Normativa de privacidad

Esta Política de Privacidad , en adelante denominada "Política", complementa los Términos y Condiciones Generales de Weblate , en adelante denominados "Términos".

Disposiciones introductorias

La presente Política ha sido emitida por Weblate s.r.o., NIF: 21668027, con domicilio social en Nábřežní 694, Cvikov II, 471 54 Cvikov, inscrita en el Registro Mercantil llevado por el Tribunal Regional de Ústí nad Labem, expediente C 52324, es decir, el "Proveedor".

La presente Política describe la forma en que el Proveedor trata los datos personales de los Usuarios en calidad de interesados - particulares al acceder y posteriormente utilizar los Servicios, Productos, Servicios de Soporte, así como al utilizar el Sitio Web y otros posibles servicios y actividades relacionadas.

Esta Política también utiliza ciertos términos o definiciones que se han definido en el Artículo 1 de las Condiciones y que tienen el mismo significado que se establece en las Condiciones.

En el tratamiento de datos personales, el Proveedor cumple con el Reglamento (UE) 2016/679 del Parlamento Europeo y del Consejo, el Reglamento General de Protección de Datos, también conocido como GDPR (en lo sucesivo utilizaremos la abreviatura "GDPR"), Ley No. 110/2019 Coll., sobre el tratamiento de datos personales, así como la Directiva 2002/58/CE del Parlamento Europeo y del Consejo, de 12 de julio de 2002, relativa al tratamiento de datos personales y a la protección de la intimidad en el sector de las comunicaciones electrónicas (abreviado como "Directiva ePrivacy").

El tratamiento real de los datos personales de los Usuarios se realiza siempre solo para los fines y en las condiciones definidas con más detalle en esta Política y comienza en el momento en que el Usuario visita el Sitio, cuando el Usuario se registra para recibir el boletín del Proveedor y/o cuando el Proveedor y el Usuario celebran el Contrato, lo que ocurra primero.

El tratamiento se realiza directamente por el proveedor y/o por terceros en el sentido del artículo 3 de esta política que han sido autorizados por el proveedor para procesar datos personales de acuerdo con esta política.

A menos que se indique expresamente lo contrario en esta Política, el Proveedor actúa como responsable del tratamiento de datos y los Usuarios que son personas físicas actúan como sujetos de datos, tal y como se definen estos roles en el RGPD.

Alcance, fines y duración del tratamiento

El Proveedor procesa los datos personales del usuario para las siguientes finalidades:

1. Cumplir el contrato de conformidad con el artículo 6(1)(b) del RGPD,
2. negociar el contrato de acuerdo con el artículo 6(1)(b) del RGPD,
3. cumplir con las obligaciones legales del Proveedor en virtud del artículo 6 (1) (c) del RGPD,
4. los intereses legítimos del Proveedor según el artículo 6 (1) (f) del RGPD, y en casos seleccionados también
5. consentimiento otorgado por el Usuario en virtud del artículo 6(1)(a) del RGPD.

El alcance de los datos personales del usuario tratados por el proveedor incluye lo siguiente:

1. nombre y apellidos,
2. Dirección del usuario (entrega y facturación),
3. Identificación de la empresa y número fiscal,
4. nickname(s) (including any voluntarily linked platforms such as Liberapay, GitHub, X, and others),
5. Avatar del usuario,
6. Dirección(es) de correo(s) electrónico(s)
7. identificadores para Bitbucket, Facebook, Google, LinkedIn, GitHub, GitLab, openSUSE y Ubuntu en caso de que las cuentas con estos proveedores estén vinculadas a la cuenta del usuario,
8. especificaciones del Servicio y del Producto utilizado por el Usuario,
9. información sobre el número de miembros del equipo del usuario y sus funciones,
10. todos los demás ajustes de usuario de la cuenta de usuario (incluido el Perfil), es decir, los ajustes para idiomas, notificaciones, si pueden identificar al usuario directa o indirectamente,
11. número de cuenta bancaria y posiblemente otros detalles de pago del Usuario,
12. dirección o direcciones de la cartera de criptomoneda
13. otros datos personales contenidos en mensajes enviados por el Usuario al Proveedor (especialmente el tema y otros contenidos del mensaje),
14. otros datos personales contenidos en las comunicaciones con el soporte del proveedor,
15. system data, logs, and session logs including the User's IP address,

where the individual categories of personal data listed above will continue to be collectively referred to as "Personal Data".

