Table of contents:
- II. Definitions
- III. Collecting and Processing Personal Data
- IV. Consent for Processing Personal Data
- V. Transferring Personal Data to Third Parties
- VI. Right to Access your own Personal Data
- VII. Using Cookies
By Users’ privacy, any action is meant which is providing a User with safety in accordance with the above GDPR [General Data Protection Regulation].
Information collected about a User is processed by online pages: https://www.empireo-global.com and other online information channels that belong to Empireo and closely cooperating entities, (hereinafter “the Service”), the owner of which is Empireo with its registered offices.
Processing personal data is based on compliance with law, reliability and information clarity. Data is collected by the Data Controller in a specific, clear and legally justified purpose, whereas the scope of data is limited to necessary data for achieving this aim. The Controller, upon a User’s request, provides the possibility of updating data, whereas all out-of-date or useless data is deleted by him. The Controller uses its best efforts to provide the highest level of safety and protection of personal data processed by it. Provision of data is voluntary. Each User is entitled to access their personal data, update them and request for removal of data collected with violation of provisions or if it is useless for rendering services by the Controller.
- 1. Personal Data Controller (PDC) – means an owner of the aforesaid online services, Empireo with its registered offices, which renders services by electronic means, stores and gains access to information on User’s devices.
- 2. Personal data – means any information that relates to identifying or data enabling identification of a natural person.
- 3. Processing personal data – means conducting the following operations: collecting, storing, deleting, developing and disclosing data.
- 4. Consent of a person to whom data relates – means voluntary, voluntarily determined, specific, conscious and unambiguous indication of a person to whom data relates, by declaration or explicit actions confirming, expressing consent for processing personal data related to it. The consent must be documented in an appropriate manner.
- 5. Cookies – means IT data, in particular small text files, saved and stored on devices by which a User uses Service webpages.
- 6. Service – means webpage, under which the Controller conducts online service, operating in domains: www.empireo-global.com and domains related to Empireo products.
- 7. Device – means an electronic device through which a User gains access to Service webpages.
- 8. User – means an entity to which, pursuant to the Regulations and provisions of law, services may be rendered by electronic means, or with which a Contract for rendering services by electronic means may be concluded.
- 9. Profiling – means any form of automated processing of personal data, which consists in using personal data for evaluating some personal factors of a natural person, in particular for analysing or forecasting work outcomes of such a natural person, their economic situation, health, personal preferences, interests, credibility, behaviour, location or travelling.
III. Collecting and Processing Personal Data
Depending on your relation with Empireo and the level of using particular Services’ functionalities, referred to in Regulations of Empireo Club, Personal Data may be collected and processed in different manners, including by:
- personal data given by you on our webpages by “Cookies”,
- orders for products, placed online in online store
- enquires sent to us through a contact form,
- email, telephone, chat and other forms of communication, and
- providing personal data by partners of Empireo
For security reasons, Empireo never contacts with you for obtaining information, such as credit card no., bank account no., password or PIN. If you receive an email in which such information is required, we ask you to immediately inform Empireo about that. Service Administrator does not collect data related to particular data of persons who browse webpages except for cases in which there is a need to register and log in for using the service. Providing any of the above data is voluntary, but if you do not provide it, it may be impossible to use services in the scope of specific service functionalities, which require that. Personal data is collected by the Data Controller and processed with all Services in the scope necessary for conducting a contract between the Controller and a natural person or an entity conducting business activity, to which data relates and for performing legal obligations by the Data Controller.
A Service User who is a Club Member of Empireo at registering, and during the membership contract term, apart from basic personal data, may share a photo which will be assigned to their Club Member profile. When placing a photo, in particular a photo that presents their image, a Club Member gives its consent for processing a photo for purposes necessary for implementation of a service.
For the purposes of ensuring quality of services rendered by the Controller, data is processed on the basis of legally justified interest of the Controller for:
- a) Marketing of services and own products,
- b) Organizing marketing events and conferences,
- c) Securing or claiming compensations,
- d) Analysis of quality of services rendered by the Controller,
The Controller indicates that for purposes determined in the above item e), it uses automated tools which process Users’ data for increasing effectiveness of marketing actions, such as forecasting behaviour and preferences of prospective customers (profiling).
