Personal Data Protection Policy
Havlíkova přírodní apotéka s.r.o., ID No. 02891042, with its registered office at Pod Brentovou 617/9, Smíchov, 150 00 Prague 5, registered by the Municipal Court in Prague under File No. C 224993, Organická apotéka s.r.o., ID No.: 08952752, with its registered office at U Nesypky 2763/2a, Smíchov, 150 00 Prague 5, registered by the Municipal Court in Prague under File No. C 326991, and HPA Slovensko, s.r.o., ID No.: 51642433, with its registered office at Orechovská 36, 911 05 Trenčín, Slovak Republic, registered in section: Sro, File number: 36241/R (hereinafter “HPA”), protects all processed personal data as strictly confidential and handles them in accordance with the applicable data protection legislation. The security of your personal data is a priority for HPA.
In the meaning of the General Data Protection Regulation, HPA is the controller of your personal data, i.e. it collects, stores and uses (and otherwise processes) your personal data in order to perform its business activity (the individual purposes for which the data are processed are specified below).
This Personal Data Processing Policy applies to:
- Processing of personal data by HPA during the performance of contracts with business partners,
- Processing of personal data of e-shop customers and users,
- Processing of personal data of visitors to the stores, production plant, e-shop,
- Processing of personal data of loyalty program members,
- Processing of personal data of job applicants,
- Processing of personal data of temporary workers,
- Processing of personal data for the purpose of sending commercial communications and targeting advertising,
- Processing of personal data carried out by the HPA during your use of the website operated by the HPA (“Website").
The Personal Data Processing Policy describes the purposes of processing personal data and the methods of processing, informs about the individual categories of processed personal data, their potential recipients, the retention period of personal data and your rights in relation to personal data protection.
PURPOSES OF PROCESSING PERSONAL DATA
Vaše osobní údaje mohou být společností HPA zpracovávány pro tyto účely:
-
- Contract performance (in particular, performance of contracts with HPA business partners, e-shop users and loyalty program members);
- Compliance with legal obligations (particularly obligations concerning accounting and tax legislation, i.e. the transfer of personal data to the financial authorities; possibly to other public authorities in accordance with the relevant legislation);
- Protection of the controller’s legitimate interests (protection of the rights and legally protected interests of HPA, for example, protection of the HPA website and network from misuse, operation of the camera system in the stores, production plant and e-shop pick-up office);
- Effective communication and e-shop management (especially to facilitate the “revival” of orders already created, to preserve your preferences and save time when creating a new order, etc.);
- Handling requests received via e-mail;
- Sending commercial communications (newsletter) and targeting advertising.
Your personal data may be processed by HPA for the following purposes:
PROCESSED PERSONAL DATA
HPA is authorised to process the following personal data depending on the purpose of processing:
Data about data subjects |
Purposes of processing: |
Name and surname |
Contract performance, Compliance with legal obligations, Protection of the controller’s legitimate interests, Handling requests received via e-mail, Effective communication and e-shop management, Sending commercial communications and targeting advertising |
Contact address |
Contract performance, Compliance with legal obligations, Protection of the controller’s legitimate interests |
|
Contract performance, Compliance with legal obligations, Protection of the controller’s legitimate interests, Handling requests received via e-mail, Effective communication and e-shop management, Sending commercial communications and targeting advertising |
Phone |
Contract performance, Compliance with legal obligations, Protection of the controller’s legitimate interests, Effective communication and e-shop management |
Salutation |
Effective communication and e-shop management, Sending commercial communications and targeting advertising (female/male) |
Account number |
Contract performance, Compliance with legal obligations, Protection of the controller’s legitimate interests |
COMPANY ID NO. |
Contract performance, Compliance with legal obligations, Protection of the controller’s legitimate interests |
Date of birth |
Contract performance, Compliance with legal obligations, Sending commercial communications and targeting advertising |
Information about last order |
Effective communication and e-shop management, Sending commercial messages and targeting advertising |
Information in your CV |
Pre-contractual measures (regarding job applicants) |
Camera recordings |
Protection the controller’s legitimate interests |
Personal data are processed both manually and automatically. The automated processing of personal data is carried out for the purposes of contract performance, in particular to ensure the internal processes within HPA that are necessary to ensure the production, distribution and delivery of goods and the provision of related services. Automated personal data processing also occurs in cases where consent is given to send marketing communications and to target advertising.
