Effective Date: May 27, 2025

This Privacy Policy (hereinafter referred to as the “Policy”) describes how KáDéčko Bar & Grill s.r.o. (hereinafter referred to as the “Controller”) processes the personal data of Users in connection with the provision of services through the website www.hamili.cz (hereinafter referred to as the “Website”) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (GDPR) and Act No. 110/2019 Coll., on the processing of personal data.

1. Data Controller

The Data Controller is:
KáDéčko Bar & Grill s.r.o.
Registered Office: Sokolská 412, 463 42 Hodkovice nad Mohelkou, Czech Republic
Company ID: 05634466
VAT ID: CZ05634466
Phone: +420 482 311 111
Email: info@hamili.cz

2. Categories of Processed Personal Data

The Controller processes the following categories of personal data:

• Identification Data: name, surname.
• Contact Data: email address, phone number, delivery address.
• Order Data: information about ordered goods, delivery time and place, payment method.
• Transaction Data: payment details, including payment card numbers (if online payment is used).
• Technical Data: IP address, cookies, device and browser information.
• Behavioral Data on the Website: information about visited pages, interactions with the Website, and preferences.

3. Purposes of Personal Data Processing

Personal data is processed for the following purposes:

• Performance of a Contract: processing and delivery of orders, communication with the User regarding the order, issuance of tax documents.
• Customer Support: handling inquiries, complaints, and claims.
• Marketing Purposes: sending commercial communications (e.g., newsletters) based on the User’s consent.
• Service Improvement: analyzing User behavior on the Website to optimize its functionality.
• Compliance with Legal Obligations: e.g., retaining data for tax and accounting purposes.

4. Legal Basis for Processing

The processing of personal data is based on the following legal grounds:

• Performance of a Contract (Art. 6(1)(b) GDPR): processing data necessary for order fulfillment and service provision.
• Compliance with a Legal Obligation (Art. 6(1)(c) GDPR): e.g., retaining data for accounting and tax purposes.
• Legitimate Interest (Art. 6(1)(f) GDPR): improving services, ensuring Website security, fraud prevention.
• Consent (Art. 6(1)(a) GDPR): sending marketing communications or processing cookies for analytical purposes.

5. Retention Period of Personal Data

• Personal data is retained only for the period necessary to fulfill the purpose for which it was collected:
• Data related to orders: for the time necessary to process the order and handle any claims (typically 3 years from the order date, unless longer retention is required by law).
• Data for accounting and tax purposes: for the period specified by applicable legal regulations (typically 5 years from the end of the accounting period).
• Data for marketing purposes: until the User withdraws consent or for 3 years from the last interaction.
• After this period, the data is anonymized or deleted unless otherwise required.

6. Recipients of Personal Data

Personal data may be shared with the following entities:

• Partner Restaurants: for the purpose of processing and preparing orders.
• Delivery Services: to ensure order delivery.
• Payment Service Providers: to process payments (e.g., payment gateways).
• IT Service Providers: e.g., server operators, analytics tools, or customer data management systems.
• Public Authorities: in cases of compliance with legal obligations (e.g., tax authorities).

The Controller ensures that all recipients of personal data comply with applicable data protection regulations.

7. Transfer of Personal Data to Third Countries

Personal data is not transferred outside the European Economic Area (EEA) unless there is a legal basis and appropriate safeguards under GDPR (e.g., standard contractual clauses) are in place.

8. Data Subject Rights

Under GDPR, the User has the following rights:

• Right of Access (Art. 15 GDPR): to obtain information about what data is processed and for what purpose.
• Right to Rectification (Art. 16 GDPR): to request correction of inaccurate or incomplete data.
• Right to Erasure (Art. 17 GDPR): to request deletion of data if it is no longer needed for the purposes for which it was collected.
• Right to Restriction of Processing (Art. 18 GDPR): to request restriction of processing in certain cases.
• Right to Data Portability (Art. 20 GDPR): to obtain data in a structured format or transfer it to another controller.
• Right to Object (Art. 21 GDPR): to object to processing based on legitimate interest.
• Right to Withdraw Consent: if processing is based on consent, it can be withdrawn at any time.
• Right to Lodge a Complaint: with the Office for Personal Data Protection (www.uoou.cz) (www.uoou.cz).

To exercise these rights, contact the Controller at info@hamili.cz (mailto:info@hamili.cz) or in writing at the registered office address.

9. Security of Personal Data

The Controller implements technical and organizational measures to protect personal data, including:

• Data encryption during transmission (SSL/TLS).
• Restricting access to data to authorized personnel only.
• Regular updates and security of IT systems.

10. Cookie Policy

10.1 What Are Cookies

Cookies are small text files stored on the User’s device (e.g., computer, mobile phone) when visiting the Website. Cookies are used to ensure the Website’s functionality, analyze its usage, and personalize content.

10.2 Types of Cookies

The Website uses the following types of cookies:

• Essential Cookies: Ensure the basic functionality of the Website (e.g., login, order completion). These cookies do not require User consent.
• Analytical Cookies: Used to analyze User behavior on the Website (e.g., Google Analytics). These cookies are processed based on User consent.
• Marketing Cookies: Enable personalized advertising and measurement of its effectiveness. These cookies are processed based on User consent.

10.3 Cookie Management

• Upon the first visit to the Website, the User can consent to the use of cookies or adjust their settings via the cookie banner.
• The User can refuse cookies or manage their settings at any time through their browser settings. Refusing certain cookies may limit the Website’s functionality.
• Detailed information about cookies, including their names, purposes, and retention periods, is available in the cookie banner on the Website.

10.4 Legal Basis for Cookies

• Essential cookies are processed based on the Controller’s legitimate interest (Art. 6(1)(f) GDPR).
• Analytical and marketing cookies are processed based on the User’s consent (Art. 6(1)(a) GDPR).

11. Contact

For any inquiries regarding the processing of personal data or the use of cookies, contact the Controller:
Email: info@hamili.cz (mailto:info@hamili.cz)
Phone: +420 482 311 111
Address: Sokolská 412, 463 42 Hodkovice nad Mohelkou, Czech Republic

12. Final Provisions

• The Controller reserves the right to amend this Policy. Changes will be published on the Website and take effect on the date of publication.
• This Policy is governed by the laws of the Czech Republic and relevant EU regulations.