Headers examples

Privacy Policy

1. Introduction and definitions

This document provides information on the method and scope of processing and protection of personal data provided. The document is intended for you – our customers, suppliers and business partners (including your employees or cooperating third parties). The document describes the processing of data by Getting Gold CZ s.r.o., with its registered office at Jaurisova 515/4, 140 00 Prague, Czech Republic, ID. No.: 02844346, (hereinafter referred to as the "Controller").

This document is in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons in connection with the processing of personal data and the free movement of such data (hereinafter "GDPR").

Definitions:

  • Personal data – any information relating to an identified or identifiable natural person (hereinafter referred to as the "Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, date of birth, residency, identification card No., location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Sensitive personal data – special categories of personal data that could reveal racial or ethnic origin, religion, political or philosophical beliefs, trade union membership, information about your health or sex life, genetic data or biometric data for the purpose of uniquely identifying an individual.
  • Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Processor – a natural or legal person, public authority, agency or other entity that processes personal data for the Controller.
  • Recipient – a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether or not it is a third party. However, public authorities which may obtain personal data in the context of a specific investigation in accordance with the law of a Member State shall not be considered recipients; the processing of such personal data by such public authorities shall be in accordance with the applicable data protection rules for the purposes of the processing.
  • Data subject – a natural person to whom the personal data relates, this may include your employees, members of corporate bodies, or natural persons cooperating with you.

2. Types of personal data collected

Before or during the contractual relationship, the Controller may process personal data about you, or the Data Subjects, specifically the personal data that you have provided to us - the Controller - before or during the contractual relationship (for the purpose of implementing the contractual relationship). The Controller processes, among others, the following types of personal data:

  • Creator Data - identification data, first name, last name, date of birth, residential address, contact address, telephone numbers, email addresses, billing and payment information, login information, Face Recognition Data, a copy of the identity document that you provide to us, a "selfie" of you with your identity document, photos or other information provided to us,
  • User Data - login information, first name, last name, date of birth, residential address, contact address, telephone numbers, email addresses, photos or other information provided to us, payment information

3. Purpose and legal basis for processing personal data

The Controller collects and uses the personal data provided by you for the purpose of providing services for Creator and User through our platform. The legal ground is fulfilling the contract that will be or has been concluded between you and the Controller. Furthermore, the Controller collects and processes the personal data provided by you in cases where this is required by the relevant effective legal regulations or decisions of a public authority.

In cases where the processing of personal data is not necessary for the performance of a contract or is not required by law, the Controller may, in limited cases, explicitly ask you for consent or to obtain consent for certain uses of personal data. If the Controller asks for consent, you always have the option to refuse and if you provide consent, the Data Subject who provided consent is then entitled to withdraw such consent at any time.

The Controller may also collect and process personal data without consent if this is necessary for other legitimate purposes of the Controller, for example:

  • setting up and managing your user account, which enables you to use the service
  • purchasing services as well as follow-up customer care (resolving questions and problems)
  • ensuring the safety and protection of the Controller's property and other legitimate interests of the Controller,
  • investigation of potential incidents or violations of obligations arising from legal regulations and/or internal regulations,
  • if necessary for compliance with legal regulations, for example, collecting and providing personal data in accordance with regulatory requirements, tax laws or at the request of the police,
  • based on court permission or in the exercise or defense of the Controller's legal rights,
  • marketing activities
  • if it is necessary to protect your vital interests (or the vital interests of another person).

4. Recipients of personal data

The Controller may also share the provided personal data with third parties – Processors, including:

  • those who provide goods or services to the Controller, e.g., financial, tax and legal advisors; other consultants; data- and systems-retention support providers; cloud or infrastructure providers; content moderators, payment service providers and payment gateways; identity-verification (KYC) service providers; fraud-detection and security-monitoring services; external customer-support providers; email, SMS and push-notification platforms and marketing-automation tools; analytics and business-intelligence services; advertising and retargeting networks; content-delivery-network (CDN) providers; image and video processing/transcoding services; and backup and disaster-recovery providers,
  • other third parties, if the sharing of personal data is based on your consent or is necessary,
  • to comply with obligations arising from legal regulations,
  • to prepare or file an actual or potential lawsuit or to defend against an actual or potential lawsuit,
  • to protect your vital interests (or the vital interests of another person) or
  • performance of contracts concluded between the Controller and a third party.

5. Data retention period

Personal data will be retained only for the period strictly necessary to fulfill the purposes described in this policy (or other purposes communicated to you) or for purposes otherwise required by contracts concluded with third parties, applicable laws or other internal regulations of the Controller. In the case of a service user, this will generally be the period during which our services are provided, and a user account is created, used and for 5 years after its deactivation.

6. Sources of personal data

We obtain the most personal data directly from you and usage of our platform by you, especially when creating your user account. Furthermore, personal data may also come from publicly available sources, public registers and records (e.g. commercial register, debtor register, professional registers). The Controller may obtain personal data using support systems and applications intended for the transmission of data and documents for this purpose. The Controller may also obtain personal data from third parties that are authorized to access and process personal data.

