Information about personal data processing
The controller of the personal data is AmRest Coffee s.r.o.having its registered office at Walterovo náměstí 329/3, Jinonice, 158 00 Praha 5, entered in the Commercial Register maintained at the Metropolitan Court in Prague, file C 130118, Company Number 28167694, Taxpayer Identification Number: CZ28167694 (hereinafter referred to as the “Company”).
Adherence to legal regulations regarding personal data protection
In the course of its activity, the Company processes certain personal data relating to its customers, Users, and its employees and assumes the role of personal data controller in relation to processing such personal data.
When processing personal data, the Company proceeds strictly in accordance with legal regulations, in particular REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “General Data Protection Regulation”).
The personal data processed, the purposes of processing
Customers
The Company normally does not process the personal data of customers when preparing and selling meals at its restaurants. Should a customer place an order with the Company for the delivery of food to a specific address, his/her contact data (first name, surname, place of residence / delivery address, e-mail address and telephone number) is processed based on the contract entered into with the customer for the purpose of processing the relevant order.
Apart from cases involving the delivery of food to the customer, the personal data of customers is processed only in cases in which the customer decides to use one of the Company’s loyalty programmes or to participate in one of the Company’s consumer competitions. In such case the personal data of customers (including, depending on the specific case, the customer’s first name and surname, place of residence, e-mail address, date of birth, telephone number, payment details and, where appropriate, information about his/her order and the places at which purchases are made) is processed to conclude and perform the contract or, in certain cases, with the consent of the customer, which the customer provides voluntarily in accordance with the rules of the relevant loyalty programme or consumer competition.
The personal data of customers is processed within the loyalty programmes for the purpose of making it easier to handle the orders of the relevant customer, marketing (for example, as part of the marketing campaigns of the Company, to provide information about new products, for the delivery of the Company’s commercial communications or to provide notification of prizes won and other benefits pertaining to the customer) and for the purpose of surveying customer satisfaction as well as internal administrative and business operations. Processing for the purposes of direct marketing, service quality assurance, analyses, reports and statistics is based on the legitimate interests of the Company. Provision of the personal data is voluntary, but without it it will not be possible provide the benefits associated with the loyalty account and/or receive information about special offers, discounts and news. Personal data is processed in the case of consumer competitions for the purpose of handing over prizes to the winners of a competition.
In order to protect the Company's property or to ensure the entry of authorized persons into the Company's premises, the premises may be monitored by camera systems. Specific information on this processing is available at the relevant facilities.
Automated individual decision-making is not performed.
Website users
The Company uses cookies on its website. Detailed information can be found in the document Cookies Policy on the Company’s website.
The provision of data to other subjects
The Company only provides personal data which it has already processed to partners at which technical and organisational measures for the protection of data and fulfilment of the other obligations arising from the General Data Protection Regulation have been established. Company partners have access to personal data only to the extent required for the performance of their tasks. The Company therefore, in certain cases, provides personal data to other companies from the AmRest Group and to external partners that provide the Company with services relating to the placement of personal data on the common servers of the AmRest Group, provision of standard office applications, management of applications for loyalty programmes, management of payments for purchases from the Company and assessment of marketing surveys and expert consulting services providers.
When processing personal data, the Company uses, as the recipient of personal data, the following companies:
- Companies that manage the information systems required to operate Starbucks Rewards, Starbucks Delivers and any other applications;
- Companies providing online payments for ordered goods;
- Companies that provide customer support (incl. call centers);
- Companies providing marketing communications.
Under no circumstances does the Company provide personal data to other parties in exchange for payment.
The transfer of personal data abroad
The Company may transfer personal data to other countries within the European Union and, in certain cases, to other countries (USA). In the case of such other countries, the transfer takes place based on the European Commission’s adequacy decisions, or other safeguards in accordance with the General Data Protection Regulation (particularly standard contractual clauses).
Personal data is transferred to other companies in the AmRest Group, if required in a specific case, based on a contract, pursuant to which the recipient of personal data undertakes to uphold a high standard of personal data protection (the transfer of personal data is based on the standard contractual clauses according to Article 46(2)(c) of the General Data Protection Regulation) and/or subject to the consent of the person whose personal data is transferred, or based on other permitted grounds in accordance with the exceptions stipulated by the GDPR.
Data storage and retention
The Company stores personal data only for the period of time required to achieve the purpose of its processing and does so according to the rules specified hereunder:
- in the case of loyalty programmes, personal data is stored only for the period of duration of the customer’s participation in the loyalty programme, or where appropriate, for the period of time required to comply with legal obligations or to protect our rights;
- footage from security cameras is stored for a maximum period of ten days.
Withdrawing consent to the processing of personal data, objection to processing
If the Company processes the personal data of its customers, Users or employees subject to their consent, the person in question has the right to withdraw his/her consent to the processing of personal data. He/she may do this through the relevant application, in an e-mail sent to [email protected] or by post.
