Protection of Personal Data on Heureka Portal

Heureka Shopping s.r.o., company ID number: 023 87 727 (hereinafter “we“), pays great attention to personal data protection. In this document you will find information about what personal data we process, in particular about our customers, users of our website, customers of our partner e-shops as a part of the Verified by Customers program and retailers, based on which legal grounds we process personal data, for what purposes we use them, who we can hand them over to and what rights you have in connection with the processing of your personal data.

1. What personal data do we process?

When you use our services we collect various types of data, such as your user name and password, your contact details, ratings of e-shops and other content that you input on our portal. When you are using our portal we also monitor what products you are browsing and from what device, which of our offers sent to your e-mail address have attracted your interest and we derive additional data about you from this, so that we can improve our website in the future. If you buy products from us or open an account, we also work with your first name and surname, your orders and the data that you set up in your account.

We process the following personal data:

a) Identification data, which is understood to mean, in particular, your first name and surname, date of birth and sex (if you set it in your account), user name, password and its hash;

b) Contact details, which is understood to mean your personal data that enable us to contact you, in particular your e-mail address, telephone number, delivery address and invoicing address and your contact details on social networks;
c) Your settings, which are understood to mean data in your account, in particular stored addresses and profiles, newsletter settings, shopping lists and favorite products, monitored products (price monitoring);
d) Input content, which is understood to mean your ratings of e-shops, reviews of goods, contributions in the advice forum, completed questionnaires about satisfaction with purchases or other content that you input in order to use the functionalities of our website;
e) Data about your orders, which is understood to mean, in particular, data about goods and services that you ordered, the method of delivery and payment, including the number of your payment account, data about advertisements;
f) Data about your behavior on the website, including cases where you browse it using our mobile application, in particular the goods and services you display, the links you click on, the way you move around our website and movement of the screen, data about the device from which you are browsing our website, your IP address and the position derived from it, identification of your device, its technical parameters, such as the operating system, its version, screen resolution, the browser used and its version, as well as data obtained from cookies and similar technologies for device identification;
g) Data about your behavior when reading the messages we send you, in particular the times messages are opened and also data about the device on which you read messages, such as the IP address and the position derived from it, identification of your device, its technical parameters, such as the operating system, its version, screen resolution, browser used and its version, as well as data obtained from cookies and similar technologies;
h) Derived data, which is understood to mean personal data derived from your settings, data about goods and services that you buy from us, data about your behavior on the website and data about your behavior when reading messages that we send you; in particular this concerns data about your sex, age, financial situation, purchasing behavior and relationship to goods and services;

i) Data related to the use of the customer center, which are, in particular, records of telephone calls with the call center, identification and the content of messages that you send us, including identifiers such as the IP addresses.

2. Why do we process personal data and what entitles us to do this?

We process your personal data in various situations and for various purposes. If you use our website, on which we use cookies, we use your data, in particular, for the publication of input contributions, the monitoring of traffic and improvement of our services. If you register with us, we use your data to maintain your account and provide related functions. With the help of your contact details and other data we also display and send you our offers. In the Verified by Customers program we then use your data to ensure your satisfaction with the various e-shops and verify the authenticity of individual reviews. We also use your data if you order Goods using our Basket and when dealing with any complaints, if we are ordered to process them by a legal regulation and also for the protection of our legal claims. Either the preparation or performance of a contract with you, compliance with legal duties, our legitimate interests or your consent entitles us to process personal data.

As a part of our activities we process personal data for various purposes and to various extents, either:

a) Without your consent based on the performance of a contract, our legitimate interest or the reason of performance of a legal duty; or

b) Based on your consent.

What processing we can perform without your consent depends on the purpose for the relevant processing and the position in which you are in – whether you are only a visitor to our website or whether you are registering and buying from us, whether you are a retailer or if you are just communicating with us.

2.1 If you visit our website or use our mobile application

2.1.1 Using cookies and other technologies, handover of data to advertising and social networks

If you visit our website we place cookies on your device and subsequently read them. A cookie is a small file containing letters and numbers that we save in your Internet browser or on your computer’s hard disk. Some cookies enable us to connect your activities during the browsing of our website from the moment you open your web browser window to the moment you close it. At the moment you close your web browser window these cookies are deleted. Others remain on your device for a set period and are activated every time you visit the website that created a specific cookie. We also use web beacons, which are small images that have a similar function to cookies. Compared to cookies, which are saved on your computer’s hard disk, web beacons are a fixed part of websites. We will call all these technologies ‘cookies’ for simplification in this document below. We not only save cookies on your device, but also read the cookies that our website saved on your device. In this document we will only talk about saving for simplification.

