We are committed to transparent and secure data processing. As a company incorporated in the European Union we are committed to process any personal data about you in line with EU privacy standards and laws. In this privacy notice we provide you information about what personal data we process and for what purpose, what are your rights and where you can contact us in case you have any questions or concerns about your personal data processing. We only process personal data where we have your consent or where we are entitled to do so based on other legitimate reasons, in particular where (a) processing is necessary for the performance of the Service and to enable us to contract with you in connection with provision of the Service, (b) processing is necessary for compliance with a legal obligation to which we are subject; (c) processing is necessary for the purposes of the legitimate interests pursued by us as the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you as the data subject and which require protection of personal data, in particular where the data subject is a child.
We do not process any special categories of personal data, i.e. we do not process any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
If you are not at least 16 years old, please seek advice of your parents, or other adult person who is the holder of parental responsibility before you start using our App or any of the Services.
Definitions and Interpretations
Terms means set of rules, conditions and terms which are stated to define regulations of use of products and services made available by Provider.
Provider or “we” means company BudgetBakers s.r.o. (contact information provided in Contacts section at board.budgetbakers.com), incorporated under the laws of the Czech Republic, with its registered office at Radlická 180/50, Smíchov 150 00, Prague 5, Czech Republic, company ID: 02882957, registered in the company register kept by the Municipal Court in Prague folio C 224352.
The Provider is a Payment account information administrator in the meaning of section 41 of Act No. 370/2017 Coll., on Payments and it is authorized by the national competent authority – Czech National Bank (“CNB”), ID 48136450, with registered office Na příkopě 864/28, Praha 1 – Nové Město, Czech Republic (www.cnb.cz) to offer the payment account information service. CNB maintains a public registry of all entities authorized to provide payment services (including the payment account information service). The registry is accessible on-line via: https://apl.cnb.cz/apljerrsdad/JERRS.WEB09.DIRECT_FIND?p_lang=cz and the authorized entity can be searched by its ID or its name.
Service means set of features which allow users to track and analyze their financial situation. Full list of services provided by can be found at https://board.budgetbakers.com/ Services may be different for users of different platforms – Android, iOS and web and are divided into Free Features and Premium Features. Provider has the right to add or limit scope of services at any time. For further information visit our Terms of Services.
User means a person who uses Services, Applications, Websites or reads Content created or made available by Provider.
Board means an App which was created by the Provider to record the Users’ income and expenses as well as other financial or nonfinancial records or content by User’s choice. Board is available for devices running on Android and iOS systems and desktop internet platforms. The purpose of Board is to track the expenses and incomes of the User. Through Board you may grant the Provider a consent to require information about your payment account from a third party, which maintains your payment account. Usage of Board is defined in these Terms, which were issued by the Provider and accepted by the User.
App means a specialized program (application) utilized for mobile devices.
Website means a connected group of pages available at board.budgetbakers.com on the World Wide Web, regarded as a single entity with certain Content maintained by Provider.
Premium features mean additional set of services which are bringing certain value for certain Users and are accessible during trial period or via an in-app-purchase. This set of features is not definite as the Provider can add or remove Premium features.
Sharing means to grant specific Users access to online Content in Board or Website. This is done via Premium feature called Group sharing where User can invite and select Users by his or her choice to give them access and roles to view, manage or admin Content in Board.
Bank Connections means automated algorithm in the App which is created by Provider and Third party, which is used by User and with permission given to Board from User to access information from various types of bank accounts owned or maintained by User in order to read data from this bank account and display them in Board and only to the User, unless he authorized in the App that other persons see it via the Sharing functionality. Board is only displaying information from bank accounts, Board is not designed and therefore not able to change, modify or send any information in User’s bank account.
Content means something that is to be expressed in the Board, App, Website or other media, as speech, writing, film, clip, video or any of various arts. Content can be created by Provider or by User.
Personal information means in general any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Third party means an organization which Provider cooperates with to be able to provide certain parts of Service.
Cookies means a small amount of data, which often includes an anonymous unique identifier, that is sent to your browser from a website’s computers and stored on your computer’s hard drive.
Web beacons means images (single-pixel gifs) embedded in a web page or email for the purpose of measuring and analyzing site usage and activity.
Offer means any unspecified marketing activity which can be displayed to User.
Law means the laws of the Czech Republic or directly applicable Regulations of the European Union.
What information do we process about you and how is it collected?
