Privacy

Thank you for your interest in our center and our website. We take the protection of your personal data seriously and would like to inform you below about the scope and purposes for which we collect and process your data, so that you feel safe and comfortable when visiting our center and our website.

I. RESPONSIBLE ENTITY

The entity responsible for the processing of your personal data in our shopping center and on our website is: DBK management a.s.
Budějovická 1667/64 140 00 Prague 4 Czech Republic

E-Mail: marketing@dbkpraha.cz

II. BASIC INFORMATION ON THE COLLECTION AND PROCESSING OF PERSONAL DATA

1. PROCESSING OF PERSONAL DATA IN OUR CENTER

In our center, we process personal data, i.e. information relating to an identified or identifiable person, such as your name and address, in accordance with the provisions of the European General Data Protection Regulation (GDPR).

Various photographs and video recordings are taken on the premises of OC DBK. By participating in OC DBK events, the customer expressly consents to the fact that photographs or audio/video recordings of his person taken during the events may be used in a reasonable manner by any technical method, without monetary compensation and time limit. This is to inform you that the premises of OC DBK are partially monitored by cameras. The purpose of this measure is safety and health protection, security of client data and protection of property. Camera recordings are stored for the period necessary to evaluate any incidents and then erased.

a) Legal basis for data processing in the center

(1) Based on your consent (Art. 6 para. 1 lit. a) GDPR)

If you have given us consent to the processing of personal data for specific purposes, the lawfulness of this processing is based on your consent. The consent granted can be revoked at any time. The withdrawal of consent does not affect the lawfulness of the personal data processed until the withdrawal.

Send any withdrawals to:
DBK management a.s.
Budějovická 1667/64 140 00 Prague 4

E-Mail: marketing@dbkpraha.cz

(2) For the fulfillment of contractual obligations (Article 6(1)(b) GDPR)

In some cases, your personal data is also processed for the purpose of fulfilling a contract concluded with you at your request or for the purpose of fulfilling a pre-contractual measure, for example in connection with an existing obligation to provide services to you. Further details on the respective purposes of processing personal data can be found in the relevant contractual documents and terms and conditions of participation.

(3) In the context of balancing interests (Art. 6(1)(f) GDPR)

If necessary, we process your personal data to protect our legitimate interests or the legitimate interests of third parties. These are:

• Advertising or market and public opinion research
• Exercising legal claims and defending in legal disputes
• Ensuring IT security and IT operations
• Prevention and investigation of crimes
• Video surveillance for the protection of home rights, the collection of evidence or the provision of evidence
• Anonymous measurement of customer frequency to optimize the operation of the center
• Measures for the security of buildings and customers
• Measures for the protection of home rights

b) Purposes of processing personal data in the center

If we process your personal data in our center as part of campaigns, services and processes, this is done for the purposes described below:

• Participation in competitions
• Registration for sending news
• Reservation transactions
• Payment transactions
• Childcare
• Rental of property in the center
• Creating photos or videos
• Video surveillance
• Anonymous customer frequency measurement
• Place requests
• Customer advice and entertainment purposes
• Issuing vouchers
• Recording and processing of complaints, claims or found items
• Preparation and implementation of events
• Center service products
• Personalized advertising
• Recognition of vehicle license plates

c) Categories of personal data processed in the center

Depending on the contract, consent and event, we process the following categories of personal data data:

Image and video data, contact details, name and surname, address details, e-mail address (for sending newsletters), date of birth (for proof of age), bank details (e.g. for online payments), billing details, application data and parking data.

2. PROCESSING OF PERSONAL DATA ON OUR WEBSITES

When using the website for purely informational purposes, we only collect personal data that your browser transmits to our server and that is technically necessary to display our website and ensure stability and security.

If you have provided us with this have given your consent or if we are legally entitled to do so, we collect personal data from you as a website user in order to provide you with website content and offer you other services, such as the contact form or our newsletter.

a) Legal basis for the processing of personal data on our website

(1) Based on your consent (Art. 6 Para. 1 lit. a) GDPR)

If you have given us your consent to process your personal data for specific purposes, the lawfulness of this processing is based on your consent. The consent given can be revoked at any time. The withdrawal of consent does not affect the lawfulness of the personal data processed until the withdrawal.

(2) For the performance of contractual obligations (Art. 6(1)(b) GDPR)

In some cases, your personal data is also processed for the purpose of fulfilling a contract concluded with you at your request or for the purpose of fulfilling a pre-contractual measure, for example in connection with an existing obligation to provide services to you. Further details on the respective purposes of processing personal data can be found in the relevant contractual documents and the terms and conditions of participation.

