Privacy policy

The purpose of this document is to inform you of our practices regarding the protection, processing and collection of the personal data you share with us in connection with your use of the Locura Android application (hereinafter the “Application”) and access to the https://locura.guide/ website (hereinafter the “Website”). 

1. Introductory provisions 

For the purposes of this document, personal data means any information relating to an identified or identifiable natural person. Personal data also includes a variety of individual pieces of information which, taken together, may lead to the identification of a particular person (data subject). Personal data are typically first and last name, title, date of birth, national identification number, contact address, etc. 

Processing of personal data means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated processes, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other disclosure, alignment or combination, restriction, erasure or destruction. 

Personal data are processed only on the basis of and to the extent permitted by Regulation (EC) No 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the “GDPR Regulation”) and related legislation. 

2. Controller 

The controller of personal data pursuant to Article 4 point 7 of the GDPR Regulation is the business company Project Port s.r.o., ID No.: 141 90 541, with its registered office at Lublaňská 267/12, Vinohrady, 120 00 Prague 2, Czech Republic, registered in the Commercial Register at the Municipal Court in Prague, File No C 361826 (hereinafter the “Controller”). 

3. What personal data are processed 

The Controller processes personal data voluntarily provided by the data subject in connection with the registration and use of the Application. This may include, in particular, e-mail address, name and surname, telephone number, address, country of origin, social media profile information, likeness (photo), ID number, VAT number or bank account number and other information. The scope of information that the Controller processes may vary depending on the activities for which the data subject wishes to use the Application. 

The Controller also automatically processes technical data such as the IP address, the type of device, operating system and browser used by the data subject to access the Application or the Website and the data subject’s behaviour when visiting the Website and using the Application. 

4. Recipients of personal data 

The Controller reserves the right to use the services of external suppliers (third parties). The services provided by external suppliers may include partial processing of personal data, which the Controller shares only to the extent necessary, while the suppliers are contractually bound to the Controller to protect personal data by similar means as the Controller. 

The suppliers with whom the Controller shares personal data may include, in particular, technical service providers (hosting, data centres, IT support), banks and payment service providers, legal, tax and accounting advisors or providers of marketing, communication and analytical services. 

The Controller is entitled or obliged to disclose personal data to a third party if required by law. Typically, this may be at the request of public authorities. 

Some features of the Application (e.g., maps or payment gateway) may be directly provided by third party tools. The data subject acknowledges that such third parties may themselves require the user to provide certain personal data, i.e., be processors of personal data. The protection, processing and collection of personal data is then carried out by the third party in accordance with its own terms and conditions. 

The data subject who wishes to use the Application not only to view the content but also to share it (i.e., as a Guide – see the Terms and Conditions [locura.guide/smluvni-podminky]), acknowledges that some of the personal data provided by them may be made available to other users via the Application, in particular to the extent of the Guide’s name and profile picture. 

5. Terms and conditions for processing personal data 

The Controller is entitled to process personal data only if at least one of the conditions defined in Article 6(1) of the GDPR Regulation is met. 

In this particular case, the Controller processes personal data under one of the following conditions: 

a) the data subject has given the Controller consent to the processing of their personal data; 

b) the processing is necessary for the performance of a contract concluded between the Controller and the data subject; 

c) the processing is necessary for compliance with a legal obligation to which the Controller is subject; 

d) the processing is necessary to protect the legitimate interests of the Controller or a third party. 

If the data subject has not refused this option, the Controller is entitled to process the e-mail address of the data subject within the meaning of Section 7(3) of Act No. 480/2004 Coll., on certain information society services and on amendments to certain acts, as amended, for the purpose of disseminating commercial communications concerning its own services and products (e.g., in the form of a bulletin or newsletter). 

6. Retention period of personal data 

The length of retention of personal data depends primarily on the applicable legislation, which in certain cases clearly defines the period of time for which the Controller is obliged or entitled to retain personal data. The period for which personal data is retained also depends on the purpose for which it was processed. 

The same personal data may also be processed for several different purposes, so withdrawing consent to data processing may not mean that it will be deleted by the Controller in some cases. However, where personal data are processed solely on the basis of the data subject’s consent, they will be erased without undue delay after the withdrawal of that consent. 