Some cookies are saved on your device directly by our website. These cookies help us

  • Identity you when you move between individual pages of our website and during repeat visits, for example so that your basket is not deleted during shopping, so that we can remember your login details from a specific device and not again request from you your e-mail address and password, or so that we can save which version or our website we should display to you, if our website offers multiple variants at the relevant moment;
  • Record whether you have granted us your consent in accordance with this document or whether you, for example, offered to participate in certain research;
  • Handle security, for example to ensure that nobody can abuse your connection to our website and is acting instead of you;
  • Record, examine and correct defects and non-functional parts of our website.

Such cookies and other files are necessary for the operation of our website. If you block cookies in your browser, our website may not function correctly and we may not be able to provide you with our products and services.

On your device we also:

  • Save cookies from our website that enable us to
    • Monitor traffic to our website, its individual pages, create statistics and summaries and measure the effectiveness of advertising;
    • Display to you various options for our website, if we are testing new functionalities;
    • Adapt the content of our website for you, for example preferentially display products that you have already browsed, and display other made-to-measure offers to you on our website;
  • Enable the storage of cookies for third parties, which can use them 
    • To gather data about your behavior on our website and other websites;
    • To display adapted offers and targeted advertising as a part of advertising networks on websites other than ours;
    • To connect to social network such as Facebook, including automatic login, handling functions such as the “Like” button, the “Send to Messenger” function and the display of adapted offers and targeted advertising on such social networks and websites other than our website.

For the purpose of displaying adapted offers and targeted advertising as a part of advertising and social networks on websites other than our website we also hand over data about your behavior on the website to advertising and social networks. However, we do not hand over your identification data to such partners. You will find the list of social and advertising networks that we use in the part Who processes your personal data and who do we hand it over to?.

If you do not switch off the use of cookies and handover of your data to advertising and social networks in the settings for your web browser and, after notification from us, you click on any link on our website or click on the “I understand” button, which is part of the notification, we will regard you as having consented to the use of such cookies and the handover of your data to advertising and social networks. You can rescind your consent at any time by switching cookies off in your web browser’s settings.

2.1.2 Use of personal data of website visitors and mobile application users

We process data about your behavior on the website including data obtained over the mobile application based on our legitimate interest (i.e. without your consent) for the purpose of:

  • Obtaining information based on which we will be able to improve our website for you in the future; our legitimate interest here is to improve our services for you;
  • Creating statistics and summaries, in particular monitoring traffic to our website, its individual pages and measurements of the effectiveness of advertising; our legitimate interest here is measuring the effectiveness of our website and spending on advertising; for this purpose we can, based on your behavior on the website, obtain other derived data and use it for this purpose;
  • Testing new functions and applications before implementation, in particular in order to prevent problems with the functionality of such new elements in actual operation, which could worsen your experience of the use of our services; our legitimate interest here is the problem-free functionality of our services for you;
  • Preventing attacks on our website and endangering its functionality and the security of your data; our legitimate interest here is the problem-free functionality of our services for you and the security of your data.

We do not obtain data about your behavior on the website only from cookies. We also supplement them with data such as

  • The IP address of your device (address of the device through which you communicate with other devices on the internet);
  • The operating system of your device, its version and language settings;
  • The browser you use on your device, its version and language settings;
  • The address of the website (URL address) from which you come to our website.

We use personal data for these purposes for four years. You have the right to object to such processing.

2.1.3 Inputting reviews of e-shops, goods and other contributions

If, through our website, you provide a rating of an e-shop outside the Verified by Customers program, you add a review of any goods, you input a question or answer on the advice forum or use another functionality of our website enabling the publication of user content, we use your identification and contact data, data about your settings (if you register with us) and the content you input for publication on our website and the verification of the authenticity of input content; our legitimate interest consists of the provision of trustworthy information to the public, including user ratings, about e-shops and goods and other relevant topics.

