PRIVACY POLICY

This Privacy Policy explains how we collect, use, process, disclose and secure information obtained from and about you.

We, We travel the world s.r.o. a company with its registered office at gen. Píky 300/12a, Řepčín, 779 00 Olomouc, the Czech Republic, identification number 083 51 864, registered in the Commercial Register maintained by the Regional Court in Ostrava under file No. 79254 (the Company or we) are the administrators of the website available at https://www.worldeee.com/, which enables organised saving and planning of trips including photographs and maps (the Site). The Site can also be viewed through the mobile phone Application Worldee (the Application). The visitors of the Site are after registration able to use certain services for free (the Free Services) and certain paid services which enables you to make broader and more effective use of the possibilities offered by the Site or grants you access to some of the premium options of the Site (the Paid Services) (Free Services and Paid Services also together as the Services). We also operate as a travel agency when we arrange tours provided by the travel agency CK CoolCamp, s. r. o., ID No.: 03887901, with its registered office at Prokešovo náměstí 634/5, Moravská Ostrava, 702 00 Ostrava, which is registered in the Commercial Register at the Regional Court in Ostrava under No. C 61716 (CK CoolCamp).

Provision of legal information is a difficult task. In order to provide you with the most comprehensible and understandable information, we divided this Privacy Policy into sections. If you follow these guidelines you will find all the necessary information while not wasting time reading passages irrelevant for you.

1. Firstly, please read the first section of this Privacy Policy, in which you will find the general information relevant for every case of data processing.

2. Then, determine to which of the categories displayed below you belong in and read the relevant section (you do not have to concern yourself about other sections, however, in some cases, it is possible that more than one category is relevant for you, and therefore more sections):

   1. Supplier (section 2)

      Supplier means every third party which provides us any goods or services.

   2. User (section 3)

      User means a person, who creates an account on the Site through which they use the Free Services.

   3. Client (section 4)

      Client means a person who enters into a contract with us, upon the basis of which they use the Paid Services.

   4. Potential client (section 5)

      Potential client means every visitor to the Site, or a person who contacts us on their own or a person we are in a contractual or other relationship with.

   5. Traveller

      Traveller is the natural person to whom we, as a travel agency, arrange the conclusion of a travel contract with CK CoolCamp.

3. The Smartlook service is used on the Site and in the Application to record your activity. For more information, please refer to the article 7 of this Privacy Policy.

4. Eventually, do not forget to acquaint with the Final Notice which is relevant for each of abovementioned categories of personal data processing. The Final Notice can be found in the sixth section.

1. General information

   1. Data controller

      The data controller is a person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

      The data controller of personal data is We travel the world s.r.o. a company with its registered office at gen. Píky 300/12a, Řepčín, 779 00 Olomouc, the Czech Republic, identification number 083 51 864, registered in the Commercial Register maintained by the Regional Court in Ostrava under file No. 79254

      You can contact the data controller via e-mail address info@worldee.com. The data controller’s contact person is Tomáš Zapletal, who can be contacted at the abovementioned e-mail address.

   2. Your rights

      The data controller makes sure the processing of all personal data is done properly and safely. You can exercise the rights guaranteed to you in this section towards the data controller in writing, by e-mail or phone at the contact places mentioned in section 1.1.

      Information regarding your rights is provided by the data controller free of charge, unless the request for information is clearly unreasonable or inadequate, especially for its repetitive nature. In this case, the data controller will be entitled to charge a reasonable fee, taking into account additional administrative costs of providing requested information. Also, in case of repetitive requests for providing copies of processed personal data the data controller has the right to charge an appropriate fee as administrative costs.

      We will provide you with comments and, if applicable, information about the measures taken as soon as possible, but at the latest within a month. We are entitled to extend the period by two months if necessary and in view of the complexity and number of applications. We will inform you of such extension including reasons for such extension.

      1. Right to be informed about processing of your personal data and the right to access the data

         You are entitled to request information from the data controller about whether the personal data are subject to processing or not. If the personal data are processed, you have the right to request information about the identity of the data controller, his representatives or personal data protection commissioners, about the purpose of processing personal data, categories of personal data, recipients or categories of recipients of personal data, data controllers, enumeration of your rights, the option to petition The Office for Personal Data Protection, the sources of processed personal data and automated decision-making and profiling.

         You have the right to be provided with a copy of your processed personal data. The right to obtain this copy cannot interfere with the rights and freedoms of other persons.

         If the data controller intends to use the personal data for a different purpose than it was originally collected for, the data controller will provide you with additional information and information about the intended purpose before any additional data processing.