(3) In the context of a balancing of interests (Art. 6(1)(f) GDPR)

If necessary, we process your personal data to protect our legitimate interests or the legitimate interests of third parties. This includes, for example:

• Advertising or market and public opinion research, unless you have objected to the use of your personal data
• Use of cookies (more detailed explanation below)
• Exercise of legal claims and defense in legal disputes
• Ensuring the stability, security of personal data and functionality of the website

a) Purposes of processing personal data on our website

If we process your personal data on our website, this is for the purposes described below:

• Technical provision of the website and monitoring its functionality
• Contact via the contact form
• Sending newsletters
• Statistical analysis of website use
• Creating profiles
• Publication of the content you enter when visiting our website
• Publishing photos based on your consent
• Participating in competitions
• Processing voucher orders
• Ordering parking passes
• Collecting data about your devices (using cookies)
• User-generated content on social media
• Communication with the application

b) Categories of personal data processing on our website

We process your personal data on our website in various ways:

(1) Hosting and log files

The hosting services we use are used to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use to operate this online offer.

We, or our hosting provider, we process inventory data, contact data, content data, contract data, usage data, metadata and communication data of customers, prospects and visitors to this online offer on the basis of our legitimate interest in the efficient and secure provision of this online offer in accordance with Art. 6 Para. 1 Letter f GDPR in conjunction with Art. 28 GDPR (conclusion of the order processing contract).

We or our hosting provider collect personal data on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 Letter f) GDPR about every access to the server on which this service is located (so-called server log files). The access data includes the name of the visited website, the file, the date and time of access, the volume of personal data transferred, a notification of successful access, the browser type and version, the customer's operating system, the URL of the reference (previously visited page), the IP address and the provider that made the request.

The IP address is stored for security reasons (e.g. for the purpose of investigating abuse or fraud) for 14 days and in connection with participation in competitions by our service provider S.Factory s.r.o. for 1 month, after which it is deleted. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the relevant incident has been definitively clarified (e.g. further information from log files).
Every time you visit our website, your browser automatically sends certain information to the website server to enable communication between your browser and the server. This information is stored in a so-called log file. This includes, for example, information about

• the type and version of the browser you are using,
• the operating system you are using,
• the website from which you came to the current page,
• the host name (IP address) of your computer, and
• the time of the call..

We also use the information transmitted by your browser to our servers in anonymized form – i.e. without the possibility of drawing any conclusions about you – to analyze and improve our services. In this way, we can, for example, detect possible errors or find out on which days and hours our website is particularly frequently used.

(2) Newsletter and contact

The newsletter contains news, offers and other information about DBK products/services. By subscribing to the newsletter, you will receive personalized information about products, services or suggestions for participation in promotional events such as competitions, in accordance with the consent you have given.

If you contact us, for example via one of our contact forms or by e-mail, the personal data you provide (such as your e-mail address, or your name, telephone number, etc.) will be processed for the purpose of processing your inquiry and, if necessary, contacting you. We will delete the personal data collected in this context if they are no longer required for the above-mentioned purpose, provided that the deletion does not conflict with any legal obligations to retain them.

Recipient:

The personal data is transferred to our customer management platform, which may also be accessed by service providers for the purpose of supporting and implementing the newsletter. The platform service provider gains access to the personal data from a third country (a country outside the European Economic Area (EEA)). This transfer of personal data takes place on the basis of the EU Decision on the Adequate Protection of Personal Data of 10 July 2023 on the so-called Data Privacy Framework (EU-U.S. DPF). In addition, so-called standard contractual clauses have been concluded with these service providers as appropriate safeguards in accordance with Article 46 of the GDPR. For further information, please visit the European Commission website:

Data transfers between the EU and the US - European Commission

Legal basis and options for withdrawal:

Art. 6(1)(a) GDPR (consent)

If you no longer wish to receive the newsletter, you can withdraw your consent to receive the newsletter at any time and thus unsubscribe from the newsletter. To do so, click on the unsubscribe link provided in each newsletter and you will be guided through the unsubscribe process. You can also send us your revocation by e-mail.

If your profile has not been verified as part of the so-called double opt-in procedure, your profile will be deleted.

(3) Organization of competitions

If you register for a competition held in the center or on our website, we will use the personal data you provide us with when registering (e.g. IP address, confirmation of the conditions of participation, name, address, e-mail address, date of birth) for the purpose of implementing the participation contract, in particular for the notification of the prize. In individual cases, other personal data may be processed that are necessary for the implementation of the competition, such as photos and video recordings if you participate in a photo or video competition.

Recipient

The data may be transferred to our service provider, S.Factory s.r.o., which processes it on the basis of an order processing contract pursuant to Article 28 of the GDPR in accordance with personal data protection laws.