We process identification personal data that you provide to us when you create an account and fill in forms during the registration process. To register into the App, you are required to create your username by providing us with your email which allow us to identify the registered User of our App. You need to also create a password which protects your data inside the app. After login, you can update your personal information and add name, surname, date of birth and sex. This information helps us to provide you with our Services, including customer support and system alert notifications. Providing the name, surname, date of birth and sex) is voluntary and you can use an alias as your name and surname.
When you choose to log into the App using your Google or Facebook account, we will receive some of your Google account information or Facebook account information in the extent corresponding to your Google/Facebook privacy settings. We are receiving from those services your email, name and surname.
Where you wish to obtain a Premium feature of our App, the payment service providers will collect information necessary in order to process the payment for our Services. We do not process information about your credit or debit card, as the payment is processed via App Store account for iOS users or Google Play account for Android users. We identify you in our system via your Apple ID or Google ID, which is a digital code. We do not obtain your identity information that you provided to Apple or Google.
When you use the App we collect details as how you use our App, in order to provide you with the Service those data are collected by analytical tools – Mixpanel, Fabric or Google Analytics.
When you use the App and you will grant us a permission for that, we can:
- Track your location. The geodata allow us to provide you with a better Service. Unless you agree otherwise, we process this information in order to provide you with certain functionalities in our App such as Smart Assistant or heatmaps, to better help you track your spending.
- Read Identity – helps us find accounts on the device and read your own contact card to allow us to offer easier Login services
- See Contacts – helps us find accounts on the device and read your contacts to provide you with better service with Debt and Sharing functionality
- Read and modify Photos/Media/Files to allow you to read content such as pictures of receipts or evidences of your spending
- Read, modify or delete your content in storage – allow us store your content on your device
- Use Camera – allow us to take picture of your receipts and add your own audiovisual content
- View Wi-Fi connection – which allows us to switch form offline to online mode to synchronize your content
Permissions are opt-in and you can always change your setting in your mobile device in Settings – Apps – Permissions section.
When you use Board app to track your finances, your transaction data are stored on our servers including income, expenses, categories, amounts, currency, labels, account type, date, time and other details provided by the user.
We do not share your personal data with any third party, unless a user decides to use Services such as Bank connection, where personal data should be used to be able to provide selected service. Apart from that, users’ Personal Information may be visible to our technicians and IT staff when they are troubleshooting and analyzing data import errors and other technical errors that may occur during use of the Services.
What we use your personal data for
Your data may be used for providing services you request in relation to your usage of Board. Sending communications or contacting you with relevant information regarding our services or with Offers. We use your data for statistical and marketing analysis, system testing, maintenance and development or in order to deal with your request or claim through our customer service channel. Based on your data, we use your data to provide information we believe is of interest of you such as advices on financial behavior or special offers from our partners.
Recipients of your personal data
Disclosure of information to government agencies and other organizations
We may be required by law to grant access to personal data about you that we process for the purpose of investigating criminal activities and violations of the law, to judicial or other government agencies in particular law enforcement authorities subject to warrants, subpoenas or other governmental orders.
Bank Connection Users specific information
We do not share these aggregate data with any third party, unless it is anonymized or pseudonymized (e.g. by using only your Apple ID code or Google ID code, which does not allow third parties to identifying you).
From time to time we may send a push notification or in-app message directly to your app, or an email to your e-mail address, that you provided us, commercial communication as provided for in Article 7 of the Directive 2000/31/EC of the European Parliament and of the Council on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce) about our services or services of our 3rd party partners. You may opt-out from receiving such communication by removing your consent inside Board app – Settings – Personal data & privacy section or by unsubscribing from this service following instructions at the end of each of such email communication.
If you subscribe to our newsletter service, you authorize us to send you commercial communication to your e-mail, that you provided us or push notification or in-app message directly to your app, with third parties’ Offer of goods and services tailor made to your interests until you unsubscribe from such service by removing your consent inside Board app – Settings – Personal data & privacy section or by unsubscribing from this service following instructions at the end of each of such email communication.
We will maintain the personal information as long as you actively use your account in the App. We will inactivate any account and delete any and all information entered by you into our system, if you have not logged into the App for longer than 24 months. We are not responsible for any loss of information you may experience as a result of this. We will also delete any data you provided us while using the App if you request us to do so (for details see below Right to erasure). For technological reasons your account will be deleted from our servers within 1 month following your request. In the case of the company termination or discontinuation of service, your data will be permanently deleted.
