1. INTRODUCTORY PROVISIONS
1.1. CASSIOPEA EUROPE, s.r.o., with its registered office at Revoluční 1082/8, Nové Město, 110 00 Praha 1, ID No. 261 39 260, registered in the Commercial Register kept by the Municipal Court in Prague, File C 220951 (the “Controller”), hereby provides information on the manner and scope of processing of Personal Data, as defined below, including the rights related to the processing of Personal Data while using the Application, as defined in the general terms and conditions for the Winebestime application (the “Terms”).
1.2. The services provided by the Controller through the Application can only work provided that the Controller process the user’s personal data as specified below. Further information about the Services, as defined in the Terms, provided by the Controller can be found in the Application.

2. SCOPE OF PROCESSING THE PERSONAL DATA
2.1. The protection of privacy and the processing of personal data is a priority for the Controller and the processing of personal data is considered strictly confidential and personal data is handled in accordance with applicable data protection legislation, in particular the EU General Data Protection Regulation 2016/679.
2.2. In particular, the Controller, as a controller, processes the following personal data:
a) identification data, which means in particular the username and password;
b) contact data, which means personal data that enable the Controller to contact the user, in particular an e-mail address;
c) settings of the User Account, as defined in the Terms, which means the data in the User Account, including the user’s wine preferences;
d) embedded content, which means in particular the Collection, as defined in the Terms; and
e) derived data, which means personal data of the user derived from the User Account settings;
(the “Personal Data”)

3. PURPOSES OF PROCESSING THE PERSONAL DATA
Processing of the Personal Data of the Application users
3.1. The Controller processes the user’s behaviour data obtained via the Application on the basis of its legitimate interest for the purpose of:
a) obtaining information on the basis of which the Controller will be able to improve the Services in the future; the Controller's legitimate interest here is to improve the Services provided;
b) generating statistics and reports, in particular tracking Application traffic and possibly measuring the effectiveness of advertising; the legitimate interest of the Controller here is to measure the effectiveness of the Application and possibly advertising expenditure; for this purpose, the Controller may obtain other derived data from the behaviour of users and use it for this purpose;
c) testing new features and applications prior to their deployment, in particular in order to prevent problems with the functionality of these innovations in actual operation that could impair the experience of using the Application; the legitimate interest of the Controller here is the smooth functionality of the Services provided; and
d) preventing attacks on the Application and compromising their functionality and the security of the processed data; the legitimate interest of the Controller here is the smooth functionality of the services provided and the security of the data.

Processing of the Personal Data in case of the Registration
3.2. In case of Registration, as defined in the Terms, and creating the User Account, the Controller processes the user's Personal Data on the basis of the performance of the contract with the data subjects in order to maintain and manage the User Account and provide the related functionalities. The legal basis for the processing of Personal Data arises from the creation of the User Account (Registration). Some of the embedded content in the Application (information related to the Collection) is processed by the Controller in accordance with the consent granted.
3.3. Unless the user refuses to do so at the Registration or later, the Controller processes the Personal Data also for the purpose of sending commercial communications, in particular by e-mail or other electronic means; the Controller's legitimate interest is the effective promotion of Services.
3.4. The user may refuse consent or withdraw consent previously given. Withdrawal of consent does not affect the lawfulness of the processing of Personal Data prior to its withdrawal.
Fulfilling the legal obligations of the Controller
3.5. The Controller also processes the Personal Data for the purpose of fulfilling legal obligations, in particular obligations in terms of accounting and tax legislation. The fulfilment of legal obligations also includes the provision of data and information to law enforcement authorities or other public authorities in accordance with the relevant legislation.

4. RECIPIENTS OF THE PERSONAL DATA
4.1. Personal Data are only made available to authorised employees of the Controller or to individual processors and controllers of Personal Data, and only to the extent strictly necessary for the fulfilment of the individual purposes of processing. The aim of these collaborations is to provide the best and most relevant Services to the users.
4.2. The Personal Data thus obtained may only be used by the Controller in compliance with the legal conditions, including in particular on the basis of a data transfer agreement or a data processing agreement concluded between such recipients and the Controller.
4.3. Further information or an up-to-date list of recipients will be provided by the Controller upon request.
4.4. The Controller does not transfer Personal Data to recipients located outside the EU or the European Economic Area.

5. SECURITY OF THE PERSONAL DATA
The Controller has taken appropriate technical and organisational measures to protect the Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised use, access or sharing, in particular where the processing involves the transmission of data over a network, and against all other forms of unlawful processing or other misuse. Any recipient of the Personal Data will process the Personal Data only as directed by the Controller and will be obliged to comply with strict security procedures in the handling of the Personal Data.