Legal basis

The legal basis for this processing of personal data is Article 6(1)(b) of the GDPR (which allows the processing of personal data for the purpose of fulfilling a contract or pre-contractual measures) and Article 6(1)(c) of the GDPR.

The data that DBK management a.s. is processed solely for the purpose of organizing and conducting the competition, they will be deleted after its end, unless there is a legal obligation to retain them.

The legal basis for this processing of personal data may also be Article 6(1)(f) GDPR, if the processing of personal data is necessary to protect the legitimate interests of DBK management a.s. DBK management a.s. has a legitimate interest in preventing attempts at abuse/fraud and excluding such participants from the competition in order to ensure a fair and orderly conduct of the competition towards other participants.

(4) Use of cookies

(a) General

When you visit our website, we use technologies for collecting personal data in your browser, such as cookies, tags and pixels, which collect specific information about your current browsing. These technologies are often referred to as "cookies" on other websites. Cookies also allow our websites to remember your actions and preferences (such as login details, language, font size and other display preferences) for a certain period of time so that you do not have to re-enter them the next time you visit or move from one page to another. We use cookies for a variety of purposes. There are different requirements and legal bases for the use of these cookies in the depending on their purpose.

(b) Types and purposes of cookies

This website uses the following types of cookies, the scope and functions of which are explained below:

• Essential cookies
• Functional cookies
• Measurement cookies
• Marketing cookies

(aa) "Essential" and "functional" cookies - website functionality and administration:

We use "essential" and "functional" cookies to operate our website. These cookies ensure functions without which you would not be able to use our website as intended. For administrative and identification purposes, a personal identification number of you, the visitor to our website, is also stored. This allows us to offer you a consistently high-quality service. We store data such as saved language preferences.

Technical necessity exists, for example, with regard to providing the following functions/achieving the following purposes:

• User security - When using cookies for security purposes, their purpose must be considered in addition to their necessity. In particular, necessary measures are permitted that serve to protect users and their data.
• Language selection – Saving the language selection on international websites is also expected and considered necessary by users.
• Opt-In cookies – Cookies that store consent to the use of cookies are also absolutely necessary so that the "cookie banner" does not appear again each time the website is accessed.
• Playback of multimedia content – If cookies are necessary for playback, they can be used.
• Load balancing – Cookies that ensure an even load distribution (Load Balancing) of the website are considered absolutely necessary.

Legal basis:

Art. 6(1)(b) GDPR (necessity for the performance of a contract)

(bb) Measurement and analysis cookies

Measurement and analysis cookies are used to measure visitor activity on the website. We collect information about how our website is used in order to improve its attractiveness, performance, content and functionality. For example, these cookies help us to determine whether and which subpages of our website are visited and what content users are particularly interested in. In particular, we record the number of page visits, the number of subpages visited, the time spent on our website, the order of pages visited, the search terms that brought you to us, the country, region and, if applicable, the city from which you accessed us, as well as the proportion of mobile devices accessing our website.

We use the collected data for the following purposes:

• Web analysis – we analyze personal data based on your surfing behavior in order to improve the functionality and design of our website.
• Advertising effectiveness – we measure the effectiveness of our advertising by analyzing the click-through rate on our advertising based on the path you take to our website. In this way, we optimize the effectiveness of the advertisements we place on external websites.
• Error management - we measure errors on our websites so that we can immediately fix errors or other problems.

These cookies only collect and store pseudonymized information, so they cannot track your movements on other websites. The IP address of your computer transmitted for technical reasons is automatically anonymized and does not allow us to draw any conclusions about individual users.

Legal basis and options for revocation:

Art. 6 (1) (a) GDPR (consent)

The use of cookies for measurement is based on your consent. You give your consent by clicking the "Ok" button on the website in the banner that refers to this consent text. By clicking on the "OK" button, you consent to the storage of data on your end device (for example, by setting cookies) or the retrieval of data from your end device.

If you have consented to this, you can object to the use of these cookies at any time by adjusting your cookie settings accordingly.

You can find the cookie settings in the footer of the page in the section "Adjust cookie settings".

In some cases, your personal data is processed outside the EEA, for example in the USA, due to cookies used for measurement and analysis. This transfer of personal data is carried out on the basis of the EU decision on the adequate protection of personal data of 10. 7. 2023 on the so-called Data Privacy Framework (EU-U.S. DPF). In addition, so-called standard contractual clauses pursuant to Article 46 GDPR. Your consent to the use of cookies for measurement and analysis also includes consent to the transfer of certain personal data to third countries, including the USA, in accordance with Article 49(1)(a) GDPR.

