SPAR HR
Data Protection Statement
SPAR HR

Data Protection Statement

SPAR APP DATA PROTECTION STATEMENT

Contact details of responsible persons

 

The SPAR app is managed by SPAR Hrvatska d.o.o., Slavonska avenija 50, 10 000 Zagreb, OIB: 46108893754, Tel.: 01 2410 900, E-mail: [email protected] (hereinafter: "SPAR"). You can get an insight into the contact details of the responsible persons in the Imprint of the SPAR app.

SPAR (the company SPAR Hrvatska d.o.o. as defined in the previous paragraph) acts as a controller responsible for processing of personal data that takes place through the SPAR app, all within the meaning of Article 4, paragraph 1, point 7 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter: "GDPR").

You can reach us:      

  • via post to the address: SPAR Hrvatska d.o.o., Slavonska avenija 50, 10000 Zagreb    
  • via e-mail: [email protected]

For certain data processing activities, we have engaged the services of our partners who act as data processors. These partners may also have their partners engaged as sub-processors. Information on data processors is provided in the part of the text of this Data Protection Statement (hereinafter referred to as the "Statement") that describes respective data processing activity. SPAR has contractually obliged these data processors to use personal data only as per specific instructions, such as for the operation or development of the SPAR app. Data processors are prohibited from using personal data for their own purposes and are obliged to delete these personal data per SPAR’s instruction.

All references to persons and functions used in this Statement apply to all genders.

 

Processing of personal data using the SPAR app

 

The SPAR app can be used only once the end user had registered to the app (hereinafter: "User") and after he/she had accepted the General Terms of Use of the SPAR app (hereinafter: "General Terms"). The User creates a personal user account through the SPAR app. To do this, the User must enter their e-mail address and must also choose a password. With one e-mail address, it is possible to create only one user account.

The User is assigned a SPAR Code and a unique identification number (ID) which enables him/her to use the benefits of the SPAR app. The benefits of the SPAR app are related to the specified identification number that is assigned to the user account to which the User is logged in.

During technical implementation of the SPAR app, we were careful to ensure that your personal data is processed only to the minimal extent, and only as much as is necessary to achieve a certain purpose.

All of the personal data activities and purposes are described further in the text of this Statement. For each data processing activity we provide you with a detailed list of personal data processed for that respective purpose, with the legal basis for that data processing, with information on the storage / processing periods and possibly with information on other entities involved in such personal data processing (the so-called recipients).

 

User Registration

 

Subject and purpose of data processing

To become a User, it is necessary to complete the registration process through the SPAR app. Only adults, i.e. persons who have reached the age of 18 can register.

To register, you need to fill in the appropriate fields in the interface of the SPAR app and you have to enter the required personal information (e-mail address only) and choose a password. This personal data is used to create your user account and for the log in activity later on. With these data we identify you as a User of the SPAR app.

You can use the SPAR app after you have successfully completed the registration (after you have completed all the registration steps and once you have verified your e-mail address).

Categories of personal data

For these purposes, we process the following personal data of the SPAR app User:

  • e-mail address;
  • User password;
  • the selected language for using the SPAR app;    
  • the date and time of acceptance of the General Terms;     
  • the date and time of registration of the User;     
  • SPAR Code and unique identification number (ID).

Legal basis

The processing of your data is based on your consent within the meaning of Article 6 (1) (a) of the GDPR, which you gave when registering for the SPAR app. In the section of the SPAR app called "More", in the "Legal " section, you can also revoke your consent (section "More" --> "Legal "--> "Delete SPAR user account (withdrawal of consent)"), you can do so at any time free of charge, without giving any reasons as to why and with the effect of revocation for the future. By revoking your consent, you delete your user account. You can find more about the deletion of your user account and the consequences for your User relationship in the General Terms.

Retention period

This personal data is processed and stored for as long as your user account is active. After your user account has been deactivated or deleted, your personal data will be deleted or anonymized. Also, if you change your e-mail address at any time while using the SPAR app, your previously recorded e-mail address will be deleted.

Recipients

SPAR has contractually obliged the data processors (recipients) to use personal data only in relation with specific requests, such as the operation or development of the SPAR app. Data processors are prohibited from using personal data for their own purposes and are obliged to delete personal data per SPAR’s instruction.   