If consent to the processing of personal data is withdrawn, the data provided shall be deleted, unless it is possible to process the data even without the consent of the person in question based on valid legal regulations. However, withdrawal of consent shall not affect the processing of personal data until the time at which consent is withdrawn. In the case of processing of personal data for the purposes of the legitimate interests of the Company, the data subject has the right to object to the processing for reasons related to his specific situation. In such a case, it will be examined whether there are sufficient grounds on the part of the Company to continue processing. The person concerned shall be informed of the resolution of the objection. Processing for the purposes of direct marketing can be objected to without further notice and processing by the Company will be stopped, in particular it is possible to unsubscribe from commercial communication, via the link contained in each such electronic message or direct request.
Other rights
The customer or the Company employee or the User may also enjoy the other rights arising from the General Data Protection Regulation according to the specific situation; i.e. the following rights:
- the right to access personal data, i.e. the right to receive from the Company confirmation of whether personal data which concerns him/her is or is not processed and if so, he/she has the right to access such personal data and information about:
- the purposes of processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to which personal data has been or shall be made available;
- the planned period of storage of personal data or the criteria used to determine the length of this period;
- the existence of the right to demand that the Company correct or delete personal data or restrict the processing of personal data and/or to lodge an objection against the processing of personal data;
- the right to lodge a complaint with the supervisory authority;
- the sources of personal data, if such data is not obtained from the applicant;
- the execution of automated decision-making, including profiling, and about information to concern the procedure used and the meaning and expected consequences for the applicant;
- the transfer of personal data to countries outside the European Union (so-called third countries) or to international organisations and about adequate guarantees regarding the processing of personal data provided in connection with the transfer of such data.
Furthermore, the data subject shall have the right to receive a copy of the personal data processed. However, this right shall not adversely affect the rights and freedoms of other persons.
- the right to the correction of personal data, if his/her personal data is inaccurate;
- the right to the deletion of personal data (“the right to be forgotten”), if one of the following reasons exists:
- personal data is no longer required for the purposes for which it was collected or otherwise processed;
- withdrawal of consent to the processing of personal data and the non-existence of any further legal grounds for processing;
- justified objections are brought to the processing of personal data;
- personal data has been processed unlawfully;
- personal data must be deleted in order for the legal obligations which bind the Company to be fulfilled;
- personal data has been collected in connection with the offer of services of the information society to a child.
- the right to restrict processing in the following cases:
- the accuracy of personal data is contested, for the period of time required for the Company to verify the accuracy of personal data;
- the processing of personal data is unlawful, but the restriction of use of such personal data is demanded instead of its deletion;
- the Company no longer requires the personal data for the purposes of processing, but the applicant requires it for the specification, execution or defence of legal claims;
- an objection has been lodged against processing in the case of processing personal data for the purposes of the legitimate interests of the Company, until such time as it has been verified whether or not the legitimate grounds of the Company prevail over the legitimate grounds of the person lodging the objection.
- the right to data portability, i.e. the right to obtain personal data to concern him/her in a structured, commonly-used and machine-readable format and the right to transfer such data to another controller (or to request the transfer of data from the Company to another controller) in the case that personal data processing is based on consent or on a contract and is conducted automatically;
- the right to lodge an objection, i.e. the right to lodge a complaint against the processing of personal data for the purposes of the legitimate interests of the Company; and
- the right to lodge a complaint with the Office for Personal Data Protection (Úřad pro ochranu osobních údajů) or, where appropriate, with the competent office of another European Union State.
The customer or Company employee or User of the Website may exercise its rights by contacting the Company. The contact details of the Company are presented below.
How you can contact us
We have appointed a Data Protection Officer whom You can contact in all matters related to our processing of Your personal data as well as exercising Your rights related to our processing of Your personal data.
The Data Protection Officer can be contacted by:
- sending us an e-mail to the address: [email protected];
- sending a letter (best if marked for the attention of: “Data Protection Officer”) to the address: AmRest s.r.o. with its registered office at Walterovo náměstí 329/3, Jinonice, 158 00 Prague 5.
Copyright
The owner and operator of the website www.starbuckscoffee.cz is the company AmRest Coffee s.r.o., having its registered office at Walterovo náměstí 329/3, Jinonice, 158 00 Praha 5, entered in the Commercial Register maintained at the Metropolitan Court in Prague, file C 130118, Company Number 28167694, Taxpayer Identification Number: CZ28167694 (hereinafter referred to as the “Company”).
The Company holds all copyrights to all content which the Company places on the website www.starbuckscoffee.cz (hereinafter referred to as the “Website”).
The rights and obligations of the Company and of the users when using this Website are governed by this Privacy Policy (hereinafter referred to as the “Rules”). The Rules apply to all persons who visit this Website (hereinafter referred to as “Users”). The Rules may be updated at any time. The date of updating the Rules shall be indicated on the final page of the Rules.
Links to other sites
Links are presented on the Website to websites over which the Company has no control. Should a User visit one of these websites, he/she should acquaint him/herself with the rules of using the website and with security standards. The Company is not liable for the expressions and procedures of the operators of such websites.
User conduct
The User undertakes, when using this Website, to respect the valid legal regulations of the Czech Republic, to invariably act in accordance with good morals and with these Rules and not to damage in any way the repute and rights of the Company or of other Users.
Liability
Any risks arising for the User from using this Website are entirely the responsibility of the User and the Company is not liable for these. All disputes arising in connection with the use of the Website shall be resolved by the court having local and subject-matter jurisdiction over the Company in the Czech Republic.
In Prague, 6. 4. 2022