2.1.4 Price monitoring, sending new reviews of goods and other types of receipt of information

If, through our website, you register for the sending of information about price reductions (price monitoring), new reviews of selected goods or responses to your contributions on the advice forum, or through a satisfaction questionnaire you request the sending of a response from an e-shop or you use another functionality of our website enabling registration for the receipt of requested information, through such registration you grant us your consent to process your identification and contact data for the purpose of sending such requested information by e-mail. This consent is necessary for registering for the receipt of information and its sending, and if you rescind it we will not be able to continue to send you the information. In order to rescind your consent you can use the link in the footer of an e-mail or you can contact us using the procedure for claiming your rights described in the part How to claim individual rights? The rescinding of consent does not affect the lawfulness of processing before its rescinding.

2.2 If you register with us

In order to register, you have to visit our website because you are affected by the processing described in the part If you visit our website.

In the event you register, then we also perform the following processing:

2.2.1 Processing based on performance of a contract

If you create an account on our website, we process your identification and contact details, your settings, data about your orders (if you buy something from us later) and the content you input (if you add a review, rating or other contribution), based on the performance of a contract with you (without your consent), so that we can maintain your user account and provide you with functionalities related to it, in particular automatic records of your orders (including those you make using your e-mail address before the creation of a user account), reviews, ratings and other contributions and saving your history of delivery and invoicing addresses. The contract on which our processing is based comes into being when you establish your account.

If you make use of the option of saving your payment card number in your user account, your card number will be saved with PayU. S.A. We will not have access to your card number, only using your identification details, which we will verify and confirm to PayU S.A., we will ensure that you do not have to input your card number again during your next purchase (provided you log in to your user account).

For this purpose we use personal data for four years from the last login to your user account.

2.2.2 Processing based on legitimate interest

If you establish an account on our website, we will process your identification and contact data, your settings and data about your orders (if you subsequently made purchases from us) also based on our legitimate interest (i.e. without your consent), for the purpose of:

  • Obtaining information based on which we will be able to improve our services for you in the future, so that shopping with us is even better, in particular ascertaining your satisfaction with our services; our legitimate interest is to improve our services for you;
  • Providing tailored offers and targeted advertising that we can display to you on our website; our legitimate interest here is effective promotion of our products and services.

Unless you reject it during registration or later, we process your identification and contact data and your settings for the provision of offers and advertising that we can send you by e-mail, by text message, over the telephone or using other electronic means or by post; our legitimate interest here is efficient promotion of our products and services.

Based on your legitimate interest (i.e. without your consent) we also use your settingsto test new functionalities and applications before implementation, as is described in the part If you visit our website.

Na základě našeho oprávněného zájmu (tedy bez vašeho souhlasu) také použijeme vaše nastavení pro testování nových funkcí a aplikací před nasazením, jak je popsáno v části If you visit our website.

For this purpose we use personal data for four years from the last login to your user account. You have the right to object to such processing.

2.3 If you make a purchase from us using the Basket service

In order to create an order with us, you probably visit our website, so the processing described in the part If you visit our website affects you. In the event you create an order, then we also perform the following processing:

2.3.1 Processing as a processor

If you make a purchase from us using the Basket service, we gather your identification and contact data and data about your orders as a processor for the e-shop from which you order the goods. We therefore hand your personal data over to this shop, so that they can take care of your order.

2.3.2 Processing for performance of contract

If you create an order with us as a natural person, we process your personal data - your identification and contact data and data about your orders - for the purpose of preparing, concluding and performing the contract with you. If you have a user account with us, we can also use your settings for this purpose. 

If you create an order as the representative of a legal entity, we process the same data for the same purpose based on our legitimate interest consisting of the conclusion and performance of a contract with the entity you are representing.

The fact that we use these data for the purpose of preparation, conclusion and performance of a contract with you means that we use them, in particular:

  • So that you can complete an order on the website, for example so that items placed in your basket or data from an order in progress are not deleted;
  • So that we can communicate with you about the order, for example send you a confirmation of it or draw your attention to a change to its status;
  • For the needs of payment of an order; in this context we can also hand your data over to our partners operating payment systems, as is described in the part Who processes your personal data and who do we hand them over to?;
  • In connection with other requirements you contact us with, for example through a call center, as is described in the part If you communicate with us using various channels;

For this purpose we use personal data for the period necessary to deal with your order or to deal with a contractual relationship, such as the claiming of a purchase Guarantee. After the expiry of this period, we continue to store the data based on our legitimate interest for the purpose of protecting legal entitlements and other internal records and controls, for the period of the time-bar (three years) and for one year after it expires, with regard to the claims made at the end of the time-bar period. In the event of the commencement of court, administrative or other proceedings, we process your personal data to the necessary extent for the duration of such proceedings and the remaining time-bar period after their end. Our legitimate interests here are the protection of legal claims and controls on the proper provision of our services.

