My POP - customer club
1. WHO TAKES CARE OF YOUR DATA
Personal data controller
We are The Prague Outlet s.r.o., Company ID No.: 06263615, with its registered office at Ke Kopanině 421, 252 67 Tuchoměřice, registered in the Commercial Register maintained by the Municipal Court in Prague under File No. C 279065 (hereinafter referred to as the “Controller”), acting as the operator of the POP Airport shopping centre. As the controller in accordance with applicable personal data protection legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and Act No. 110/2019 Coll., on the processing of personal data, we process your personal data.Controller’s contact details
Correspondence address: Ke Kopanině 421, 252 67 Tuchoměřice
Phone: +420 702 222 433
2. WHAT HAPPENS TO YOUR DATA
a. What personal data we process
The Controller particularly processes the following personal data:
- name, surname and email address and other personal data which you provide us with and for the processing of which you have given us consent (e.g. for signing up and using the Wi-Fi network at the POP Airport shopping centre);
- images of natural persons recorded by the CCTV system in connection with the security of entry and movement on the premises of the POP Airport shopping centre.
Any minor who has reached the age of 15 is eligible to give consent to the processing of personal data.
If you visit our POP Airport shopping centre at Ke Kopanině 421, 252 67 Tuchoměřice (hereinafter referred to as the “Shopping Centre”), your personal data obtained through the operation of internal and external CCTV monitoring systems will be processed for the purposes of prevention, investigation of any potential illegal activity and security of the POP Airport shopping centre.
We only process personal data if you provide us with such data, for example, as part of any registration (e.g. to provide the Wi-Fi network services), contact form, survey, prize competition, etc.
To provide connection to the Wi-Fi network, we need your personal data for registration to the Wi-Fi network.
b. Why and under what authorisation we process personal data
We process your personal data for the following reasons:
- Marketing activity – we send you commercial email communications based on your consent which you gave us when registering for newsletter subscription. If you no longer wish to receive our commercial communications, you can easily unsubscribe using this form.
- Improving our services – our goal is you leave our Shopping Centre or website with the most positive experience every time. For this purpose, we use website personification to provide you with the most relevant offers from our Shopping Centre. Based on this legitimate interest, we process personal data in an automated manner and using cookies.
- Customer care – if you contact us with any question, complaint or suggestion, we will certainly deal with the issue with great care. In order to provide you with a relevant response, we will need to process your personal data to the extent necessary. For this purpose, we only store your basic identification data to contact you back.
- Protecting property and health – our legitimate interest is to provide you with maximum security during every visit to the Shopping Centre. For this reason, we operate an internal and external CCTV monitoring system at the Shopping Centre, including the car parks and garages, which also records people and vehicles coming to or arriving at the Shopping Centre and leaving or departing from the Shopping Centre (hereinafter referred to as the “CCTV System”). The CCTV System is operated in order to prevent and investigate any potential illegal activity. Furthermore, the CCTV system is used for the purposes of handling complaints and requests for access to documentation relating to the security of the operation of the Shopping Centre by public authorities that are authorised to do so under the relevant law. The CCTV monitoring system is operated by the Controller and controlled by Mark2 Corporation Czech a.s., Company ID No.: 25719751, with its registered office at Pod višňovkou 1662/23, Krč, 140 00 Prague 4.
c. How long we process your personal data for
We process and store all your personal data for as long as is necessary.
The personal data you have provided to us with your consent will be processed for a period of five years from the date of such consent or until such consent is withdrawn. Withdrawal of consent is without prejudice to the lawfulness of the processing (i) for compliance with the legal obligation to which the Controller is subject; (ii) processing is necessary in order to protect the vital interests of the data subject or of another natural person; (iii) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller; (iv) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party. You may withdraw your consent using this form.
Any personal data obtained through the CCTV System are kept for as long as is necessary, but not longer than fourteen days, taking into account the objective pursued (e.g. to detect and investigate potential thefts and other illegal activity). In exceptional cases (in particular in cooperating with law enforcement authorities), CCTV recordings (including personal data contained therein) may be kept for longer periods of time. Your personal data will be securely erased as soon as they are no longer needed for the purposes for which such personal data are collected.
d. Personal data security
We assure you that all your personal data are safe with us.
As we care about the security of your personal data, we regularly review and continuously improve their security. Access to your personal data is protected by access passwords and other software security features available only to authorised persons.
e. How your personal data is processed
Your personal data may be processed manually or by automated means by our authorised employees or an external contractor. In every case, your personal data are stored in secure databases, and all processing and transmitting of such personal data will be carried out in full respect of your privacy and in accordance with applicable law.
3. YOUR RIGHTS
In connection with the protection of your personal data, you have the following rights, including but not limited to the right to withdraw your consent to the processing of personal data at any time, the right to access your personal data, the right to rectification/completion of your personal data, the right to request restriction of processing of personal data and the right to erasure of your personal data. Furthermore, you have the right to object, the right to lodge a complaint against the processing of your personal data, the right to transmit your personal data and the right to be informed of any breach of your personal data.
To exercise any of your rights, you may contact the Controller as follows:
- electronically at firstname.lastname@example.org;
- by phone at +420 702 222 433; or
- in writing at the correspondence address: Ke Kopanině 421, 252 67 Tuchoměřice
If you communicate with the Controller electronically, you will be provided with information in a commonly used electronic form (however, you may request a different way of providing information). You will be informed of any measures taken based on your request or complaint by the Controller within one month of receipt of the request, but at the latest within three months of receipt of the request if the time limit is extended in the event of justified need.