         The abovementioned information which you have right to be provided with, is part of this Privacy Policy. That does not prevent you from requesting this information again.

      2. Right to correct the data

         If there has been for example a change in the place of residence, phone number or other circumstance on your side, that can be considered as personal data, you have the right to request a correction from the data controller of the processed personal data. In addition, you have the right to fill in any incomplete data, including the right to provide a supplementary statement.

      3. Right to erasure (right to be forgotten)

         You have the right to request erasure of your personal data from the data controller. Among these situations is for example, when personal data are no longer necessary in relation to the purposes for which they were collected. The data controller erases the personal data automatically, however, you can still request the erasure of the data at any time. Your request shall be reviewed individually and you will be informed about the outcome. In some cases, the data controller might be legally required to process the personal data.

      4. Right to restrict processing of personal data

         You have the right to request the restriction of processing of personal data (i.e. that they stop being used, however are not completely erased at the same time) from the data controller where one of the following applies:

         1. you contest the accuracy of personal data (processing will be restricted for the time the data controller needs to verify the accuracy of the personal data);

         2. the processing is unlawful and you do not want the personal data to be erased;

         3. the data controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;

         4. you object the processing and there is a pending verification whether the legitimate interests of the data controller prevail over yours.

         Even where processing has been restricted, such personal data may be processed by the data controller for the establishment, exercise or defence of legal claims or for the protection of the rights of other natural or legal persons.

      5. Right to data portability

         If you wish the data controller to transfer your data to a different data controller or company, the data controller will hand over your personal data in a corresponding format to the entity of your choice, unless prevented by statutory or other significant restrictions.

      6. Right to object and automated individual decision-making

         If you find out or suspect that the data controller is carrying out the data processing in conflict with your right to privacy and personal life, or illicitly (assuming, that the personal data are processed by the data controller based on public or legitimate interests, or are processed for direct marketing purposes, including profiling, or statistical purposes or scientific or historical research purposes) you can contact the data controller and request an explanation or rectification of such situation.

         You also have the right to directly object the automated decision-making and profiling.

      7. Right to file a complaint with The Office for Personal Data Protection

         Anytime, you can contact or submit a complaint to The Office for Personal Data Protection (Úřad pro ochranu osobních údajů) at its registered seat at Pplk. Sochora 27, 170 00 Praha 7, the Czech Republic, https://www.uoou.cz/ in relation with the processing of personal data.

   3. The transfer of personal data to third countries or international organizations

      The data controller will not transfer your personal data to international organizations. The data controller can transfer some of the personal data to countries outside the European Union or European Economic Area through entities the data controller cooperates with.

      The data controller transfers the personal data only where the transfer satisfies the conditions set out by valid statutory provisions concerning personal data protection, i.e. to countries which are recognised as providing an adequate level of legal protection, based on:

      1. Decisions of the European Commission pursuant to Directive 95/46/EC of the European Parliament and of the Council;

      2. adequate guarantees:

         1. binding corporate rules

         2. standard contractual clauses

      3. some of the exceptions for specific situations according to applicable legislation, when (a) and (b) cannot be applied.

      We will inform you about such data transfer individually via e-mail, or we will publish an updated version of this Privacy Policy.

      In order to enhance transparency, we make public, that we cooperate among others with these categories of subjects, that may be located outside the European Union or European Economic Area: companies providing marketing or analytical web tools and companies providing cloud services.

   4. Automated individual decision-making

      Automated individual decision making refers to the situation, where data processing is done solely automatically (without human input), meaning, for example, through the use of automatised information systems, web programs and other software.

      The data controller will not make any decision based solely on automated processing that would have legal effects concerning the data subject or similarly significantly affect the data subject.

2. Supplier

   Supplier is every third party which provides us any goods or services.

   This Privacy Policy applies when the personal data which are processed belong to the Suppliers who are natural persons, the Suppliers’ employees, members of the Suppliers’ executive bodies and/or other persons cooperating with the Suppliers, if it is necessary for the fulfilment of the purposes listed below.

   1. Categories of processed personal data

      We process following categories of the Suppliers’ personal data:

      1. General identification information – name, surname or entrepreneur’s business name, date of birth (if mentioned), address, identification number;

      2. Contact information – phone number and e-mail address;

      3. Records of mutual communication – information and communication obtained via e-mail, phone calls, video calls or other contact forms;

      4. Billing information – invoice related information, about billing conditions, received payments etc. and

      5. Any other information which we collect and process in connection with performing our contractual or statutory obligations and for the purpose of our legitimate interests.