PERSONAL DATA PROCESSING BASED ON CONSENT
If you give HPA your consent to process your personal data for the purposes of sending you commercial communications and targeting advertising, you acknowledge that your consent is voluntary and that you may withdraw your consent at any time. Consent is granted (i) in the case of the Loyalty Program, for the term of participation in the Loyalty Program or until its withdrawal; (ii) in other cases, for a period of 5 years or until its withdrawal.
RECIPIENTS OF PERSONAL DATA
At HPA, your personal data are only disclosed to authorised employees or individual data processors contracted by HPA or other data controllers. This includes e.g. processors or controllers involved in the delivery of goods/services, payments, providing services in connection with e-shop operation or providing marketing services. However, only to the extent necessary to fulfil the individual purposes of processing and on the basis of the corresponding legal grounds for personal data processing. The current list of recipients of personal data from HPA is available on request via e-mail to gdpr@havlikovaapoteka.cz for the Czech Republic and gdpr@havlikovaapoteka.sk for Slovakia.
By providing your personal data to the Companies via the careers section of the Website, you acknowledge that, depending on the specific job position you applied for, these personal data may only be disclosed to authorised employees or individual data processors contracted by the HPA or other data controllers, who are joint data controllers of your personal data with the HPA Companies in the area of human resources management.
The Companies are members of a group of companies, so please note that if the Companies have the appropriate legal grounds, they may be authorised to share personal data within the group of companies, both for internal administrative purposes and for business support purposes. You can object to the sharing of personal data within a group of companies at any time via e-mail to gdpr@havlikovaapoteka.cz for the Czech Republic and gdpr@havlikovaapoteka.sk for Slovakia.
Under certain conditions stipulated by legislation, HPA is authorised or obliged to transfer some of your personal data based on valid legislation, e.g. to the prosecuting authorities or other public authorities.
PERSONAL DATA OF THIRD PARTIES
The personal data of third parties, meaning the personal data of employees of HPA’s business partners, carriers and other individuals involved in cooperation with HPA, or other data that HPA receives from a business partner in connection with the conclusion or performance of a contract, will be processed in accordance with applicable data protection legislation. The personal data will be used by HPA for the purpose of performing contracts with business partners. The business partner hereby acknowledges that HPA will process the personal data of third parties for the duration of the contractual relationship and for the period of time specified by special legislation, if any. Data will be retained for a longer period of time if there is a justified need to keep the data with respect to a specific case. The business partner is obliged properly to instruct its employees and other individuals involved in the business partner’s cooperation with HPA about the processing of personal data by HPA.
We determine your satisfaction with your purchase by means of e-mail questionnaires within the framework of the Verified by Customers program, which our e-shop engages in. We send you this questionnaire every time you make a purchase with us, unless you opt out of receiving it in accordance with Section 7(3) of Act No. 480/2004 Coll., on certain information society services. Personal data processing for the purpose of sending questionnaires within the framework of the Verified by Customers program is carried out based on our legitimate interest, which consists in determining your satisfaction with your purchase. We use a processor to send the questionnaires, evaluate your feedback and analyse our market position, that being the operator of the Heureka.cz portal; for these purposes, we may transfer information about the goods you have purchased and your e-mail address. Your personal data are not transferred to any third party for its own purposes when sending e-mail questionnaires. You may object to the sending of e-mail questionnaires under the Verified by Customers program at any time by rejecting further questionnaires using the link in the e-mail containing the questionnaire. If you object, we will not send you any more questionnaires.
PERIOD OF RETAINING PERSONAL DATA
We process and retain your personal data for the period strictly necessary to ensure all the rights and obligations arising from the respective contractual relationship, and furthermore for the period for which HPA as the controller of personal data is obliged to retain the personal data pursuant to generally binding legal regulations, or for which you granted consent to processing. In other cases, the processing period is based on the purpose of processing, which must be proportionate, or is determined by data protection legislation.
