Privacy and Personal Data Processing Policy

1. Definitions

1.1. Data Controller: The data controller responsible for data handling in accordance with the GDPR is our website, and it refers specifically to this site.

1.2. Data Protection Officer (DPO): The address where requests for information regarding the processing of personal data can be sent is the email address: suport{@}soupinthecity.cz

1.3. Cookies: A „cookie“ is a very small file, generally consisting of letters and numbers. It is downloaded to a computer’s memory or another type of device used for browsing the internet (Smartphone, Tablet, etc.) when accessing a particular web platform.

1.4. Data Subject under GDPR: Refers to an identifiable natural person (who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, an online identifier, or one or more specific factors). The data subject can be a service applicant provided by the Data Controller, as well as any other natural person whose personal data is transmitted to the Data Controller.

1.5. Categories of Processed Data: These represent personal data and are saved by the Data Controller only when you enter the data into a field on the site or send it via email.

1.6. Personal Data Processing: Means any operation performed on personal data or on sets of personal data, whether or not by automated means, such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, aligning or combining, restricting, erasing or destroying.

2. What Information Will Be Processed?

2.1. Information Collected Through Cookies: For better targeting of advertising campaigns and improving products and services, our website uses data about the articles purchased by our customers. If you have allowed cookies to be stored in your browser and agree to their use, our website receives information about the pages you visit, the products you view, and other activities on the platform.

2.2. Our website does not save or otherwise process any sensitive personal information, such as, for example, your health status, religion, or beliefs.

2.3. Data Provided by Platform Users: On our website, we process personal data about those who use the platform. Primarily, we process the personal data you provide when you sign up for our newsletter. This data mainly includes your email address and first name.

3. For What Purposes Is Personal Data Stored?

3.1. To Better Target Promotions and Advertising: Our website saves cookie-related data from platform visits, accessed products, and other activities on the platform. Processing is done only based on your consent regarding the use of relevant cookies. This consent is entirely voluntary. In most cases, based on the information provided, our website obtains statistics and analyses regarding user behavior on the site. These enable better targeting of advertising or adjusting site content to match what interests and attracts the most significant number of platform users. In this case, data storage is mostly done automatically.

3.2. For Product Promotions and Advertising: For our product promotions and advertising communications sent to users, our website primarily uses email addresses. Processing is done in this case only based on your consent, which is entirely voluntary. Even if you do not agree, you can continue to use our platform in full. You express your consent to our website when you register by entering your email address. It should be noted that registration on our website can only be done by persons over 15 years old. You can withdraw your consent at any time by clicking the link in any newsletter.

LEGAL BASIS: The Data Controller’s legitimate interest in preventing online fraud and ensuring the proper functioning of the site, contract execution, and the data subject’s consent, as appropriate.

4. Your Rights as a Data Subject Regarding the Handling of Personal Data Provided

4.1. Data Subject Rights and How to Exercise Them

According to the GDPR, as a data subject, you have a set of rights, including:

4.1.1. Right to Information and Access: This is the right to obtain confirmation that personal data concerning you is being processed and, if so, access to that data.

4.1.2. Right to Rectification: This is the right to request and obtain the correction of inaccurate personal data concerning you and/or to complete incomplete personal data. If you have an online account, these changes can usually be made personally in the account data editing section, if applicable.

4.1.3. Right to Erasure („Right to Be Forgotten“): This is the right to have personal data concerning you deleted when certain conditions mentioned in the GDPR are met.

4.1.4. Right to Restrict Processing: This is the right to restrict the processing of data in certain cases.

4.1.5. Right to Data Portability: This is the right to receive the personal data concerning you and transmit it to another Data Controller.

4.1.6. Right to Object: This is the right to object at any time to the processing of personal data concerning you, under the GDPR.

4.1.7. Right Not to Be Subject to a Decision Based Solely on Automated Processing: This includes profiling, which produces legal effects that concern you or similarly affect you significantly.

4.1.8. Right to Lodge a Complaint: You have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing if you consider that your data has not been processed in accordance with legal provisions.

4.2. How Can You Exercise These Rights?

To exercise the rights mentioned above, please submit a written request in electronic format, dated and signed, to the email address: sales{@}ourwebsite.com, to the attention of the data protection officer.

4.3. How Long Will It Take to Respond to Your Requests?

Within one month of receiving your request, you will be provided with information about the actions taken or, where applicable, reasons why the requested measures cannot be taken.

Note: Please note that to process a request for access to personal data, we will take all reasonable measures to verify the identity of the data subject.

Additionally, under the GDPR, the resolution period mentioned above can be extended by a maximum of two months if necessary, considering the complexity of your case and the number of requests. We will inform you about this if it is the case.

5. Recipients or Categories of Recipients of Personal Data

Recipients processing personal data within the European Union are required to comply with the same legal provisions, offering the same level of protection as the Data Controller.

Note: In the case of recipients operating in the United States of America, the Data Controller guarantees that they are „Privacy Shield“ certified, and the European Commission considers them to provide an adequate level of protection. A list of companies adhering to „Privacy Shield“ is available on this website: https://www.privacyshield.gov/welcome.

5.1 Transmission of Personal Data for Newsletter Service Operation

To ensure the service operates as desired, we use a third-party specialized in email delivery, specifically the MailChimp service provided by The Rocket Science Group. The privacy policy of this third party regarding personal data protection can be found here: https://mailchimp.com/legal/privacy.

You can unsubscribe from the newsletter at any time by clicking the „Unsubscribe“ button in the received email or by sending an email to suport{@}soupinthecity.cz

5.2 Transmission of Data to Public Institutions, Courts, and Authorities Competent to Investigate Criminal Acts

In special cases, when required by law, our company is obliged to provide information to the competent authorities regarding personal data.

5.3 Transmission to Other Third Parties

To provide you with the best experience on the platform, we continuously strive to improve/maintain the software programs we use. In this regard, we have development contracts with companies specialized in software programming and maintenance.

5.4 Social Networks

Our website uses „plugins“ from social network operators. All social network plugins on our website are clearly and distinctly marked.

5.5 Traffic Analysis Services

Our website uses the web analysis services „Google Analytics“ and „Google AdSense“ provided by Google Inc. for statistical purposes.

Our website uses Google Analytics, a platform analysis service provided by Google, Inc. („Google“), using cookies. More details about this can be found on our Cookie Policy page.

You can refuse the use of cookies by selecting the appropriate settings in your browser; however, in this case, you may not be able to use all the features of the Operator’s site. You can also opt out of using Google Analytics in the future by downloading and installing the Google Analytics Opt-out Browser Add-on for your browser. More details here: https://tools.google.com/dlpage/gaoptout?hl=en.

Note: Additional details are available on the Google Analytics Terms of Service and Google Analytics pages.

6. LEGAL BASIS

6.1. Regulation (EU) 2016/679 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Last updated: Aug 14, 2024