7. Rights of users (data subjects) 

The GDPR Regulation gives data subjects certain rights in relation to the processing of their personal data. The Controller is obliged to handle, collect and process personal data in such a way that the data subject or other persons are not harmed in terms of their rights. In particular, the data subject has the following rights: 

a) Right to access and portability of personal data 

The data subject has the right to request information about the processing of their personal data and an overview of the data that has been processed, under the conditions set out in Article 15 of the GDPR Regulation. Where personal data are processed in a fully automated manner and are stored in a structured machine-readable format, the data subject has the right to request a copy of the data in the same machine-readable format. The data subject shall also have the right to request the Controller to transmit such data to another data controller, if technically feasible. 

b) Right to rectification, correction and completion of personal data 

If the data subject believes that the personal data processed is inaccurate, outdated or otherwise incorrect, they are entitled to inform the Controller and request the correction of the relevant data under the conditions set out in Article 16 of the GDPR Regulation. The data on the invoice already issued cannot be changed in accordance with applicable law. Such data can only be changed if the data subject has not yet received or paid for the goods or services. 

c) Right to erasure of personal data 

The data subject has the right, under the conditions set out in Article 17 of the GDPR Regulation, to request the Controller to erase the personal data concerning the data subject without undue delay and the Controller has the obligation to erase the personal data without undue delay, in particular (i) if the data are no longer necessary for the purposes for which they were collected, (ii) the data subject withdraws consent, on the basis of which the data were processed, (iii) the data subject objects to the processing, (iv) the personal data have been unlawfully processed, (v) the personal data must be erased in order to comply with a legal obligation under Union or Member State law, (vi) the personal data were collected in connection with the offer of information society services pursuant to Article 8(1) of the GDPR Regulation. 

d) Right to restriction of processing of personal data 

The data subject has the right, under the conditions set out in Article 18 of the GDPR Regulation, to request the Controller to restrict the processing of personal data if (i) the data subject contests the accuracy of the personal data, (ii) the processing is unlawful, (iii) the Controller no longer needs the personal data, (iv) the data subject has objected to the processing. 

e) Right to object to the processing of personal data 

The data subject has the right, under the conditions set out in Article 21 of the GDPR Regulation, to object at any time to the processing of personal data on the grounds of the legitimate interests of the Controller, the performance of a task carried out in the public interest or in the exercise of official authority. 

In the event of repeated or manifestly unfounded requests to exercise the above rights, the Controller is entitled to charge a reasonable fee for the exercise of the right, or to refuse to exercise it. The data subject shall be informed of this procedure. 

The data subject may exercise their rights by writing to the Controller via the e-mail address [email protected]. The data subject is also entitled to contact the central administrative authority for the protection of privacy and personal data: 

Personal Data Protection Office 

Pplk. Sochora 727/27 

170 00 Prague 7 

In the event of any problem related to the processing or protection of personal data, please contact the Controller directly in the first instance, who will attempt to resolve the request to your maximum satisfaction. 

8. Security of personal data 

The Controller has a duty to protect the personal data of subjects against unauthorised interference. Personal data shall be protected against loss, theft, unauthorised access, misuse, alteration or destruction by appropriate physical, technical and administrative security measures. 

9. Cookies 

When you visit the Website, cookies are processed. Cookies are small text files that are stored on the device from which the Website is accessed (computer, tablet, phone,…) and that allow information about the visit to the site to be recorded. In general, some cookies are necessary to ensure the basic functionalities of the Website (functional), while others are mainly used to improve the functioning of the Website or for marketing purposes. 

When you first visit the Website, you are asked whether, or to what extent, you consent to the storage of cookies on your device. The consent to the storage of cookies can also be revoked at any time by means of the settings of the end device (internet browser). If the use of cookies is refused, it is possible that some functions of the Website will not be displayed at all or cannot be used from the device in question. 

Visitors are informed about what cookies the Website uses and what privacy settings are available when they first enter the Website. 

10. Final provisions 

The Privacy Policy as amended is valid from 11.01.2024 and will be updated by the Controller if necessary. 

If you have any questions regarding the protection, processing and collection of the personal data you share, you may also contact us via email at [email protected].