   2. Legal basis and purposes of personal data processing

      We do not have to obtain consent for processing the personal data of Suppliers – such processing is permitted directly by law. The legal basis for data processing is (a) performance of our contractual obligations (b) complying with statutory obligations (c) our legitimate interest in the protection of our legal rights.

      Provision of the Suppliers’ personal data is both a statutory and contractual obligation and the Suppliers are obliged to provide us this information. If the personal data are not provided, it is not possible to enter into contractual relationship with the Supplier.

      We process the personal data on the abovementioned legal basis for these purposes:

      1. Negotiation of entering into an agreement with the Supplier;

         For this purpose, we process the following categories of personal data: information to identify the data subject, contact information, information from mutual communications, billing and transaction information, and any other information we process which is related to the performance of contractual or statutory obligations and for the purpose of our legitimate interests.

      2. Performance of our statutory obligations which arise from the contractual relationship with the Supplier;

         For this purpose, we process the following categories of personal data: information to identify the data subject, contact information, information from mutual communications, billing and transaction information, information from servers and any information we process which is related to the performance of contractual or statutory obligations and for the purpose of our legitimate interests.

      3. Performance of the requirements of state authorities and archiving obligations (for example in accordance with Act No. 563/1991 Coll., on Accounting, as amended);

         For this purpose, we process the following categories of personal data: information to identify the data subject, contact information, information from mutual communications, billing and transaction information, information from servers and any information we process which is related to the performance of contractual or statutory obligations and for the purpose of our legitimate interests.

      4. Mutual communication between us and the Suppliers;

         For this purpose, we process the following categories of personal data: information to identify the data subject, contact information, information from mutual communications, and any information we process which is related to the performance of contractual or statutory obligations and for the purpose of our legitimate interests.

      5. Defence of our legal claims in judicial or similar proceedings (the legitimate interest is to prevent damages sustained on our side);

         For this purpose, we process any information that we process in relation to the performance of contractual or statutory obligations and for the purpose of our legitimate interests.

   3. Means of obtaining the personal data

      We obtain the Supplier’s personal data directly from the Suppliers, their employees, companies, in which they exercise the role of elected executive bodies and/or other persons cooperating with the Suppliers, mostly from filled out forms, mutual communication or concluded contracts. Also, we can obtain personal data from third parties we cooperate with, which are entitled to access and process the Suppliers’ personal data, and from publicly accessible sources.

   4. Personal data recipients

      Personal data can be disclosed to third parties, if it is necessary for any of the purposes abovementioned. The list of our suppliers can vary in time while at least partially being a subject to trade secret protection. However, we make public at least the categories of potential recipients.

      In order to ensure we provide the most effective Services we use a variety of external entities, to which we delegate part of the Services. This outsourcing can also involve processing of Suppliers’ personal data, based on the legislation (therefore, we do not need Suppliers’ consent). Therefore, our suppliers become data processors, however, they are entitled to use the disclosed data only for the purpose of the activities they are hired for. These are for instance IT services, accountants, marketing advisors, mentors, consultants, legal representatives, etc.

   5. Time period of storage of personal data

      Personal data will be processed and stored for the duration of the agreement and business relationship between us and the Supplier, then for the next 3 years after the contractual and business relationship is terminated, unless otherwise provided.

      Personal data processed for the purpose of defence of our legal claims in judicial or similar proceedings will be processed for the time period of 15 years after the business relationship between us and the Supplier is terminated which represents the longest prescription period set out by law.

      Personal data processed on the grounds of our legal obligations arising from accounting, tax and other statutory regulations, are being stored for the time period set out in these regulations. For instance, we store the Supplier’s personal data regarding accounting for the time period of 5 years since the termination of the business relationship and the Supplier’s personal data regarding tax issues for the time period of 10 years since the termination of respective tax year.

      Personal data which are important to our legitimate interests will be stored for the duration of the agreement and business relationship between us and the Supplier, then for the next year after the contractual and business relationship is terminated.

   6. Supplier’s special rights

      The Supplier has the right to object to data processing based on our legitimate interests. The procedure how to make an objection can be found in the article 1.2(f) of section 1.

3. The USER

   User means a person, who creates an account on the Site through which they use the Free Services.

