Information on the processing of personal data for the purpose of issuing and distributing digital cards using the PassMachine platform

When using the PassMachine platform, MAFRA, a.s. as a so-called processor of personal data. MAFRA, a.s. for you, within the PassMachine platform, the personal data of your customers will be processed for the purpose of the functioning of the platform, i.e. generating digital cards, sending business messages to users within the platform and ensuring the security of the given platform, incl. adequate logging of performed actions. The agreement on the processing of personal data is part of the general terms and conditions for using the application. The processing carried out by the operators of the Apple and Android systems is the responsibility of these operators.

The following personal data are usually processed within the platform: user ID, device ID, user specifications, specified dates or validity of the card, as well as the name and surname of the holder. Logs of individual actions are also processed in the normal scope.

The PassMachine platform currently (the scope of functionality may change) allows you to reach the end holders of digital cards in the form of push notifications and based on location (GPS). In this context, no end-user location data is stored in the PassMachine system, everything is done at the level of mobile phone systems.

In the event that, when using the PassMachine platform, the personal data of your clients is transferred to the Portmonka application or other providers of similar applications, such persons are, as far as the processing of personal data within these applications is concerned, independent administrators of the personal data concerned.

MAFRA, a.s. pays great attention to the security of personal data. Usual protection systems are deployed, e.g. regular detection of vulnerabilities defined by OWASP TOP 10, security of communication using the TLS protocol, detection and prevention of IPS attacks, detection and prevention of attacks at the application/API level, protection against DDoS attacks. The data is stored in a commercial housing center in the Czech Republic.

MAFRA, a.s. appointed a personal data protection officer in accordance with the GDPR, who is JUDr. Dagmar Hartmanová, tel. +420 225 06 31 33, e-mail: dpo@mafra.cz.

Instructions on the processing of your personal data as our contractual partner can be found at www.mafra.cz/pouceni. Instructions on the processing of personal data within the MojePortmonka application (in case you refer to this application) are available here: https://mojeportmonka.cz/.

In Prague on 1.1.2023