6. PERIOD OF PROCESSING THE PERSONAL DATA
6.1. The Controller shall process the Personal Data processed by the Controller on the basis of consent for the period of such consent, not longer than until the consent is withdrawn. Unless otherwise stated in this Privacy Policy, the Personal Data contained in a User Account will be deleted immediately after the request for its deletion has been processed.
6.2. The Controller shall further process the Personal Data for the period of time necessary to ensure all rights and obligations arising from the relevant contractual relationship and for the period of time for which the Controller is obliged to retain the Personal Data under generally binding legal regulations. The Controller further processes the Personal Data according to the purpose of processing for the following periods:

(Table: Purpose of processing)

7. RIGHTS OF DATA SUBJECTS
7.1. The user, as a data subject, has rights in connection with the processing of the Personal Data that arise from legal regulations and which they may exercise at any time. These are the right (i) to access the Personal Data, (ii) to rectification of inaccurate and completion of incomplete Personal Data, (iii) to erasure of the Personal Data if the Personal Data are no longer necessary for the purposes for which they were collected or otherwise processed or if it is found that they were processed unlawfully, (iv) to restriction of processing of the Personal Data, (v) the portability of the data, (vi) the right to object, after which the processing of the Personal Data will be terminated unless it is established that there are compelling legitimate grounds for the processing which override the interests or rights and freedoms of the data subject, in particular if the ground is the enforcement of legal claims, and (vii) the right to apply to the competent Data Protection Authority.
a) Right to access the Personal Data: if the user wishes to know whether the Controller processes their Personal Data, they have the right to obtain information on whether their Personal Data are processed and, if so, the right to access such Personal Data. In the event of unreasonable, inappropriate or repeated requests, the Controller shall be entitled to charge a reasonable fee for a copy of the Personal Data provided or to refuse the request (the foregoing applies mutatis mutandis to the exercise of the rights set out below).
b) Right to rectification of inaccurate and completion of incomplete Personal Data: if the user believes that the Controller processes inaccurate or incomplete Personal Data about them, they have the right to request their rectification and completion. The Controller shall rectify or complete the Personal Data without undue delay, but always taking into account technical possibilities.
c) Right to erasure: in the event that the user requests erasure, the Controller shall erase their Personal Data if (i) they are no longer necessary for the purposes for which they were collected or otherwise processed, (ii) the processing is unlawful, (iii) the user objects to the processing and there are no overriding legitimate grounds for processing their Personal Data, (iv) the Controller is under a legal obligation to erase, or (v) the user withdraws consent to the processing of their Personal Data.
d) Right to restriction of processing of the Personal Data: if the user requests restriction of processing, the Controller shall make the Personal Data inaccessible, temporarily remove or store them or carry out other processing operations necessary for the proper exercise of the exercised right;
e) Right to data portability: if the user wishes the Controller to transfer their Personal Data to a third party, they may exercise their right to data portability. If the exercise of this right would adversely affect the rights and freedoms of other persons, the Controller will not be able to comply with the request.
f) Right to object: the right to object to the processing of the Personal Data processed for the purposes of carrying out a task carried out in the public interest or in the exercise of official authority or for the purposes of protecting the legitimate interests of the Controller. If the Controller does not demonstrate that there is a compelling legitimate reason for the processing which overrides the interests or the rights and freedoms of the data subject, it shall terminate the processing without undue delay on the basis of the objection.
7.2. The Controller reserves the right to request additional information from the data subject if it is unable to determine the content of the request or to identify the person making the request to exercise the right.

8. GENERAL PROVISIONS
8.1. The Privacy Policy forms an integral part of the contractual relationship entered into with the Controller.
8.2. With any comments regarding the processing of the Personal Data, or in the event of exercising their rights, the data subject may contact the Controller by e-mail to support@winebestime.com.
8.3. The Controller reserves the right to change this Privacy Policy from time to time without prior notice, in particular to ensure an adequate level of protection of the Personal Data, to take into account the development of legal regulations or generally accepted practice. For this reason, the Controller recommends keeping an eye on the website, where the current version of the Privacy Policy can always be found.
8.4. The rules set out in the Privacy Policy apply only to the processing of users' Personal Data by the Controller.
8.5. This Privacy Policy shall be effective as of 15.5.2023.