  • SPAR Business Services GmbH, Europastraße 3, 5015 Salzburg, Austria;
  • SAP Österreich GmbH, Lassallestraße 7b, 1021 Vienna, Austria; 
  • Microsoft Ireland Operations Limited, One Microsoft Place, South County Industrial Park, Dublin
    18, Ireland;
  • INOVA IT, Jadranska 25a 2000 Maribor, Slovenia.

 

Vouchers and Jokers

 

Subject and purpose of data processing

The main benefits of the SPAR app are Vouchers and Jokers. Voucher allows you to buy certain products under special conditions, while Joker allows you to buy one item with a certain discount. The Promotional terms and conditions for obtaining and using these benefits are available in the SPAR app for each individual benefit.

The benefits of Vouchers and Jokers are awarded to Users based on the evaluation of the User's profile and User behaviour. In these cases, Users are granted benefits depending on the amounts and content of their transaction - invoice of an individual User, depending on the stores in which purchases were made, depending on the manner and dynamics of using previously generated benefits and generally depending on the User’s behaviour within the SPAR app. However, if you have enabled the Favourite stores option (see below in this Statement), your current selection will also be considered when awarding these benefits. This way, this benefits of the SPAR app are different for each User.

The data used for awarding these benefits are collected only if you present the SPAR app during the payment stage of your purchase (by scanning the SPAR Code). The SPAR app uses the SPAR Code to add up your purchases based on your invoice and to analyse the invoice details.

The processing of the above data is subject to automated processing that includes the creation of a profile and is based on your explicit consent that you gave when registering to the SPAR app.

Categories of personal data

For these purposes, we process the following personal data of the SPAR app User:

  • e-mail address;       
  • SPAR Code and unique identification number (ID);
  • data on the number and type of approved benefits that you have selected for use (for example: number of benefits, benefits title, amount of benefits, creation date of benefits, time-frame of benefit’s validity, number of times a certain benefit can be used) and data on how you have chosen to use these benefits, where you can do so (all available benefits or only some);
  • information that your purchase is in progress (the time-period from scanning the SPAR app at the cash register, all the way to processing and issuing an invoice), and this includes the store ID where you made the purchase and the cash register number;   
  • information on the purchases you've made. This includes information on the amount spent and savings made in each purchase, information on the number of purchases you have made, information on the specific products you have purchased, information on the store ID where the purchase was made, the date of purchase, the type and method of payment. In addition, this data also includes information on the benefits you have used (date, time and store when the benefit was used) or on the status of activated benefits that you can still use in one of the next purchases (i.e. when the benefit is not a one-time but can be used more than once);
  • Your Favourite stores if you have selected them in the SPAR app (if you activated that option).

Legal basis

The processing of your data is based on your consent within the meaning of Article 6 (1) (a) of the GDPR, which you gave when registering for the SPAR app. The above applies to all data except for the selection of Favourite Stores (see below in the Statement). In the section of the SPAR app called "More", in the "Legal " section, you can also revoke your consent (section "More" --> "Legal
"--> "Delete SPAR user account (withdrawal of consent)"), you can do so at any time free of charge, without giving any reasons as to why and with the effect of revocation for the future. By revoking your consent, you delete your user account. You can find more about the deletion of your User account and the consequences for your user relationship in the General Terms.

All of the above applies to all categories of personal data from the list, except for the data on "Favourite Stores". Processing of this personal data is based on your consent within the meaning of Article 6 (1) (a) of the GDPR, which you can give and withdraw within the SPAR app as explained below in the chapter "Favourite stores".

Retention period

Personal data relating to your User preferences and purchases are processed for a maximum of two years from the moment when they were created. After two years, the personal data is automatically anonymized. Such anonymized data is used to strengthen predictive models and adjust SPAR's business strategy. At the same time, if you revoke (withdraw) your consent which you gave when registering in the SPAR app (see chapter above), your personal data is automatically deleted or anonymized.

Certain data about your purchases and/or the status of your user benefits are processed for a shorter period, i.e. only while it is necessary.

For example, we process the information that your purchase is in progress only until the cash register processes and issues your invoice, but no longer than 20 minutes in case there are technical or other problems during the purchase. We process data about your benefits only while each benefit is active, and for 7 days after that so that our customer support can provide you with assistance in case you need it.

