Privacy Statement
SAFE HERITAGE a.s., ID No.: 09436537 (hereinafter referred to as "we") pays great attention to the protection of personal data. In this document, you will find information about what personal data we process, in particular about our customers and users of our website, whether we process data on the basis of consent or on the basis of another legal ground, for what purposes we use it, to whom we may transfer it and what rights you have in connection with the processing of your personal data.
What personal data do we process?
We process the following personal data:
- Identification data, which means in particular first and last name, username and password, ID number, in the case of redemptions and consignment sales;
- contact data, which means personal data that allows us to contact you, in particular your email address, telephone number, home address and your contact on social media;
- your settings, which means the data in your account, in particular your saved address;
- your order data, which includes in particular details of the products you order from us, payment details including your payment account number and complaints data;
- data from your reviews of the services and products offered by us, which means the information you provide in the review;
- data about your behaviour on the website, including when you view it via our mobile application, in particular the products you view, the links you click on, the way you move around our website and scroll the screen, and data about the device from which you view our website, such as the IP address and its derived location, the identification of the device, its technical parameters such as the operating system and its version, the screen resolution, the browser used and its version, as well as data obtained from cookies and similar technologies to identify the device;
- data about your reading behaviour in the messages we send you, in particular the times when messages are opened, as well as data about the device on which you read the messages, such as the IP address and the location derived from it, the identification of the device, its technical parameters such as the operating system and its version, the screen resolution, the browser used and its version, as well as data obtained from cookies and similar technologies;
- Derived data, which means personal data derived from your settings, data about the products and services you order from us, data about your behaviour on the website and data about your behaviour when reading the messages we send you; in particular, this includes purchasing behaviour and your relationship with various services;
- data relating to your use of our call centre or visit to our branch, which includes in particular records of telephone calls to the call centre, identification of messages you send to us, including identifiers such as IP addresses, and recordings from CCTV systems in our branches.
Why do we process personal data and what entitles us to do so?
As part of our business, we process personal data for different purposes and to different extents either:
- without your consent, for the performance of a contract, our legitimate interest or to comply with a legal obligation; or
- on the basis of your consent.
What processing we may carry out without your consent depends on the purpose of the processing in question and your position vis-à-vis us - whether you are just a visitor to our website or whether you register with us or place an order. We may also process your data if you communicate with us or visit our shop.
If you visit our website
Use of cookies and other technologies
If you visit our website, we store small files such as cookies on your device and then read them from your device. A cookie is a small file of letters and numbers that we store in your internet browser or on your computer's hard drive. Some cookies allow us to link your browsing activities on our site from the moment you open your web browser window to the moment you close it. These cookies are deleted the moment you close your browser window. Others remain on your device for a set period of time and are activated each time you visit the website that created that particular cookie. We also use pixel tags (also known as web beacons), which are small images that have a similar function to cookies. Unlike cookies, which are stored on your computer's hard drive, pixel tags are a fixed part of a website. For simplicity, we will refer to all of these technologies as cookies throughout this document. We not only store cookies on your device, but we also read those cookies that our website has placed on your device. For simplicity, we will only refer to storage in the rest of this document.
Some cookies are placed on your device directly by our website. These cookies help us to:
- identify you when you move between pages on our site and when you visit again, for example, so that we can remember your login from a particular device and not ask you repeatedly for your email and password, or to save which version of our site to show you if the site offers more than one version at any given time;
- to record that you have given us your consent under this document or, for example, whether you have offered to take part in a particular survey;
- to ensure your security, for example to check whether someone has abused your connection to our website and is acting instead of you;
- to record, investigate and troubleshoot malfunctions and non-functioning parts of our website.
- Track traffic to our site, its individual pages, generate statistics and reports and measure the effectiveness of advertising;
- show you different variations of our site when we are testing new functionality;
Such cookies and other files are necessary for the operation of our website. If you block these cookies in your browser, our website may not function properly and we may not be able to provide you with our products and services.