(cc) Marketing cookies

We use marketing cookies from our advertising partners (so-called third-party cookies) to ensure that you are shown our advertising messages in the right place and at the right time. These cookies are so-called persistent or permanent cookies, which are stored on your device with a fixed expiration date and remain after you close your browser. They can be manually deleted in your browser at any time. They contain a personal identifier that can assign surfing behavior to individual users. We also use these cookies to ensure that individual users are not shown advertisements for an unlimited period of time and to measure the effectiveness of our advertising campaigns. The identifiers stored in these cookies are provided by our partners. We cannot use the same identifiers in our systems. We also use these cookies to display advertising that is relevant to your location, for example to inform you about offers in centres near you.

Legal basis:

Art. 6(1)(a) GDPR (consent)

Marketing cookies are only set if you have given your prior consent. You give this consent by clicking on the relevant "OK" button in the cookie banner on the website.

However, you can withdraw your consent at any time in your cookie settings. You can find your cookie settings in the footer of the website under the "Edit cookie settings" section.

In some cases, your personal data is processed by service providers outside the EEA, for example in the USA, for the marketing cookies used. This transfer of personal data is based on the EU decision on the adequacy of personal data of 10 July 2023 on the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In addition, so-called standard contractual clauses have been concluded with these service providers as appropriate safeguards in accordance with Article 46 of the GDPR. Your consent to the use of convenience cookies also includes your consent to the transfer of certain personal data to third countries, including the USA, in accordance with Article 49(1)(a) of the GDPR.

(c) Managing and deleting all cookies

Of course, you can configure your browser so that it generally does not store our cookies on your end device. The help function in the menu bar of most web browsers explains how you can prevent your browser from accepting new cookies, how you can have the browser notify you when a new cookie is received, or how you can delete all cookies already accepted and block all further cookies.

Please note that generally disabling cookies may result in reduced functionality of our websites.

To delete cookies, open your browser settings (usually via the three dots or gear) and enter "cookies" or "delete cookies" in the search box. Then follow the instructions in your browser.

If you want to receive information about the cookies set in your browser or delete them, you can view them, for example, via the "preferences manager". One such example can be found at https://www.youronlinechoices.com/de/praferenzmanagement/.

(d) Cookies / pixels / tags used on our website

(aa) Google Analytics

If you have given your consent in the cookie banner, Google Analytics 4 is used on this website. This is a web analytics service provided by Google LLC. The controller for users in the EU and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Scope of processing

Google Analytics 4 uses cookies that allow us to analyze the use of our website. The information collected is anonymized and usually transmitted to a Google server in the USA. IP addresses are not stored or logged.

During your visit to the website, the following data is collected via Google Analytics 4:

• Pages accessed, your "click path"
• Achievement of "website goals" (conversions, e.g. newsletter registration, downloads, purchases)
• Your user behavior (e.g. clicks, duration of stay, bounce rate)
• Your approximate location (region)
• Your IP address (in abbreviated form)
• Technical information about your browser and the end devices you use (e.g. language settings, screen resolution)
• Referral URL (via which website/advertising medium you came to this website).

If you have expressly agreed to the use of other Google analytics and marketing cookies (see below), a connection and therefore a corresponding exchange of personal data between these Google tools will take place.

Purpose of processing

The reports provided by Google Analytics 4 are used to analyze the performance of our website and the success of our marketing campaigns.

We also use the technical extension "Google Signals", which enables cross-device tracking. This makes it possible to assign individual website visitors to different end devices. However, this only happens if the visitor is logged in to Google when visiting the website and has activated the "personalized advertising" option in their Google account settings. Even in this case, however, we do not have access to any personal data or user profiles, which remain anonymous to us.

If you do not wish to use the "Google Signals" service, you can deactivate the "personalized advertising" option in your Google account settings.

Recipient:

Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001.

In accordance with the contract, your personal data is used on servers located in the EU. However, it cannot be ruled out that personal data will also be transferred to the USA. This transfer of personal data is based on the EU decision on the adequate protection of personal data of 10 July 2023 on the so-called Data Privacy Framework (EU-U.S. DPF). In addition, an agreement has been concluded with Google Ireland Ltd., which contains EU standard contractual clauses. In this way, we ensure that the level of data protection is also adequate for data processing on servers in the USA (Art. 46 GDPR). You can find more information on the website of the European Commission:

Data transfers between the EU and the USA - European Commission

In addition, by activating the tool, you expressly consent to the transfer of personal data (Art. 49(1) GDPR).

Storage period

The personal data sent by us in connection with cookies will be automatically deleted after a maximum of 12 months. Personal data for which the retention period has expired will be automatically deleted once a month. You can also prevent Google from collecting the personal data generated by the cookie and related to your use of the website (including your IP address) and from processing this personal data by a. not consenting to the setting of the cookie or b. downloading and installing the browser add-on available at Google Analytics to deactivate it.

