PRINCIPLES OF PERSONAL DATA PROTECTION

By placing an order, registering, subscribing to commercial communications, or browsing our website, you authorize Digital People, a.s., with registered office at Rozkošného 1058/3, 150 00 Prague 5 - Smíchov, registered in the Commercial Register kept by the Municipal Court in Prague under file No. B 13119, ID: 28206592 (hereinafter referred to as the "Controller" or "Controller of personal data") to use your personal data. This page is intended to inform you in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) about what information we collect about you, for what purpose, and how we use your information, what your rights are regarding the personal data we use, and how you can exercise them with us in accordance with the GDPR regulation.

What information do we collect about you?

In the order records, we process your personal data to the extent of: email, full name, phone number, address, and also the price information. We initially need this data to process the order, i.e., for the purpose of fulfilling the contract (i.e., fulfilling our contractual obligations to the customer). After fulfilling our contractual obligations, we use the personal data from the order records for further purposes. It is in our legitimate interest to maintain the entire order records for legal protection against future disputes. Due to the statutory warranty period for the quality of goods, limitation periods, and the setup and systematics of the judicial system, including limitation periods for claims, we must process your data from the order records for a period of 6 years. We also use the data from the order records to fulfill our legal obligation to archive documentation for possible financial control purposes, for a period of 10 years.

In the user database, we process your personal data to the extent that you provide it to us during registration or profile modification, when joining the waitlist, when placing an order, or when linking your account to social networks. It is in our legitimate interest to maintain a user database. The database also allows individual customers to create and manage their profile as part of registration on the website. In addition to registration purposes, we also use this database to identify individuals when interacting with the customer center, handling complaints, processing orders, or for marketing purposes (more on this below). We further utilize the data for processing for marketing purposes. A detailed description of this personal data is provided below. Personal data for user records is retained for 5 years from your last completed order.

We also use your personal data for the purpose of ensuring delivery (fulfilling our obligations under the contract). We transfer this data to shipping companies, and upon transfer, we create a delivery log, which serves as a backup in case of delivery errors through the information system. For potential complaints from both the customer and the carrier, we process this data to ensure delivery for a period of 5 years from the creation of the order.

Storing personal data from your order enables us to facilitate your future purchases, and the previously used data can be pre-filled into the electronic shopping cart. We process personal data for the purpose of facilitating purchases based on the legal basis of legitimate interest and keep them in databases along with other data for a period of 5 years from the completion of your last order.

In order to provide you with proper technical support for using our website, we store technical data about the device you use to access our website (such as the browser you use, the device from which you access our website, and the operating system you use). Providing technical support is in both our and your legitimate interest. These pieces of information are part of our internal logs, and we do not use them for any purpose other than providing technical support. However, for technical reasons, we must maintain them for the entire lifespan of the personal data we process. At the latest, we will erase this information about you 5 years after the completion of your last order.

How do we use data for marketing purposes?

For marketing purposes, we process your contact details that you provide us with when placing an order, registering, or subscribing to receive commercial communications. We use these details to send commercial communications and to make the messages we send more relevant to you. We aim to provide you with enjoyable and inspiring information, so it's important for us to know your reaction to these communications, and therefore, we retain feedback about them. You can, of course, unsubscribe from our commercial communications at any time or change the frequency of their delivery, for example, in your customer profile. After complete unsubscription (from all communication channels), we will no longer use your contact personal data for sending commercial communications.

To ensure the most pleasant customer experience and constantly improve our services, we store data that helps us understand what specifically interests you and what you like. We don't want to offer you products that don't interest you or aren't your style. Instead, we want to alert you to news from your favorite brand or discounts in your preferred categories. Therefore, among other things, we need to know what you most frequently view on our website, what you order, what you purchase, and even what products you return and why.

Based on information about what interests you most in our store, we categorize you into various groups (such as favorite brand, category, price, size, etc.), to which we can then send precise information about our special offers. We don't want our promotional messages to bother you, so we try to refine them as much as possible and tailor them directly to you. This would not be possible without processing data about your website visits, orders, purchases, and reactions to our marketing campaigns.

To improve our services, we also need to know when and where you shop and when and where you most frequently pick up goods. This allows us to send you business messages at a time that suits you best, or we can recommend the most suitable time for order pickup.

Your opinion is important to us and is our driving force. We carefully store the feedback we receive from you, most often in the form of responses to questionnaire questions. We are interested in how satisfied you are with our products, website, carriers, and much more. Similarly, we need to track the use of discount vouchers that you redeem with us. We aim to protect both us and you from their misuse, while also enabling us to promptly address voucher-related issues with the help of our customer service center.

We also want to reward you for your loyalty and thank you for the favor you have shown us over the long term. In order to know which of the special benefits you are entitled to, we need to know, among other things, how much money you spend with us, how much merchandise you return from your orders, and how long you have been our customer. It is in our legitimate interest as a merchant to track this information for individual customers, especially when, based on such tracking, we can offer significant benefits and thus appreciate your loyalty.

All personal data used in marketing activities are utilized under the legal basis of legitimate interest, and for marketing purposes, we retain them for a period of 5 years from your last order. Because we are aware that data about your specific interests with us, what you like, and your feedback on receiving business communications may be perceived as more sensitive, we only store them for a period of 2 years from the time we obtain this data.

Whom do we share data with?