Further, to your device:
- We store cookies from our website that allow us to:
- tailor the content of our website for you, for example, to show you products you have already viewed in preference to other products you have viewed and to show you other tailored offers on our website;
- allow us to store cookies for third parties to use:
- to collect data about your behaviour on our website and other websites;
- to display tailored offers and targeted advertising within advertising and social networks on websites other than our website;
- to connect with social networking sites such as Facebook, including automatically logging you in, providing features such as a "Like" button or sending you order-related notifications via Messenger, and displaying customized offers and targeted advertising on those social networking sites and websites other than our website.
We also transmit information about your web behavior to advertising and social networks on websites other than our website in order to display customized offers and targeted advertising on those websites. However, we do not pass on your personally identifiable information to such partners. For a list of the social and advertising networks we use, please see Who processes your personal data and to whom we transfer it;
Use of personal data of website visitors
If you visit zlataky.cz, we process data about your behaviour on the website on the basis of our legitimate interest (i.e. without your consent) in order to:
- obtaining information on the basis of which we can improve the website for you in the future; our legitimate interest here is to improve our services to you;
- compiling statistics and reports, in particular tracking traffic to our website, its individual pages and measuring the effectiveness of advertising; our legitimate interest here is to measure the effectiveness of our website and advertising spend; we may collect and use other derived data from your behaviour on the website for this purpose;
- testing new features and applications prior to deployment, in particular to prevent problems with the functionality of these new features in actual operation that could impair your experience of ordering from us; our legitimate interest here is the smooth functionality of our services for you;
- preventing attacks on our website and compromising its functionality and the security of your data; our legitimate interest here is the smooth functionality of our services to you and the security of your data.
We do not only obtain data about your behaviour on the website from cookies. We also supplement it with data on:
- Your device's IP address (the address of your device that you use to communicate with other devices on the internet);
- your device's operating system, version and language settings;
- the browser you use on your device, its version and language settings;
- the address of the website (URL) from which you are accessing our website.
We use personal data for these purposes for a maximum period of 36 months. You have the right to object to this processing.
We also processdata about your behaviour on the website on the basis of our legitimate interest (i.e. without your consent) in order to create personalised offers and targeted advertisements that we display to you on the website. Our legitimate interest here is to make the most personalised and effective offer to you. We also enrich the aforementioned data for this purpose by means of analysis and obtain data derived from it. According to this data, we also divide our users into different groups, where each group receives its own specific offer. If you subsequently order something from us, we also use your order data for this purpose.
Therefore, if you have viewed a product offer on our website, we may display this product on the first page of our website on your next visit. We can also use the product you have viewed to determine which customer group you belong to and offer you other services and products on the website that we think may be of interest to you.
We use personal data for these purposes for a maximum period of 24 months.
If you register with us
You must visit our website in order to register, so the processing described in the If you visit our website section applies to you. If you register, then we additionally carry out the following processing:
Processing based on the performance of a contract
If you create an account on zlataky.cz, we process your identification and contact data, your settings and your order data (if you later order a service from us) on the basis of the performance of a contract with you (without your consent) in order to maintain your user account. The contract on which our processing is based is created by the creation of your account.
Processing on the basis of legitimate interest
If you create an account on zlataky.cz, we process your identification and contact data, your settings, data about your orders (if you later order a service from us) and data about your behaviour on the website and your reading behaviour also on the basis of our legitimate interest (i.e. without your consent), for the following purposes:
- obtaining information on the basis of which we can improve our services to you in the future, in particular to determine your satisfaction with our services; our legitimate interest here is to improve our services to you; and
- providing you with tailored offers and targeted advertising which we may send to you by email, text message, social media, communicate to you by telephone or other electronic means, send to you by post or display on our website; these offers may relate to our products and services as well as those of third parties; our legitimate interest here is to promote our products and services effectively.
In order to prepare a tailored offer for you, we analyse the above data and extract other derived data from it, which we use for this purpose. In this way, we may also use data about your behaviour on the website that we collected before you registered and we may collect data about your behaviour on the website even if you do not log in (e.g. when we identify you by means of a cookie). We also categorise our users into different groups based on this data, with each group receiving its own specific offer.