   1. Categories of processed personal data

      We process the following categories of Users’ personal data:

      1. Basic identification information – username, country;

      2. Contact information – e-mail address;

      3. Further identification information – name, surname, gender, phone number, date of birth, city, profile picture;

      4. Records of mutual communication – information and communication obtained via personal communication, e-mail, records of phone calls or other contact forms;

      5. Information concerning the use of our Services – information about which Free Services are used by you;

      6. Photographs – uploaded photographs within the use of the Services;

      7. Geolocational information – IP address;

      8. Technical and necessary cookies – cookies necessary to the functioning of the Site and/or the Application;

      9. Statistical and analytical cookies – cookies monitoring the activity and experience of the User for the purpose of enhancing the quality of the Services;

      10. Marketing cookies – cookies used for the purpose of informing the Users about the services on social media sites and third-party sites; and

      11. Any other information which we collect and process in connection with performing our contractual or statutory obligations and for the purpose of our legitimate interest.

   2. Legal basis and purposes of personal data processing

      We do not have to obtain consent for processing personal data – such processing is permitted directly by law. The legal basis for data processing is (a) performance of our contractual obligation (b) complying with statutory obligations (c) our legitimate interest in protecting our legal rights.

      Provision of the Users’ personal data is both a statutory and contractual obligation and the Users are obliged to provide us with this information. If the personal data are not provided, it is not possible to offer the Services to the User.

      We process the Users’ personal data according to section 3.1 (c) only in the cases where the User voluntarily provides them to us.

      To process the Users’ personal data according to Section 3.1 (j) we require your consent, as it is not part of fulfilling our contractual or statutory obligations. The legal basis then is the consent of the User, which is expressed by giving consent upon entering the Site and/or the Application, which you can change or revoke at any time (through the settings of your web browser).

      We process the personal data on the abovementioned legal basis for these purposes:

      1. Performance of contractual obligations between the data controller and the User;

         For this purpose, we process the following categories of personal data: basic identification information, contact information, further identification information, information concerning the use of our Services, geolocational information, and any other information we process in connection with performing our contractual or statutory obligations and for the purpose of our legitimate interests.

      2. Maintaining of internal registers, carrying out surveys of Users’ satisfaction, enhancing the quality of the Services and developing new features, ensuring the comfortability of the Site and the Application for the Users (especially by using cookies), and the management of relationships with the Users (the legitimate interest for this processing is the interest on ensuring due functioning of our enterprise).

         For this purpose, we process the following categories of personal data: basic identification information, contact information, information concerning the use of our Services, records of mutual communication, and any other information we process in connection with performing our contractual or statutory obligations and for the purpose of our legitimate interests.

      3. Ensuring mutual communication between us and Users;

         For this purpose, we process the following categories of personal data: basic identification information, contact information, further identification information, information concerning the use of our Services, records of mutual communication, and any other information we process in connection with performing our contractual or statutory obligations and for the purpose of our legitimate interests.

      4. Ensuring that our Services will function correctly, and the resolving of any problems, complaints or suggestions that we receive;

         For this purpose, we process the following categories of personal data: information concerning the use of our Services, records of mutual communication, server logs, technical and necessary cookies, statistical and analytical cookies, and any other information we process in connection with performing our contractual or statutory obligations and for the purpose of our legitimate interests.

      5. Raising awareness about our Site, Application and Services within direct marketing, especially by sending commercial communications to Users about the current Services, planned improvements and our other products, which could be relevant for the User;

         For this purpose, we process the following categories of personal data: basic identification information, contact information, further identification information, information concerning the use of our Services, records of mutual communication and marketing cookies.

      6. Defence of our legal claims in judicial or similar proceedings (the legitimate interest is to prevent damages sustained on our side);

         For this purpose, we process any information that we process in relation to performance of contractual or legal obligations and for the purpose of our legitimate interests.

   3. Means of obtaining the personal data

      We obtain the Users’ personal data directly from our Users, mostly from filled out forms, or mutual communication. Also, we can obtain personal data from third parties we cooperate with, which are entitled to access and process the Users’ personal data, and from publicly accessible sources.

   4. Recipients of personal data

      Personal data can be disclosed to third parties, if it is necessary for any of the purposes abovementioned. The list of our suppliers can vary in time while being partially subject to trade secret protection. However, we make public at least the categories of potential recipients.

      In order to ensure we provide the most effective Services we use a variety of external entities, to which we delegate part of the Services. This outsourcing can also involve processing of Users’ personal data, based on the legislation (therefore we do not need Users’ consent). Therefore, our suppliers become data processors, however, they are entitled to use the disclosed data only for the purpose of the activities they are hired for. These are for instance IT services, marketing advisors, mentors, consultants, and companies providing marketing and cloud services for us etc.