In certain cases, the Provider may also be a processor of personal data, namely when personal data of third parties is provided to it by the User for their own purposes (e.g., in the case of adding individual team members, donating a project to the Provider on behalf of another person, etc.). The processing of selected Personal Data of third parties made accessible by the User occurs in this case at the User's direction, under the conditions and based on a separate data processing agreement (so-called processing agreement) concluded between the Provider and the User.

The Provider processes Personal Data until all obligations arising from the Contract are fulfilled. At the moment of account closure by the Provider and/or account cancellation by the User, all Personal Data and other data entered into the Service will be deleted, except for selected Personal Data mentioned below; the Provider therefore strongly recommends backing up all data entered into the Service before cancelling the User account and is not responsible for their loss after the User account is closed, even if it is rightfully closed by the Provider. Personal Data indicated on invoices is retained by the Provider for at least the statutory retention periods arising from the law, i.e., for a period of 10 years. In cases where it is necessary for the defence of the Provider's claims and/or for defence against claims from third parties (including any proceedings initiated by public authorities), the Provider may also retain some other Personal Data, but always for a maximum period equal to the limitation period for individual claims and/or until the final conclusion of selected proceedings. The specific duration cannot be precisely defined and varies according to the type of claim, their limitation periods, and the pace of selected courts or public authorities. Data that the Provider processes only as a processor of the User's data is processed for the period specified by the User's instructions unless the Provider has another legal basis for processing personal data as a controller under Article 2.1 of this Policy.

The Provider may also process selected Personal Data of the User, particularly email, first name, last name, and any other personal data (if provided for these purposes) based on the voluntary and informed consent of the User. Processing occurs for a period of 2 years and/or until the consent is revoked. The use of the Service or Product (including Support Services) is never conditioned on the provision of consent. Consent is, however, typically required for sending newsletters to data subjects who are not yet Users, or for providing selected bonuses or bonus materials not linked to other services of the Provider and/or for the disclosure of the User's Personal Data in connection with a donation made to the Provider. Revocation can be made at any time directly in the User account interface and, in the case of consent granted otherwise, by sending a request to privacy@weblate.org.

Once the reason for processing Personal Data has passed, the Provider will destroy the Personal Data. This does not exclude the further processing of selected Personal Data based on a different legal reason if this legal reason in favour of the Provider continues to exist.

Destinatarios y Encargados del Tratamiento de Datos Personales

In addition to the Provider, selected third parties also receive and process personal data based on this Policy, whose involvement is necessary for the proper processing of Personal Data for the purposes defined in Article 2.1 of this Policy, specifically:

1. hosting provider (including web hosting and mail hosting services), currently this is Hetzner Online GmbH;
2. operators of the payment gateway ThePay.cz, s.r.o. and possibly operators of other services used in connection with the payment of any payments related to billing;
3. accounting, legal, and tax advisors of the Provider and possibly other persons bound by confidentiality under the law;
4. C-level and other managerial employees employed by or otherwise collaborating with the Provider;
5. selected contractors of the Provider who are involved in providing services to Users and who are also bound by confidentiality;
6. any other persons whose involvement is necessary for the proper provision of the Service, Products, Support Services, and/or to ensure any other activities related to the above;

the persons mentioned in this Article 3.1 are collectively referred to in this Policy as "Processors".

The User agrees that the Provider may transfer personal data to the aforementioned Processors if this is necessary to fulfil the above purposes of data processing. The Processors that the Provider engages for processing personal data must meet high standards of protection and will always handle the data within the limits of the GDPR and this Policy.

The Personal Data might be disclosed to third parties in limited circumstances when the Controller has a good faith belief it is required by law, such as under a subpoena or other judicial or administrative order. In case the Controller is required by law to disclose the Personal Data, an attempt will be made to provide the User with prior notice by e-mail (unless the Controller is prohibited, or it would be futile) that a request for the Personal Data has been made to allow the User to object to the disclosure.

The processing of Personal Data by selected Processors may be governed by their own service provision conditions.

Personal Data may also be transferred if the Provider is obliged to do so by law, as a result of a decision by a public authority, or in other cases where the transfer must occur in compliance with the obligations of the Provider arising from generally binding regulations.