Legal basis and possibility of revocation

The legal basis for this data processing is your consent, Art. 6 Para. 1 Sentence 1
Letter a) GDPR. You can withdraw your consent at any time by calling up your cookie settings and changing your selection.

For more information about the terms of use of Google Analytics, please visit https://marketingplatform.google.com/about/analytics/terms/de/.
For information on data protection, please visit https://www.google.de/intl/de/policies/privacy.

(bb) Google Tag Manager

Purpose/information:

This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags via a single interface. The tool itself (which implements the tags) is a cookie-free domain and does not store any personal data. The tool runs additional tags that may collect personal data. Google Tag Manager does not have access to this data. If tracking has been disabled at the domain or cookie level, this deactivation will continue to apply to all tracking tags integrated via Google Tag Manager.

You can find more information about privacy on the following Google websites:

• Privacy Policy: https://policies.google.com/privacy?hl=de&gl=en
  Google Tag Manager FAQ: https://www.google.com/intl/de/tagmanager/faq.html
  Google Tag Manager Terms of Use: https://www.google.com/intl/de/tagmanager/use-policy.html

Recipient:

Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

In accordance with the contract, your personal data is used on servers located in the EU. However, it cannot be ruled out that personal data will also be transferred to the USA. This transfer of personal data is carried out on the basis of the EU decision on the adequate protection of personal data of 10. 7. 2023 on the so-called Data Privacy Framework (EU-U.S. DPF). In addition, so-called standard contractual clauses have been concluded with these service providers as appropriate guarantees pursuant to Article 46 GDPR. For more information, please visit the European Commission website:

Data transfers between the EU and the US - European Commission

In addition, by activating the tool, you expressly consent to the transfer of personal data (Article 49(1) GDPR).

Legal basis:

Article 6(1)(f) GDPR (legitimate interest)

(cc) Bing Maps:

Purpose/information:

This website uses the Bing Maps map service from Microsoft. Thanks to Bing Maps, we can better show you the location of our center and thus tailor our services to your needs. You can see at a glance where our center is located and the route planning function helps you find the best or fastest route to us. The provision of Bing Maps is part of our customer service and is therefore in our legitimate interest pursuant to Article 6(1)(f) GDPR.

When using this function, information is transmitted to Microsoft and analyzed for its purposes. This usually includes your IP address and the possibility that this information will be transmitted to Microsoft servers (including servers in the USA). In order to provide its services, Bing Maps collects and stores data such as the search queries you enter, your IP address, and the latitude and longitude coordinates. If you use the route planning function, the starting address you enter is also processed. This data is processed directly by Microsoft; our center has limited influence on this processing and can only inform you about it.

Due to the integration of the service into our website, Microsoft may store cookies (e.g. identifiers such as MUID) in your browser that are used to analyze user behavior and for the operational purposes of the service. For further information on the processing of personal data by Microsoft, please refer to the privacy statement: https://privacy.microsoft.com/cs-cz/privacystatement.

Recipient:

Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

Your personal data is primarily processed on servers within the EU/EEA. However, it cannot be excluded that the data will also be transferred to the USA. This transfer is based on the European Commission's adequacy decision of 10 July 2023 (the so-called EU-U.S. Data Privacy Framework), in which Microsoft is certified. At the same time, standard contractual clauses pursuant to Article 46 of the GDPR are used as appropriate safeguards. Further information on data transfers between the EU and the US can be found on the European Commission website.

In addition, by activating the tool, you expressly consent to the transfer of personal data (Art. 49 (1) (a) GDPR).

Legal basis:

This data processing and the storage of cookies require your consent pursuant to Art. 6 (1) (a) GDPR. You can revoke your consent at any time by changing your selection in the cookie settings.

You can find the cookie settings on the "Advanced settings" page.

(dd) Conversion settings in Google Ads

Purpose/information:

We use the Google Ads conversion service to draw attention to our attractive offers using advertising materials (so-called Google Ads) on external websites. We can determine how successful individual advertising measures are in relation to the advertising campaign data. We do this so that we can show you advertisements that are of interest to you, to make our websites more interesting for you and to achieve a fair calculation of advertising costs.

These advertisements are delivered by Google via so-called "ad servers". For this purpose, we use ad server cookies, which can be used to measure certain parameters for measuring success, such as ad impressions or user clicks. If you access our websites via a Google ad, the Google ad servers will store a cookie on your end device. These cookies usually expire after 90 days and are not intended to identify you personally. The analytical values ​​of this cookie usually include a unique cookie ID, the number of times the ad was displayed per placement (frequency), the last view (important for view-through conversions) and logout information (indicating that the user no longer wishes to be addressed).