Right to withdraw your consent to the processing of personal data
You have the right to withdraw your consent to the processing of personal data at any time. However, withdrawal of your consent shall not affect the lawfulness of the processing based on the consent given before its withdrawal. In addition, withdrawal of consent may not always constitute an obligation for the Controller to dispose of your personal data. Since your consent was given for certain purposes, its withdrawal shall constitute an obligation for the Controller to cease the processing of personal data for that particular purpose previously authorised by you. Therefore, your personal data may continue to be processed for the purpose for which you have not withdrawn your consent or for other legal grounds.
Right to access your personal data
You have the right to obtain from the Controller information (confirmation) of whether or not your personal data are subject to processing. If the Controller processes the data subject’s personal data, you have the right to receive your personal data and the following information:
- the purpose of the processing;
- the category of personal data being processed;
- the recipients or categories of recipients to whom your personal data have been or will be made available;
- the period for which your personal data will be stored;
- the information of whether there is automated decision-making, including profiling;
- the information about other of your rights connected with the protection of personal data.
Upon request, the Controller is obliged to provide you with a free copy of the personal data processed. If you request additional copies, the Controller may require a reasonable fee corresponding to the administrative costs of making such copies.
Right to rectification and completion of your personal data
If you suspect that the Controller processes your personal data which are inaccurate, you have the right to rectification and completion of such data. In such a case, you only need to notify the Controller, and rectify and complete your personal data.
Right to restriction of processing of personal data
You have the right to restriction of the processing of your personal data in any of the following cases:
- you contest the accuracy of the personal data; in such a case, the processing will be restricted to a period of time necessary for the Controller to verify the accuracy of the personal data;
- the processing of personal data is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
- the Controller no longer needs the personal data for the determined purpose of the processing, but you need such data for the establishment, exercise or defence of legal claims;
- if you have objected to processing; in such a case, the processing will be restricted pending the verification whether the legitimate grounds of the Controller override your legitimate grounds.
Right to erasure of your personal data (right to be forgotten)
At your request, the Controller shall erase your personal data without undue delay if any of the following conditions has been met:
- your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw the consent on the basis of which your personal data have been processed, and where there is no other legal ground for their processing;
- you object to the processing and there are no overriding legitimate grounds for their processing, or you object to the processing of personal data for direct marketing purposes;
- your personal data are processed unlawfully;
- your personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) of the General Data Protection Regulation.
Right to object
In the event of personal data processing based on the Controller’s legitimate interest (e.g. direct marketing), you have the right to object to the processing of your personal data for the grounds that you describe in the objection. If an objection is received, the Controller shall no longer process the personal data (retaining them only stored) and shall assess whether it has compelling legitimate grounds for their processing which override your interests or rights and freedoms, or for the establishment, exercise or defence of legal claims. If the Controller concludes that it has such grounds, it will inform you, advising you of other defence options, and will continue to process the personal data. If, on the contrary, the Controller concludes that it does not have sufficient grounds to process the personal data, it shall terminate the processing and erase the personal data.
Right to lodge a complaint against the processing of your personal data
If you suspect that your personal data are processed unlawfully, you also have the right to lodge a complaint with the Office for Personal Data Protection:
- electronically at email@example.com;
- via data box ID: qkbaa2n;
- by phone at +420 234 665 111; or
- in writing at Pplk. Sochora 27, 170 00 Prague 7,
or with another competent supervisory authority in relation to the processing of personal data. However, if you do not want to contact the supervisory authority immediately, it is sufficient to contact the Controller to resolve any discrepancies in the processing of personal data to your satisfaction.
Right to transmit your personal data
Based on the right to portability, you have the right to obtain your personal data from the Controller under the following conditions in a structured, commonly used and machine-readable format, and the right to transmit such data to another controller. In addition, you have the right to request the Controller to transmit your personal data to another controller in a structured, commonly used and machine-readable format, where technically feasible. Conditions for exercising the right to transmit your personal data:
- the processing of personal data is based on your consent or on a contract;
- the processing of your personal data is carried out by automated means.
4. DATA SHARING
Transmission of your personal data to third parties
Under the conditions laid down by applicable law, the Controller is entitled to transmit your personal data for the purpose of further processing to persons (recipients) that process personal data solely for the purposes of carrying out the activity for which such a recipient has been authorised by the Controller and predominantly under a personal data processing agreement and/or for the purpose of meeting the Controller’s statutory or contractual obligations and/or based on your consent to the processing of personal data given to the Controller and/or based on the Controller’s legitimate interest.
Such recipients shall be in particular:
- the Controller’s legal representatives (attorneys);
- public authorities and public administration entities or, as the case may be, entities authorised by public authorities, to the extent and for the purposes under the law;
advertising and social networks (based on your consent):
The recipients are bound by the obligation of confidentiality regarding your personal data, which may not be used for any purpose other than that specified above, and they are obliged to protect them from misuse.
What are cookies and what are they for?
Cookies are small data files that are stored on your device from the visited website. Cookies are necessary to make the use of the website easier and more efficient, making it possible to remember your secure web browsing settings, ad settings or user language so that you do not need to enter this information repeatedly. In addition, cookies help keep track of the number of visitors to the website and whether your device and the website have been properly connected, allowing you to customise the website content to your interests, thereby improving website experience.
Cookies are important in terms of privacy protection. Cookies do not make it possible to identify your identity, but serve to store general information about your behaviour and preferences on the web pages you visit.
Cookies can be analysed by analytical tools, especially Google Analytics.