   5. Time period of storage of personal data

      Personal data will be processed and stored for the duration of the agreement and business relationship between us and the User, then for the next 3 years after the contractual and business relationship is terminated, unless otherwise provided.

      Personal data processed for the purpose of defence of our legal claims in judicial or similar proceedings will be processed for the time period of 15 years after the business relationship between us and the User is terminated which represents the longest prescription period set out by law.

      Personal data which are important to our legitimate interests will be stored for the duration of the agreement and business relationship between us and the User, then for the next three years after the contractual and business relationship is terminated.

      Personal data processed on the basis of our legitimate interest for the purpose of direct marketing, raising awareness about our Services and expanding our business activities are stored for the duration of the contractual or business relationship between us and the User, then for the next year after the business relationship is terminated.

   6. User’s special rights

      The User has the right to object to the processing based on our legitimate interests. The procedure how to make an objection can be found in the article 1.2(f) of section 1.

4. The client

   Client means a person who enters into a contract with us, upon the basis of which they use the Paid Services.

   1. Categories of processed personal data

      We process the following categories of the Clients’ personal data:

      1. Basic identification information – name, surname, username, permanent residence address, country;

      2. Contact information – e-mail address;

      3. Further identification information – gender, phone number, date of birth, city, profile picture;

      4. Records of mutual communication – information and communication obtained via personal communication, e-mail, records of phone calls or other contact forms;

      5. Information concerning the use of our Services – information about which Free Services are used by you;

      6. Transaction information – in particular information concerning received payments and related bank and billing information;

      7. Photographs – uploaded photographs within the use of the Services;

      8. Geolocational information – IP address;

      9. Technical and necessary cookies – cookies necessary to the functioning of the Site and/or the Application;

      10. Statistical and analytical cookies – cookies monitoring the activity and experience of the Client for the purpose of enhancing the quality of the Services;

      11. Marketing cookies – cookies used for the purpose of informing Clients about the services on social media sites and third-party sites; and

      12. Any other information which we collect and process in connection with performing our contractual or statutory obligations and for the purpose of our legitimate interest.

   2. Legal basis and purposes of personal data processing

      We do not have to obtain the Client’s consent for processing personal data – such processing is permitted directly by law. The legal basis for data processing is (a) performance of our contractual obligations (b) complying with statutory obligations (c) our legitimate interest in protecting our legal rights.

      Provision of the Clients’ personal data is both a statutory and contractual obligation and the Clients are obliged to provide us with this information. If the personal data are not provided, it is not possible to offer the Services to the Client.

      To process the Clients’ personal data according to Section 4.1 (k) we require your consent, as it is not part of fulfilling our contractual or statutory obligations. The legal basis then is the consent of the User, which is expressed by giving consent upon entering the Site and/or the Application, which you can change or revoke at any time (through the settings of your web browser).

      We process the personal data on the abovementioned legal basis for these purposes:

      1. Negotiation of entering into an agreement with the Client;

         For this purpose, we process the following categories of personal data: basic identification information, contact information, further identification information, information concerning the use of our Services, records of mutual communication, transaction information, and any other information we process in connection with performing our contractual or statutory obligations and for the purpose of our legitimate interests.

      2. Performance of contractual obligations between the data controller and the Client;

         For this purpose, we process the following categories of personal data: basic identification information, contact information, further identification information, information concerning the use of our Services, records of mutual communication, geolocational information, transaction information, and any other information we process in connection with performing our contractual or statutory obligations and for the purpose of our legitimate interests.

      3. Performance of statutory obligations arising out of the contractual relationship with the Client;

         For this purpose, we process the following categories of personal data: basic identification information, contact information, further identification information, information concerning the use of our Services, records of mutual communication, transaction information, and any other information we process in connection with performing our contractual or statutory obligations and for the purpose of our legitimate interests.

      4. Performance of the requirements of state authorities and archiving obligations (for example in accordance with Act No. 563/1991 Coll., on Accounting, as amended);

         For this purpose, we process the following categories of personal data: basic identification information, contact information, further identification information, information concerning the use of our Services, records of mutual communication, transaction information, and any other information we process in connection with performing our contractual or statutory obligations and for the purpose of our legitimate interests.

      5. Maintaining of internal registers, carrying out surveys of user satisfaction, enhancing the quality of the Services and developing new features, ensuring the comfortability of the Site and the Application for users (especially by using cookies), and the management of relationships with the Clients (the legitimate interest for this processing is the interest on ensuring due functioning of our enterprise).