If you granted us your consent to process your personal data, you can withdraw your consent any time without affecting the lawfulness of processing based on consent before its withdrawal by removing your consent inside Board app – Settings – Personal data & privacy sectionor by unsubscribing from this service following instructions at the end of each of such email communication.
What are cookies? A cookie is a small data file, which installs itself automatically on your device (PC or mobile device).
What are cookies used for? Cookies help identify application users and web site re-occurring visitors, they remember users’ custom preferences, help user complete tasks without having to re‑enter information when browsing from one page to another or when visiting the site later. Cookies can also be used to track user preferences when web browsing for online behavioral target advertising and to show adverts relevant to something that the user searched for in the past.
session cookie which is erased when you close the browser, it exists only in temporary memory of your device while you navigate the website;
persistent cookie which remains on the user’s computer/device for a pre-defined period of time, these remain in operation, even when you have closed the browser, they remember your login details and password so you don’t have to type them in every time you use the site; and
third-party cookies these are installed by third parties with the aim of collecting certain information to carry out various research into behavior, demographics etc.
Persistent cookies and third-party cookies are deleted automatically if you are in-active and do not visit our web-site or use our application for more than 6 months. Also you can delete these cookies if you change your preferences.
Web beacons are images (single-pixel gifs) embedded in a web page or email for the purpose of measuring and analyzing site usage and activity. Web beacons or similar technologies help us better manage content on our Services by informing us what content is effective, count users of the Services, monitor how users navigate the Services, count how many e-mails that we send were actually opened or count how many particular articles or links were actually viewed. We do not tie the information gathered by web beacons to our users’ Personal Information.
You can learn more about cookies at www.allaboutcookies.org, which includes additional useful information on cookies and how to block cookies using different types of browsers. Please note, however, that blocking or deleting cookies used on the Website or the application may affect the availability and functionality of the Website and provision of service to you via our application.
We follow strict security procedures in the storage and disclosure of your personal data. To comply with highest technical standards and to certify our internal procedures we are certified to ISO 27001 standard and our systems are regularly tested according to full OWASP methodology.
We may disclosure your information to trusted 3rd parties for the purposes of providing you with some services. We require all 3rd parties to have appropriate technical standards in place to protect your personal data.
Where we store your data?
We may process your personal data on third party servers, with whom we concluded data processing agreement according to the standards of the EU laws, securing your data privacy and safety. We do not process personal data of EU Users, outside the EU, i.e. we do not transfer personal data for the purposes of their data processing outside the EU. You may obtain the information about which data processors we use and where we store personal data by contacting our customer support at firstname.lastname@example.org
Provider uses Microsoft Azure servers and Linode datacentre. These data processors, which we use for storing your personal data have implemented the following data securing measures:
Biometric scanning for controlled data center access, Security camera monitoring at all data center locations, 24×7 onsite staff provides additional protection against unauthorized entry, Unmarked facilities to help maintain low profile, Physical security audited by an independent firm,
We employ 2 different database systems. One for user profile storage, the second for individual user data. Both databases are accessed through the secure SSL protocol.
All private data exchanged with Provider is always transmitted over SSL. We are not transferring your data outside EU.
Credit card safety
When you sign up for any Premium Features, we do not store any of your card information on our servers. Payment is handled entirely by Google or Apple company.
You can contact Provider at the email address: email@example.com or via contact form on the Website http://board.budgetbakers.com you request any information regarding personal data protection or if you would like to claim any of your rights, please contact our Data Protection Officer at DPO@budgetbakers.com Our DPO will respond to your queries within 24 hours during normal business day.
Rights of Data Subjects, Complaints
Right of access to your data
You have right to request that we provide you with a confirmation as to whether or not we process your personal data and, where that is the case, grant you access to the personal data and the following information: (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) where the personal data are not collected from you, any available information as to their source; (h) the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you. If your data were transferred to a third country or to an international organization outside the European Union, you have the right to be informed of the appropriate safeguards relating to the transfer. If you request so, we shall provide you with a copy of your personal data we are processing. For any further copies requested by you, we may charge a reasonable fee based on administrative costs. If you made the request by electronic means, and unless otherwise requested by you, the information shall be provided to you in a commonly used electronic form. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
Right to rectification
You have right to obtain from us without undue delay rectification of any inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
You have right to request that we erase your personal data without undue delay, if (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) we process your personal data on the basis of your consent and you withdraw your consent, and where there is no other legal ground for the processing; (c) you rise your objection on individual automated decision-making and there are no overriding legitimate grounds for the processing, or you objected to processing of your personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing; (d) the personal data have been unlawfully processed; (e) the personal data have to be erased for compliance with a legal obligation in European Union or law to which we are subject; (f) the personal data have been collected in relation to the offer of information society services referred to a child younger than 16 years. This does not apply to the extent that processing is necessary: (a) for compliance with a legal obligation which requires processing by European Union or law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or (b) for the establishment, exercise or defense of legal claims.