We process personal data according to the purpose of processing for the period of time stated herein:
Purpose of processing: |
Retention period: |
Contract performance |
for the term of the contract and another 10 years after termination of the contract |
Compliance with legal obligations |
for the period of time specified by the relevant legislation |
Protection the controller’s legitimate interests |
for a maximum period of 3 years from the start of data processing, unless stipulated otherwise by specific legislation or unless the need to retain the data for a longer period in connection with a specific case arises in a justified case; |
Handling your requests sent via e-mail |
for the period necessary to process the relevant request |
Effective communication and e-shop management |
for a maximum period of 5 years from the start of data processing, or until your consent to processing is withdrawn |
Sending commercial messages |
for as long as consent is granted to send commercial communications and target advertising, or until consent to processing is withdrawn, or in accordance with the relevant legislation* |
Pre-contractual measures |
for the duration of contract negotiations (during the tender procedure) |
* HPA is authorised to process your e-mail address within the meaning of Section 7(3) of Act No. 480/2004 Coll., on certain information society services and on amendments to certain acts (Act on Certain Information Society Services), as amended, for the purpose of distributing commercial communications relating to its own products or services (e.g. in the form of a newsletter), provided you have not refused such sending.
USE OF COOKIES
When visiting and using the websites www.havlikovaapoteka.cz a www.apoteka.cz (“Website”), cookies or other technologies such as pixels (collectively referred to as “cookies”) are activated on your device.
Cookies are small data files that are stored on your computer, phone or other device when you visit the Website. Cookies are used to store and receive identifiers and other information about computers, telephones and other devices you use to access the Website and help us provide, protect and improve the offered services.
The use of Cookies enables us to offer you services and products that best meet your needs and interests. Cookies allow the recording of information about your visit to our Website, and their use will make your next visit faster and easier.
Cookies primarily:
- facilitate the effective navigation of the internet website, personalisation, savings of preferences and general improvement of the user experience on the Website;
- distinguish whether a specific user has already visited the internet website or whether they are a new visitor;
- help to display advertising on the Website tailored to the interests of a particular user.
HPA uses cookies when you visit the Website, most commonly to personalise content, obtain anonymous traffic statistics, select relevant advertisements and facilitate more secure login.
Which cookies do we use?
The group of companies in the Havlíkova přírodní apotéka s.r.o. group, as defined in the Personal Data Processing Policy, uses functional, basic analytical and marketing cookies on the Website.
For example, we use cookies to maintain switching of Website display from mobile device mode to PC mode, to maintain your preferences when browsing this Website, information about the selected language or currency, etc. For more detailed information, please contact the website operator.
We also use third-party cookies, e.g. Google Analytics, to analyse visitation). These cookies may be used for advertising purposes in the form of remarketing on the affiliated websites of these companies, etc. These cookies are controlled by third parties and we do not have access to read or write this data.
Functional strictly necessary cookies
These cookies are necessary for the operation of our services and cannot be disabled. They are usually only set in response to your actions, such as setting your preferences, or Google reCAPTCHA.
Basic analytical cookies
These cookies allow us to count visits and traffic so that we can keep track of which pages are most popular and how visitors navigate our Website. All the information collected by these cookies is aggregated and therefore anonymous.
We use these cookies:
- Google Analytics (third party) - designed for tracking website traffic and evaluating traffic data.
- Google Tag Manager (third party) - designed to monitor website traffic and evaluate traffic data.
- Smartlook (third party) - designed to track website behaviour and evaluate UX
Marketing cookies
When you accept marketing cookies, you give us permission to place cookies on your device to provide you with relevant content that matches your interests. These cookies may be set by us or by our advertising partners through our Website. Their purpose is to create a profile of your interests and to show you relevant content on our Website and on third party websites.
These cookies help us to offer the right commercial communications. The purpose of marketing cookies is to connect our website with social and third-party advertising networks such as Facebook or Google Ads. They are also used to retarget customers.
We use these cookies:
- Google Ads (third party) - designed to evaluate the success of campaigns and subsequent retargeting.
- Facebook Pixel (third party) - designed to evaluate the success of campaigns and subsequent retargeting.
- Leady.cz (third party) - designed to collect contacts for subsequent contacting.
Consent to the storage of cookies
If you don’t want to share your privacy, you can customise cookies via our cookie bar. You can change your settings at any time via a link permanently posted on the Website. However, if you do not allow us to use basic cookies, some features of the Website may not work as they should.
You can also reject cookies in general or activate only some cookies (depending on the type of browser) via your internet browser. The Cookie settings for the most commonly used web browsers are available at the following links:
- Internet Explorer: windows.microsoft.com
- Google Chrome: support.google.com
- Mozilla Firefox: support.mozilla.org
- Opera: help.opera.com
- Safari: support.apple.com
THIRD-PARTY COOKIES
HPA may use third-party advertisers to promote and optimise marketing communications. These third parties may use cookies to personalise the content of advertising messages and to measure their effectiveness. Information collected by these third parties may include geolocation data (derived from IP addresses) or contact information (e.g. email address), whereas such information is collected through the Website.