Data on the selected Favourite stores is processed while this option is activated. When you change your Favourite store selection, or when you deactivate this option (i.e. remove all or some of your Favourite store selections), your previous Favourite store selections are deleted.

Other personal data listed for this processing purpose are processed and stored for as long as your user account is active. After your user account has been deactivated or deleted, your personal data will be deleted or anonymized.

Recipients

SPAR has contractually obliged the data processors (recipients) to use personal data only in relation with specific requests, such as the operation or development of the SPAR app. Data processors are prohibited from using personal data for their own purposes and are obliged to delete personal data per SPAR’s instruction.

  • SPAR Business Services GmbH, Europastraße 3, 5015 Salzburg, Austria;
  • Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland;
  • INOVA IT, Jadranska 25a 2000 Maribor, Slovenia.

 

Other benefits

Subject and purpose of data processing

In addition to Vouchers and Jokers, we can occasionally offer other shopping benefits in the SPAR app. For example, a discount on the entire purchase if you collect a certain number of Digital Discount stickers. These Digital Discount stickers are obtained based on certain purchase amounts.

You are able to create a group with up to four people to collect this benefit together. This way, your SPAR Code will be known to the participants of that group. To create a co-gathering group, we need access to your mobile device camera so that we can create a connection between the members.

Categories of personal data

For these purposes, we process the following personal data of the SPAR app User:  

  • e-mail address;  
  • SPAR Code and unique identification number (ID);
  • information on whether the User has chosen the option of collecting Digital Discount stickers (or whether they want to collect physical ones if they have not activated this option);      
  • information on how many Digital Discount stickers the User has collected;       
  • the number (ID) of the user group for collecting stamps and information on how many Digital Discount stickers this group has collected;   
  • data on the loyalty points collected.

Legal basis

The processing of your data is carried out on the basis of our legitimate interest within the meaning of Article 6 (1) (f) GDPR. Our legitimate interest consists in direct marketing performed to you as a User, all in order to provide you with even more benefits and to provide you with maximum insight into our product assortment.

Retention period

We process data on your benefits only during the period when each benefit is active, and for 7 days after that so that our customer support can provide you with assistance in case you need it.

Other personal data listed for this
processing purpose are processed and stored for as long as your user account is active. After your user account has been deactivated or deleted, your personal data will be deleted or anonymized.

Recipients

SPAR has contractually obliged the data processors (recipients) to use personal data only in relation with specific requests, such as the operation or development of the SPAR app. Data processors are prohibited from using personal data for their own purposes and are obliged to delete personal data per SPAR’s instruction.

  • SPAR Business Services GmbH, Europastraße 3, 5015 Salzburg, Austria;
  • SAP Österreich GmbH, Lassallestraße 7b, 1021 Vienna, Austria;
  • Microsoft Ireland Operations Limited, One Microsoft Place, South County Industrial Park, Dublin 18, Ireland;    
  • INOVA IT, Jadranska 25a 2000 Maribor, Slovenia.

 

Processing of personal data for the purpose of the general operation of the SPAR app

Subject and purpose of data processing

SPAR app saves the code of each data usage. This data is stored and processed in protocol files ("Server Logfiles") and is analysed exclusively to ensure the smooth operation of the SPAR app and to improve our offer. After that, this data is subsequently deleted. The data serves as an additional verification that you have been properly provided with all functions of the SPAR app and benefits. With this data, we ensure the permanent functionality of our IT systems and technology. In addition, SPAR analyses this data with the aim of increasing data security and data protection. This way, we ensure optimal level of protection for your personal data.

In the event of a cyberattack, this information may be made available to official law enforcement authorities.

Additionally, to secure your user account and valuable benefits, SPAR app has been developed to recognize the devices you log in from. This way we are able to control the login of each user account on each device.

To enable User benefits, the SPAR app system is set up to monitor the current state of User selections and settings (for example: the current state of selected Jokers, the current selection of Digital receipt options, etc.). Additionally, this setting allows you to detect the last activity of the User and to automatically deactivate your user account if it is inactive for a period longer than 12 months.

