- Chocolate experience s.r.o., ID no.: 06199682, registered office at Praha 1, Staré Město, Celetná 557/10, postal code 110 00, registered in the Commercial Register administered by the Municipal Court in Prague, Section C, Entry 278006 (hereinafter ‘Chocolate Experience’),
- Musée Grévin Prague s.r.o., ID no.: 29128285, registered office at Praha 1, Staré Město, Celetná 596/15, postal code 110 00, a company registered in the Commercial Register administered by the Municipal Court in Prague, Section C, Entry 202065 (hereinafter ‘Musée Grévin’)
- PEKAS – Handmade, s.r.o., ID no.: 27080021, registered office at Praha 1 – Staré Město, Celetná 557/10, PSČ 11000, a company registered in the Commercial Register administered by the Municipal Court in Prague, Section C, Entry 94743 (hereinafter ‘PEKAS’)
as joint controllers of personal data (hereinafter collectively as the ‘Controllers’) hereby inform how they process your personal data in connection with sending of commercial messages of the Controllers to persons who subscribe to commercial messages, either through the website wwww.chocotopia.cz (hereinafter the ‘Website’), or otherwise.
The Controllers have determined in an agreement concluded between them their respective responsibilities for compliance with the obligations in the area of personal data protection. Pursuant to this agreement, the Controller which is responsible in the area of exercising of your rights in connection with your personal data processing, and for providing information about your personal data processing, is the Chocolate Experience. However, in order to exercise your rights, you may contact any of the Controllers.
For any questions regarding privacy and the exercise of your rights, you can use the following contacts:
- contact person: Adam Foks
- e-mail: firstname.lastname@example.org
1. For What Purpose Do We Process Your Personal Data?
1.1. Sending Newsletters (Commercial Messages)
On the Website or in other dedicated channels, using a respective form, visitors can subscribe to the newsletter of the Controllers. Newsletter (commercial messages) may include offers of goods and services of all Controllers.
We will send our commercial messages to persons who have actively subscribed to the newsletter, provided us with their e-mail address and/or their name and surname voluntarily for this purpose, and at the same time, they expressed their consent to receive commercial messages, under the conditions set out in this document, by ticking the relevant checkbox.
We send commercial messages until you withdraw your consent to receive them (i.e. unsubscribe).
You can withdraw your consent (unsubscribe) at any time and for free, by using the contact e-mail above; the possibility to unsubscribe from the commercial messages (withdraw your consent) is always stated in every commercial message sent.
The above personal data are processed based on your consent. Without the above information, it is not possible to send you our newsletters.
1.2. Legitimate Interests
In justified cases, we process the aforementioned personal data to protect our legitimate interests, typically in order to be able to defend us against any claims you may have, or in legal proceedings or other proceedings before public authorities (typically in cases of proceedings before the Office for Personal Data Protection), where we have to be able to prove that we acted in accordance with the law when sending commercial messages. For this purpose, we process, in particular, information on the provision and possible withdrawal of your consent to receive commercial messages and the processing of your identification data, if you have provided us with it, as well as your e-mail contact to which the commercial messages were being sent or other information from communication with you.
2. From Whom Do We Receive Personal Data and Who Do We Transfer it to?
We only collect personal information from you. We do not collect any other information about you except the information you give us. You are required to provide only accurate information and if your personal information changes, you must update it.
We use the following processors to process personal data:
- Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT UTRECHT, The Netherlands (systém „Zoho“ pro správu zákazníků)
- Microsoft Corporation, One Microsoe Way, Redmond, WA 98052, U.S.A., hnps:// www.microsoo.com/en-us/trustcenter/privacy/gdpr/solu+ons, hnps://products.office.com/enus/business/office-365-trust-center-security. Může jít o předání do USA dle podmínek tzv. Privacy Shieldu.
- Google Ireland, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irsko
- Špaček Digital, s.r.o., se sídlem Jaurisova 515/4, Michle, 140 00 Praha 4; IČ: 05973180
- SenseZOOM s.r.o., se sídlem Jindřišská 939/20, Nové Město, 110 00 Praha 1; IČ: 06035469
- DWORKIN, spol. s r.o., se sídlem Praha 8 – Karlín, Rohanské nábřeží 657/7, PSČ 18600; IČ 62956400
Personal data may be provided to public authorities for the purpose of exercising their legal authority.
Personal data is not transferred outside of the EU.
3. How Do We Process Personal Data?
Your personal data is processed primarily in electronic form by automated means, especially in the systems of Controllers and individual processors as specified above.
We may also process your personal data manually in accordance with the relevant purpose, where manual processing is necessary or appropriate. Our employees or other persons working for us may act in the management of your data for the purpose of, among other things, removing errors, inaccuracies, etc. However, these persons may only process personal data under the conditions and to the extent stated above, and they are bound by an obligation to maintain confidentiality of data and security measures, disclosure of which would compromise the security of personal data.
We always process personal data in accordance with applicable legal regulations and provide them with due care and protection. We take care that you will never suffer harm to your rights, in particular the right to respect for human dignity, and protect you from unauthorized interference in your private and personal life.
For marketing purposes (targeting of advertisement – so that we can personalize the commercial messages we send to you), we may use your data on how you use the Website, your purchases with the Controllers, or the use of the services of each Controller, for your profiling. The profiling is carried out based on our legitimate interests (targeting of advertisement, preventing irrelevant or annoying commercial messages).
In relation to the profiling for marketing purposes, you have the right to object to profiling and data processing for direct marketing purposes by using the contact details above. If you do so, we will no longer process your personal data for these purposes.
We do not make any automated decision making.
4. How Long Do We Process Your Personal Data?
We process your personal data that you provide to us with your consent (i. e. for the purpose of sending commercial messages) for the duration of your consent to receive commercial messages and to process other data provided by you. After withdrawing your consent, we will not process your personal information for the purpose of sending commercial messages and will not send you any newsletter anymore.
However, for the purposes of protection of our legitimate interests (see section 1.2 above), we may retain your personal information after you have withdrawn your consent for the purpose of defending our claims and interests in possible legal or other proceedings. In particular, we will store personal information for the duration of the applicable limitation periods (which may last up to 15 years in the Czech Republic, from the moment of occurrence of an event relevant for the limitation period commencement) for the purpose of handling your complaints and/or the exercise of your rights against us, respectively to protect our rights while claiming our rights against you. In this context, we process data to the extent specified in section 1.2 of this document.
It is not possible to withdraw your consent to the processing of personal data that we do not process based on your consent. However, at your request, we will always assess whether it is still necessary to process your personal data.
5. What Rights Do You Have?
First of all, you have the right to request us to access your personal data, including a copy of all your personal data.
We will always inform you about:
- the purpose of processing personal data,
- personal data or categories of personal data subject to processing, including all available information about their source,
- the nature of the automated processing, including profiling and information relating to the process used, as well as the significance and anticipated consequences of such processing for the data subject,
- recipients, or categories of recipients,
- the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,
- any available information considering the source of personal data, unless it is obtained from you.
Your other rights include right to:
- ask us for an explanation,
- require us to remove the resulting situation, in particular, it may involve blocking, repairing, supplementing, limiting the processing or disposal of personal data (right to be forgotten),
- request personal data that relates to you in a structured, commonly used and machine-readable format and pass it on to another controller,
- submit a question, respectively file a complaint to the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7,
- object to the processing of personal data concerning you.
6. How Do We Protect Your Personal Data?
Your personal data is absolutely safe with us. To ensure this, we use the following security measures: antivirus protection, firewalls, encryption and authorization data, physical protection measures.