Therefore, if you have viewed a product offer on our website or clicked on it in an email we sent you, we may show you that product on the first page of our website on your next visit or email you an offer for that product. We may also use the product you have viewed to determine which customer group you belong to and offer you additional services that we think may be of interest to you on the website or by email.
We will also use your order data (if you order our services or products) to create customized offers and targeted advertisements that we display to you on the Site, as described in If you visit our Site.
Based on our legitimate interest (i.e., without your consent), we will also use your settings to test new features and applications before deployment, as described in If You Visit Our Site.
We use personal information for these purposes for as long as your account exists. You have the right to object to this processing.
Processing based on consent
If you create a review, we process your identification data and data from your evaluation of services or products offered by us, also on the basis of your consent to processing, for the purpose of sharing information about your satisfaction with the services offered by us with other visitors to our website. We use personal data for this purpose until you withdraw your consent to processing.
If you place an order with us
If you create an order (or enquiry) on our website, the processing described in the section If you visit our website applies to you. If you place an order with us, we also carry out the following processing:
Processing based on the performance of a contract
If you create an order with us as an individual, we process your personal data for the purpose of processing your order your identification, contact and order data. If you have a user account with us, we may also use your settings for this purpose.
If you purchase from us as a representative of a legal entity, we process the same data for the same purpose based on our legitimate interest in concluding and performing a contract with the person you represent.
The fact that we use this data for the purpose of processing your order means that we will use it in particular:
- to enable you to complete your order on the website, for example, to ensure that your details are not deleted from a pending order;
- to communicate with you about your order, for example to send you a confirmation;
- for the purpose of payment for goods; in this context, we may also transfer your data to our payment system partners as described in the section Who processes your personal data and to whom do we transfer it?
- in connection with the provision and complaint of the ordered service; in this context, we may also transfer your data to the service provider, as described in Who processes your personal data and to whom do we transfer it?;
- in connection with your other requests to contact us, for example, through the call centre, as described in the section If you communicate with us through different channels.
For this purpose, we use personal data for as long as necessary to process your order or handle a contractual request such as a complaint.
Processing on the basis of legitimate interest
If you place a binding order with us, we will store your identification, contact and order data on the basis of our legitimate interest (without your consent) in order to protect legal claims and our internal records and controls. Our legitimate interests here are the protection of legal claims and the control of the proper provision of our services. In this context, we may also process your biometric data on the basis of necessity for the protection of our legal claims for this purpose if you sign a contract with us via a signpad at our branch.
In the case of order creation, we also process your identification and contact data, your settings (if you have an account with us) and your order data on the basis of our legitimate interest (i.e. without your consent) for the purpose of
- obtaining information on the basis of which we can improve our services to you in the future, in particular to determine your satisfaction with our services; our legitimate interest here is to improve our services to you; and
- providing you with tailored offers and targeted advertising which we may send to you by email, text message, social media, communicate to you by telephone or other electronic means or send to you by post; our legitimate interest here is to promote our services effectively. In order to be able to prepare a tailored offer for you, we analyse the above data (i.e. your identification, contact and order data) and extract further derived data from it, which we use for this purpose. Based on this data, we also classify our users into different groups, where each group receives its own specific offer. If you do not register with us, we do not use data about your behaviour on the site to prepare the offers we make to you.
- Therefore, if you have ordered a product from us, we may approach you with a targeted offer. We may also infer from your order which customer group you belong to and accordingly send you an offer for related services that may be of interest to you. If you do not have an account with us, we will not tailor offers based on what products you have viewed on our website or which links in the offers you have opened.
In order to protect legal claims and our internal records and controls, we process data for the duration of the limitation period (3 years) and one year after its expiry with regard to claims made at the end of the limitation period. In the event of the initiation of judicial, administrative or other proceedings, we process your personal data to the extent necessary for the duration of such proceedings and the remainder of the limitation period after its conclusion.
For the other purposes mentioned above, we use personal data for a period of 3 years after the order has been placed.
You have the right to object to such processing carried out on the basis of our legitimate interest.