Categories of personal data

For these purposes, we process the following personal data of the SPAR app User:  

  • e-mail address;  
  • SPAR Code and unique identification number (ID);     
  • User password; 
  • the selected language for using the SPAR app;   
  • the date and time of registration of the User;     
  • Timestamp of User Request in the SPAR app;   
  • information on the operating system, the operating system version and the type/model of the device on which the SPAR app is used;
  • IP address;   
  • the number of each transaction and the amount of the transaction and other general details about the individual transaction, the so-called bonID (date and time of the invoice, account number, store where the transaction was made (with indication of the country), cash register number) and the SPAR app version;    
  • information when a QR code was scanned in the SPAR app for each transaction;    
  • data on the number and type of approved benefits that the User has selected to be used, along with which data on the benefits themselves are recorded (for example: number of benefits, benefits title, amount of benefits, creation date of benefits, time-period in which a certain benefit is valid, info on the number of times a certain benefit can be used);
  • information on how you have chosen to use your benefits, where you can do so (all available benefits or only some);
  • temporary storage of information on the deletion of the user account or the update/change of certain data in the user account;
  • the date and time of the User's registration.

Legal basis

The processing of your data is carried out on the basis of our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our legitimate interest consists in ensuring the functionality and security of the SPAR app.

Retention period

Server Logfile data and technical data on individual transactions/individual actions within the SPAR app used for the purpose of processing as described above in this chapter are stored for a period of up to thirty days for documentation purposes. After that this data is deleted. The other personal data listed here is processed and stored for as long as your user account is active. After your user account has been
deactivated or deleted, your personal data will be deleted or anonymized.

Recipients

SPAR has contractually obliged the data processors (recipients) to use personal data only in relation with specific requests, such as the operation or development of the SPAR app. Data processors are prohibited from using personal data for their own purposes and are obliged to delete personal data per SPAR’s instruction.     

  • SPAR Business Services GmbH, Europastraße 3, 5015 Salzburg, Austria;
  • SAP Österreich GmbH, Lassallestraße 7b, 1021 Vienna, Austria ;  
  • Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland;    
  • INOVA IT, Jadranska 25a 2000 Maribor, Slovenia.

 

Processing of personal data for the purpose of receiving notifications about news and general SPAR information

 

Subject and purpose of data processing:

Users of the SPAR app can receive updates in the SPAR app (i.e. updates without special notifications that would appear while the app is not open/active). These news relate to: benefits and new functionalities of the SPAR app, information related to your user relationship with us (e.g. change or update of the General Terms), information generally related to our stores (e.g. information on working hours, extraordinary events in stores such as floods, earthquakes, etc. and other circumstances), general information related to the SPAR product range (e.g. product recall notices).

Categories of personal data

For these purposes, we process the following personal data of the SPAR app User:

  • e-mail address;    
  • SPAR Code and unique identification number (ID);  
  • Device ID, 
  • device operating system,
  • the date when the User's news/notification was delivered (the fact that the news/notification was sent), 
  • the date and time of the User's registration.

Legal basis

The processing of your data is carried out on the basis of Article 6 (1) (f) of the GDPR if we provide you with general information related to your customer relationship with us, information on new functionalities of the SPAR app, information related to our product assortment or information on extraordinary events in our stores. If we process your data for the purpose of delivering notifications on benefits, this processing is based on your consent within the meaning of Article 6 (1) (a) GDPR. You give your consent by checking the appropriate field in the part of the SPAR app called "More" --> "Legal". You can also revoke your consent in that same section of the SPAR app. You can revoke your consent at any time free of charge, without giving any reasons as to why and with the effect of revocation for the future.

Retention period

Personal data that we process on the basis of your consent are processed until you revoke your consent or delete your account in the SPAR app. After that this data is deleted or anonymized. If, at the time of your withdrawal of consent, we need certain personal data for the addressing or exercise legal claims, we may continue to process this personal data as long as there is a need for that, i.e. until we eliminate or until we achieve such legal claims. Other personal data listed here, which we do not process on the basis of your consent, but on the basis of a legitimate interest, are processed and stored for as long as there is a purpose or need for them, but only while your user account is active.

Recipients

SPAR has contractually obliged the data processors (recipients) to use personal data only in relation with specific requests, such as the operation or development of the SPAR app. Data processors are prohibited from using personal data for their own purposes and are obliged to delete personal data per SPAR’s instruction.

  • SPAR Business Services GmbH, Europastraße 3, 5015 Salzburg, Austria.