Common Provisions on Processing

The Provider will always make every effort to prevent unauthorized processing of personal data by other persons; however, it is not liable to the User or other data subjects for any damages caused by unauthorized processing of personal data by any third party, even if those third parties are Processors.

Emails sent to Users in connection with the provision of the Service, Product, and/or Support Services are not considered unsolicited commercial communications under Act No. 40/1995 Coll. on Advertising and Act No. 480/2004 Coll. on Certain Information Society Services, if they directly relate to these Services, Products, and/or Support Services.

The User may, however, explicitly and voluntarily consent, within the meaning of Section 7(2) of Act No. 480/2004 Coll. on Certain Information Society Services and amending certain acts, to receive broader commercial communications (e.g., in the case of indirect marketing) from the Provider at the User's electronic address. This consent can, of course, be revoked at any time by clicking on the link found in the footer of such commercial communication.

In the event that the Provider and/or Processors learn of a security risk related to Personal Data that affects the User, they will notify the User of this fact without undue delay.

The Provider will provide the User with assistance and legal help in seeking compensation from responsible Processors in the event of a data breach or other incident leading to loss. However, the Provider is not responsible for the improper actions of the Processors.

The User hereby confirms that the provided Personal Data is true, accurate, and relates solely to the User, or that they have provided data the use of which does not violate the rights of third parties. The User is obliged to always inform the Provider of any changes to their Personal Data so that only current and complete data is processed. The same obligations apply to the User in the case where they provide the Provider with Personal Data of data subjects other than this User.

Personal Data will be processed electronically, including the use of automated processing methods. However, the User or other data subjects will never be subject to individual automated decision-making (including profiling) within the meaning of Article 22 of the GDPR.

Anonymized personal data (which are no longer considered personal data under the GDPR) may be processed even after all legal grounds for processing the User's Personal Data have ceased.

Derechos del usuario en relación con los datos personales

The User can exercise their rights arising from the GDPR at any time by sending an email to privacy@weblate.org, as well as through their User Account, since the implementation of most of the rights listed below (especially access to all processed Personal Data, their correction, restriction, or deletion) can be automated through this user account.

The Provider will make every effort to address requests regarding the User's personal data as soon as possible, but no later than within 30 days, unless due to the complexity of the matter it is necessary for the Provider to extend this period. The User's rights include:

1. an explanation of whether and what personal data is being processed and, if applicable, requesting the Provider to disclose it;
2. correction of personal data if there is concern that some of it is inaccurate or missing;
3. restriction of processing if there is concern that the Provider is processing more data than necessary;
4. deletion of personal data based on the consent of the Provider, provided that there is no other legal reason for further processing of personal data;
5. issuance of a copy of the personal data processed by automated means based on the consent of the Provider or in connection with fulfilling the Provider's contractual obligations, in a machine-readable format;
6. temporary freezing of data processing operations for the purposes of the legitimate interest of the Provider;
7. filing a complaint directly with the Office for Personal Data Protection (https://uoou.gov.cz/) or another relevant national data protection authority if the User believes that the Provider is processing personal data in violation of this Policy or legal regulations.

Final Provisions

The Provider is entitled to unilaterally change the Policy. The new wording of the Policy becomes effective upon publication on the Website. The User, who has a contractual relationship with the Provider governed by this Policy at the time of the change, will receive a notification of the change in the Policy displayed within the Service, or upon the next first login to their User Account.

All legal relationships between the Provider and the User arising from this Policy are governed by the valid laws of the Czech Republic. Any disputes arising between the Provider and the User from or in connection with this Policy will be resolved before the competent civil court in the Czech Republic.

If the relationship established by the Contract contains an international (foreign) element, the choice of law according to the previous sentence does not deprive the User – Consumer of the protection provided by provisions of the legal order that cannot be contractually deviated from and which would otherwise apply in the absence of a choice of law in accordance with the provisions of Article 6(1) of the Regulation of the European Parliament and Council (EC) No. 593/2008 of June 17, 2008, on the law applicable to contractual obligations (Rome I).

If any provision of the Policy is invalid or ineffective, or becomes so, the provision with meaning most closely approximates the invalid provision will replace the invalid provisions. The invalidity or ineffectiveness of one provision does not affect the validity of the other provisions of this Policy.

This Policy become effective upon their publication on the Website.

In Prague on November 1, 2024.