PhotoRobot GDPR Privacy Notice (Article 13)

Choose category
PhotoRobot Terms of Service
PhotoRobot License Agreement
PhotoRobot Privacy Documents - Overview
PhotoRobot Privacy Policy
PhotoRobot GDPR Privacy Notice (Article 13)
PhotoRobot Data Processing Agreement (DPA)
PhotoRobot Acceptable Use Policy (AUP)
PhotoRobot Service Level Agreements (SLA)
Service Level Agreement (SLA) for PhotoRobot Software
Service Level Agreement (SLA) for PhotoRobot Hardware
PhotoRobot Customer Support Terms
PhotoRobot Cookie Policy
PhotoRobot Marketing Consent Policy
PhotoRobot Sub-Processor List
PhotoRobot Legal Definitions & Glossary

PhotoRobot GDPR Privacy Notice (Article 13)

This document details the PhotoRobot GDPR Privacy Notice (Article 13): 

Version 1.0 — P​​hotoRobot Edition,uni-Robot Ltd., Czech Republic.

1. Controller Identification

The controller of personal data is:

uni-Robot Ltd.
Vodičkova 710/31
110 00 Prague 1
Czech Republic
Company ID: 01478061
VAT ID: CZ01478061
Email: legal@photorobot.com
Email: info@photorobot.com

(Hereinafter: “Controller” or “PhotoRobot”)

2. Categories of Personal Data We Process

We process the following categories of personal data:

2.1. Identification and contact details

  • Name, surname
  • Company name
  • Email address
  • Telephone number
  • Billing details and VAT information (if applicable)

2.2. Login and account information

  • Account credentials
  • Password (hashed only)
  • Account settings

2.3. Technical data

  • IP address
  • Device identifiers
  • Browser and OS information
  • Access time and usage logs

2.4. Operational data within the Service

  • Project metadata
  • Uploaded images and content
  • Processing logs and history
  • CL ↔ Cloud synchronization metadata
  • Robot/firmware diagnostic logs when enabled

3. Purposes of Processing

Personal data is processed for the following purposes:

  1. Account creation and management
  2. Provision of PhotoRobot Cloud and Cloud 2.0 services
  3. Provision of CL license activation and update distribution
  4. Operation of PhotoRobot Robots and firmware updates
  5. Billing, invoicing and payment processing
  6. Service improvement, diagnostics and security monitoring
  7. Customer support and ticket resolution
  8. Fulfilling legal obligations (accounting, taxation, archiving)
  9. Protecting legitimate interests (fraud prevention, service security)
  10. Sending marketing communications (only with consent)

4. Legal Basis for Processing

We process personal data based on:

4.1. Performance of a contract (Art. 6(1)(b) GDPR)

For:

  • account creation
  • operation of the Service
  • CL license and firmware management
  • customer support

4.2. Legal obligations (Art. 6(1)(c) GDPR)

For:

  • accounting
  • invoicing and taxation
  • compliance with legal requirements

4.3. Legitimate interests (Art. 6(1)(f) GDPR)

For:

  • security and monitoring
  • troubleshooting and diagnostics
  • improvement of Service
  • prevention of misuse

4.4. Consent (Art. 6(1)(a) GDPR)

Only when explicitly required, e.g.:

  • marketing communications
  • non-essential cookies

Consent may be withdrawn at any time.

5. Recipients of Personal Data

Personal data may be shared with:

5.1. Sub-processors

To provide hosting, communication and analytics services:

  • Google Cloud Platform
  • email delivery providers
  • analytics tools
  • customer support systems
  • other IT vendors strictly required to operate the Service

A complete list is maintained in the Sub-Processor List.

5.2. Professional services

  • accounting firms
  • legal advisors
  • auditors

5.3. Public authorities

Only when required by law.

6. International Transfers

If personal data is transferred outside the European Economic Area (EEA):

  • transfers are protected by Standard Contractual Clauses (SCC 2021)
  • additional technical and organizational measures are applied
  • access is strictly limited and controlled

Servers are primarily hosted on Google Cloud Platform, which complies with:

  • ISO 27001
  • ISO 27017
  • ISO 27018
  • SOC 1/2/3
  • EU GDPR data protection requirements

7. Data Retention Periods

7.1. Account data

Stored for the duration of the contract, and 5 years afterwards (legal requirements).

7.2. Customer Data in Cloud

Stored for the duration of the contract and deleted 30 days after cancellation, unless legal retention applies.

7.3. Technical logs

Stored for 30–180 days, depending on purpose.

7.4. Invoicing and accounting

Retained for 10 years (EU/CZ law).

8. Your Rights as Data Subject

You have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent
  • Right to lodge a complaint with the supervisory authority

Supervisory authority in the Czech Republic:

ÚOOÚ – Úřad pro ochranu osobních údajů
https://www.uoou.cz

9. Mandatory or Voluntary Nature of Data

Providing personal data may be:

  • Mandatory for contractual purposes (e.g., account creation)
  • Mandatory for legal obligations (billing)
  • Voluntary for marketing or non-essential cookies

If the required data is not provided, we may not be able to offer the Service.

10. Automated Decision-Making

We do not use personal data for automated decision-making or profiling that produces legal effects.

11. Contact Information

For questions or to exercise your rights:

Email: legal@photorobot.com
Email: info@photorobot.com

Or by mail to the Controller’s address.