         For this purpose, we process the following categories of personal data: basic identification information, further identification information, contact information, information concerning the use of our Services, records of mutual communication, transaction information, and any other information we process in connection with performing our contractual or statutory obligations and for the purpose of our legitimate interests.

      6. Ensuring mutual communication between us and the Clients;

         For this purpose, we process the following categories of personal data: basic identification information, contact information, further identification information, information concerning the use of our Services, records of mutual communication, and any other information we process in connection with performing our contractual or statutory obligations and for the purpose of our legitimate interests.

      7. Ensuring that our Services will function correctly, and the resolving of any problems, complaints or suggestions that we receive;

         For this purpose, we process the following categories of personal data: information concerning the use of our Services, records of mutual communication, server logs, technical and necessary cookies, statistical and analytical cookies, and any other information we process in connection with performing our contractual or statutory obligations and for the purpose of our legitimate interests.

      8. Raising awareness about our Site, Application and Services within direct marketing, especially by sending commercial communications to the Users about the current Services, planned improvements and our other products, which could be relevant for the Client;

         For this purpose, we process the following categories of personal data: basic identification information, contact information, further identification information, information concerning the use of our Services, records of mutual communication and marketing cookies.

      9. Defence of our legal claims in judicial or similar proceedings (the legitimate interest is to prevent damages sustained on our side);

         For this purpose, we process any information that we process in relation to performance of contractual or legal obligations and for the purpose of our legitimate interests.

   3. Means of obtaining the personal data

      We obtain the Clients’ personal data directly from our Clients, mostly from filled out forms, or mutual communication. Also, we can obtain personal data from third parties we cooperate with, which are entitled to access and process the Users’ personal data, and from publicly accessible sources.

   4. Recipients of personal data

      Personal data can be disclosed to third parties, if it is necessary for any of the purposes abovementioned. The list of our suppliers can vary in time while being partially subject to trade secret protection. However, we make public at least the categories of potential recipients.

      In order to ensure we provide the most effective Services we use a variety of external entities, to which we delegate part of the Services. This outsourcing can also involve processing of Suppliers’ personal data, based on the legislation (therefore we do not need Clients’ consent). Therefore, our suppliers become data processors, however, they are entitled to use the disclosed data only for the purpose of the activities they are hired for. These are for instance IT services, providers of document administration and storing etc.

   5. Time period of storage of personal data

      Personal data will be processed and stored for the duration of the agreement and business relationship between us and the Client, then for the next 3 years after the contractual and business relationship is terminated, unless otherwise provided.

      Personal data processed for the purpose of defence of our legal claims in judicial or similar proceedings will be processed for the time period of 15 years after the business relationship between us and the Client is terminated which represents the longest prescription period set out by law.

      Personal data processed on the grounds of our legal obligations arising from accounting, tax and other statutory regulations, are being stored for the time period set out in these regulations. For instance, we store the Client’s personal data regarding accounting for the time period of 5 years since the termination of the business relationship and the Client’s personal data regarding tax issues for the time period of 10 years since the termination of respective tax year.

      Personal data which are important to our legitimate interests will be stored for the duration of the agreement and business relationship between us and the Client, then for the next three years after the contractual and business relationship is terminated.

      Personal data processed on the basis of our legitimate interest for the purpose of direct marketing, raising awareness about our Services and expanding our business activities are stored for the duration of the contractual or business relationship between us and the Client, then for the next year after the business relationship is terminated.

   6. Client’s special rights

      The Client has the right to object to the processing based on our legitimate interests. The procedure how to make an objection can be found in the article 1.2(f) of section 1.

5. Potential client

   Potential client means every visitor to the Site, or a person who contacts us on their own or a person we are in a contractual or other relationship with.

   1. Categories of processed personal data

      We process the following categories of Potential clients’ personal data:

      1. Identification information – (name, surname), if that information is disclosed to us by the Potential client;

      2. Contact information (e-mail address, postal address, phone number), if that information is disclosed to us by the Potential client;

      3. Information from personal, phone or electronic communication between the Company and the Potential client, if there is any;

      4. Geolocational information – IP address;

      5. Technical and necessary cookies – cookies necessary to the functioning of the Site and/or the Application;

      6. Statistical and analytical cookies – cookies monitoring the activity and experience of the User for the purpose of enhancing the quality of the Services; and

      7. Marketing cookies – cookies used for the purpose of informing Users about the services on social media sites and third-party sites.