Allowing and rejecting cookies and other similar technologies
You can refuse cookies within the setting of your web browser, or set the use of only some of them. However, if you do not allow HPA use cookies, some features may not work as they should.
You can find the privacy settings on your computer, where cookies can be refused or banned, in the menu of your web browser. The cookie settings for the most commonly used web browsers are available at the following links:
- Chrome - https://support.google.com/accounts/answer/61416?hl=cs
- Firefox - https://support.mozilla.org/cs/kb/vymazani-cookies
- Internet Explorer - https://support.microsoft.com/cs-cz/products/security
We may change the use of Cookies depending on the available technologies and in order to improve user experience and information, so if you wish, please read this notice again from time to time.
RIGHTS OF DATA SUBJECTS
As a data subject, you have the following rights under the law, which you can exercise at any time. You have the following rights in particular: (i) to access the personal data, (ii) to the rectification of inaccurate or false personal data, (iii) to the erasure of personal data, if the personal data are no longer needed for the purposes for which they were collected or otherwise processed, or if you find that they were processed unlawfully, (iv) to restriction of personal data processing, (v) to data portability and (vi) right to object, after which the processing of your data shall be terminated, unless it is proven that substantial legitimate reasons exist for their processing, which outweigh the interests, rights and freedoms of the data subject, in particular if the reason is the enforcement of legal claims. You also have the option of contacting the Office for Personal Data Protection (www.uoou.cz), where you can lodge a complaint.
- Right to access the personal data: if you want to know whether HPA processes personal data about you, you have the right to be informed as to whether your personal data are being processed and, if so, you also have the right to access your personal data.
- Right to access the personal data: if you want to know whether HPA processes personal data about you, you have the right to be informed as to whether your personal data are being processed and, if so, you also have the right to access your personal data.
- Right to rectification of inaccurate and false personal data: if you believe that HPA processes inaccurate or false personal data about you, you have the right to request their rectification. HPA will rectify the data without undue delay, but always with respect to technical capacities.
- Right to erasure: if you request erasure, HPA will erase your personal data if (i) they are no longer needed for the purposes for which they were collected or otherwise processed, (ii) processing is unlawful, (iii) you object to processing and there are no overriding legitimate grounds for processing, or (iv) HPA is not required by law to process them.
- Right to restriction of personal data processing: if you are not interested in erasure but only in them temporary restriction of processing your personal data, you can request that HPA restrict the processing of your personal data.
- Right to data portability: if you want HPA to transfer your personal data that it processes with your consent or based on a contract to a third party, you can exercise your right to data portability. If exercising this right could adversely affect the rights and freedoms of third parties, HPA will not be able to comply with your request.
- Right to object: you have the right to object to personal data processing for the purpose of protecting the legitimate interests of HPA. If HPA does not demonstrate that there is a compelling legitimate reason for processing that overrides your interests or rights and freedoms, it will terminate processing without undue delay based on your objection. If the main substance of your objection is against the sending of commercial communications and the targeting of advertising, please use the link at the end of the last commercial communication (newsletter) you received from us to unsubscribe from commercial communications and the processing of personal data for this purpose.
In the event of repeated or manifestly unjustified requests to exercise the above rights, we are entitled to charge a reasonable fee for executing the right in question, or to refuse to execute the right. We will inform you of such procedure.
To exercise your rights, please contact us via post to the HPA registered office address or via e-mail at gdpr@havlikovaapoteka.cz for the Czech Republic and gdpr@havlikovaapoteka.sk for Slovakia. HPA reserves the right to verify the identity of the applicant for the rights in question via reasonable means.
OUT-OF-COURT SETTLEMENT OF DISPUTES
The customer has the right to the out-of-court settlement of any disputes arising from the contract with the seller in accordance with Section 20d et seq. of Act No. 634/1992 Coll., Consumer Protection Act, as amended, through the Czech Trade Inspection Authority (www.coi.cz).
Personal data and privacy protection is overseen by:
Office for Personal Data Protection
address: Pplk. Sochora 27 170 00 Prague 7
Phone: 234 665 111
Website: www.uoou.cz
This Personal Data Protection Policy is effective from 25 May 2018.
Last update: February 2024.