1. INTRODUCTION
This Privacy Policy contains information on how MIWA Technologies, a.s., with its registered office at Plynární 1617/10, Holešovice, 170 00 Prague 7, ID No.: 04331311, registered in the Commercial Register maintained by the Municipal Court in Prague under the Commercial Register No. B 20844 (hereinafter referred to as the "Controller" or "MIWA") processes the personal data of users of MIWA mobile application and how MIWA protects users’ rights.
MIWA is a technology company developing innovative solutions for the distribution and sale of goods using smart reusable packaging and special software to reduce waste generation and waste circulation in the distribution chain.
Protecting user privacy is one of our top priorities in providing our services.
We only ever collect personal data to the extent necessary and only if we really need it.
We process and protect personal data in accordance with applicable legislation, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - (hereinafter referred to as "GDPR")
2. CONTACT
If you have any questions, complaints, suggestions or requests regarding your personal data, please contact MIWA's privacy representative by email at: appinfo@miwa.eu or in writing at the address of the company's registered office listed above.
3. HOW WE COLLECT AND PROCESS PERSONAL DATA
Personal data means, with reference to the GDPR, any information about an identified or identifiable natural person, where an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more elements specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We only process personal data that we have obtained directly from users of MIWA services, either by you providing it to us directly (such as your MIWA account login details, contact details, payment details, etc.) or in connection with your use of MIWA services (such as analytical and statistical data about your use of our mobile app, your purchase history, shopping lists, etc.).
MIWA does not engage in automated individualised decision-making or profiling of users based on personal data which produces legal effects on users or significantly affect their rights, obligations or freedoms.
4. AGE RESTRICTIONS
The services for registered users are intended for persons over 16 years of age. Younger persons may use the services for registered users only with the consent of the legal guardian.
5. PAYMENT INFORMATION
MIWA does not store the number or other security features related to your credit card.
Where you pay for your purchases through our mobile app, this payment is made through a third party service/payment gateway of our partner Stripe Technology Europe, Limited, 1 Grand Canal Street Lower, Dublin 2, Ireland. The use and terms of the payment gateway are subject to the terms and conditions of the relevant operator and, where applicable, any other terms and conditions governing the use of your payment card set by your card issuer or your bank. MIWA only processes payment transaction information to substantiate the payment made for the purposes of contract performance and for proper accounting purposes.
6. PURPOSE, LEGAL BASIS AND DURATION OF PROCESSING
Purpose of processing | Scope of personal data | Legal basis | Processing time |
User account management | Login name, password, username, user ID, profile picture | Necessary for the performance of the contract - provision of MIWA services | 3 years since last login |
Mobile application operation | Device type, operating system, login credentials used, user interface settings, credit account status, payment transaction overview, saved payment methods, purchase history, list of favourite products and shopping items, saved shopping lists | Necessary for the performance of the contract - provision of the MIWA mobile application | 3 years since last login |
MIWA Smart Container management | ID of smart receptacles registered by the user, purchase history related to the specific smart receptacle, amount of refundable deposits paid for smart receptacles | Necessary for the fulfilment of the contract - provision of the MIWA mobile application | 3 years since the last login to the MIWA mobile app managing smart containers |
Statistical and analytical use of the mobile app | Login statistics, app usage time, features used, device type, operating system, device location (if enabled by the user in their mobile device settings) | Legitimate interest - optimization of system load, development and optimization of individual functionalities | 3 years since last login to the MIWA mobile app |
Sending commercial communications sent by MIWA | User ID, user's email address, name, surname | Legitimate interest | 3 years from last login to the MIWA mobile app |
Sending commercial communications sent by MIWA | User ID, user's email address, name, surname, user's indicated areas of interest | User consent provided in the mobile app | Until the user withdraws consent |
The personal data is deleted after the end of the processing period.
7. Your rights in relation to the processing of personal data
Under the terms of the GDPR, you have the following rights as a data subject:
You can also file a complaint regarding the processing of your personal data at any time directly with the Office for Personal Data Protection, located at Pplk. Sochor 27, Prague 7, Czech Republic, or with one of the supervisory authorities of the relevant European Union (EU) or European Economic Area (EEA) member state. Contact details for each supervisory authority can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_cs
8. Disclosure and transfer of personal data to third parties
MIWA does not transfer personal data to countries outside the European Economic Area ("EEA") or to international organisations, except to the recipients and categories of recipients set out below in this Policy. In cases where personal data is transferred to countries outside the EEA, the Controller shall take all steps foreseen by generally applicable European data protection law to ensure adequate protection of personal data, in particular by means of standard contractual data protection clauses adopted by the European Commission (or the supervisory authority and then the European Commission), providing for contractual arrangements with each relevant recipient of personal data, in accordance with applicable European data protection law.
As far as possible, we process personal data ourselves. Where we deem it necessary or efficient, we use the services of vetted partners to process personal data who can act as processors within the meaning of the GDPR. These include, for example, carriers, IT contractors operating our IT systems, customer support providers, or payment service providers.
The MIWA Services may contain links and functionalities to third-party services and social networks, such as Facebook, Google, Instagram Pinterest, Twitter, etc., which, if you choose to use them, may process your personal data such as your IP address, your browsing history or may store cookies or other technical means on your device. In this case, the processing of your personal data is governed by the policies adopted by the operators of these services and social networks, which are available on their websites.
9. Personal data security
MIWA declares that it has taken all appropriate technical and organisational measures to secure personal data, which include the security of data storage and personal data storage, in particular through secure/encrypted access, encryption of user passwords in the database, encryption of login data and API keys, regular updates of the IT systems used and regular backups.
Only authorised persons have access to personal data.
This Privacy Policy became effective on 1.6.2023