Tomáš Jilík, ID No.: 67556221, with registered office at Aleny Santarová 1450/5, 156 00, Prague 5 - Zbraslav (hereinafter referred to as the "Operator") as the data controller hereby informs about the processing of personal data carried out in connection with the operation of the "Tom's Gastro Guide" application (hereinafter referred to as the "Application"). This document also includes information about the rights to which data subjects are entitled in connection with the above-mentioned processing.
For any questions regarding privacy and the exercise of your rights, please contact us at info@tomsgastroguide.com .
The Operator concludes a contract with the User for the use of the Application (hereinafter referred to as the "Contract"). Users do not register in the Application. For the purposes of concluding the Agreement and enabling the use of the Application in the basic version (without Paid Content), the Operator processes only the following data about the User:
Paid Content is available on the Application and can be purchased by the User through the Application (a Content Purchase Agreement is concluded). In order to enable the purchase and access to the Paid Content, including the fulfilment of obligations related to it (in particular, sending confirmations of purchases to the User), the Operator needs the following personal data of the User:
Without the aforementioned information, neither the Agreement nor the Content Purchase Agreement can be concluded or executed. The legal title for the processing of these data is the conclusion and performance of the Contract or Content Purchase Agreement at the request of the User.
The operator must process personal data in cases where it is required to do so by law. For this purpose, the Operator shall process personal data in particular to the extent required by the relevant legal regulations in connection with the Operator's obligation to handle the User's complaints, to keep accounting records and in the performance of related tax obligations, or for the performance of obligations imposed by the Archiving Act.
In justified cases, the Operator may also process personal data on the basis of a legal title, which is the protection of its legitimate interests. However, the Operator always carefully assesses and ensures that the interest in processing your data for this purpose does not unreasonably interfere with your privacy.
Evidence of acceptance of the Terms and Conditions: when concluding a Contract with a User online (by electronic means), we store the data necessary to identify the User as a contracting party (e.g. session ID, IP and/or MAC address) in order to have a time stamp as proof of the conclusion of the Contract and of acceptance of our Terms and Conditions in the specific wording in case of later doubts or disputes.
Defence and assertion of legal claims: we process personal data for the purpose of protecting our legitimate interest, which is to ensure that we can defend ourselves in any legal proceedings, court proceedings or inspections by state authorities or other public authorities (typically the CTIA, etc.). We process the data to be able to prove, if necessary, that we have acted in accordance with our contractual obligations and the law. In this context, we typically process the User's identification, contact and payment data, data on concluded contracts, their performance and communication with the User or persons acting on the User's behalf.
We obtain personal data primarily from Users - data subjects. We may collect some personal data - in particular data about payments made by Users - from separate controllers - providers of payment methods available on the App (Apple Pay, Google Pay). For information on how these providers process your personal data, please contact these providers directly.
Unless otherwise stated, we do not collect any information about you other than that which you give us yourself or which is generated by your activity on the Application.
We may transfer personal data under the conditions laid down by law to public authorities where we are required to do so by law or where the authority in question requests it within the scope of its competence.
We use the following processors for data processing:
Personal data is not transferred outside the EU unless otherwise stated above.
We process your personal data primarily in electronic form by automated means in our IT systems or in the systems of our individual processors. Personal data may also be processed manually in accordance with the relevant purpose where manual processing is necessary or appropriate.
Our employees or other persons working for us may act in the administration of your data, including for the purpose of correcting errors, inaccuracies, etc. However, these persons may only process personal data under the conditions and to the extent stated above and are bound by the obligation of confidentiality of personal data and security measures, the disclosure of which would compromise the security of personal data.
We always process personal data in accordance with the relevant legal regulations and ensure due care and protection. We make sure that you do not suffer any harm to your rights, in particular the right to human dignity and your private and personal life.
We process personal data processed for the purposes of concluding and performing a contract with the User for the duration of the conclusion and performance of the contract (i.e. for the time necessary to fulfil the obligations arising from the contract, or for the duration of the use of the Application).
Even then, we may process personal data for the following purposes:
We process personal data processed under our legal obligations within the time limits set by these laws.
We must process personal data required by the legal regulations governing the tax and accounting obligations of the Operator (typically billing data and information about the performance provided) for accounting and tax compliance purposes. The processing period is 5 (five) years from the end of the accounting period, in the case of documents relevant for VAT payments, it is 10 (ten) years from the end of the tax period in which the performance took place. We archive relevant personal data in accordance with the requirements of the Archiving Act for the periods specified therein. Data processed for the purpose of handling complaints are stored for the duration of the period for exercising rights arising from defective performance or for the duration of the warranty period.
We continue to process personal data after the termination of the contract with the User to protect our legitimate interests (i.e. to defend against any claims of the User or third parties, including in court) for the duration of the relevant limitation periods. If the relevant proceedings are not initiated, we retain this data for a period of 5 (five) years after the termination of the contractual relationship with the User.
Personal data may also be processed for longer than the above if there is a relevant reason for further processing, typically an administrative or judicial proceeding for which the personal data is relevant.
In the first instance, you have the right to ask us for access to your personal data, including a copy of all your personal data. You can do this by using the email address provided at the head of this document.
Withdrawal of consent to processing:if we process your personal data on the basis of your consent, you may withdraw your consent to processing at any time, freely and free of charge, by using your user account, the contact email mentioned above or otherwise as stated elsewhere in this document. In this case, we will no longer process your personal data processed on the basis of your consent.
It is not possible to withdraw consent to the processing of personal data that is not processed on the basis of consent. However, we will always assess, on the basis of your request, whether it is still necessary to process your personal data for any of the above purposes.
Your other rights:
We will always keep you informed about:
Your other rights include:
We protect your data. In particular, we use the following means of security: implementation and enforcement of internal data protection regulations, antivirus protection, firewalls, encryption, access control to personal data and authorization data, backups, physical means of protection, etc.
This version of the Personal Data Processing Information is effective as of 1 November 2023.