'%3e%3cg%20transform='rotate(0)'%3e%3ccircle%20cx='0'%20cy='0'%20r='6'%20fill='%231d0e0b'%20fill-opacity='1'%3e%3canimateTransform%20attributeName='transform'%20type='scale'%20begin='-0.875s'%20values='1.5%201.5;1%201'%20keyTimes='0;1'%20dur='1s'%20repeatCount='indefinite'%3e%3c/animateTransform%3e%3canimate%20attributeName='fill-opacity'%20keyTimes='0;1'%20dur='1s'%20repeatCount='indefinite'%20values='1;0'%20begin='-0.875s'%3e%3c/animate%3e%3c/circle%3e%3c/g%3e%3c/g%3e%3cg%20transform='translate(71.21320343559643,71.21320343559643)'%3e%3cg%20transform='rotate(45)'%3e%3ccircle%20cx='0'%20cy='0'%20r='6'%20fill='%231d0e0b'%20fill-opacity='0.875'%3e%3canimateTransform%20attributeName='transform'%20type='scale'%20begin='-0.75s'%20values='1.5%201.5;1%201'%20keyTimes='0;1'%20dur='1s'%20repeatCount='indefinite'%3e%3c/animateTransform%3e%3canimate%20attributeName='fill-opacity'%20keyTimes='0;1'%20dur='1s'%20repeatCount='indefinite'%20values='1;0'%20begin='-0.75s'%3e%3c/animate%3e%3c/circle%3e%3c/g%3e%3c/g%3e%3cg%20transform='translate(50,80)'%3e%3cg%20transform='rotate(90)'%3e%3ccircle%20cx='0'%20cy='0'%20r='6'%20fill='%231d0e0b'%20fill-opacity='0.75'%3e%3canimateTransform%20attributeName='transform'%20type='scale'%20begin='-0.625s'%20values='1.5%201.5;1%201'%20keyTimes='0;1'%20dur='1s'%20repeatCount='indefinite'%3e%3c/animateTransform%3e%3canimate%20attributeName='fill-opacity'%20keyTimes='0;1'%20dur='1s'%20repeatCount='indefinite'%20values='1;0'%20begin='-0.625s'%3e%3c/animate%3e%3c/circle%3e%3c/g%3e%3c/g%3e%3cg%20transform='translate(28.786796564403577,71.21320343559643)'%3e%3cg%20transform='rotate(135)'%3e%3ccircle%20cx='0'%20cy='0'%20r='6'%20fill='%231d0e0b'%20fill-opacity='0.625'%3e%3canimateTransform%20attributeName='transform'%20type='scale'%20begin='-0.5s'%20values='1.5%201.5;1%201'%20keyTimes='0;1'%20dur='1s'%20repeatCount='indefinite'%3e%3c/animateTransform%3e%3canimate%20attributeName='fill-opacity'%20keyTimes='0;1'%20dur='1s'%20repeatCount='indefinite'%20values='1;0'%20begin='-0.5s'%3e%3c/animate%3e%3c/circle%3e%3c/g%3e%3c/g%3e%3cg%20transform='translate(20,50.00000000000001)'%3e%3cg%20transform='rotate(180)'%3e%3ccircle%20cx='0'%20cy='0'%20r='6'%20fill='%231d0e0b'%20fill-opacity='0.5'%3e%3canimateTransform%20attributeName='transform'%20type='scale'%20begin='-0.375s'%20values='1.5%201.5;1%201'%20keyTimes='0;1'%20dur='1s'%20repeatCount='indefinite'%3e%3c/animateTransform%3e%3canimate%20attributeName='fill-opacity'%20keyTimes='0;1'%20dur='1s'%20repeatCount='indefinite'%20values='1;0'%20begin='-0.375s'%3e%3c/animate%3e%3c/circle%3e%3c/g%3e%3c/g%3e%3cg%20transform='translate(28.78679656440357,28.786796564403577)'%3e%3cg%20transform='rotate(225)'%3e%3ccircle%20cx='0'%20cy='0'%20r='6'%20fill='%231d0e0b'%20fill-opacity='0.375'%3e%3canimateTransform%20attributeName='transform'%20type='scale'%20begin='-0.25s'%20values='1.5%201.5;1%201'%20keyTimes='0;1'%20dur='1s'%20repeatCount='indefinite'%3e%3c/animateTransform%3e%3canimate%20attributeName='fill-opacity'%20keyTimes='0;1'%20dur='1s'%20repeatCount='indefinite'%20values='1;0'%20begin='-0.25s'%3e%3c/animate%3e%3c/circle%3e%3c/g%3e%3c/g%3e%3cg%20transform='translate(49.99999999999999,20)'%3e%3cg%20transform='rotate(270)'%3e%3ccircle%20cx='0'%20cy='0'%20r='6'%20fill='%231d0e0b'%20fill-opacity='0.25'%3e%3canimateTransform%20attributeName='transform'%20type='scale'%20begin='-0.125s'%20values='1.5%201.5;1%201'%20keyTimes='0;1'%20dur='1s'%20repeatCount='indefinite'%3e%3c/animateTransform%3e%3canimate%20attributeName='fill-opacity'%20keyTimes='0;1'%20dur='1s'%20repeatCount='indefinite'%20values='1;0'%20begin='-0.125s'%3e%3c/animate%3e%3c/circle%3e%3c/g%3e%3c/g%3e%3cg%20transform='translate(71.21320343559643,28.78679656440357)'%3e%3cg%20transform='rotate(315)'%3e%3ccircle%20cx='0'%20cy='0'%20r='6'%20fill='%231d0e0b'%20fill-opacity='0.125'%3e%3canimateTransform%20attributeName='transform'%20type='scale'%20begin='0s'%20values='1.5%201.5;1%201'%20keyTimes='0;1'%20dur='1s'%20repeatCount='indefinite'%3e%3c/animateTransform%3e%3canimate%20attributeName='fill-opacity'%20keyTimes='0;1'%20dur='1s'%20repeatCount='indefinite'%20values='1;0'%20begin='0s'%3e%3c/animate%3e%3c/circle%3e%3c/g%3e%3c/g%3e%3c!--%20[ldio]%20generated%20by%20https://loading.io/%20--%3e%3c/svg%3e)