These cookies allow Google to recognize your internet browser. If the user visits knows certain pages of the Ads customer's website and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user clicked on an advertisement and was redirected to this page. Each Ads customer is assigned a different cookie. Cookies cannot therefore be tracked through the websites of the Ads customers. We do not collect or process any personal data ourselves within the scope of the above-mentioned advertising measures. We only receive statistical analyses from Google. Based on these analyses, we can determine which of the advertising measures used are particularly effective. We do not obtain any further personal data from the use of advertising media, in particular we cannot identify users based on this information.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google through this tool and therefore inform you according to our level of knowledge: By integrating Google Ads conversion, Google receives information that you have visited the relevant part of our website or clicked on our advertisement. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will determine your IP address and store it.

Recipient:

Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
In accordance with the contract, your personal data is used on servers located in the EU. However, it cannot be ruled out that personal data will also be transferred to the USA. This transfer of personal data takes place on the basis of the EU decision on the adequate protection of personal data of 10 July 2023 on the so-called Data Privacy Framework (EU-U.S. DPF). In addition, so-called standard contractual clauses have been concluded with these service providers as appropriate safeguards in accordance with Article 46 GDPR. Further information can be found on the European Commission's website:

Data transfers between the EU and the US - European Commission

In addition, by activating the tool, you expressly consent to the transfer of personal data (Art. 49 (1) GDPR).

Storage period:

90 days

Legal basis and possibility of objection:

Your consent is required for this data processing, Art. 6 (1) sentence (a) GDPR. You can revoke your consent at any time in the cookie settings [[and change your selection there.

You can find your cookie settings in the “Edit cookie settings” section.

(ee) Remarketing in Google Ads

Purpose/information

We use the remarketing function within Google Ads. With the remarketing function, we can offer users of our website advertising on other websites within the Google advertising network (on Google search or on YouTube, so-called “Google Ads” or on other websites) and show them advertisements based on their interests. For this purpose, the interaction of users on our website is analyzed, for example, which offers the user was interested in, so that we can show users targeted advertising on other websites even after they have visited our website. For this purpose, Google stores cookies on the end devices of users who visit certain Google services or websites in the Google Display Network. These cookies are used to record the visits of these users. Cookies are used to uniquely identify a web browser on a specific end device, not to identify a person.

You can find more information about data protection at Google on the Google website: https://policies.google.com/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at https://thenai.org/.

Cookie lifetime:

Up to 540 days (this only applies to cookies set via this website).

Legal basis and options for revocation:

Your consent is required for this data processing, Art. 6 Para. 1 Para. 1 lit. a) GDPR.

You can revoke your consent at any time by calling up the cookie settings and changing your selection.

You can find the cookie settings on the "Advanced settings" page.

(ff) Custom Audiences Facebook (for websites) / Conversion Facebook Pixel

Purpose/information:

This website uses the so-called "Facebook Pixel" of Meta Platforms Inc. ("Facebook") for the following purposes:

A. Custom audience on Facebook cebooku (website)

We use Facebook Pixel for remarketing purposes so that we can reach you again within 180 days. This allows website users to be shown interest-based advertisements ("Facebook ads") when they visit the social network "Facebook" or other websites that also use this process. We are interested in showing you advertisements that are of interest to you so that our websites and offers are more interesting to you.

B. Facebook conversions

With Facebook Pixel, we also want to ensure that our Facebook advertisements match the potential interest of users and are not annoying. With Facebook Pixel, we can track the effectiveness of Facebook advertisements for statistical purposes and market research by determining whether users were redirected to our website after clicking on a Facebook advertisement (so-called "conversions").

Due to the marketing tool used (Facebook Pixel), your browser automatically establishes a direct connection to the Facebook server as soon as you agree to the use of cookies requiring consent. By integrating Facebook Pixel, Facebook receives information that you have visited our website or clicked on one of our advertisements. If you are registered with Facebook, Facebook can assign the visit to your account.

The processing of personal data by Meta Platforms takes place within the framework of Facebook's Privacy Policy. You can also find specific information and details about the Facebook Pixel and the Conversions API and how they work in the Help on the Facebook website.

Recipient:

Joint responsibility:

We are jointly responsible for the collection and transfer of data within the framework of this process with Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This applies to the following purposes:

Creating personalized or relevant advertisements, optimizing them, and delivering commercial and transactional communications (e.g. via Messenger).

The following processing is therefore not included in joint processing:

Meta Platforms Ireland Ltd. is solely responsible for the processing after the collection and transmission of personal data.

