We are the company EFEF, spol. s r.o., ID No.: 49446444 with its registered office at Armádní 318, 664 41 Omice, registered in the Commercial Register maintained by the Regional Court in Brno, Section C, Insert 12386 (hereinafter referred to as "We") and we process personal data on behalf of the Controller.
We only process personal data that you provide to us. In exceptional cases, we will also process personal data provided by a third party, but that third party must have your written consent to provide your personal data to us and must inform you of such provision of your personal data (e.g. if you order from our e-shop but have your order delivered to someone else, you provide us with the personal data of a third party or if you make a booking through an agency, that third party provides us with your personal data and must have your consent to do so).
We process your personal data in the following cases:
What data do we process?
When you visit our website, we may process your personal data such as your IP address, the date and time you accessed the website, information about your operating system, internet browser, your language settings or the type of your device. We may also process information about your behaviour on our website, e.g. which pages you have opened, which products you have viewed, which information you have searched for, etc. However, this information is anonymised to protect your privacy and cannot be attributed to specific persons.
Who do we share this data with?
We process this data through third-party Processors, which are Google LLC (we use Google Analytics) and Shopify International Ltd. Some of this data may be transferred by the Processors outside the EU to the U.S., subject to strict data protection rules negotiated between the European Union and the U.S. (the so-called EU-U.S. Privacy Shield Frameworks). Our Processors may also use cookies to collect this information (more information about cookies here).
For what reason and for how long do we keep this data?
If you are a visitor to our website, we process the above personal data for our legitimate interests, which are to improve and personalize our services and to effectively promote our products and services. We retain this data for a period of 38 months.
If you make a purchase from us, you are also a visitor to our website, therefore all the information in the section "If you are a visitor to our website" applies here, including:
What data do we process?
In this case, we process all the data listed in the section "If you are a visitor to our website" and also your identification data, which are in particular your name and surname, VAT number and VAT number if you are an entrepreneur; your contact data, in particular your email address, telephone number, delivery address, billing address, data about your orders, which are in particular data about the goods and services you have ordered, the method of delivery and payment, including the payment account number and data about complaints; data about your behaviour on our website, i.e. This includes data about your behaviour when reading messages we send you, in particular data about the opening of the message, your email client, operating system and its settings, IP address and location data derived from it, data about the type of device, links you clicked on after opening the message. If we send you messages, we may also collect data derived from your reading behaviour, such as data about your gender, your age group, language settings or public data from social networks if you use their links.
Our company does not store payment card data. Only the secure payment gateway and the relevant banking institution have your payment card data. The data that payment gateways make available to us are transaction data such as transaction numbers, whether the transaction has been processed, cancelled by the user or declined, the date and time of the transaction or the first or last few payment card numbers. This data is stored only in the administration and servers of the respective payment gateway. The providers of our payment gateways are Československá obchodní banka, a.s. and PayPal, Inc.
Who do we share this data with?
As in the previous case, we share data with Shopify International Ltd, the provider of our e-commerce platform. This processing involves the transfer of data to the U.S., but under strict data protection rules negotiated between the European Union and the U.S. (the so-called EU-U.S. Privacy Shield Frameworks).
If we need to physically transport the product you have purchased, we share your identification and contact details, or the amount to be paid upon receipt of the goods, with the contracted carriers. These are the companies Česká Pošta, s.p. and PPL s.r.o. In the case of delivery of the product abroad, these partners may further share your data with their contracted carriers in the specific country. In the event that we send you additional offers, promotions or discounts based on your consent or your purchase, we use The Rocket Science Group, LLC, the operator of MailChimp, as the processor. This processing involves the transfer of data to the U.S., but under strict data protection rules negotiated between the European Union and the U.S. (the so-called EU-U.S. Privacy Shield Frameworks). In some cases, we may also transfer identification and contact information to a company's accountant for invoicing or corporate accounting purposes.
For what reason and for how long do we keep this data?
We process identification, contact and order data on the basis of the performance and conclusion of a contract. We need your data in order to conclude a purchase or other contract with you regarding the goods or services you wish to purchase from us. Once the contract is concluded, we process your personal data in order to properly deliver the goods you have purchased or to properly provide you with the services you have purchased. We retain this data for the purpose of protecting legal claims and our internal records and controls; our legitimate interests here are to protect legal claims and to control the proper provision of our services. We therefore retain the data for the statutory period i.e. for the duration of the contract and for a further 15 years after termination of the contract, which is the statutory limitation period for compensation.