      We process all the above-mentioned categories of personal data, if they are available to us, for all the purposes for which the Potential client gave their consent or from the mutual communication, if there was any, or as a consequence of a visit to the Site, owing to which we can have access to information according to (d) and (f) above.

   2. Legal basis and purposes of personal data processing

      If the personal data is disclosed to us by the Potential client, or provided to us during our mutual communication out of the Potential clients’ own initiative or during a contractual or other relationship, we do not have to obtain consent for the processing of personal data – such processing is permitted directly by law. The legal basis for data processing of Potential client’s personal data is (a) a contractual or other legal relationship with the Potential client (b) compliance with statutory obligations (c) the protection of our legitimate interests, and (d) the exercise of measures adopted before the conclusion of the contract as requested by the Potential client.

      In relation to the personal data according to section 5.1 above, if their processing is not based on the legal bases enumerated in the paragraph above of this section 5.2, the legal basis for the processing of that personal data is your consent. You express your consent by sending your personal data as defined by Section 5.1 to our e-mail or by disclosing them by phone. Consent provided in this way can be revoked at any time.

      If you are merely a visitor of the web interface of the Site and we have no contractual or other legal relationship, then we can process only the personal data pursuant to (e) and (f) of Section 5.1 above (as we do not have access to any other), and we need your consent for such processing (which you provide while loading the Site or the Application). The legal basis is then only your consent, which expressed by means of the expression of consent, which you can change or revoke at any time (by means of your web browser).

      In case that you sign up on the Site to the delivery of news and other information about our activities for the following marketing purpose:

      sending e-mail newsletters regarding news from the travel and tourism sector and news and information about the Company, no more than once per week;

      we need your consent, in the case, that we are not in a contractual or other legal relationship. Provision of the consent is not a statutory or contractual demand; therefore, if you do not provide us with the consent to process your personal data for marketing purposes, it does not mean that we deny you access to our Services as a result.

   3. The way of obtaining the personal data

      We obtain the Potential clients’ personal data directly from them, mostly from completed forms, visits to our site, contractual or other legal relationships or mutual communication.

   4. Personal data recipients

      Personal data can be disclosed to third parties, if it is necessary for any of the purposes abovementioned. The list of our suppliers can vary in time while being partially subject to trade secret protection. However, we make public at least the categories of potential recipients.

      In order to ensure we provide the most effective Services we use a variety of external entities, to which we delegate part of the Services. This outsourcing can also involve processing of Potential clients’ personal data, based on the legislation (therefore we do not need Potential clients’ consent). Therefore, our suppliers become data processors, however, they are entitled to use the disclosed data only for the purpose of the activities they are hired for. These are for instance IT services, marketing advisors, mentors, consultants, and companies providing marketing and cloud services for us etc.

   5. Time period of storage of personal data

      The personal data will be stored for the time period of duration of mutual communication or contractual or other relationship between the Potential client and Company, then for another one year after it is terminated. If the Potential client does not become the Client of the Company, the consent of the Potential client is valid for one year from the time being provided.

   6. Potential client’s special rights

      The Potential client has the right to object the processing based on our legitimate interests. The procedure how to make an objection can be found in the article 1.2(f) of section 1.

      In case we process the personal data based on the Potential client’s consent, the Potential client has the right to withdraw the provided consent at any time.

      Consent can be withdrawn, by pressing the button “Unsubscribe” contained in e-mails that we can send you, alternatively you may send the information about withdrawing the consent to the e-mail address info@worldee.com

6. TRAVELLERS

   Traveller is the natural person to whom we, as a travel agency, arrange the conclusion of a travel contract with CK CoolCamp. In this section we provide you with information about all the processing of personal data that occurs in connection with this activity. As CK CoolCamp uses personal data to the same extent and for the same purposes, we therefore inform the traveller about the processing also by CK CoolCamp, to which we transfer the data.

   1. Categories of personal data processed

      We process the following categories of personal data of Travellers:

      1. Identification information (name, surname, date of birth, travel document number);

      2. contact information (e-mail address, postal address, telephone number, including the data of the person responsible for the minor if he/she is not travelling with the minor);

      3. payment information (account number, details of payments made);

      4. tour information.

   2. Legal basis and purposes for processing personal data

      We do not need consent to process the personal data of the Travellers that we have received in the framework of the contractual relationship, as the processing is directly permitted by law. The legal basis for the processing of such personal data of Travellers is (a) the contractual relationship with the Traveller which has been established by the conclusion of the tour contract, (b) compliance with legal obligations and (c) the protection of our legitimate interests.