Processing for compliance with legal obligations
We also have to comply with certain statutory obligations. If we process your personal data for this reason, we do not need to obtain your consent for such processing. We process your identification, contact and order data on this legal basis in order to comply with the following laws in particular:
- Act No. 89/2012 Coll., Civil Code,
- Act No. 634/1992 Coll., on consumer protection,
- Act No. 235/2004 Coll., on value added tax,
- Act No 563/1991 Coll., on Accounting.
We use personal data for these purposes for a period of 10 years.
If you communicate with us through different channels
If you communicate with us through various channels, in particular via call centre, email, chat tools and social media, we will process your identification and contact details and records of communications made, including call recordings, on the basis of our legitimate interest (i.e. without your consent) for the following purposes:
- to fulfil your requests; if you have placed an order with us and your request relates to an order, we may carry out this processing on the basis of the performance of a contract with you;
- record your requests so that we can check that we are fulfilling them properly and in a timely manner;
- demonstrating that we have received and processed your request, for example when you order something from us or make a claim;
- analysing them to improve the quality of our service.
For these purposes, we keep personal data for 1 year after the end of the services we provide. You have the right to object to processing based on our legitimate interest.
If you subscribe to our newsletter
If you subscribe to our newsletter, we will process your contact details or your settings on the basis of your consent to processing for the purpose of sending you our offers. We use personal data for this purpose until you withdraw your consent to processing, i.e. until you unsubscribe from the newsletter.
If you visit our branch
If you visit our branch, we will process the CCTV footage on which you may be captured, based on our legitimate interest (i.e. without your consent) in order to protect our property and your property and persons in and around the store, which is also our legitimate interest.
For this purpose, we retain personal data for a maximum period of 1 month. You have the right to object to this processing.
Who processes your personal data and to whom do we pass it on?
In the cases described in the section Why do we process personal data and what entitles us to do so? We, as the controller, process your personal data. This means that we determine the purposes for which we collect your personal data as defined above, determine the means of processing and are responsible for their proper implementation.
We may also transfer your personal data to other entities that are in the role of controller, namely:
- Based on your consent, to advertising and social networking sites as described in the Use of Cookies and Other Technologies section, transferring your data to advertising and social networking sites, in particular:
- Seznam.cz, a.s., registration number 26168685, (online marketing);
- Google Ireland Limited, registration number: 368047, (online marketing);
- Facebook Ireland Limited, Grand Canal Harbour, Dublin 2, (online marketing);
- Heureka Shopping s.r.o., registration number: 02387727
We also use the services of other processors to process personal data, who only process personal data on our instructions and for the purposes described in the section Why do we process personal data and what authorises us to do so? These processors are:
- Zlatáky.cz - investment gold and numismatics s.r.o., (Server services)
- ZLATÁ RENTA, a.s. - Savings in gold;
- Cloud service providers and other technology and support providers such as Microsoft and Google, (Cloud services);
- Daktela Ltd, (providers of phone call management and recording tools);
- Vodafone Czech Republic a.s., (Telecommunication services);
- Accountant and auditor (accounting and auditing);
- The Rocket Science Group, LLC (newsletter distribution tool);
- SMSbrána s.r.o., (provider of SMS communication tools);.
- Czech Post a.s.,(delivery of ordered goods);
- Loomis Czech Republic a.s.,(delivery of ordered goods);
- Programmer (IS administration);
From what sources do we obtain personal data?
In most cases, we process personal data that you provide to us in the context of ordering services, creating and using an account, or when communicating with us, for example at a call centre. We also obtain personal data directly from you by monitoring your behaviour on our website and when reading messages, recording calls at the call centre and CCTV footage of our branches. We may also obtain your personal data from a third party, for example when they order a product or service for you from us.
If you place an order with us, we may receive additional information about your orders from banks, our payment system partners, installment sales providers, such as your account number, or successful payment in connection with the performance of a purchase contract.
Transfer of data outside the EU
As part of the transfer of data to our processors listed in " Who processes your personal data and to whom do we transfer it?" we may also transfer your data to third countries outside the European Economic Area which nevertheless ensure an adequate level of data protection.
What rights do you have when processing personal data?