If you give us your consent to receive marketing and other communications during the order process, we process your personal data on the basis of your consent. For these purposes, we retain your data for 7 years or until your consent is withdrawn. If you do not give us consent and you are our customer, we may send you commercial communications without your consent on the basis of our legitimate interests, which are to improve and personalise our services and to promote our products and services effectively. We may use your data for such processing for a period of 1 year after your order. In all cases, you may simply opt-out of such marketing communications from us.
Here you are still a visitor to our website, therefore all the information given in the section "If you are a visitor to our website" also applies here, if you purchase something from us in addition to registering, the section "If you shop in our e-shop" also applies to you and beyond:
What data do we process?
If you have registered an account with us, in addition to the above data we also store information about your account settings and login activity, as well as your login data. However, this data is encrypted and we do not have access to it.
Who do we share this data with?
The platform provider of our e-shop is Shopify International Ltd. and is therefore the Data Processor for us. For this processing, the data is transferred to the USA, but under strict data protection rules negotiated between the European Union and the USA (the so-called EU-U.S. Privacy Shield Frameworks). In the case of sending marketing communications such as a satisfaction survey or offering our products and services, we transfer your personal data to The Rocket Science Group, LLC, which operates the MailChimp service. For this processing, data is transferred to the U.S., but under the strict data protection rules negotiated between the European Union and the U.S. (the so-called EU-U.S. Privacy Shield Frameworks).
For what reason and for how long do we keep this data?
We process your data based on the performance of a contract with you (without your consent) in order to maintain your user account. The contract on which our processing is based is created by the creation of your account. We use personal data for this purpose for the duration of your account, which you can delete at any time.
If you create an account on our website (www.vytopna.cz), we also process your identification and contact data, your preferences, data about your orders (if you later purchase from us) and data about your web and email reading behaviour also on the basis of our legitimate interest (i.e. without your consent), in order to obtain information on the basis of which we will
If you make an online booking through our website www.vytopna.cz, you are also a visitor to our website and all the information listed in the section "If you are a visitor to our website" applies to you, including:
What data do we process?
If you make a reservation with us, we mainly process your contact details such as your name, surname, email address (to send you a confirmation of your reservation) and telephone number (so that we can contact you in case of problems regarding your reservation). We also process the details of your reservation, such as the restaurant you are making the reservation for, the date and time, the number of people for whom you are making the reservation, and any other requirements you may have regarding the reservation. If you book online, we also process information about which language version of our booking form you have used.
Who do we share this information with?
If you make a reservation at one of our restaurants we may subsequently send you marketing communications such as a satisfaction survey or an offer of our products and services. In this case, we pass your personal information to The Rocket Science Group, LLC, which operates the MailChimp service. This processing involves the transfer of data to the U.S., but under the strict data protection rules negotiated between the European Union and the U.S. (the so-called EU-U.S. Privacy Shield Frameworks).
For what reason and for how long do we keep this data?
We process your data on the basis of the performance of a contract with you (without your consent) in order to make a reservation for you in our restaurant. The contract on which our processing is based arises from the creation of your reservation, whether electronically, by telephone or in person. We use personal data for this purpose until the date and time of your reservation or until the time of cancellation.
Furthermore, we also process your identification, contact and booking data on the basis of our legitimate interest (i.e. without your consent) in order to obtain information on the basis of which we will be able to continuously improve our services for you, our legitimate interest here being the improvement of our services. In addition, for the purpose of marketing communications, we may, for example, send you a satisfaction questionnaire or alerts about our other services and products, our legitimate interest here being the improvement of our services and the effective promotion of our products and services. For this purpose, we keep your data for the duration of the contract and then for one year after the end of the contract. In all cases, you can simply disable such marketing communications from us by sending a request to shop@vytopna.cz.
Registration for the Výtopna Club can be done in two ways, either electronically via our website, in which case you are also a visitor to our website and are covered by the "If you are a visitor to our website" section in addition to the "If you are a visitor to our website" section below, or via a paper form at any of our restaurants, in which case you are also a visitor to our restaurant and are covered by the "If you visit one of our restaurants" section in addition to the "If you visit one of our restaurants" section below.
What data do we process?
