PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA AND YOUR RIGHTS
In the case that you provide your personal data during installation of “Ahoj Nivy” mobile aplication, we, as the data controller Stanica Nivy s. r. o., having its registered seat at Mlynské Nivy 16, 821 09 Bratislava, the Slovak Republic, ID No.: 50 861 930, registered with the Commercial Register maintained by the District Court Bratislava I, Section: Sro, File No.: 120152/B (hereinafter referred to as “Nivy” or “we”) would like to inform you about the processing of your personal data and of your rights related to the said processing.
HB Reavis is part of the HB Reavis Group, which consists of all the entities consolidated under the group holding HB Reavis Holding S.A. with its headquarters in Luxembourg, due to which the reference to HB Reavis Group may be found in the Privacy Notice (hereinafter referred to as the “HB Reavis Group”).
The “Ahoj Nivy” application unlocks a range of special offers, prices and limited campaigns to all registered members. It enables them to discover and follow stores, events and news, as well as see the map. The content of the app and advertisements is personalised in real time based on members’ preferences, which are gathered from their activity in the app and in the mall thanks to iBeacons, the Bluetooth devices used for location tracking. You can use some of the above-mentioned benefits even if you only download it and do not register in the "Ahoj Nivy" application.
Personal data is processed for the following processing activities:
Installation of “Ahoj Nivy” without registration
Installation “Ahoj Nivy” with registration
Hyper personalisation
Scan of your receipt
GDPR complaints
A further description of our purposes:
1. Installation of Ahoj Nivy without registration
What is our purpose for processing your personal data?
If you download our mobile application without registration, we may perform the following processing operations for the following purposes:
We process your personal data that you provided to us when downloading, installing and using the "Ahoj Nivy" application in order to send customised marketing content without your identification;
We generate anonymous aggregated statistics regarding the effect of relevant marketing campaigns.
What is our legal basis for the processing of your personal data?
For the processing activities listed under a) and b), we process your personal data on the basis of legitimate interests within the meaning of Article 6 (1) (f) of GDPR.
What kind of personal data do we process?
If you are not a registered user of the "Ahoj Nivy" application, we will process the emplate ID, which is a unique identifier of the application installed on your device;
sex (if applicable), age (if applicable), date of birth (if applicable), postal code (if applicable), name, surname (if applicable), telephone number (if applicable);
How long do we store your personal data?
Your personal data will be processed as long as you have the "Ahoj Nivy" application installed;
We store your personal data in an aggregate form for 2 years;
Installation of Ahoj Nivy with registration
What is our purpose for and legitimate interest in processing your personal data?
If you have downloaded the "Ahoj Nivy" application and you have registered and given your consent (in the case of point a) you give your consent directly to your phone's operating system and not to the "Ahoj Nivy" application), we may perform the following processing operations for the following purposes:
We are checking the location of your mobile device (via Bluetooth or WiFi in Nivy and via Bluetooth in the buildings mentioned below) to provide you with relevant marketing content at the relevant time and place if the you are in or near Nivy, or staying in one of the following buildings: Twin City B, Twin City C, Twin City Tower, Nivy Tower, CBC 1, CBC 2, Apollo 3, Apollo 5 and Nové Apollo located in the Nivy zone (the application does not collect location data on other movements) by "push notification";
the processing of your personal data when downloading, installing and using the “Ahoj Nivy” application, to send customised marketing content based on your preferences and to provide 1 extra free hour of parking in addition to the usual amount of free parking.
What is our legal basis for the processing of your personal data?
For the processing activities listed under points a) and b), we process your personal data on the basis of consent in accordance with Article 6 (1) (a) of GDPR.
What kind of personal data do we process?
localization data on the respective mobile device, the Controller can process information on entering the Nivy centre, on your exact place in the Nivy center, and on being located in the proximity of the Nivy centre. Moreover, the Controller can process information on entering and leaving the following buildings: Twin City B, Twin City C, Twin City Tower, Nivy Tower, CBC 1, CBC 2, Apollo 3, Apollo 5 and Nové Apollo;
In addition to the emplate ID, we will process the following personal data in the case that the data subject registers an account manually: email address, telephone number, salutation, first name, last name (if provided), date of birth (if provided), ZIP code (if provided); The data subject can also sign in with his/her Apple account. In that case, we will process the email address, first name, last name (if provided), date of birth (if provided), ZIP code (if provided) and gender (if provided). If the data subject registers using a Facebook account, the following information will be collected: email address, full name, profile picture, Facebook user ID, device name, the operating system version, the “Ahoj Nivy” application version, event tracking information pro
How long do we store your personal data?
We retain your personal data for as long as you allow us to when installing the application and we retain data from iBeacons for 90 days. You can withdraw your consent anytime directly in your phone's operating system;
We store your personal data for the period of validity of the consent. You can revoke your consent at any time by using the consent management icon directly in the application.
Hyper personalisation
What is our purpose for processing your personal data?
We process your personal data to improve your "Ahoj Nivy" application experience through more relevant content and hyperpersonalised marketing communications that enable you to consume content more effectively and engagingly. These communications will be delivered to you based on an assessment of your interests, behaviour and location.
What is our legal basis for the processing of your personal data?
To ensure the provision of hyper personalisation, we process your personal data on the basis of consent in accordance with Article 6 (1) (a) of GDPR.
What kind of personal data do we process?
If you give this consent, the controller may process the following categories of personal data: phone model, operator name, phone language, wifi connection, volume level, frequency of visits to shops, and more...