© 2023 WINEBESTIME s.r.o. All rights reserved
email: support@winebestime.com

 PRIVACY POLICY | TERMS AND CONDITIONS







1. INTRODUCTORY PROVISIONS
1.1. CASSIOPEA EUROPE, s.r.o., with its registered office at Revoluční 1082/8, Nové Město, 110 00 Praha 1, ID No. 261 39 260, registered in the Commercial Register kept by the Municipal Court in Prague, File C 220951 (the “Controller”), hereby provides information on the manner and scope of processing of Personal Data, as defined below, including the rights related to the processing of Personal Data while using the Application, as defined in the general terms and conditions for the Winebestime application (the “Terms”).
1.2. The services provided by the Controller through the Application can only work provided that the Controller process the user’s personal data as specified below. Further information about the Services, as defined in the Terms, provided by the Controller can be found in the Application.

2. SCOPE OF PROCESSING THE PERSONAL DATA
2.1. The protection of privacy and the processing of personal data is a priority for the Controller and the processing of personal data is considered strictly confidential and personal data is handled in accordance with applicable data protection legislation, in particular the EU General Data Protection Regulation 2016/679.
2.2. In particular, the Controller, as a controller, processes the following personal data:
a) identification data, which means in particular the username and password;
b) contact data, which means personal data that enable the Controller to contact the user, in particular an e-mail address;
c) settings of the User Account, as defined in the Terms, which means the data in the User Account, including the user’s wine preferences;
d) embedded content, which means in particular the Collection, as defined in the Terms; and
e) derived data, which means personal data of the user derived from the User Account settings;
(the “Personal Data”)

3. PURPOSES OF PROCESSING THE PERSONAL DATA
Processing of the Personal Data of the Application users
3.1. The Controller processes the user’s behaviour data obtained via the Application on the basis of its legitimate interest for the purpose of:
a) obtaining information on the basis of which the Controller will be able to improve the Services in the future; the Controller's legitimate interest here is to improve the Services provided;
b) generating statistics and reports, in particular tracking Application traffic and possibly measuring the effectiveness of advertising; the legitimate interest of the Controller here is to measure the effectiveness of the Application and possibly advertising expenditure; for this purpose, the Controller may obtain other derived data from the behaviour of users and use it for this purpose;
c) testing new features and applications prior to their deployment, in particular in order to prevent problems with the functionality of these innovations in actual operation that could impair the experience of using the Application; the legitimate interest of the Controller here is the smooth functionality of the Services provided; and
d) preventing attacks on the Application and compromising their functionality and the security of the processed data; the legitimate interest of the Controller here is the smooth functionality of the services provided and the security of the data.

Processing of the Personal Data in case of the Registration
3.2. In case of Registration, as defined in the Terms, and creating the User Account, the Controller processes the user's Personal Data on the basis of the performance of the contract with the data subjects in order to maintain and manage the User Account and provide the related functionalities. The legal basis for the processing of Personal Data arises from the creation of the User Account (Registration). Some of the embedded content in the Application (information related to the Collection) is processed by the Controller in accordance with the consent granted.
3.3. Unless the user refuses to do so at the Registration or later, the Controller processes the Personal Data also for the purpose of sending commercial communications, in particular by e-mail or other electronic means; the Controller's legitimate interest is the effective promotion of Services.
3.4. The user may refuse consent or withdraw consent previously given. Withdrawal of consent does not affect the lawfulness of the processing of Personal Data prior to its withdrawal.
Fulfilling the legal obligations of the Controller
3.5. The Controller also processes the Personal Data for the purpose of fulfilling legal obligations, in particular obligations in terms of accounting and tax legislation. The fulfilment of legal obligations also includes the provision of data and information to law enforcement authorities or other public authorities in accordance with the relevant legislation.

4. RECIPIENTS OF THE PERSONAL DATA
4.1. Personal Data are only made available to authorised employees of the Controller or to individual processors and controllers of Personal Data, and only to the extent strictly necessary for the fulfilment of the individual purposes of processing. The aim of these collaborations is to provide the best and most relevant Services to the users.
4.2. The Personal Data thus obtained may only be used by the Controller in compliance with the legal conditions, including in particular on the basis of a data transfer agreement or a data processing agreement concluded between such recipients and the Controller.
4.3. Further information or an up-to-date list of recipients will be provided by the Controller upon request.
4.4. The Controller does not transfer Personal Data to recipients located outside the EU or the European Economic Area.

5. SECURITY OF THE PERSONAL DATA
The Controller has taken appropriate technical and organisational measures to protect the Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised use, access or sharing, in particular where the processing involves the transmission of data over a network, and against all other forms of unlawful processing or other misuse. Any recipient of the Personal Data will process the Personal Data only as directed by the Controller and will be obliged to comply with strict security procedures in the handling of the Personal Data.