2.3.3 Processing based on legitimate interest

If you establish an order with us, we will process your identification and contact data, your settings (if you register with us) and data about your orders also based on our legitimate interest (i.e. without your consent), for the purpose of:

  • Obtaining information based on which we will be able to improve our services for you in the future, so that shopping with us is even better, in particular ascertaining your satisfaction with our services; our legitimate interest is to improve our services for you;
  • Providing tailored offers and targeted advertising that we can display to you on our website; our legitimate interest here is effective promotion of our products and services.

Unless you reject it during registration or later, we process your identification and contact data and your settings for the provision of offers and advertising that we can send you by e-mail, by text message, over the telephone or using other electronic means or by post; our legitimate interest here is efficient promotion of our products and services.

We use personal data for these purposes for six months. You have the right to object to such processing.

2.3.4 Processing on the basis of performance of legal duties 

We too must perform certain duties stipulated by the law. If we process your personal data for this reason, we do not have to obtain your consent to it. On this legal basis we process your identification and contact data and data about orders, due to compliance with the following acts, in particular:

  • Act No. 89/2012 Coll., the Civil Code;
  • Act No. 634/1992 Coll., on Consumer Protection;
  • Act No. 235/2004 Coll., on Value Added Tax;
  • Act No. 563/1991 Coll., on Accounts.

For these purposes we use personal data for the period required by the relevant legal regulation, but no more than 10 years, unless a legal regulation sets a longer period in the future.

2.4 If you are the addressee of goods or services that are ordered from us:

If you are the addressee of goods or services that are ordered from us, we will process your identification and contact data:

  • Based on our legitimate interest for the purpose of preparation, conclusion and performance of a contract with our customer; performance of a contract is also our legitimate interest;
  • For the purpose of compliance with legal duties, in particular in accordance with Act No. 235/2004 Coll., on value added tax, and Act No. 563/1991 Coll., on accounts.

For the preparation, conclusion and performance of a contract with one of our customers we use personal data for the period necessary to deal with an order.

After the expiry of this period, we continue to store the data based on our legitimate interest for the purpose of protecting legal entitlements and other internal records and controls, for the period of the time-bar (three years) and for one year after it expires, with regard to the claims made at the end of the time-bar period. In the event of the commencement of court, administrative or other proceedings, we process your personal data to the necessary extent for the duration of such proceedings and the remaining time-bar period after their end. Our legitimate interests here are the protection of legal claims and controls on the proper provision of our services. You have the right to object to such processing based on a legitimate interest.

For the purposes of performance of legal duties we use personal data for the period required by the relevant legal regulation, but no more than 10 years, unless a legal regulation sets a longer period in the future.

2.5 If you communicate with us using various channels

If you communicate with us using various channels, in particular through the customer center, by e-mail, chat tools and social networks we will process your identification and contact data, data about your orders and records of communications that have taken place, including recordings of conversations based on our legitimate interest (i.e. without your consent) for the purpose of:

  • Dealing with your requests; if you have created an order with us and your request applies to the order, we can realize such processing based on the performance of a contract with you;
  • Records of your requests, so that we can check that we are rendering performance in full and on time;
  • Proving that we have accepted your request and dealt with it, for example if in this way you create an order or make a complaint.

We store personal data, in particular, due to the archiving of communications whose content could be the contractual requests of retailers, for the time-bar period (three years) and for one year after it ends, with regard to claims made at the end of the time-bar period. You have the right to object to processing based on our legitimate interests.

2.6 Processing of personal data as a part of the Verified by Customers program

If you make a purchase from a partner e-shop that is involved in the Verified by Customers program, the e-shop will hand over to us, as a processor, your e-mail address, based on its own decision the e-shop can also hand over to us information about the goods purchased, to create a questionnaire about your satisfaction with the purchase in the partner e-shop. If you complete a subsequently delivered satisfaction questionnaire, as a processor we gather for our partner e-shop your rating of the purchase and hand it over to the e-shop. We encrypt your e-mail address immediately after sending the satisfaction questionnaire and, if you do not complete the satisfaction questionnaire, we store your personal data in pseudo-anonymized form for six months from the sending of the questionnaire; if you complete the satisfaction questionnaire, we store your pseudo-anonymised personal data for four years from the completion of the questionnaire.