The total scope of personal data processed can be found at this link.
The scope of the processed data depends on the permissions granted by the data subject themselves to the "Ahoj Nivy" application for individual phone functions such as location, bluetooth, wifi, etc. If the data subject does not grant the "Ahoj Nivy" application these accesses, the data from these functions is not used in the creation of hyperpersonalised content for the devices and is not processed. However, even if the data subject does not grant consent to the processing of personal data for the aforementioned functions, the data continues to be collected and processed on the device in anonymous mode and is not sent outside the device. This data cannot be considered as personal data and is not paired with a person or the device itself. All data remains on the device in a security mode that is standard for the device's operating system.
How long do we store your personal data?
We store your personal data for the period of validity of the consent. You can revoke your consent at any time by using the consent management icon directly in the application.
Scan of your receipt
What is our purpose for processing your personal data?
Our purpose is to provide the opportunity to participate in a game of collecting points for purchases and then redeeming those points for valuable gifts for our customers.
What is our legal basis for the processing of your personal data?
To ensure the provision of collection points for your purchase, we process your personal data on the basis of consent in accordance with Article 6 (1) (a) of GDPR.
What kind of personal data do we process?
Information provided by yourself when you choose to scan the receipt:
Store name, Mall address, Purchase date, Purchase amount, Line items (what you have purchased).
How long do we store your personal data?
We keep your personal data until you withdraw your consent/delete your account or if you have been inactive for 24 months. Hereafter, we will delete or anonymize your personal data.
GDPR complaints
What are our purposes for the processing of your personal data?
We strive to protect your privacy as much as possible, and therefore we process your personal data in compliance with GDPR and all other relevant laws. However, if you disagree with the way we handle your personal data, you can exercise your rights via our Data Protection Officer. To ensure that your complaint is handled, some of your personal data has to be processed.
What is our legal basis for the processing of your personal data?
Your personal data is processed while handling your complaint in accordance with Article 6 (1) (c) GDPR, i.e. the processing is necessary for compliance with a legal obligation to which our company is subject.
What kind of personal data do we process?
Personal data provided by you when submitting the complaint (such as name, surname, email, phone number, etc.).
How long do we store your personal data?
We store your personal data strictly during the time necessary to deal with the complaint.
General provision on the retention period
Once we no longer need your personal data for the purposes for which we processed it, we will delete your personal data or archive it for the period of time specified by law or the archiving plan.
With whom do we share your personal data?
We may also share your personal data with companies within the HB Reavis Group. We may also be obliged to disclose your personal data to state authorities and public authorities, (courts and law enforcement authorities i.e. (police and prosecutor), and only to the extent necessary as required by applicable and effective law to exercise their power.
Based on several agreements with third parties, which act as our intermediaries or independent operators, we may provide your personal data, in particular to these companies, to the extent necessary to ensure the provision of services specified for individual companies:
Bloomreach SK s.r.o., with its registered office at Staromestská 3, Bratislava - mestská časť Staré Mesto 811 03, the Slovak Republic, IČO: 50 017 560, entered in the Commercial Register of the District Court Bratislava I, section: Sro, file no.: 107011 / B; the company as a processor ensures the generation of personalised marketing content;
In addition to the companies listed above, we use the following categories of intermediaries: data centres, hosting - marketing tools - analysis and tracking tools - events, surveys - business operations / management tools - task management and communication tools.
From whom do we get personal data?
We get personal data from you.
Do we use automated individual decision making?
Yes, we use automated individual decision making to provide personalised content on our application. However, we do not make any decisions based solely on automated processing that have legal effects on you or that significantly affect you. We analyse your behaviour in the "Ahoj Nivy" application solely to provide more attractive offers for the purchasing of goods and/or services and to adapt the content of the website to your preferences.
Do we transfer your personal data to third countries?
Your personal data is processed within the territory of the Slovak Republic and other states of the European Union. Your personal data can be processed by a country outside of the European Union if this third country has been confirmed by the European Commission as a country with an adequate level of data protection or if other appropriate data protection safeguards exist (for example, binding corporate privacy rules or EU standard data protection clauses).
What are your rights?
Your rights as a data subject are stated below. Please note that the exact conditions to exercise these rights are set out in detail in Chapter III of GDPR, while in particular circumstances not all rights may be exercised. You have the following rights:
Access to the personal data we process about you
Rectification of incorrect or inaccurate personal data and adding incomplete personal data
Restriction, i.e. blocking of the processing of your personal data
The deletion of personal data in case of an absence of purpose or unauthorised data processing
Submission of an objection to the processing of personal data if you believe that our data processing is not justified
To be excluded from automated decision making
Listing of personal data in a structured and machine-readable format or for another controller
Revocation of consent to the processing of personal data
To lodge a complaint with the supervisory authority
How can you exercise your rights?
Electronically: dataprivacy@hbreavis.com
In writing to the address: Stanica Nivy s. r. o., at hands of: compliance department, Mlynské Nivy 16, 821 09 Bratislava
Telephone: +421 918 723 243
We strive to protect your privacy as much as possible, and therefore we process your personal data in compliance with GDPR and all other relevant laws. However, if you disagree with the way we handle your personal data, you can exercise your rights by contacting our Data Protection Officer: Erika Wild, contact point at Twin City C, Mlynské Nivy 16, 821 09 Bratislava, the Slovak Republic, tel. +421 918 723 243, email: dataprivacy@hbreavis.com
Or you can file a complaint with the supervisory authority regarding the processing of your personal data. Your local supervisory authority may be found at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.