6. PERIOD OF PROCESSING THE PERSONAL DATA
6.1. The Controller shall process the Personal Data processed by the Controller on the basis of consent for the period of such consent, not longer than until the consent is withdrawn. Unless otherwise stated in this Privacy Policy, the Personal Data contained in a User Account will be deleted immediately after the request for its deletion has been processed.
6.2. The Controller shall further process the Personal Data for the period of time necessary to ensure all rights and obligations arising from the relevant contractual relationship and for the period of time for which the Controller is obliged to retain the Personal Data under generally binding legal regulations. The Controller further processes the Personal Data according to the purpose of processing for the following periods:

(Table: Purpose of processing)

7. RIGHTS OF DATA SUBJECTS
7.1. The user, as a data subject, has rights in connection with the processing of the Personal Data that arise from legal regulations and which they may exercise at any time. These are the right (i) to access the Personal Data, (ii) to rectification of inaccurate and completion of incomplete Personal Data, (iii) to erasure of the Personal Data if the Personal Data are no longer necessary for the purposes for which they were collected or otherwise processed or if it is found that they were processed unlawfully, (iv) to restriction of processing of the Personal Data, (v) the portability of the data, (vi) the right to object, after which the processing of the Personal Data will be terminated unless it is established that there are compelling legitimate grounds for the processing which override the interests or rights and freedoms of the data subject, in particular if the ground is the enforcement of legal claims, and (vii) the right to apply to the competent Data Protection Authority.
a) Right to access the Personal Data: if the user wishes to know whether the Controller processes their Personal Data, they have the right to obtain information on whether their Personal Data are processed and, if so, the right to access such Personal Data. In the event of unreasonable, inappropriate or repeated requests, the Controller shall be entitled to charge a reasonable fee for a copy of the Personal Data provided or to refuse the request (the foregoing applies mutatis mutandis to the exercise of the rights set out below).
b) Right to rectification of inaccurate and completion of incomplete Personal Data: if the user believes that the Controller processes inaccurate or incomplete Personal Data about them, they have the right to request their rectification and completion. The Controller shall rectify or complete the Personal Data without undue delay, but always taking into account technical possibilities.
c) Right to erasure: in the event that the user requests erasure, the Controller shall erase their Personal Data if (i) they are no longer necessary for the purposes for which they were collected or otherwise processed, (ii) the processing is unlawful, (iii) the user objects to the processing and there are no overriding legitimate grounds for processing their Personal Data, (iv) the Controller is under a legal obligation to erase, or (v) the user withdraws consent to the processing of their Personal Data.
d) Right to restriction of processing of the Personal Data: if the user requests restriction of processing, the Controller shall make the Personal Data inaccessible, temporarily remove or store them or carry out other processing operations necessary for the proper exercise of the exercised right;
e) Right to data portability: if the user wishes the Controller to transfer their Personal Data to a third party, they may exercise their right to data portability. If the exercise of this right would adversely affect the rights and freedoms of other persons, the Controller will not be able to comply with the request.
f) Right to object: the right to object to the processing of the Personal Data processed for the purposes of carrying out a task carried out in the public interest or in the exercise of official authority or for the purposes of protecting the legitimate interests of the Controller. If the Controller does not demonstrate that there is a compelling legitimate reason for the processing which overrides the interests or the rights and freedoms of the data subject, it shall terminate the processing without undue delay on the basis of the objection.
7.2. The Controller reserves the right to request additional information from the data subject if it is unable to determine the content of the request or to identify the person making the request to exercise the right.

8. GENERAL PROVISIONS
8.1. The Privacy Policy forms an integral part of the contractual relationship entered into with the Controller.
8.2. With any comments regarding the processing of the Personal Data, or in the event of exercising their rights, the data subject may contact the Controller by e-mail to support@winebestime.com.
8.3. The Controller reserves the right to change this Privacy Policy from time to time without prior notice, in particular to ensure an adequate level of protection of the Personal Data, to take into account the development of legal regulations or generally accepted practice. For this reason, the Controller recommends keeping an eye on the website, where the current version of the Privacy Policy can always be found.
8.4. The rules set out in the Privacy Policy apply only to the processing of users' Personal Data by the Controller.
8.5. This Privacy Policy shall be effective as of 15.5.2023.

 


© 2023 WINEBESTIME s.r.o. All rights reserved
email: support@winebestime.com


PRIVACY POLICY | TERMS AND CONDITIONS