If, during the completion of the questionnaire, you grant us, by completing the identification data, your consent to the publication of your rating of the purchase including the identification characteristics on the Heureka website, we use your identification and contact data, data about your settings and your rating for publication on our website. Your consent is quite voluntary and you are not obligated to provide it. You can rescind consent granted using the procedure for exercising your rights described in the part How to claim individual rights?. The rescinding of consent does not affect the lawfulness of processing before its rescinding. If you do not grant us your consent, we will publish your rating on our website in anonymous form without stating your personal data.

In order to uncover false ratings, we use your rating and e-mail address in pseudo-anonymized form also to verify the authenticity and trustworthiness of such ratings, based on our legitimate interest, which consists of the provision of trustworthy information to the public about e-shops and goods. For this purpose we will store pseudo-anonymized data for four years from the provision of a rating.

If it is necessary for a rating to verify the authenticity of your rating, in some cases we can request from a partner e-shop also other additional data, in particular your identification and contact data and data about an order. For these purposes we store personal data for the necessary time for an assessment of ratings, but for no more than six months. You have the right to object to such processing.

2.7 If you are a retailer

If you are a retailer, we can process your data as described above, depending on whether you visit our website, register with us or, for example, make a purchase from us.

At our website we publish the profiles of e-shops containing basic information about shops, their user ratings and discussions. We can place a profile of your e-shop on our website even without your prior registration. If you are a retailer and also an individual, data from the profile of your e-shop can include also your basic identification and contact details, based on our legitimate interest consisting of the provision of trustworthy information to the public and e-shops. For this purpose we can use your personal data for the entire duration of the operation of your e-shop plus a period of one year, then the profile of your e-shop will be anonymized and your personal data removed.

If you use our services for retailers (e.g. PPC advertising, the Basket program or the Verified by Customers program) and you are also a physical entity, we process your identification and contact data and data about your settings for the purpose of preparation, conclusion and performance of contracts. In the profile of your e-shop we can, depending on the service used and your settings, publish additional information. For this purpose we use personal data for the period necessary to perform contacts concluded. After the expiry of this period, we continue to store the data based on our legitimate interest for the purpose of protecting legal entitlements and other internal records and controls, for the period of the time-bar (three years) and for one year after it expires, with regard to the claims made at the end of the time-bar period. In the event of the commencement of court, administrative or other proceedings, we process your personal data to the necessary extent for the duration of such proceedings and the remaining time-bar period after their end. Our legitimate interests here are the protection of legal claims and controls on the proper provision of our services. If you are the representative of a retailer that is a legal entity, we process the same data for the same purpose based on our legitimate interest consisting of the protection of our legal claims and our internal records and controls.

If you use our services as a retailer, we can use your identification and contact data as our reference, based on our legitimate interest consisting of our promotion, for the period of use of our services extended by a period of four years.

3. Who processes your personal data and who do we hand it over to?

In most cases we process your data for our own purposes as the controller. In such cases we only hand your data over to our processors and to PayU. As a part of the Basket and Verified by Customers services we also process your data for our partner e-shops as their processor.

We process all the personal data mentioned as the controller. This means that we set the purposes defined above for which we gather your personal data, we determine the processing means and we are responsible for its full performance. In some cases we also act as processors for other controllers that are our partner e-shops, as is described in the part Personal data processing in the Verified by Customers program, and also when you make a purchase from a partner e-shop using our Basket, as is described in the part If you make a purchase from us.