PRIVACY POLICY (GDPR)
This document describes how Novo Plaza s.r.o. processes personal data of website visitors, mobile application users and loyalty program members, space rental inquiries and other individuals in connection with the provision of its services. The document is prepared in accordance with Regulation (EU) 2016/679 (GDPR) and relevant legal regulations.
1. Controller and contact details
Controller: Novo Plaza s.r.o., Company ID: 26483360, registered office at Na Perštýně 342/1, Staré Město, 110 00 Prague 1, Czech Republic.
File number: C 85126 kept at the Municipal Court in Prague, registration date: November 7, 2001.
Contact email for personal data protection inquiries: gdpr@novoplaza.cz
2. Processors and recipients of personal data
For the purpose of providing services, we use trusted processors and technology providers. We have concluded processing agreements with all of them pursuant to Article 28 GDPR. Specifically:
- Simplaq s.r.o., Company ID 10732888 – development and operation of the technology platform (white-label web and Novo Plaza application), CRM and database management.
- CBRE s.r.o., Company ID 25759604 – operational management of the center and selected support services; in certain cases may also act as an independent controller for its own purposes (e.g. own contractual agendas).
- Kreatika studio s.r.o., Company ID 05010136 – marketing services.
- DigitalOcean, LLC – hosting and infrastructure (data transfer to the USA may occur).
- Google LLC – Google Analytics/GA4, Google Tag Manager, Firebase, YouTube (data transfer to the USA may occur).
- Meta Platforms, Inc. – Meta Pixel (data transfer to the USA may occur).
- Cloudflare, Inc. – CDN/WAF and security services (data transfer to the USA may occur).
- Mailgun Technologies, Inc. – transactional and marketing email sending (data transfer to the USA may occur).
- The Rocket Science Group LLC (Mailchimp) – emailing/newsletter (data transfer to the USA may occur).
- Delivery and logistics partners – only in case of physical delivery of rewards within the loyalty program.
We may update the current list of processors as needed; however, we always ensure an appropriate level of security and contractual guarantees.
3. Who is covered by this document
These principles apply to (i) visitors to the website novoplaza.cz, (ii) users of the Novo Plaza mobile application, (iii) members of the loyalty program (participation in the program, collection and redemption of points), (iv) inquiries about space rental and (v) individuals who contact us through online forms or other communication channels.
4. Categories of personal data processed
- Identification data: name and surname.
- Contact data: email address, telephone number.
- Profile data: gender, date of birth, postal code (without full postal address).
- Data on interactions in the application: behavior and interactions of registered users for personalization and targeting purposes (if consent is granted).
- Purchase data within the loyalty program: purchase date, receipt scanning date, store name, purchase value, list and price of items (for point allocation, fraud prevention and possible marketing with consent).
- Technical and operational data: device identifiers (e.g. device ID), logs, login information, language settings, security and application functionality data.
- Data from web forms: content of message/inquiry and attached information.
- Cookies and similar technologies: see separate Cookie Usage Policy.
