MIWA App privacy policy

1. INTRODUCTION

This Privacy Policy contains information on how MIWA Technologies, a.s., with its registered office at Plynární 1617/10, Holešovice, 170 00 Prague 7, ID No.: 04331311, registered in the Commercial Register maintained by the Municipal Court in Prague under the Commercial Register No. B 20844 (hereinafter referred to as the "Controller" or "MIWA") processes the personal data of users of MIWA mobile application and how MIWA protects users’ rights.

MIWA is a technology company developing innovative solutions for the distribution and sale of goods using smart reusable packaging and special software to reduce waste generation and waste circulation in the distribution chain.

Protecting user privacy is one of our top priorities in providing our services.

We only ever collect personal data to the extent necessary and only if we really need it.

We process and protect personal data in accordance with applicable legislation, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - (hereinafter referred to as "GDPR")

2. CONTACT

If you have any questions, complaints, suggestions or requests regarding your personal data, please contact MIWA's privacy representative by email at: privacy@miwa.eu or in writing at the address of the company's registered office listed above.

3. HOW WE COLLECT AND PROCESS PERSONAL DATA

Personal data means, with reference to the GDPR, any information about an identified or identifiable natural person, where an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more elements specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

We only process personal data that we have obtained directly from users of MIWA services, either by you providing it to us directly (such as your MIWA account login details, contact details, payment details, etc.) or in connection with your use of MIWA services (such as analytical and statistical data about your use of our mobile app, your purchase history, shopping lists, etc.).

MIWA does not engage in automated individualised decision-making or profiling of users based on personal data which produces legal effects on users or significantly affect their rights, obligations or freedoms.

4. AGE RESTRICTIONS

The services for registered users are intended for persons over 16 years of age. Younger persons may use the services for registered users only with the consent of the legal guardian.

5. PAYMENT INFORMATION

MIWA does not store the number or other security features related to your credit card.

Where you pay for your purchases through our mobile app, this payment is made through a third party service/payment gateway of our partner Stripe Technology Europe, Limited, 1 Grand Canal Street Lower, Dublin 2, Ireland. The use and terms of the payment gateway are subject to the terms and conditions of the relevant operator and, where applicable, any other terms and conditions governing the use of your payment card set by your card issuer or your bank.   MIWA only processes payment transaction information to substantiate the payment made for the purposes of contract performance and for proper accounting purposes.

6. PURPOSE, LEGAL BASIS AND DURATION OF PROCESSING

Purpose of processingScope of personal dataLegal basisProcessing time
User account managementLogin name, password, username,  user ID, profile pictureNecessary for the performance of the contract - provision of MIWA services3 years since last login
 
Mobile application operationDevice type, operating system, login credentials used, user interface settings, credit account status, payment transaction overview, saved payment methods, purchase history, list of favourite products and shopping items, saved shopping listsNecessary for the performance of the contract - provision of the MIWA mobile application3 years since last login
MIWA Smart Container managementID of smart receptacles registered by the user, purchase history related to the specific smart receptacle, amount of refundable deposits paid for smart receptaclesNecessary for the fulfilment of the contract - provision of the MIWA mobile application3 years since the last login to the  MIWA mobile app managing smart containers
Statistical and analytical use of the mobile app
 		Login statistics, app usage time, features used, device type, operating system, device location (if enabled by the user in their mobile device settings)Legitimate interest - optimization of system load, development and optimization of individual functionalities3 years since last login to the MIWA mobile app
Sending commercial communications sent by MIWAUser ID, user's email address, name, surnameLegitimate interest3 years from last login to the MIWA mobile app
Sending commercial communications sent by MIWAUser ID, user's email address, name, surname, user's indicated areas of interestUser consent provided in the mobile appUntil the user withdraws consent

The personal data is deleted after the end of the processing period.

7. Your rights in relation to the processing of personal data

Under the terms of the GDPR, you have the following rights as a data subject:

  • the right of access to your personal data under Article 15 of the GDPR;
  • the right to rectification of personal data pursuant to Article 16 of the GDPR, or restriction of processing pursuant to Article 18 of the GDPR;
  • the right to erasure of personal data under Article 17 of the GDPR. However, the controller declares that, following the exercise of your right to erasure of personal data, the processing of those personal data necessary for the fulfilment of financial, tax and other legal obligations to which the controller is subject, as well as for the establishment, exercise or defence of legal claims, continues after the controller has implemented your request;
  • the right to object under Article 21 of the GDPR to processing on the basis of legitimate interests or for direct marketing purposes;
  • the right to data portability under Article 20 of the GDPR;
  • the right to withdraw consent to the processing of personal data at any time;
  • you can opt out of receiving commercial communications or withdraw your consent to the related processing of personal data via the link provided in the communications;
  • the right to receive a copy of the standard contractual clauses concluded by the controller in accordance with the provisions of Article 46 of the GDPR.
  • To exercise the above rights, you can use the contact form on the MIWA website (www.miwa.eu), the e-mail address privacy@miwa.eu, or you can contact us by sending a written request to the address of the company's registered office mentioned at the beginning of this document.

You can also file a complaint regarding the processing of your personal data at any time directly with the Office for Personal Data Protection, located at Pplk. Sochor 27, Prague 7, Czech Republic, or with one of the supervisory authorities of the relevant European Union (EU) or European Economic Area (EEA) member state. Contact details for each supervisory authority can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_cs

8. Disclosure and transfer of personal data to third parties

MIWA does not transfer personal data to countries outside the European Economic Area ("EEA") or to international organisations, except to the recipients and categories of recipients set out below in this Policy. In cases where personal data is transferred to countries outside the EEA, the Controller shall take all steps foreseen by generally applicable European data protection law to ensure adequate protection of personal data, in particular by means of standard contractual data protection clauses adopted by the European Commission (or the supervisory authority and then the European Commission), providing for contractual arrangements with each relevant recipient of personal data, in accordance with applicable European data protection law.

As far as possible, we process personal data ourselves. Where we deem it necessary or efficient, we use the services of vetted partners to process personal data who can act as processors within the meaning of the GDPR. These include, for example, carriers, IT contractors operating our IT systems, customer support providers, or payment service providers.

The MIWA Services may contain links and functionalities to third-party services and social networks, such as Facebook, Google, Instagram Pinterest, Twitter, etc., which, if you choose to use them, may process your personal data such as your IP address, your browsing history or may store cookies or other technical means on your device. In this case, the processing of your personal data is governed by the policies adopted by the operators of these services and social networks, which are available on their websites.

9. Personal data security

MIWA declares that it has taken all appropriate technical and organisational measures to secure personal data, which include the security of data storage and personal data storage, in particular through secure/encrypted access, encryption of user passwords in the database, encryption of login data and API keys, regular updates of the IT systems used and regular backups.

Only authorised persons have access to personal data.

This Privacy Policy became effective on 1.6.2023