We can also hand your personal data over to other entities that are controllers, as follows:

  • In connection with the performance of a contract with you to our partners that contribute to this as described in the part If you make a purchase from us, specifically:
    • To partner e-shops that deal with the handling of your order and the delivery of goods (you learn of the identification of a specific shop on our website always before an order is sent);
    • To PayU S.A., registered office: Grunwaldzka 182, 60-166 Poznan, Poland, which operates the payments systems for the needs of handling a payment, in particular in connection with a card payment; if you store the number of your payment card with us we will be a joint controller with this company;
  • Based on your consent to advertising and social networks, as is described in the part Use of cookies and other technologies. handover of data to advertising and social networks, specifically:
    • Google Ireland Limited (company ID number: 368047), registered office: Gordon House, Barrow Street, Dublin 4, Ireland; this company’s privacy protection terms and conditions are available here: https://policies.google.com/technologies/ads
    • Facebook Ireland Limited, registered office: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02 X525, Ireland; this company’s privacy protection terms and conditions are available here: https://cs-cz.facebook.com/about/privacy
    • Microsoft Ireland Operations Limited, registered office: One Microsoft Place South County Business Park Leopardstown Dublin 18, D18 P521; this company’s privacy protection terms and conditions are available here: https://privacy.microsoft.com/cs-CZ/
    • Criteo GmbH, registered office: Gewürzmühlstraße 11, 80538 Munich, Germany; this company’s privacy protection terms and conditions are available here: https://www.criteo.com/privacy/
    • Seznam.cz, a.s., Radlická 3294/10, 150 00 Prague-Smíchov, company ID number: 26168685;
    • ROI Hunter a.s., Milady Horákové 1957/13, 602 00 Brno, company ID number: 03103048;
    • RTB House SA, 61/101 Złota Street, 00-819 Warsaw; this company’s privacy protection terms and conditions are available here: https://www.rtbhouse.com/privacy/;
    • Adform A/S, registered office: Wildersgade 10B, sal. 1, DK-1408 Copenhagen K, Denmark; this company’s privacy protection terms and conditions are available here: https://site.adform.com/privacy-policy-opt-out/

For the processing of personal data we also use the services of other processors, who process personal data in accordance with our instructions and for the purposes that are described in the part Why do we process personal data and what entitles us to do this?

These processors are:

  1. The providers of cloud services and other suppliers of technologies and support such as Keboola s.r.o. company ID number: 28502787, Omax Holding s. r. o., company ID number: 28628187, BlueGhost.cz, s.r.o, company ID number: 28901061 and Quanti s.r.o., company ID number: 24749001;
  2. The operators of marketing tools such as Diffsolutions s.r.o, company ID number: 24791288 (Yottly service), SugarFactory s.r.o., company ID number: 01953885, Tableau Software, Inc., 1621 N 34th St., Seattle, Washington 98103, United States of America, Google Ireland Limited (company ID number: 368047), registered office: Gordon House, Barrow Street, Dublin 4, Ireland (Google Analytics service), Hotjar Limited, registered office: Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta, Wingify Software Private Limited, 14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, Delhi 110034, India, Lookback Group, Inc., 68 Willow Rd., Menlo Park, CA 94025, United States of America, TYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain, and Cross Masters s.r.o., company ID number: 28192648 (Roivenue service), who help us optimize our website and personalize content and offers for you;
  3. Providers of tools for administration and recording of telephone calls, in particular Daktela s.r.o., company ID number: 27232263;

4. What sources do we obtain personal data from?

We mostly obtain personal data from you through our website or during communication with you. We can also receive some data also from our partners, e.g. websites or banks.

In most cases we process the personal data that you provide to us when ordering goods or services, creating and using an account or communicating with us, for example at a call center. We obtain personal data directly from you also by monitoring your behavior on our website and by reading messages and recording calls at the call center.

If you create an order with us, we can, in connection with performance of a contract concluded, receive additional data about orders, from partner e-shops, banks or our partners operating payment systems, for example data about the number of your account, the successful making of a payment or completion of an order.

5. Handover of data outside the EU

In some cases, we may hand over your personal data to countries which are not a part of the European Economic Area.

Within the handover of data to recipients, stated in the part Who processes your personal data and who do we hand them over to? we may also hand over your data to third countries outside of the European Economic Area, including countries which do not ensure adequate personal data protection. We will realize all such handovers only in the event that the relevant recipient undertakes to comply with some of the standard contractual clauses issued by the European Commission and available at the addresses http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087http://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX:32001D0497 and http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32004D0915.

6. What are your rights during personal data processing?

In relation to your personal data you have a number of rights. They are the rights to access, rectification, erasure, restriction of processing, portability, to object and to file a complaint.

