meetin.bar Platform Personal Data Processing Policy
(GDPR)
01. Introductory provisions
The meetin.bar website, mobile application, related API, administration and other digital interfaces operated by the Data Controller (hereinafter collectively referred to as the “Platform”) process users’ personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (GDPR) and Act No. 110/2019 Coll., on the processing of personal data.
Operator of a venue (e.g. a bar, club or other establishment) integrated into the Platform, where interactions between users and the fulfillment of orders may take place (hereinafter referred to as the “Partner”), may process personal data in connection with the provision of its services as an independent controller.
02. Data Controller
The data controller is MEETin s.r.o., Company ID No.: 180 47 840, with its registered office at Povltavská 5/74, 171 00 Prague 7 - Troja, email: info@meetin.bar, (hereinafter referred to as the “Controller”).
03. Who this policy applies to
These principles apply in particular to visitors to the meetin.bar website, users of the mobile app and web app, registered users, individuals contacting support, individuals placing orders via the Platform, and individuals reporting content or incidents.
04. What personal data we may process
In particular, we may process:
- identification and registration data, such as name, nickname, date of birth or age, contact email and telephone number,
- login and authentication data,
- profile data, photographs, preference data and content that you upload to the Platform yourself,
- data regarding interaction with the Platform, such as logs, IP address, device identifiers, security records, and data regarding reports and moderation,
- data regarding orders, payments, refunds, complaints and communication with technical support,
- where applicable, data regarding your location, visits to establishments or check-ins, provided you give your consent for the relevant feature or actively use it,
- marketing and consent data, if you consent to commercial communications or non-technical cookies.
05. Purposes, legal bases and retention periods
| Purpose of processing | Typical categories of data | Legal basis | Typical retention period |
|---|---|---|---|
| account creation and management, login, profile management | Registration and profile data | performance of the contract / pre-contractual measures | for the duration of the account and 6 months after its closure |
| provision of the Platform’s social and community features | profile, photographs, interactions, user-generated content | performance of the contract; for optional features, consent where applicable | for the duration of use of the feature and 3 months thereafter |
| order fulfilment, customer support, complaints and returns | order data, contact details, communications | performance of the contract; legitimate interest in defending claims | for the duration of order processing and for 3 years thereafter, depending on the nature of the claim |
| accounting and tax obligations | identification, order data, accounting documents | compliance with a legal obligation | 10 years, or as required by law |
| Age and security checks for alcohol | age data, verification result, incident log | compliance with legal obligations; legitimate interest in preventing offences | for the period necessary for the relevant order and defence against claims |
| prevention of fraud, misuse, attacks and network protection | IP, device data, security logs, abuse flags | legitimate interest | 6 months, unless longer retention is required |
| moderation and handling of reports | reports, content, identification of participants, decisions | legitimate interest; compliance with a legal obligation, where relevant | 6 months / for the duration of the dispute and 3 years thereafter |
| commercial communications | email, telephone, marketing preferences | consent; or soft opt-in as required by law | until consent is withdrawn or an objection is raised, 5 years at most |
| non-technical cookies and analytics / marketing | cookie identifiers, online identifiers, website behaviour | consent | depending on the settings of the specific cookies |
06. Orders placed with Partners and the roles of other data controllers
In the case of an order fulfilled by a Partner, we provide the Partner with the data necessary to process the specific order, in particular the order identification, order content, order time and contact details required for its fulfilment, support or complaint handling.
In such cases, the Partner generally acts as an independent data controller for the purposes of fulfilling the order, accounting, tax obligations, handling complaints and complying with legal obligations, including those relating to age restrictions.
Should the Partner act as a data processor for the Controller in a specific case, this role will be explicitly described in the relevant service or in a separate document.
07. Special rules for orders of alcoholic beverages
Where alcoholic beverages are ordered via the Platform, we will use the personal data obtained in connection with such a purchase solely for the purpose of that purchase, related legal obligations, refunds, handling complaints and defending legal claims. We will not use this data for unrelated marketing purposes.
We also require the relevant Partner to comply with this on a contractual basis.
08. Recipients of personal data
We may transfer personal data in particular to the following recipients:
- providers of hosting, cloud and infrastructure services,
- providers of authentication, communication, support and ticketing services,
- payment service providers, specifically Stripe, Inc. (and its affiliated entities), for the purpose of processing payments, whereby this entity may act as an independent controller of personal data,
- partners to the extent necessary to process an order,
- suppliers of security, anti-fraud and analytical tools, provided they are properly configured,
- legal, accounting and tax advisers,
- public authorities, where required by law or a binding decision.
09. Transfer to third countries
Where, in providing the Platform, we use suppliers based outside the EEA or accessible from a third country, we do so only in compliance with the conditions set out in the GDPR, in particular on the basis of an adequacy decision or standard contractual clauses.
Specific transfers to third countries (to the United States in particular) take place only to the extent necessary and with a strong emphasis on maximum data protection. For this purpose, we rely on established safeguards such as the EU–US Data Privacy Framework or Standard Contractual Clauses.
10. Automated decision-making and profiling
As a rule, the controller does not carry out automated individual decision-making that would have legal effects on you or similarly significantly affect you.
Where we use automated features for fraud prevention or service security, these will serve as a supporting tool and will be subject to human review to the extent appropriate to the nature of the risk.
11. Your rights
You have the right to request access to your personal data, its rectification, erasure, restriction of processing, portability, and the right to object to processing based on legitimate interest.
Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
You may exercise your rights by emailing info@meetin.bar or via any other contact channel listed on the Platform.
If we have reasonable doubts about the identity of the applicant, we may request additional identity verification.
12. Cookies and similar technologies
The platform may use technical cookies and similar technologies necessary for the functioning of the website and the application.
We will only use analytical, marketing or other non-technical cookies and similar technologies on the basis of prior consent, unless otherwise provided by law.
Details regarding the categories of cookies, their providers, expiry times and how to withdraw consent are set out in separate Cookie Policy.
13. Marketing and commercial communications
If we send you commercial communications by electronic means, we will do so only in accordance with the relevant legal regulations.
Where we require your consent to send such communications, this consent is always voluntary, separate and revocable.
Every marketing message must include a simple option to unsubscribe.
14. Security
We take appropriate technical and organisational measures to secure personal data, in particular access control, access logs, transmission encryption, permission segmentation, backups, testing and security monitoring.
15. Age Restrictions and Children
The platform is intended for persons aged 18 and over. If we discover that we have processed data relating to a person who does not meet the age requirements for a particular feature or service, we may restrict the account, delete the data or take other appropriate measures.
15. Right to lodge a complaint
You have the right to lodge a complaint with the Office for Personal Data Protection.
16. Changes to this Policy
We may amend these terms as appropriate, in particular in response to changes in legislation, technical changes to the Platform or changes to the suppliers used. The current version is always published on the Platform.