The creation of reports and analyses in aggregated and anonymized form is carried out as part of order processing and we are therefore responsible for them.

We have concluded a corresponding joint responsibility agreement with Meta Platforms Ltd., which can be found here: https://www.facebook.com/legal/controller_addendum. This defines the respective responsibilities for fulfilling the obligations under the GDPR with regard to joint responsibility.

In accordance with the agreement, your personal data is used on servers located in the EU. However, it cannot be ruled out that personal data will also be transferred to the USA. This transfer of personal data is based on the EU decision on the adequate protection of personal data of 10 July 2023 on the so-called Data Privacy Framework (EU-U.S. DPF). In addition, so-called standard contractual clauses have been concluded with these service providers as appropriate safeguards in accordance with Article 46 of the GDPR.

The contact details of the controller and the data protection officer of Meta Platforms Ireland Ltd. can be found here: https://www.facebook.com/about/privacy

We have agreed with Meta Platforms Ireland Ltd. that Meta Platforms Ireland Ltd. can be used as a contact point for exercising the rights of the data subject. Notwithstanding this, the scope of the data subject's rights is not limited.

Further information on how Meta Platforms processes personal data, including the legal basis and further information on the rights of data subjects, can be found here: https://www.facebook.com/about/privacy. We transfer the data within the framework of
joint responsibility on the basis of a legitimate interest pursuant to Art. 6 Para. 1 lit. f) GDPR.

You can find information about the terms of personal data protection here: https://www.facebook.com/legal/terms/data_security_terms and about processing based on standard contractual clauses here: https://www.facebook.com/legal/EU_data_transfer_addendum.

Other recipients:

We also transfer the collected data to the relevant internal departments and/or external service providers, processors (e.g. platform, hosting, support and analysis service providers) for processing in accordance with the required purposes (to display and analyze advertising).

Pixel lifespan:

Up to 180 days after the last interaction (this only applies to pixels on built via this website).

Legal basis and options for revocation:

This data processing requires your consent, § 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TDDDG), Art. 6 (1) sentence a) DSGVO. You can revoke your consent at any time by calling up the cookie settings and changing your selection.

You can find the cookie settings in the Edit cookie settings section.

(10) Notice on the use of applications

Our center applications are regularly available for download on third-party websites (Apple Store, Google Play Store). If DBK management a.s. becomes your contractual partner for obtaining the application in accordance with the applicable terms of use of such provider, we process personal data that the external provider makes available to us to the extent necessary for the performance of the contract so that you can download the application to your mobile device.

The DBK mobile application does not collect personal data about unregistered users. An unregistered user has access to the application for viewing, but may not use the loyalty program. The mobile application collects personal data only about registered users.

We process the obtained personal data in accordance with the principle of minimization of personal data processing enshrined in the GDPR and therefore we process it only to the extent necessary and to the following extent:

• First and last name
• Email address
• Mobile number
• Date of birth
• Residential address
• Current location
• Information about products, events and news that the user clicked on or otherwise interacted with in the application

3. COMMON PRINCIPLES FOR PROCESSING YOUR PERSONAL DATA IN OUR CENTER AND ON OUR WEBSITES

a) Recipients of personal data

Your data will only be received by those internal departments or organizational units and other companies that are legally connected to us if this is necessary for the fulfillment of our contractual and legal obligations or if we need the data in connection with the processing and realization of our legitimate interest.

Your personal data will be transferred to external recipients in connection with the processing of the contract, if we are obliged to provide information, submit reports or transfer personal data in order to meet legal requirements, if you have given us consent to the transfer of personal data to third parties or external service providers who act on our behalf as processors or perform functions for us (e.g. IT service providers, data centers, data liquidators or courier services, marketing, recruitment, newsletters, security services, credit services, logistics, printing services, telecommunications, parking services and financial service providers)

If you have expressly agreed to this, we will also pass on your photo data to third parties. These include, for example, Facebook, Instagram and other social networks used by DBK management a.s., but also social media agencies and other third parties. This will of course not happen if you have not given your express consent to the transfer of photo data.

b) Storage period

Your personal data is stored on the basis of your consent, for the purpose of fulfilling the contract or protecting legitimate interests. However, if you withdraw your consent or object to the processing of personal data or if the purpose of the processing no longer applies, the images and other personal data will be deleted from the computer systems of DBK management a.s. within a reasonable period of time. or removed from the websites and social media pages of the shopping centers managed by the company, unless their - temporary - further processing is required due to legal retention obligations.