7. Data subject rights

Each Data Subject has the right to:

  • Access to personal data. The Data Subject has the right to access personal data, which includes the right to obtain from the Controller:
    • confirmation as to whether personal data are being processed,
    • information on the purposes of the processing, the categories of personal data concerned, the recipients to whom the personal data have been or will be disclosed, the planned period of processing,
    • the existence of the right to request from the Controller the rectification or erasure of personal data concerning the Data Subject or the restriction of their processing or to object to such processing,
    • the right to lodge a complaint with a supervisory authority,
    • all available information on the source of personal data, if not obtained from the Data Subject,
    • the fact that automated decision-making, including profiling, is taking place,
    • appropriate safeguards when transferring data outside the EU,
    • in the event that the rights and freedoms of other persons are not adversely affected, a copy of the personal data.
  • Correction of personal data. The Data Subject has the right to have inaccurate personal data processed by the Controller about him/her rectified. The Data Subject is also obliged to notify changes to his/her personal data and to provide evidence that such changes have occurred. He/she is also obliged to provide cooperation if it is found that the personal data processed by the Controller about him/her are inaccurate. The rectification will be carried out without undue delay, always considering the given technical possibilities.
  • Erasure of personal data. The Data Subject has the right to erasure of personal data concerning him or her unless the Controller demonstrates legitimate grounds for processing such personal data.
  • Restriction of processing of personal data. The Data Subject has the right to restrict processing until the complaint is resolved if he or she disputes the accuracy of personal data, the reasons for their processing, or if he or she objects to their processing.
  • Portability of personal data. The Data Subject has the right to data portability concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format, and the right to request the Controller to transmit such data to another Controller. If the Data Subject provides personal data in connection with a contract or on the basis of consent and their processing is carried out by automated means, he or she has the right to receive such data in a structured, commonly used and machine-readable format. If technically feasible, the data may also be transmitted to a designated Controller, provided that a person acting on behalf of the Controller has been duly designated and authorized. If the exercise of this right is likely to adversely affect the rights and freedoms of third parties, the Data Subject's request will not be complied with.
  • Object to the processing of personal data. The Data Subject has the right to object to the processing of his or her personal data on the grounds of the legitimate interests of the Data Controller. Unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests or rights and freedoms of the Data Subject, the Controller shall terminate the processing based on the objection without undue delay.
  • Not to be subject to automated decision-making. The Data Subject has the right not to be subject to any decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
  • Withdrawal of consent to the processing of personal data. If the Controller processes personal data based on consent, the Data Subject has the right to withdraw their consent at any time.
  • Filing a complaint. If he believes that his right to personal data protection has been violated in the Czech Republic, the Data Subject may file a complaint to the Office for Personal Data Protection with its registered office at Pplk. Sochora 727/27, 17000 Prague 7 – Holešovice, tel.: 234 665 111, e-mail: posta@uoou.cz.

Please note that there may be limitations or exceptions to the exercise of the rights of the Data Subject described above. The Controller will endeavor to work with the Data Subject to discuss any exceptions or limitations in the event that a Data Subject requests the exercise of the right. If you have any questions about the rights of the Data Subject or if the Data Subject wishes to exercise such rights in relation to the personal data set out in this Policy, please contact our Group Data Protection Officer in writing, whose contact details are set out below.

8. Security of personal data

Our company is aware of the importance and value of personal data and therefore has implemented appropriate organizational and technical measures to ensure the security of the personal data you provide. Personal data is managed and processed in accordance with all applicable legal regulations, in particular in accordance with the GDPR, but also in accordance with legal regulations for the protection of the personality of natural persons, regulations in the field of cybersecurity. Persons handling personal data are bound by confidentiality, compliance with legal regulations and compliance with the internal regulations of the Controller.

CALIFORNIA-SPECIFIC DISCLOSURES

This section is applicable solely to individuals residing in California.

9. Personal Data Collection

Under California law, we are required to inform you about the categories of personal data we collect, as defined by applicable California statutes. To fulfill this requirement, we have matched each type of personal data we collect (described in more detail above) with the corresponding legal category:

  • Personal identifiers: Includes your name, mailing address, phone number, email address, passport or other government-issued identification (such as driver’s license or ID. Card), account details, and similar unique identifiers.
  • User Records: Covers documents such as your driver’s license number, ID. No., passport number, partial credit or debit card numbers, bank account details, and other financial or payment information.
  • Legally protected attributes: Includes data such as your age, date of birth, and gender.
  • Transactional data: Refers to data regarding products or services you have purchased and your interactions with or use of our services.
  • Biometric Information: Limited exclusively to facial recognition data used by us or our third-party service providers for age and identity verification.
  • Online activity data: Includes device-related data and technical log information gathered when you access our services.
  • Multimedia content: Includes photographs and videos (User or Creator uploaded content) that you submit to the platform.
  • Work and Career related data: May include the organization or company you are affiliated with, your job title, and other role-specific details relevant to that organization.
  • Other Personal Data: Encompasses your communication preferences, records of interactions with our customer service, social media data you allow us to access, any personal data you provide when submitting an inquiry or request, and messages sent to us through our services or made available on social media.
  • Inferences: Data derived or generated from your use of our services, which may reflect preferences, behavior patterns, or other analytical insights.

10. Contact information of the Controller

If you have any questions or comments regarding your rights, these policies or the Controller's personal data protection procedures, you can contact us by e-mail: admin@loverchat.me.

We have also appointed an EU Representative who may be reached as follows:
Getting Gold CZ s.r.o.,
Jaurisova 515/4, Michle (Praha 4),
140 00 Prague, Czech Republic

These policies come into effect on July 1, 2025. The Controller is entitled to change the text of these policies at any time by publishing the new version on its website.