The same as we have rights and duties during the processing of your personal data, you have certain rights during the processing of your personal data. These rights include:

Right of access
To put it simply, you have the right to know what data we are processing about you, for what purpose, for what period, where we obtain your personal data, who we hand it over to, who processes it in addition to us and what your other rights are related to the processing of your personal data. You can learn all this in this document. If, however, you are not sure what personal data we are processing about you, you can ask us for a confirmation of whether personal data that concerns you is or is not being processed by us and, if it is, you have the right to obtain access to such personal data. As a part of the right of access you can request a copy of personal data processed, where we will provide you with the first copy free of charge and additional copies for a charge.

Right to rectification
To err is human. If you ascertain that personal data we process about you is inaccurate or incomplete, you have the right to have us rectify or supplement them, without undue delay.

Right to erasure
In some cases you have the right to have us erase your personal data. We will delete your personal data without undue delay if one of the following reasons is met:

  • We no longer need your personal data for the purposes for which we processed them;
  • You rescind your consent to personal data processing, where it is data the processing of which requires your consent and we do not have another reason to continue to process such data;
  • You exercise your right to file a complaint against processing (see the part Right to file a complaint against processing, below) for personal data that we process based on our legitimate interests and we find that we have no such legitimate interests that would justify such processing; or
  • You believe that the personal data processing we perform stops being in compliance with generally binding legal regulations.

Please remember that even if it is one of these reasons, this does not mean that we will immediately delete all your personal data. This is because this right does not apply in the event that the processing of your personal data remains necessary for the performance of our legal duty or the determination, performance or defending of our legal entitlements (see the part Why do we process personal data and what entitles us to do this?).

Right to restrict processing
In some cases you can, in addition to the right to erasure, also exercise a right to the restriction of personal data processing. This right enables you, in certain cases, to request the designation of your personal data and for such data not to be the subject of any other processing operations – in this case, however, not forever (as in the case of the right to erasure), but only for a limited time. We have to restrict the processing of personal data if:

  • You deny the accuracy of the personal data, before we agree which data is correct;
  • We process your personal data without sufficient legal grounds (e.g. over the framework of what we have to process), but you, before the erasure of such data, prefer its restriction (e.g. if you expect that in the future you will provide the data to us anyway);
  • We no longer need your personal data for the aforementioned purposes of processing, but you request them for the determination, making or defense of your legal claims; or
  • You object to processing. The right to object is described in more detail in the chapter Right to object to processing). For the period during which we are investigating whether your objection is legitimate, we are obligated to restrict the processing of your personal data.

Right to portability
You have the right to obtain from us all the personal data you provided to us and that we process based on your consent (see the part If you grant us your consent) and based on the performance of a contract (see the part Why do we process personal data and what entitles us to do this?). We will provide your personal data to you in a structured, common and machine-readable format. So that we can easily transfer data at your request, it can concern only data that we process in automatic fashion in our electronic databases.

Right to object to processing
You have the right to object to the processing of your personal data, which occurs based on our legitimate interest (see the part Why do we process personal data and what entitles us to do this?). If this concerns marketing activities, we will stop processing your personal data without further action; in other cases we will do so if we do not have serious legitimate grounds to continue with such processing.

Right to file a complaint
Claiming your rights in the aforementioned manner does not in any way affect your right to file a complaint to the relevant supervisory authority. You can claim this right in the event that you believe that we are processing your personal data illegitimately or in conflict with generally binding legal regulations. You can submit a complaint against the processing of personal data performed by us to the Office for Personal Data Protection, which is headquartered at: Pplk. Sochora 27, 170 00 Prague 7.

7. How to claim individual rights?

If you have any questions, complaints or requests related to the processing of your personal data, we are available to you at the address: gdpr@heureka.cz.

In all matters related to the processing of your personal data, whether it concerns a query, the exercise of a right, the submission of a complaint or anything else, you can contact us at the address gdpr@heureka.cz.

If your request concerns data about your payment card that we control jointly with PayU. S.A., we will hand this request over to the company that deals with its handling.

We will deal with your request without undue delay, but within no more than one month. In exceptional cases, in particular due to the complicated nature of your request, we are entitled to extend this period by an additional two months. We will obviously inform you of such extension and the reasons for it.

8. Data Privacy Officer

Our data privacy officer is available to you.

In addition to the customer center, our data privacy officer is available to you in all matters related to the processing of your personal data. You can contact our data privacy officer at the address: dpo@heureka.cz