 

Push notifications

 

Subject and purpose of data processing

SPAR app offers the option of receiving so-called push notifications. Push notifications are messages that appear on your smart mobile device without opening the SPAR app. The purpose of this data processing is to inform you, via push notifications on important news related to: benefits of the SPAR app, information related to your user relationship with us (SPAR), information generally related to our stores (e.g. information on working hours, extraordinary events in stores such as floods, earthquakes, etc. and other circumstances), general information related to the SPAR product range (e.g. product recall notices)

Categories of personal data

For these purposes, we process the following personal data of the SPAR app User:  

  • e-mail address;   
  • SPAR Code and unique identification number (ID); 
  • the date and time of registration of the User;     
  • Device ID;    
  • information that you have opened the received push notification;
  • history of sent push notifications.

Legal basis

The processing of your data is carried out on the basis of Article 6 (1) (f) of the GDPR if we transmit general information related to your customer relationship with us, information related to our product range or information about extraordinary events in our branches. If we process your data for the purpose of delivering push notifications on benefits, this processing is based on your consent within the meaning of Article 6 (1) (a) GDPR. You give your consent by tagging in the part of the SPAR app called "More" --> "Legal". In the same place in the SPAR app, you can also revoke your consent and you can do it at any time free of charge
and without giving a reason with the effect of revocation for the future.

Retention period

Personal data that we process on the basis of your consent are processed until you revoke your consent or delete your account in the SPAR app. After that this data is deleted or anonymized. If, at the time of your withdrawal of consent, we need certain personal data for the addressing or exercise legal claims, we may continue to process this personal data as long as there is a need for that, i.e. until we eliminate or until we achieve such legal claims. Other personal data listed here, which we do not process on the basis of your consent, but on the basis of a legitimate interest, are processed and stored for as long as there is a purpose or need for them, but only while your user account is active.

Recipients

SPAR has contractually obliged the data processors (recipients) to use personal data only in relation with specific requests, such as the operation or development of the SPAR app. Data processors are prohibited from using personal data for their own purposes and are obliged to delete personal data per SPAR’s instruction.

  • SPAR Business Services GmbH, Europastraße 3, 5015 Salzburg, Austria;  
  • SAP Österreich GmbH, Lassallestraße 7b, 1021 Vienna, Austria.

 

Evaluation of the SPAR app behaviour

 

Subject and purpose of data processing

If provide us with your specific consent, SPAR may analyse errors (crashes) of the SPAR app and aim to understand how the content of the SPAR app is used. That way you enable (help) us to continuously provide you with the highest level benefits of the app and we are able to react as quickly as possible in the event of errors in app operation.

For analysing the use of the SPAR app, SPAR chose less intrusive measures. We analyse the app use by all users. We anonymize the data used within seconds, as soon as the data is transmitted to our servers.

The SPAR app uses the Google Firebase tool for analysing app crashes – this tool automatically assigns a unique ID number for an individual User that prevents the disclosure of the User's identity.

Categories of personal data:

For these purposes, we process the following personal data of the SPAR app User:

  • e-mail address;    
  • SPAR Code and unique identification number (ID);     
  • the date and time of registration of the User;
  • the selected language for using the SPAR app;
  • data on the User's device, operating system, and version of the SPAR app;
  • Visitor ID;
  • Timestamp of User Requestin the SPAR app;       
  • User behaviour data in the SPAR app;
  • data on the program code that caused the SPAR app crash (here the SPAR app processes only general data, User
  • data is not visible) and possibly memory printout, as well as more detailed
    information about the SPAR app crash itself, the context of the crash, the
    timestamp of the crash, the signal and the type of error;
  • type and model of the device used by the User during the SPAR app crash, device operating system, available storage space on the device, details about the CPU (central processor unit), data on the RAM memory used at the time of the SPAR app crash, data on the selected orientation on the device, data on the version of the SPAR app used at the time of the SPAR app crash and the internal code of that version, data on the manner in which the SPAR app was working at the time of the crash, data on the Firebase SDK (Crash Analysis Tool) that was integrated into the SPAR app at the time of the crash, the number of app crashes per User in a certain period, information on whether the proximity sensor of the device was active at the time of the SPAR app crash and whether the device was hacked, information about the type of network and network service provider, approximate information about the country of the location, data on events on the device that preceded the crash (for example: changes to the screen or actions in the app).

The following information are downloaded and stored in an anonymized form:    

  • the invited page of the SPAR app,
  • the number of calls (in total across all Users),
  • duration of stay on the page in question (total across all Users).