5. Processing purposes, legal bases and retention periods
Below we list the main processing purposes, corresponding legal bases and indicative retention periods:
Purpose: Operation and security of the website and application (logging, incident detection, availability) Legal basis: Legitimate interest of the controller (Article 6(1)(f) GDPR) Retention period: Logs and security events usually up to 12 months.
Purpose: Establishment and management of user account (application), management of loyalty program (collection of points, redemption of rewards), delivery of rewards Legal basis: Performance of contract (Article 6(1)(b) GDPR) and legitimate interest (fraud prevention) Retention period: For the duration of the account/program and max. 2 years after its termination; accounting documents according to law (usually 10 years).
Purpose: Communication and handling of inquiries (form "General inquiry", "Space rental") Legal basis: Legitimate interest (providing a response) or measures before concluding a contract (Article 6(1)(b) GDPR) Retention period: For the duration of handling + max. 2 years after last communication; for concluded contracts according to legal deadlines.
Purpose: Sending newsletters and commercial communications, push notifications, personalization of offers Legal basis: Consent (Article 6(1)(a) GDPR) – granted during registration or in account settings Retention period: Until consent is withdrawn or after 24 months of inactivity (then we ask for confirmation again).
Purpose: Profiling for marketing purposes (segmentation by gender, age, postal code, purchase history, interactions in the application) Legal basis: Consent (Article 6(1)(a) GDPR); we do not perform automated decision-making with legal effects Retention period: Until consent is withdrawn or after 24 months of inactivity.
Purpose: Analytics of website and application usage (GA4 etc.) Legal basis: Consent (Article 6(1)(a) GDPR) for non-essential cookies/SDK; basic technical analytics may be conducted on legitimate interest Retention period: Aggregated/anonymized data long-term; personal data according to tool settings (e.g. GA4 usually up to 14 months).
Details on the use of cookies and similar technologies can be found in the "Cookie Usage Policy" document available on the website. Within the banner and settings, consent for individual categories can be granted or withdrawn.
6. Transfers of personal data to third countries
Due to the use of certain technology providers, transfers of personal data outside the EU/EEA may occur, especially to the United States of America (e.g. Google LLC, Meta Platforms, Cloudflare, DigitalOcean, Mailgun, Mailchimp). These transfers are carried out on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission and any additional supplementary measures to ensure an appropriate level of personal data protection.
7. Sources of personal data
We obtain personal data primarily directly from you (registration in the application, filling out forms, participation in the loyalty program). Additionally, data is generated based on your use of the website and application (technical and operational data). Within the loyalty program, we also process data from scanned receipts.
8. Categories of recipients
In addition to the processors listed above, data may be transferred to the following categories of recipients if necessary: IT and cloud service providers, delivery and logistics companies (for sending rewards), public authorities (if required by legal regulation), contractual business partners within the fulfillment of the loyalty program.
9. Your rights
You have in particular the following rights under GDPR:
- right of access to personal data
- right to rectification of inaccurate or incomplete data
- right to erasure ("right to be forgotten")
- right to restriction of processing
- right to data portability
- right to object to processing based on legitimate interest
- right to withdraw consent at any time (does not affect processing before withdrawal)
You can exercise your rights by email at gdpr@novoplaza.cz or in writing to the controller's address. We respond to requests without undue delay, at the latest within 30 days.
10. Supervisory authority
You also have the right to lodge a complaint with the supervisory authority: Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.
11. Automated decision-making and profiling
We perform profiling for marketing purposes (segmentation and personalization of offers) exclusively on the basis of your consent. We do not use automated decision-making that would have legal effects on you or similarly significantly affect you.
12. Security of personal data
We apply appropriate technical and organizational measures to protect personal data, including encryption, pseudonymization, access control, regular audits and training. Access to data is limited to persons who necessarily need it to fulfill their duties.
13. Cookies and similar technologies
Details on cookies, categories, purposes and retention period can be found in the "Cookie Usage Policy" document available at https://novoplaza.cz/cz/cookies. Within the banner, you can manage your choices at any time.
14. Retention periods – summary
- Account and loyalty program: for the duration of the account and max. 2 years after its termination.
- Communication and inquiries: for the duration of handling + max. 2 years.
- Marketing and newsletters: until consent is withdrawn / 24 months of inactivity.
- Security logs: usually up to 12 months.
- Accounting and tax documents: according to legal regulations, typically 10 years.
- Analytics (GA4): according to tool settings, usually up to 14 months.
- Cookies: see table in Cookie Usage Policy.
15. Changes to this document
We may update these principles continuously, for example due to changes in technologies, legal requirements or services. The current version is always available on our website. We will inform you of substantial changes in an appropriate manner.
Effective date: October 23, 2025