Personal data processing policy
I. Introductory Provisions
This policy regulates the rules for the collection and processing of personal data through the mobile application within the TOPCARD loyalty system.
The personal data administrator is:
TOPCARD s.r.o., company ID: 04753631, registered office Janáčkovo nábřeží 1153/13, 150 00 Prague 5
registered with the Czech Republic Companies House as part of the Municipal Court in Prague under C 253068
Contact: email address: firstname.lastname@example.org, telephone: +420 379 482 339 (hereinafter referred to as the „Administrator”).
The Administrator processes personal data in accordance with the Regulation of the European Parliament and the Council (EU) no 2016/679 of April 27, 2016, General Data Protection Regulation (hereinafter referred to as the „Regulation“).
Personal data are any information on an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (hereinafter referred to as „Personal Data“).
II. Personal Data, Purpose of Processing
The Administrator processes the following Personal Data:
- Identification data (name, surname, address, date of birth)
- Contact details (e-mail address, telephone number)
- Location data (GPS position)
- conclusion and performance of the contract when membership in the TOPCARD loyalty system is established,
- it is necessary for theulfillment of the Administrator's legal obligation within the accounting and tax agenda,
- it is necessary for the purposes of the legitimate interests of the Administrator, in particular for marketing purposes, improvement of the service quality, targeted marketing, sending commercial communications.
- providers of accounting and tax advisory services, providers of legal services,
- public administration authorities as required by the law,
- providers of delivery services (name, surname, address),
- may be disclosed incidentally to persons providing server, web, cloud or IT services to the Administrator or to business partners.
The Administrator processes Personal Data only for the purposes mentioned below and based on legislation as in Article 6 sub. 1 of the Regulation:
Personal data may be disclosed by the Administrator to the following third parties:
Personal data will not be disclosed to third parties outside the EU and EEA.
Personal data will be processed by the Administrator for the time necessary for execution of the rights and obligations arising from the contractual relationship and participation in the TOP CARD loyalty system, or for the time necessary to fulfill the Administrator's archiving obligations under applicable legislation, but no longer than 10 years after its termination.
III. Rights of the Data Subject
In accordance with the Regulation, the data subject has the following rights:
- RIGHT OF ACCESS to Personal Data at the Administrator, which means that you may at any time request the confirmation from the Administration whether Personal Data relating to you is or is not being processed and, if so, for what purposes, to what extent, to whom it is disclosed, how long it will be processed, whether you have the right of correction, deletion, processing restriction or objection, where the Personal Data were obtained from, and whether the processing of Personal Data results in automated decision-making, including eventual profiling. You also have the right to obtain a copy of your Personal Data, the first provision of which is free of charge, and the Administration may charge reasonable administrative costs for further provisions.
- RIGHT OF CORRECTION of Personal Data, which means that you may ask the Administrator to correct or complete your Personal Data if they are inaccurate or incomplete.
- RIGHT OF DELETION of Personal Data, which means that the Administrator must delete your Personal Data if (i) they are no longer necessary for the purposes for which it was collected or otherwise processed, (ii) you withdraw your consent and there is no further reason for the processing, (iii) you raise an objection to the processing and there are no prevailing legitimate grounds for the processing, (iv) the processing is unlawful, or (v) a legal obligation requires it.
- RIGHT TO RESTRICT PROCESSING of the Personal Data, which means that until the disputed issues regarding the processing of your Personal Data have been resolved, specifically if (i) you contest the accuracy of the Personal Data, (ii) the processing is unlawful but instead of deleting the Personal Data you only want to restrict the processing, (iii) the Company no longer needs the Personal Data for the purposes of the processing but you do, (iv) or if you object to the processing pursuant to Art. 1.6.6., the Administrator may only save the Personal Data and further processing is subject to your consent unless the data are needed to determine, execute or defend legal claims.
- RIGHT TO DATA PORTABILITY, which means that you have the right to receive your Personal Data that you provided to the Administrator with your consent to process them or for the purposes of performing a contract, in a structured, commonly used and machine-readable format and, where technically possible, you have the right to have the Company transfer that data to another Administrator.
- RIGHT TO OBJECT to the processing of Personal Data, which means that you may file a written or electronic objection to the processing of your Personal Data with the Administrator, which will cause the Administrator to no longer process the Personal Data unless the Administrator demonstrates significant legitimate grounds for processing that prevail your interests or rights and freedoms.
You may exercise all of your rights set out in the preceding paragraph with the Administrator either in writing by a registered letter sent to the address of the registered office or electronically at email@example.com.
You also have the right to file a complaint against the Personal Data processing with the Office for Personal Data Protection at Pplk. Sochora 27, 170 00 Prague 7 (website: www.uoou.cz)
There is no automated decision-making or profiling based on the Personal Data processed.
In case the Administrator uses the Personal Data for a purpose other than the one set out in this Information Clause, he will promptly provide the data subject with information about this other purpose and all other information set out above in this document.