This Personal Data Protection Statement (hereafter “Statement”) pertains to the processing of all personal data of consumers, customers, suppliers, and business partners (hereafter “Business Partners“) of Bar Nota, located at Štěpánská 9, 120 00, Praha 2 (hereafter “Establishment“), represented by operator Daniel Hanfe, Business ID: 05792274, with headquarters at Dačického 1207/4, 140 00, Praha 4 (hereafter referred to as the “Operator“). This Statement does not relate to data associated with business activities or data on companies. The Operator is the data controller. This Statement describes who we are, the purposes for which we process your personal data, and other information about you. Should you have any questions, please use the contacts at the end of this Statement. This Statement is crafted in compliance with legal regulations, particularly the Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), effective as of 25.5. 2018. This Statement may change over time, and its current version is always published on our website www.barnota.cz.

FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?

The Operator will process your personal data during business transactions between you and the Operator, if you visit our establishment (at Štěpánská 9, 120 00, Praha 2), one of our events, our website, or during any other contact with the Operator.

1. Responses to your queries. If you contact us, we will use your personal data to respond and answer your queries. For this purpose – we process your data based on your consent if you provide us with your personal data, – we process your name, contact details, your correspondence with us, your queries, and all other personal data necessary to answer your queries.

2. Development and improvement of products or services. We process your personal data to evaluate, analyze, and improve our products and (customer) services. We use your personal data for customer behavior analysis and make corresponding adjustments to our products and services. When you use our website or enter or search for information through this website, we process your personal data also for the purpose of compiling analytical reports. We use your personal data to analyze customer behavior, making the necessary adjustments to our products and services to improve them. This means we analyze how often you visit our websites and which buttons you click on. To complement our database used for the aforementioned purposes, we may acquire additional data from public sources. For this reason, we process your data based on our legitimate interest in improving our products and services, processing your contact details like your address and email, personal details like your name and birthdate, payment information, and correspondence with the Operator. Additionally, we process personal data that you entered via our website or generated while using our website and technical data from your device, such as its IP address, the pages you visited on our website, the pages you click on and navigate through, and the length of your visit to our website. If you decide to participate in our surveys, we may ask you to provide us with your personal data, such as your address, email, name, and birthdate. For these purposes, we may also use personal data that you provided us within a certain survey.

3. Evaluation and acceptance of a customer, supplier, or business partner. If you contact us, we will process your personal data for the purposes of confirming and verifying your identity and for evaluating and verifying the possibility of further cooperation. The Operator will further process your personal data for administrative purposes, such as checking and comparing with records available in public registers of state and supervisory authorities. For this purpose, we process personal data because it’s essential for concluding a contract between you and the Operator. The Operator cannot conclude contracts without obtaining the required information, processing your contact details like your address and email, personal details like your name and birthdate, payment and credibility information, and details of your correspondence with the Operator.

4. Contract conclusion and fulfillment. If you have purchased a product or service from us as customers or collaborate with us as suppliers or business partners, we process your personal data for administrative purposes, such as sending invoices and making payments. We also use your personal data for the purpose of delivering, receiving, and managing our or your products and services. The Operator will process your personal data for further fulfillment of our contract, including the delivery of customer services. If you request access to the Establishment’s premises, we process your personal data for control purposes. For this reason, we process personal data because it’s essential for concluding a contract between you and the Operator. The Operator cannot conclude contracts without obtaining the required information, processing your contact details like your address and email, personal details like your name and birthdate, payment details, and details of your correspondence with the Operator.

5. Relationship management and marketing. We use information stored in our customer database to provide you with quality customer service. We also use your personal data for the development, execution, and analysis of marketing research and marketing strategies. For this purpose, when sending newsletters and/or profiled commercial communications, we process your personal data with your prior consent. You can always withdraw your consent, processing your contact details like your address and email, personal details like your name and birthdate, payment information, order history, and correspondence with the Operator. 

6. Business Activities and Internal Management. We process your personal data when executing and organizing our business activities. This includes general management, order administration, and property management. The operator also processes your personal data for internal management purposes. We conduct audits, investigations, business checks, and manage and use customer, supplier, and business partner directories. We further process your personal data for financial management and accounting, archiving, insurance, legal and business consultation, and dispute resolution. For this purpose, we process personal data based on our legitimate interest in maintaining and expanding business activities, processing your contact details, such as your address and email, personal details like your name, payment information, order and payment history, correspondence with the operator, and data generated during contract fulfillment between you and the operator.

7. Organizational Analysis and Development. The operator processes your personal data to prepare and present reports and analyses. Aggregated/anonymized personal data is used to prepare reports for the operator’s management and to analyze our business activities. Surveys among customers, suppliers, and business partners are conducted to gather more opinions while preparing reports for management. For this purpose, we process your contact details, such as your address and email, personal details like your name and date of birth, order and payment history, correspondence with the operator, and data you provided in our surveys.

8. Use of Our Websites. When using our websites, we process technical data so you can use our website’s features and allow our website administrators to manage and improve its functionality. When you enter data on our website, such as product preferences or your location for receiving information or features, the operator will process these data to provide the requested information or features. We also process your personal data to allow you to save your data (such as preferences and products) to your saved items and enable you to share them with others based on your device’s sharing settings. For this purpose, we process personal data based on our legitimate interest to create and provide technically functioning websites, improving our website’s functionality, processing personal data you entered or generated when using the operator’s website, and technical data from your device, such as its IP address, the browser you use, pages you visited on our site, information about the pages you click and browse through, and the length of your visit to our websites.