Data Deletion Policy
You have the right to request that your Personal Information be deleted from our primary production servers. You own your data. Anytime you want your data removed from our system, you can request us to delete your account from our production servers. As a result, your data will be excised permanently from our production servers and further access to your account will be impossible. Additionally, any connection we had established to your Account Information will be disconnected. However, for purposes of ensuring continued ability to serve you in case of malfunction or damage to our production servers, we retain backups of portions of your data derived from your Account Information on our production servers. Your aggregated data is stored in these servers indefinitely. We reserve the right to use any aggregated or anonymous data derived from or incorporating your Personal Information.
You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of account registration. If your Personal Information changes, or if you no longer want to use our Services, you may correct or delete inaccuracies, or amend information by making the change at any time via the Service. However, in some instances we cannot delete all information we hold about you.
Right to restriction of processing
You have right to request that we restrict processing where one of the following applies: (a) the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data; (b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; (c) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; (d) you objected to processing for the purpose of individual automated decision-making and there is pending the verification whether the legitimate grounds of us as the data controller override those of you as the data subject. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State. You have right to be informed by us before the restriction of processing is lifted.
Right to data portability
You have right to receive the personal data concerning you, which you provided to us, while registering into our system or while using our application, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another service provider without hindrance, where: (a) the processing is based on your consent pursuant or on a contract; and (b) the processing is carried out by automated means. We will provide you these data in .csv, .xls or .pdf format by e-mail, which we use when using our system. You can request that we transmit the data directly to the other service provider, where it is technically feasible. Your exercise of the data portability right does not mean that you cancel using our services or that you withdraw your consent that we further process your personal data. This shall not affect the services we have been providing you prior to such request. We may reject your request for data portability if it shall adversely affect the rights and freedoms of others.
Right to object and automated individual decision-making
We carry our profiling only for direct marketing purposes. We do not analyze any personal data provided by you or which we collected about you while using our „Board“ application for any automated decision-making process nor we provide such tools or information to any third party. In case we process your personal data for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes. We as the data controller shall no longer process your personal data for this purpose unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You can change your consent by removing your consent inside Board app – Settings – Personal data & privacy section.
Automated individual decision-making, including profiling
You, as the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affecting you, unless you granted us your explicit consent.
In case you are concerned about your data processing, and you have not obtained satisfactory information from us, you can file a complaint to the data protection office at www.uoou.cz This is without prejudice to your other rights, to file petitions to the court and seek civil law remedies.
If you find or believe that your personal data is being processed in violation of your privacy or law, especially if personal data are inaccurate with regard to the purpose of processing, you may ask at firstname.lastname@example.org for explanation and demand that the resulting condition be removed. In particular, it may be blocking, repairing, supplementing or disposing of personal data. We will grant the request if we find that the objection is justified. If as a result of the processing of personal data you had suffered other than property damage, you would be entitled to remedies according to the Czech Civil Code. If, in the processing of personal data, there occurred any breaches of the obligations imposed by law on the controller or the data processor, these are jointly and severally liable for them. By law, in the case of a request for blocking, correcting, supplementing or disposing of personal data, we will inform other recipients, if there were any, and if it is possible and it would not require disproportionate efforts.
effective as of May 24, 2018. The relationship between us in respect of your
data protection is regulated by the laws of the Czech Republic and directly
applicable Regulations of the European Union. Our processing of your personal
data is regulated by the Czech Data Protection Act no.101/2000 Coll., as
amended and as of 25 May 2018 our data processing will be directly
regulated by the GDPR. We may need to change the information contained in this
Policy for the latest version. We will notify you
about significant changes in the way we treat personal information by sending a
notice to the primary email address specified in your Board primary account
holder account or by placing a prominent notice on our site.
 Profiling means automated processing of personal data for the purpose of evaluation of certain personal aspects relating to a natural person, in particular to analyse or predict certain the persons´ behaviour such as purchase preferences, economic situation, health, interests, location or movement.