Print/offline media that have already been printed and contain images or other personal data may continue to be used for the above-mentioned purposes even after the revocation. If a group photo or video is published, the revocation of an individual customer will generally not lead to their removal. Otherwise, the images or other personal data will be deleted immediately after receipt of the revocation, subject to statutory or legal retention obligations.

c) Transfer of your data to a third country

We transfer your data to entities established in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) who work for us as processors (e.g. IT service providers or data centers). When using Google Analytics, we transfer your anonymized IP address to the USA. In addition, your personal data may be transferred to social media plug-in providers; for further details, please refer to their privacy policies.

If there is no EU Commission decision on an adequate level of data protection in the country concerned, we conclude contracts in accordance with EU data protection regulations that ensure that your rights and freedoms are adequately protected and that guaranteed. We will be happy to provide you with detailed information upon request.

Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organizations.

d) Your rights as a data subject to whom the collection of personal data concerns

If you exercise your rights under this paragraph, we will communicate, in accordance with applicable law, the correction or erasure of your personal data or the restriction of processing carried out in accordance with your request to all recipients to whom the personal data have been disclosed, unless such communication proves impossible or involves disproportionate effort.

If you wish to exercise your rights and/or receive all relevant information, please contact us using the contact details provided in paragraph 10. We will respond to you no later than 1 month after receiving your request. In accordance with applicable law and the following information, you have the right to request information about your personal data, its correction, erasure or portability (for example, the transfer of your personal data to another service provider) of your personal data processed by us and the restriction of their processing.

(1) Right to information

You have the right to request information at any time, free of charge, including information about your personal data that we process, the purposes of the processing, the categories of recipients, the planned storage period or, in the case of a transfer to a third country, the appropriate safeguards. You also have the right to obtain a copy of your personal data.

(2) Correction of your personal data

According to applicable law, you have the right to correct the personal data that you have provided to us. In the Services settings, you can update your account information, change your profile settings, subscribe to/unsubscribe from messages from us, and set your preferences for sharing services, including location-based features.

If you have registered for our Services in writing or by email, please contact us in writing or by email using the contact details set out in paragraph 10 to correct your personal information.

(3) Erasure of your personal information

You may ask us to erase your personal information at any time in writing or by email using the contact details set out in paragraph 10. If you ask us to do so, we will promptly erase all personal information we hold about you, provided that the purpose of the processing has ceased to exist and there is no legal or regulatory obligation to retain the personal information. In this case, we will block the personal data.

(4) Restriction of processing

If you request us to restrict the processing of your personal data in writing or by email using the contact details provided in paragraph 10, for example if you contest the accuracy, lawfulness or necessity of the processing of your personal data, we will limit the processing of your personal data to the minimum necessary (storage) and, if necessary, use it only for the establishment, exercise or enforcement of legal claims or for the protection of the rights of other natural or legal persons and for other legal reasons. If the restriction is lifted and we process your personal data again, you will be informed of this immediately.

(5) Portability of your personal data

You have the right to receive your personal data that you have provided to us on the basis of consent or a contract and which are processed automatically. If you request this in writing or by e-mail using the contact details provided in paragraph 10, we will provide you with your personal data in a standard, machine-readable format immediately upon receipt of your request. Upon request, we will transfer your personal data to external parties (data controllers) that you indicate in your request, provided that this request does not violate the rights or freedoms of third parties and is technically feasible.

(6) Withdrawal of your consent / right to object

You can withdraw your consent at any time without giving any reason. Please contact us by e-mail or letter (contact details can be found in paragraph 10). We will no longer process your personal data for the purposes for which you have given us your consent and will block it accordingly. The withdrawal of your consent does not affect the lawfulness of processing based on your consent before its withdrawal.

(7) Right to object

For reasons relating to your particular situation, you also have the right to object at any time to processing of personal data concerning you which is based on Article 6(1)(e) (processing carried out in the public interest) or Article 6(1)(f) GDPR (legitimate interest of the controller); this also applies to profiling based on these provisions. In such a case, we will no longer process the personal data concerning you unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of these personal data for such marketing purposes. If you object to the message If you do not wish to use our services for direct marketing purposes, these personal data will no longer be processed for these purposes.

Send any appeals to:

DBK management a.s.
Budějovická 1667/64
140 00 Prague 4

E-Mail: marketing@dbkpraha.cz

(8) Complaint to the competent data protection authority

You have the right to file a complaint about our processing of personal data with the supervisory authority.

(9) Changes to our data protection policy

We reserve the right to change these data protection policies from time to time so that they are always in line with current legal requirements, or to make changes to our services in the data protection policy, for example when introducing new services. The new privacy policy will then apply to your next visit.

(10) Data Protection Questions

If you have any questions regarding data protection or would like to exercise your rights listed above, please contact us using the details below:

DBK management a.s.
Budějovická 1667/64
140 00 Prague 4
E-Mail: marketing@dbkpraha.cz