9. Allowing You to Contact Us. The establishment is active on social media platforms (Facebook, Instagram, and TikTok). If you contact the establishment via social media, we process your personal data to respond to your inquiries and messages. Additionally, when you use the “Contact” tab on our website, you can contact us through various communication channels, such as email, to provide feedback, suggest improvements, and share links to our website and Facebook network data. For this purpose, based on our legitimate interest in responding to your inquiries and directing you to our social media pages, we process communication channels you chose to use when communicating with us and personal data you provided to the operator. This includes your (user) name, address, email, and personal data you mentioned in your message. Additionally, when you use links to third-party websites or apps, the respective third party may store cookies on your device.

10. Monitoring and Control. We monitor our processes to verify compliance with our guidelines and regulations. During monitoring activities, we may access and familiarize ourselves with your personal data. For this purpose, we may process your personal data based on our legitimate interest in monitoring our internal processes and ensuring compliance with laws, accessing personal data stored in our systems, and reviewing them for compliance check reasons. Personal data that we access and review will not be stored for compliance checking purposes, except when needed for further investigation into potential non-compliance. In such cases, we will retain relevant personal data until the respective investigation or proceedings are completed.

11. Health, Safety, and Integrity Assurance. The operator highly values your health, protection, safety, and integrity. We process your personal data to ensure the safety of our employees, customers, suppliers, and business partners. For this reason, we verify your authorization to access our premises and may verify your personal data with records available in public registers of state and supervisory bodies. We also process your personal data to ensure the protection of the operator’s property and our employees and customers. For this purpose, based on our legitimate interest in monitoring our internal processes and ensuring compliance with laws, we process your contact details, personal details, order and payment history, and your visit history to our premises.

12. Compliance with Regulations. In some cases, we process your personal data to comply with laws and other regulations, e.g., to meet tax obligations and statutory obligations related to business activities. In cases stipulated by applicable laws and other regulations, we may be required to disclose your personal data to administrative or supervisory authorities. For this purpose, to ensure compliance with applicable laws, we process your contact and personal details, order and payment history, VAT, and other tax details.

13. Participation in Promotional and Other Activities. We send you information about promotional events and invitations to participate in various activities. If you decide to take part in any of these activities, we need your personal data to be able to organize these activities. Moreover, if you participate in any of these activities, we require your personal data to evaluate the promotional or other activity in question. For this purpose, we process your personal data based on your consent. You can withdraw your consent at any time without affecting the legality of processing based on your consent before its withdrawal. We process your name, address, email address, and records of the relevant event.

HOW LONG DO WE KEEP PERSONAL DATA?

The Operator will generally retain business partner data only for the duration required for the relevant business purpose, to the extent reasonably necessary to comply with applicable legal requirements. Immediately after the expiration of the appropriate retention period, the data will be:

• safely deleted or destroyed,

• anonymized,

• transferred to the archive (unless prohibited by law or a valid disposal plan).

WHO HAS ACCESS TO YOUR PERSONAL DATA?

Access to your personal data within the Operator.

We may share your data to offer you a complete package of services and products. The Operator’s employees are authorized to access personal data strictly to the extent necessary for specified purposes and to fulfill their job duties.

Third-party access to your personal data.

If necessary for the provision of the Operator’s products and services, the following third parties may also have access to your personal data: banks, insurance companies, IT suppliers, accountants, consultants, and other entities that may process your data to the extent necessary for the Operator’s operations. If a third party gains access to your personal data, the Operator will take contractual, technical, and organizational measures to ensure that your personal data is processed only to the extent necessary. Third parties will exclusively process your personal data in accordance with applicable legal regulations. If personal data is transferred to a third party in a country that does not provide an appropriate level of personal data protection, we will take measures to ensure adequate protection of your personal data, e.g., by agreeing to the EU standard contractual conditions with these third parties. In other cases, your personal data will only be transferred to third parties if required by applicable law.

HOW ARE YOUR PERSONAL DATA SECURED?

We have implemented appropriate security measures to ensure the confidentiality and security of your personal data. We have implemented appropriate technical, physical, and organizational measures to protect personal data against accidental and unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access, as well as against all other forms of unlawful processing (including excessive collection).

HOW CAN YOU EXERCISE YOUR PRIVACY RIGHTS?

You have the right to request access to your personal data or an overview of it and under certain conditions also the right to correction or deletion of personal data. Additionally, you have the right to request a restriction of processing concerning your personal data, the right to object to processing, as well as the right to data portability. To exercise your privacy rights, please contact us using the contact details provided at the end of this data protection statement. Please note that for further communication purposes, we may ask you for additional information to verify your identity.

CAN YOU WITHDRAW YOUR CONSENT?

You can always withdraw your consent. Please note that this withdrawal will not have retrospective impact. To withdraw your consent, please contact us using the contact details provided at the end of this data protection statement.

CONTACT DETAILS

E-mail: barnota@barnota.cz

Phone: +420 775 396 456

Last update date: October 8, 2023

Daniel Hanf

Bar Nota