Legal basis

The processing of your data is based on your consent within the meaning of Article 6 (1) (a) GDPR. You give your consent by checking the appropriate field in the part of the SPAR app called "More" --> "Legal". You can also revoke your consent in that same section of the SPAR app. You can revoke your consent at any time free of charge, without giving any reasons as to why and with the effect of revocation for the future.

Retention period

The data we need for the error analysis is stored for a period of 90 days. After that these data is deleted, unless you revoke your consent beforehand. The data that we process for the purpose of usage analysis is anonymized immediately after download.

Other personal data listed for this processing activity are processed and stored for as long as your user account is active. After your user account has been deactivated or deleted, your personal data will be deleted or anonymized.

Recipients

SPAR has contractually obliged the data processors (recipients) to use personal data only in relation with specific requests, such as the operation or development of the SPAR app. Data processors are prohibited from using personal data for their own purposes and are obliged to delete personal data per SPAR’s instruction.

  •  SPAR Business Services GmbH, Europastraße 3, 5015 Salzburg, Austria;    
  • Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland;
  • InnoCraft Ltd, New Zealand, NZBN 6106769.

The data we collect for the purpose of error analysis is transfered to:

  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA   
  • INOVA IT, Jadranska 25a 2000 Maribor, Slovenia.

In this case, the data is transferred to the USA. Further information on the processing of your personal data after transfer to Google LLC can be found in the data protection statement of Google LLC which can be found here: https://policies.google.com/privacy?hl=en-US.

Although personal data is transferred outsidethe European Union, Google LLC guarantees that it complies with the EU-US Data Protection Framework (https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60 be03fcb0fddf_en?prefLang=hr) with respect to the collection, use and retention of personal data and information from the European Economic Area (EEA). You can read more about this in the chapter "Data transfer frameworks" at the following link: https://policies.google.com/privacy/frameworks?hl=en-US.

 

SPAR newsletters

 

Subject and purpose of data processing

SPAR provides you with digital newsletters within your SPAR app. These newsletters are normally issued in paper form and are available in SPAR stores.

Categories of personal data

For these purposes, we process the following personal data of the SPAR app User:      

  • e-mail address;
  • SPAR Code and unique identification number (ID);      
  • IP address;  
  • Time of access;
  • the type of device used by the User and the operating system of the device.

Legal basis

The processing of your data is carried out on the basis of our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our legitimate interest consists in the processing of personal data for the purpose of direct marketing.

Retention period

The personal data processed for this activity is processed and stored for as long as your user account is active. After your user account has been deactivated or deleted, your personal data will be deleted or anonymized.

Recipients

SPAR has contractually obliged the data processors (recipients) to use personal data only in relation with specific requests, such as the operation or development of the SPAR app. Data processors are prohibited from using personal data for their own purposes and are obliged to delete personal data per SPAR’s instruction.

  • SPAR Business Services GmbH, Europastraße 3, 5015 Salzburg, Austria;     
  • SAP Österreich GmbH, Lassallestraße 7b, 1021 Vienna, Austria.

 

Contact form

 

Subject and purpose of data processing

If you contact us via the contact form, e-mail or telephone, we collect and process data such as your name, your contact details, the subject matter of your contact request and, if applicable, the data that you have made available to us via documents you may have attached to your request. The purpose of this data processing is to respond to your inquiry / customer request ("Customer Service Management").

Categories of personal data

For these purposes, we process the following personal data of the SPAR app User:  

  • e-mail address;
  • SPAR Code and unique identification number (ID);    
  • name and surname;  
  • phone number and e-mail address entered in the contact form,    
  • information regarding the inquiry,
  • attached files,  
  • the specific data related to complaints (Customer care Joker) and the time when a replacement benefit was assigned, as well as information whether it was used, optional information about the end device.

Legal basis

Data processing is carried out for the purpose of processing (pre)contractual steps (Article 6(1)(b) of the GDPR) or on the basis of SPAR's legitimate interest in communicating with Users of the SPAR app (Article 6(1)(f) of the GDPR).

Retention period

The personal data related to your inquiry (name and surname, contact details, information regarding the inquiry, time of the inquiry, specific data related to complaints (Customer care Joker), the time when a replacement benefit was assigned, and information whether it was used) are stored in our internal database for one year after your inquiry. This is necessary for processing your requests, as well as for potential fulfilment, resolution, or defence against legal claims, and their enforcement in administrative or legal proceedings. After this period, your personal data is anonymized and, in such anonymous and aggregated form, used for statistical monitoring for the following two years.