Just as we have rights and obligations when processing your personal data, you also have certain rights when we process your personal data. These rights include:
Right of access
Put simply, you have the right to know what data we process about you, for what purpose, for how long, where we obtain your personal data, to whom we transfer it, who processes it outside of us, and what other rights you have in relation to the processing of your personal data. You can find out all this in this document "Customer Privacy". However, if you are unsure which personal data we process about you, you can ask us to confirm whether or not personal data relating to you is being processed by us and, if so, you have the right to access that personal data. As part of your right of access, you can ask us for a copy of the personal data we are processing and we will provide you with the first copy free of charge and subsequent copies at a charge.
Right to rectification
It is human to make mistakes. If you find that the personal data we process about you is inaccurate or incomplete, you have the right to have it corrected or completed without undue delay.
Right to erasure
In some cases, you have the right to have your personal data erased. We will delete your personal data without undue delay if one of the following reasons is met:
- We no longer need your personal data for the purposes for which we processed it;
- you withdraw your consent to the processing of your personal data, where the data is data for which your consent is necessary and we have no other reason why we need to continue to process the data;
- you exercise your right to object to processing (see below under Right to object to processing) for personal data that we process on the basis of our legitimate interests and we find that we no longer have any such legitimate interests that would justify such processing; or
- you believe that the processing of personal data by us is no longer in accordance with generally binding regulations.
But please note that even if it is one of these reasons, it does not mean that we will immediately delete all your personal data. In fact, this right does not apply if the processing of your personal data is still necessary to comply with our legal obligation or to establish, exercise or defend our legal claims (see the section Why do we process personal data and what entitles us to do so?).
Right to restriction of processing
In some cases, in addition to the right to erasure, you may exercise the right to restrict the processing of personal data. This right allows you in certain cases to request that your personal data be marked and not subject to any further processing operations - but in this case not forever (as in the case of the right to erasure), but for a limited period of time. We must restrict the processing of personal data when:
- you dispute the accuracy of the personal data before we agree what data is correct;
- we process your personal data without a sufficient legal basis (e.g. beyond what we need to process) but you would prefer to restrict such data before erasing it (e.g. if you expect to provide us with such data in the future anyway);
- we no longer need your personal data for the above processing purposes but you require it for the establishment, exercise or defence of legal claims; or
- you object to the processing. The right to object is described in more detail below in the section "Right to object to processing"). We are obliged to restrict the processing of your personal data for the period we are investigating whether your objection is justified.
Right to portability
You have the right to obtain from us all your personal data that you yourself have provided to us and that we process on the basis of your consent and for the performance of a contract. We will provide you with your personal data in a structured, commonly used and machine-readable format. To enable us to easily transfer the data at your request, it may only be data that we process automatically in our electronic databases.
Right to object to processing
You have the right to object to the processing of your personal data based on our legitimate interest (see section Why do we process personal data and what entitles us to do so?). If the processing is for marketing activities, we will stop processing your personal data; otherwise, we will do so unless we have compelling legitimate grounds to continue such processing.
Right to lodge a complaint
The exercise of your rights as set out above is without prejudice to your right to lodge a complaint with the relevant supervisory authority. In particular, you can exercise this right if you believe that we are processing your personal data unlawfully or in breach of generally binding legal provisions. You can file a complaint against our processing of personal data with the Office for Personal Data Protection, which is located at Pplk. Sochora 27, 170 00 Prague 7.
How can I exercise individual rights?
In all matters related to the processing of your personal data, whether it is an inquiry, exercising a right, filing a complaint or anything else, you can contact our customer service center. Up-to-date contact information is available at www.zlataky.cz.
We will deal with your request without undue delay, but at most within one month. In exceptional cases, in particular due to the complexity of your request, we are entitled to extend this period by a further two months. We will, of course, inform you of any such extension and the reasons for it.
Data Protection Officer
In addition to the Customer Service Centre, our Data Protection Officer is at your disposal in all matters relating to the processing of your personal data. The Data Protection Officer can be contacted at the following email address: gdpr@zlataky.cz.
Final Provisions
These terms and conditions come into force on 25.05.2018. We reserve the right to change these terms and conditions. We will publish the amended terms and conditions on our website without delay. Relationships not expressly governed by these terms and conditions are governed by the GDPR and the laws of the Czech Republic.