Privacy Policy

I. General Provisions

  1. The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council (the “GDPR”) on the protection of natural persons with regard to the processing of personal data and the free movement of such data is Gourmet plus
    spol. s r.o., Soukenická 19, 110 00 Prague 1, Company ID: 62585568 (hereinafter: the “Controller”).

Email: bar@bugsysbar.cz

  1. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, network identifier, or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  2. The Controller has not appointed a Data Protection Officer.

II.

Sources and Categories of Personal Data Processed

  1. The Controller processes personal data that you have provided or personal data obtained in connection with fulfilling your order.
  2. The Controller processes your identification and contact details, as well as data necessary for the performance of the contract.

III.

Legal Basis and Purpose of Data Processing

  1. The legal basis for processing personal data is:
  • The performance of a contract between you and the Controller pursuant to Article 6(1)(b) GDPR;
  • The Controller’s legitimate interest in providing direct marketing (especially sending commercial communications and newsletters) pursuant to Article 6(1)(f) GDPR;
  • Your consent to processing for the purposes of direct marketing (especially sending commercial communications and newsletters) pursuant to Article 6(1)(a) GDPR in conjunction with § 7(2) of Act No. 480/2004 Coll., on certain services of the information society, in cases where no goods or services have been ordered.
  1. The purposes of personal data processing are:
  • Fulfilling your order and exercising the rights and obligations arising from the contractual relationship between you and the Controller; for orders, personal data necessary for the successful execution of the order are required (name, address, contact), and providing personal data is a prerequisite for concluding and performing the contract; without providing personal data, the contract cannot be concluded or performed by the Controller.
  • Sending commercial communications and conducting other marketing activities.
  1. The Controller does not perform automated individual decision-making within the meaning of Article 22 GDPR. For such processing, you have provided your explicit consent.

IV.

Data Retention Period

  1. The Controller retains personal data:
  • For as long as necessary to exercise the rights and obligations arising from the contractual relationship between you and the Controller and to enforce claims under these contracts (for a period of 15 years from the termination of the contractual relationship).
  • Until consent for processing personal data for marketing purposes is withdrawn, up to a maximum of 5 years if personal data are processed based on consent.
  1. After the retention period, the Controller will delete personal data.

V.

Recipients of Personal Data (Controller’s Subcontractors)

  1. Recipients of personal data are persons:
  • Involved in the delivery of goods/services/payment processing under a contract;
  • Involved in ensuring the operation of services;
  • Providing marketing services.
  1. The Controller does not intend to transfer personal data to a third country (outside the EU) or an international organization.

VI.

Your rights

  1. Under the conditions set out in the GDPR, you have:
  • The right to access your personal data under Article 15 GDPR;
  • The right to rectify personal data under Article 16 GDPR or to restrict processing under Article 18 GDPR;
  • The right to erasure of personal data under Article 17 GDPR;
  • The right to object to processing under Article 21 GDPR;
  • The right to data portability under Article 20 GDPR;
  • The right to withdraw consent to processing in writing or electronically at the address or email of the Controller provided in Section III of these Terms.
  1. You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe your rights have been violated.

VII.

Podmínky zabezpečení osobních údajů

  1. Správce prohlašuje, že přijal veškerá vhodná technická a organizační opatření k zabezpečení osobních údajů.
  2. Správce přijal technická opatření k zabezpečení datových úložišť a úložišť osobních údajů v listinné podobě.
  3. Správce prohlašuje, že k osobním údajům mají přístup pouze jím pověřené osoby.

VIII.

Final Provisions

  1. By submitting an order/contact form via the online order form, you confirm that you have read and accept the terms of this Privacy Policy in full.
  2. You accept these terms by checking the consent box on the online form. By checking the box, you confirm that you have read and accept the Privacy Policy in full.
  3. The Controller is entitled to amend these terms. The new version of the Privacy Policy will be published on the website, or the Controller may send you the updated version by email provided by you.

These terms take effect on 20.07.2025.