;
- ensure cooperation with You through appropriate technical and organizational measures, no later than 14 (fourteen) days after Your request has been made, in order to fulfil Your obligation to respond to requests for the exercise of the rights of the data subject;
- provide You, at request, without delay, but not later than 14 (fourteen) days after Your request has been made, with all the cooperation necessary to prove that the Personal Data are sufficiently organizationally and technically secured.
If We receive any request from the data subject in relation to Personal Data when processing Personal Data as a data processor, We shall inform the data subject to contact You directly with the request. You are responsible for handling such request. We undertake to provide You with all the cooperation necessary for the settlement of the rights of data subjects.
You agree that We will involve other processors for the processing of Personal Data and, if these other processors are involved, We ensure that they comply with the same data protection obligations as those set out in this DPT. You expressly agree that we will involve cloud service providers (e.g. Microsoft), service providers for monitoring and logging, our workers (e.g., working under cooperation agreement) and company that helps us with providing algorithms for analysis (located in Italy).
Should We involve other processors not listed in this DPT, We will inform You in advance and, if necessary, allow You to object to such involvement. If You do not object even within 14 (fourteen) days of the notification of the involvement of the additional processor, We shall involve the additional processor in the processing of the Personal Data. If You object, We shall evaluate the objection and, if We find it to be justified, We shall not involve the additional processor.
We shall enable You or a person authorized by You to check (including audit or inspection) compliance with this DPT, in particular the obligations for processing Personal Data arising therefrom, and shall contribute to such checks as reasonably instructed by You or the person checking.
You are obliged to send any request for an audit exclusively to the e-mail address support@pointee.com. Upon receipt of the audit request, we agree in advance on: (a) the possible date of the audit, security measures and how to ensure compliance with confidentiality obligations during the audit, and (b) the expected beginning, scope and duration of the audit. In the event that no agreement is reached within 30 days from the date of submission of the application, the terms of the audit shall be determined by Us.
We may object in writing against any auditor appointed by You, if the auditor is not sufficiently qualified in Our opinion, is not independent, is in a competitive position with Us or is otherwise obviously unsuitable. On the basis of the objection raised, You are obliged to appoint another auditor or to carry out the audit yourself.
You are responsible for fulfilling all obligations in relation to the processing of Personal Data, in particular for properly informing data subjects about the processing of Personal Data, obtaining consent to the processing of Personal Data, if necessary, processing requests of data subjects about the realization of their rights (such as the right to information, access, rectification, erasure, restriction of processing, object, etc.).
If you provide Us with Personal Data that are not necessary for the provision of Services, we will not process them for any purpose. However, due to the fact that we are not able to control this, you are responsible for any Personal Data that you send to Us.
How Do We Secure Personal Data?
We have taken the following measures and undertake to maintain them to ensure the security of the processing of Personal Data throughout the processing process.
Organisational Measures
- We and Our workers are regularly trained on the principles of data protection and cybersecurity;
- We and Our staff are also obliged to confidentiality in connection with the processing of Personal Data;
- We have a policy of working with Personal Data, where only selected workers are allowed to access Personal Data;
- We regularly review data access and remove access to workers who no longer work with Us.
Technical Measures
- HDD is encrypted on the work devices on which processing activities are carried out;
- using sufficiently strong passwords when working with Personal Data;
- use of two-factor authentication to log into systems where Personal Data are processed;
- only a secure connection is used to access the infrastructure;
- We regularly have penetration tests done by an external specialized company;
- We use the security mechanisms offered by MS Azure.
We will take such technical, personnel and other necessary measures to prevent unauthorized or accidental access to, alteration, destruction or loss of Personal Data, unauthorized transfers, other unauthorized processing or other misuse of Personal Data.
What Will Happen in the End?
Upon termination of the Terms, Service agreement or other contract, regardless of the manner and reason for its termination, We will, within 14 (fourteen) days, return all Personal Data to You and permanently destroy the Personal Data on all other devices and media outside the devices and media owned or used by You, except where storage of the Personal Data is required by the law of the Czech Republic or the European Union or except in cases where the Personal Data are processed by Us (for own data analysis).
Final Words
The limitation of liability as set out in the Terms will apply also on processing of Personal Data as set out in this DPT.
We reserve the right, at Our sole discretion, to modify or replace these DPT at any time. If a revision is substantial, We will try to provide at least a 30 day notice prior to any new terms taking effect. What constitutes a substantial change will be determined at Our sole discretion. You can always find the most recent version on the Website.
Failure to exercise any right under this DPT shall not be deemed a waiver of such rights or an established practice.