      Therefore, we need the above data in order to ensure the fulfilment of the contractual relationship, namely the relationship between the Traveller, us and CK CoolCamp, so that we and CK CoolCamp can provide the Traveller with the agreed tour.

      Furthermore, we are obliged to process a number of these data also by law.

      At the same time, we may use the data for legitimate interest to protect legal claims, i.e. in particular in the event that we are in dispute with the Traveller, whether the Traveller initiates the dispute (for example, due to dissatisfaction with our services or the services of CK CoolCamp) or we initiate the dispute (for example, due to non-payment).

      We may also use the data to send you newsletters regarding tourism news and news and information from behind the scenes of the Company via e-mail. As the Traveller is our customer, we do not need explicit consent for this, however the Traveller always has the option to refuse the mailing.

   3. Method of obtaining personal data

      We obtain the Travellers' personal data directly from the Travellers, within the framework of the tour contract, or other post-contractual follow-up negotiations and from mutual communications. CK CoolCamp subsequently obtains this data from us.

   4. Recipients of personal data

      The personal data of Travellers may be transferred to third parties if this is necessary to achieve any of the purposes listed above. Our list of suppliers changes over time and may also be partially protected by trade secrets, however, we disclose below at least the categories of potential recipients.

      We will always pass on the data, as it follows from the relationship, to CK CoolCamp, which implements the booked tour and therefore needs the data, so no consent is required for the transfer to CK CoolCamp. In order to ensure we provide the most effective Services we use a variety of external entities, to which we delegate part of the Services. This outsourcing can also involve processing of Travellers’ personal data, based on the legislation (therefore we do not need Travellers’ consent). Therefore, our suppliers become data recipients, however, they are entitled to use the disclosed data only for the purpose of the activities they are hired for. These are for instance IT services, marketing advisors, mentors, consultants, and companies providing marketing and cloud services for us, transport operators, hotels etc.

   5. Retention period of personal data

      Personal data will be processed and stored at all times for at least the duration of the contractual relationship between the Traveller, Company and CK CoolCamp and for a period of 3 years thereafter to protect our legal claims. At the same time, however, the law in many cases imposes an obligation to process data for a certain period of time, so if the law provides for a longer period of time (for example, in the field of accounting, this is up to 10 years for some data), it will be processed for this statutory period.

7. INFORMATION PROCESSED BY SMARTLOOK

   On the Site and in the Application we use the tool https://www.smartlook.com, which is operated by Smartlook.com, s.r.o., ID No.: 09508830, with registered office at Šumavská 524/31, Veveří, 602 00 Brno. Whether you are a Supplier, User, Client, or Potential client, we will record your activity on the Site or when using the Application.

   1. Categories of processed personal data

      We process the following categories of personal data:

      1. Recordings of your screen on the Site and in the Application

      2. Other data and information that will be captured in the recordings or that we will be able to associate with a specific individual

   2. Legal basis and purposes of personal data processing

      The legal basis for processing is your explicit consent to the processing of personal data for the purpose of filtering recordings, creating heatmaps and improving the functioning of the Site and the Application. Our goal is to offer you a better user experience on the Site and in the Application, so we will use the data to make these improvements and provide you with high quality support.

   3. Means of obtaining the personal data

      This activity means that we will store video recordings of your movements on the Site and in the Application and this tool will also assist us in creating analyses from the recordings. We try to ensure that no personal data is included in the recordings, so we will not process your IP address and we will not link the data obtained with other information we have about you and about which we inform you in this Privacy Policy. However, we may still be able to identify you using the information obtained.

   4. Personal data recipients

      In this case, the recipient of the personal data is the provider of this tool, Smartlook.com, s.r.o., ID No.: 09508830, with registered office at Šumavská 524/31, Veveří, 602 00 Brno. Your data will also be handled by our authorized personnel who are tasked with analyzing the functionality of the Site and the Application.

   5. Time period of storage of personal data

      Recordings and other information obtained will be stored for a maximum of 3 months.

   6. Special rights

      In addition to the rights set out in the article 1.2, you have the right to withdraw your consent at any time.

8. Final Notice

   This Privacy Policy is in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27. April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), as amended, and with Act No. 110/2019 Coll., on the Processing of Personal Data.

   If you have any enquiries, do not hesitate to contact us via e-mail at info@worldee.com. You can also contact us in all cases on our mailing address gen. Píky 300/12a, Řepčín, 779 00 Olomouc.

   This Privacy Policy comes into effect on November 1, 2020.