Your personal data is used exclusively for our internal purposes and only for the reasons stated above. However, we do not solely ensure all necessary services regarding personal data on our own; we also utilize services from third parties (specialized companies). We have contracts with third parties to whom we provide your personal data, based on which we are able to ensure and protect your rights in the area of personal data protection.

As part of your order, therefore, personal data may be transferred to shipping companies, for example, companies such as:

General Logistics Systems Czech Republic s.r.o., se sídlem Průmyslová 5619/1, 586 01 Jihlava

Outside of the order process, we process your personal data in information, analytical, and marketing systems of third parties, which are essential for our business, such as:

Where do we store data?

Data is stored on backed-up servers in the data center of SuperNetwork s.r.o., located at Bilejova 407, Stráž nad Nisou 463 03. The security of the data center is fully compliant with GDPR, and more information can be found directly on the data center's website.

Access to systems mediating the personal data of our customers is granted only to a limited number of internal users for whom it is necessary due to the nature of their work. These may include employees working in customer care departments, order processing, etc. Individual employees always have access only to the amount of personal data necessary for their work. Access to all critical systems processing the personal data of our customers is restricted only within the internal network, and the aforementioned individuals will automatically lose access to your personal data in the event of termination of their legal relationship with us.

How do we secure passwords?

We don't store your passwords in the system at all; we don't save them in the database. We only work with specially calculated hashing keys generated using the SHA-512 hashing function + unique salt for each password.

Rights granted by GDPR and how to exercise them with us:

Right to access information and right to rectification: 

At any time in the future, you can request confirmation whether your personal data is being processed by us by sending a message to the email address info@bibloo.com. If your data is processed, upon your request, we can provide you with information about any third parties to whom your personal data has been or will be disclosed, beyond the information provided in the General Terms and Conditions, in these Personal Data Protection Principles, and in the document containing information about the use of cookie files. If we do not obtain personal data directly from you, you have the right to access all information available to us regarding the source of your personal information.

If we process your personal data inaccurately, you can notify us of this fact by sending a message to the email address info@bibloo.com, and we will promptly correct the inaccurate personal data without unnecessary delay. After registering on our website, you will have the opportunity to correct your personal data yourself using the profile editing feature. If you wish to provide us with additional personal data that you have not previously provided and this personal data is necessary to ensure the services we provide, simply fill it out once again in the appropriate section of the profile editing. You can request the removal of your user account and personal data that are not necessary for further processing by submitting a written request to our customer service department.

Right to object to the processing of personal data:

Even if we process your personal data based on our legitimate interest, you have the right to object to such processing, including objections to the processing of personal data for direct marketing purposes. You can do this by sending a message to the email address info@bibloo.com. If you raise such an objection, we will promptly assess the extent to which we can assert the legality of our reasons for processing your personal data despite the objections raised by you and how we will handle your personal data in the meantime. Until we demonstrate our legitimate reasons for processing to you, we will not further process your personal data.

Right to restriction of processing personal data:

You have the right to request the limitation of any processing of your personal data, including their deletion, which means that we will cease processing them:

If you inform us that the personal data collected by us is inaccurate, we will verify their accuracy before making any changes.

If the processing of your personal data is unlawful and you request, by sending a message to the email address info@bibloo.com, restriction of their use instead of deletion.

If we no longer need your personal data to provide our services, but you need them to assert your rights.

If you object to the processing as described above until we verify whether our processing reasons outweigh your interests.

Right to be forgotten (right to erasure of personal data):

If you find out that we are processing your personal data:

even though their processing is no longer necessary for the purposes for which we obtained them; and/or you raise an objection as described above and we cannot demonstrate legitimate reasons for their processing that outweigh your interests, rights, and freedoms or the exercise or defense of legal claims; and/or

the data are processed for any other reason unlawfully, you have the right to request that we delete such processed personal data without undue delay upon your notification of these facts by sending a message to the email address info@bibloo.com. However, we cannot delete the data at your request if their processing is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of any of our legal obligations, or for the performance of a task carried out in the public interest or in the exercise, establishment, or defense of our legal claims.

Right to data portability:

If you request us by sending a message to the email address info@bibloo.com, we will provide you with your personal data processed by us in a structured, commonly used, and machine-readable format (e.g., *.xls, *.csv, or in a similar format). If you ask us to send your personal data to another personal data controller, we will of course comply with your request.

Right to unsubscribe from receiving marketing communications at any time:

If you no longer wish to receive marketing communications from us, you can prevent their delivery by either clicking on the link included in each marketing communication or by adjusting your subscription preferences in your profile created upon registration on our website.

Right to withdraw consent to receiving marketing communications at any time:

If we ask for your consent to process personal data as part of our special promotions, you can withdraw this consent at any time, without giving any reason. You can withdraw your consent either as described in the rules of the consumer competition or by sending a revocation of consent to the email address info@bibloo.com

Contact information for us and our Data Protection Officer (DPO):

You can contact our Data Protection Officer at the address dpo@zoot.cz.

Right to lodge a complaint with the data protection authority:

If you believe that we are not fulfilling all of our legal obligations related to the processing of your personal data, please contact our Customer Care Center. If our colleagues cannot assist you, you have the right to contact the Office for Personal Data Protection at the address of the office headquarters: Pplk. Sochora 27, Prague 7, Postal Code 170 00, via email at posta@uoou.cz, or through any other means accepted by the data protection authority. Further information about the authority can be found on the website www.uoou.cz.

 

Up