IV. Consent for Processing Personal Data
On the basis of a separate consent given by a User, personal data may also be processed for direct marketing of products and the Controller’s own services, such as:
- a) sending to a User commercial and marketing information and notifications by the Controller and affiliated entities,
- b) sending commercial and marketing information and notifications by SMS gateway, email by the Controller and affiliated entities.
Data is processed for these purposes on the basis of justified legal interest until filing an appeal/revoking the consent by a person at any time.
V. Transferring Personal Data to Third Parties
The Data Controller is entitled to transfer personal data of a User to the third parties for rendering a service and in the scope necessary for implementing the contract, if the party:
- b) signed a contract with Empireo for transferring Personal Data, consistent with Directive on Protection of Personal Data, or
- c) has its seat in the European Union or another country obliged to deliver appropriate protections for Personal Data, consistent with assumptions of the Directive on Protection of Personal Data, or
- d) has certificate of “Safe Harbour” program. Obtaining certificate of “Safe Harbour” program by entities participating in it provides that they guarantee appropriate level of personal data protection, referred to in the Directive on Protection of Personal Data.
Empireo may transfer Personal Data to other partners of Empireo, with which Empireo closely cooperates in appropriate performance of a service, including:
- Companies servicing IT systems or providing Empireo with IT tools,
- Subcontractors who support Empireo in rendering IT services,
- Entities conducting postal and courier activity,
- Entities conducting accounting, financial and legal activity,
- Entities rendering services concerning car program.
VI. Right to Access own Personal Data
Personal data is stored during the contract term, whereas after its expiration or receiving a request for removal of personal data, only for the period necessary for:
- a) Processing complaints and returns,
- b) Securing and claiming prospective claims to the Controller,
- c) Fulfilling Controller’s legal obligations (e.g. for the needs of audit, tax obligations).
Each User, whose personal data is processed by the Controller and affiliated entities indicated in item 6 has the following rights:
- a) The right to access processed personal data which relates to them, in particular to confirm its processing and information concerning processing,
- b) The right to amend, update or request for data removal, if it is wrong or incomplete,
- c) The right to request for limiting data processing:
- if data correctness is questioned for the period allowing the Controller to verify data correctness,
- if data is processed against the law, or the person to whom data relates opposes its deleting, instead requesting for its limitation,
- if data is no longer needed for processing, but for determining, pursuing or protecting claims,
- if an appeal is filled, until it is verified whether Controller’s legally justified reasons are superior to basis for appeal of a person to whom data relates.
- d) The right to obtain personal data submitted to the Controller and to send it to another controller, i.e. the right to transfer data,
- e) The right to file an appeal concerning data processing, including profiling profile on the basis of justified Controller’s interest or at processing data for direct marketing purposes,
- f) The right to file an appeal to the Czech supervisory body or supervisory body (President of the Office for Personal Data Protection) of another member country of the European Union, appropriate for normal place of residence or work of a person to whom data relates or for place of supposed violation of GDPR,
- g) The right to obtain human intervention from the Controller, presenting own opinion and to question decision based on automated data processing.
- In order to use the above rights, except the right indicated in item f), contact the Controller at the email address: firstname.lastname@example.org
A response to a User’s question or request will be given in electronic form at email address of a User, from which the question/request was sent, unless a User requests for another form of response, within 1 month from the day of receiving the question/request by the Controller. If the request is of complex nature or there are many requests, the Controller may extend this period for next 2 months, about which a User will be informed within 1 month from receiving the request.
If requests of a person to whom data relates are clearly unjustified or excessive, in particular due to its statutory nature, the Controller may:
- a) charge a reasonable fee, taking into consideration administrative costs of giving information, conducting communication or assuming requested activities, or
- b) deny assuming actions in relation to the request.
The Controller provides the person to whom data relates with a copy of personal data that is processed. A Controller may charge a reasonable fee resulting from administrative costs for issuing other copies for which a person to whom data relates will ask.
VII. Using Cookies
The principles determining processing data and which data is collected by Cookies were determined in a separate document (hereinafter “Cookies Policy”).