If you are a member of our club Výtopna we process your identification data, especially your first name, surname, date and place of birth, your contact details, especially your address, email address and telephone number. As we may provide you with various benefits or discounts based on your membership of the Basement Club, we also process data about your purchasing behaviour such as your visits to our restaurant, the amount of your spending, your account details and the amount of discounts provided.
Who do we share this data with?
We share your identification and contact data with Česká pošta s.p., which also acts as the Controller and provides you with the benefits of the Czech Post Customer Card. For more information about the processing of personal data by the Czech Post, please click here. We do not share data about your purchasing behaviour with anyone. If we send you marketing communications, we share your data with The Rocket Science Group, LLC, which operates MailChimp. For this processing, data is transferred to the U.S., but under strict data protection rules negotiated between the European Union and the U.S. (the so-called EU-U.S. Privacy Shield Frameworks).
For what reason and for how long do we keep this data?
In this case, we process your data for several reasons. In particular, it is for the performance of a contract (without your consent), i.e. to provide you with the benefits of the Tower Club. Furthermore, we process your data for the purpose of sending you marketing communications or carrying out marketing research and analysis (without your consent) on the basis of our legitimate interests, namely to improve our services and to effectively promote our products and services. We process your data for the entire duration of your registration with the club. If you wish to cancel your registration, please send your request to shop@vytopna.cz.
If you have visited our site prior to your visit, made a reservation or will make a reservation during your visit in person, or registered for the Heating Club or are registering during your visit, the information in some of the above paragraphs also applies to you. In addition:
What data do we process?
We process CCTV footage in our restaurants where you may be captured.
Who do we share this data with?
The controller of our CCTV system is František Schüssl, ID: 41449819
On the basis of a legitimate request from the competent authorities, we may also provide footage for the purpose of clarifying illegal activities.
For what reason and for how long do we keep this data?
We process this data for the purpose of preventing or subsequently clarifying possible illegal activities. We process the data on the basis of our legitimate interest (i.e. without your consent) to protect our property and your property and persons on our premises. We only keep the footage from the cameras for a limited period of time, namely 5 days.
If we send you marketing communications in the cases mentioned above, we do so on the basis of your consent, on the basis of the performance of a contract or on the basis of our legitimate interest. In all cases, however, you may opt out of such marketing communications either directly in the email messages we send you or by sending a request to shop@vytopna.cz.
You have a number of rights in relation to your personal data. These include the right of access, rectification, erasure, restriction of processing, portability, objection and complaint.
Right of access
You have the right to know what data we process about you, for what purpose, for how long, where we obtain your personal data, to whom we transfer it, who processes it outside of us and what other rights you have in relation to the processing of your personal data. All of this information is contained in this "Privacy Policy" document. If there is anything else you are unsure of, you can contact us and ask for it to be completed.
Right to rectification
If you believe that any of your data that we process is incorrect, you have the right to ask us to correct or complete your personal data. Please send this request to shop@vytopna.cz.
Right to erasure
If you believe that we are processing your personal data:
you have the right to request that we delete the personal data processed in this way without undue delay from the date of your request sent to the e-mail address shop@vytopna.cz. However, we may not delete the data even at your request if the processing is necessary for compliance with one of our legal obligations or for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims.
Right to restriction of processing
If one of these cases occurs, you have the right to request that we restrict any processing of your personal data, i.e. that we stop handling it:
Right to portability
If you ask us to send you the personal data we process via email to shop@vytopna.cz, we will send it to you in a structured, commonly used and machine-readable format. In order to enable us to easily transfer the data at your request, it can only be data that we process automatically in our electronic databases.
Right to object
Where we process your personal data on the basis of our legitimate interest, you have the right to object to such processing. You can do this by sending a message to shop@vytopna.cz. If you submit such an objection, we will assess without undue delay the extent to which we can lawfully claim the legitimacy of our reasons for processing your personal data despite your objection and how we will handle your personal data in the meantime. Until we have demonstrated to you our legitimate grounds for processing, we will no longer process your personal data.
Right to lodge a complaint
If, in your opinion, we are not fulfilling all of our legal obligations arising from the processing of your personal data, please contact us by email at shop@vytopna.cz. You also have the right to contact the relevant supervisory authority: the Data Protection Authority.
These terms and conditions are valid and effective from 25 May 2018
© 2024 VYTOPNA GROUP SE. All rights reserved.