Other personal data listed for this processing purpose is processed and stored as long as your user account is active. After your user account is deactivated or deleted, these personal data are either deleted or anonymized.

 

Stores and opening hours search option

 

Subject and purpose of data processing

If you provide us with your specific consent, SPAR may use your location to show you our stores located near you and/or selection of your Favourite stores in the SPAR app. Additionally, we also display contact information, services and opening hours of these stores.

SPAR app uses the services of Google Maps or Apple Maps. Google Maps is part of Google LLC. Apple Maps is part of Apple Inc. We use services of these providers so that you can see the locations of our stores on a map, and to show you where the nearest SPAR store is located. By using Google Maps or Apple Maps, we offer you an interactive user experience and we can also better align the display of our stores with your needs.

Categories of personal data

For these purposes, we process the following personal data of the SPAR app User:  

  • e-mail address;  
  • SPAR Code and unique identification number (ID);  
  • device-ID; 
  • information about the location.

Google and Apple services process the following personal data of the SPAR App User:

  • Google/Apple Unique Identifier (UI);   
  • Device ID;
  • Referrer-URL; 
  • the date and time of retrieval of the SPAR app;   
  • information about the operation of the system;     
  • information about the locations.

Legal basis

The processing of your data is carried out on the basis of your consent within the meaning of Article 6 (1) (a) of the GDPR. Based on this consent, you grant data access to SPAR and to the respective service provider Google Maps or Apple Maps (depending on which service provider you use). You give your consent by checking the appropriate field in the part of the SPAR app called "More" --> "Legal". You can revoke your consent in the settings of your mobile device, specifically in the place where you manage permissions for individual apps. You can revoke your consent at any time free of charge, without giving any reasons as to why and with the effect of revocation for the future.

Retention period

Personal data processed by the SPAR app are processed until you revoke your consent or until you delete your account in the
SPAR app. After that these data are deleted or anonymized.

At the same time, SPAR does not store personal data related to the use of Google Maps or Apple Maps. In this part, we refer you to the Google and Apple privacy statements – the links provided in the previous paragraphs and below in this section of the Statement.

Recipients

As part of this process, depending on the digital maps you use, the data is transferred:     

  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA  
  • Apple Inc., One Apple Park Way 95014 Cupertino, California, USA.

In this case, data is transferred to the USA in connection with the use of the map function. Further information on the processing of your personal data after transmission to Google LLC can be found in the above-mentioned data protection statement of Google LLC. You can find information about processing after sending to Apple Inc here: https://www.apple.com/legal/privacy/pdfs/apple-privacypolicy-en-ww.pdf.

Although personal data is transferred outside the European Union, Apple Inc declares that the international transfer of personal data collected in the European Economic Area is in accordance with the Standard Contractual Clauses adopted by the European Commission. You can read more on this in Apple's privacy policy (link in the previous paragraph), in the chapter "Transfer of Personal Data Between Countries".

 

Favourite stores

 

Subject and purpose of data processing

The SPAR app enables you to select and store up to three of your favourite stores. As the selection of your favourite stores is not necessary for the functioning of the application, activation of this option is voluntary and we process your personal data for this purpose exclusively on the basis of your consent.

When you activate the Favourite stores option (when you select your favourite stores), SPAR app shows you contact information, services and opening hours of the selected stores. Also, by activating this option you enable SPAR to assign you with benefits (Vouchers and Jokers) that can be used only in those stores that you have selected as your favourites. Therefore, if you select your favourite stores, this information will also be used for the processing activity described earlier in the chapter Vouchers and Jokers. If you de-activate the Favourite stores option, this information is not processed for the purpose of awarding Vouchers and Jokers.

Categories of personal data:

For these purposes, we process the following personal data of the SPAR app User:

  • Your favourite stores;
  • e-mail address;
  • SPAR Code and unique identification number (ID).

Legal basis

The processing of your data for this purpose is based on your consent within the meaning of Article 6 (1) (a) GDPR. You give your consent by checking the appropriate field in the part of the SPAR app called "More" --> "Legal". You can also revoke your consent in the same section of SPAR app (de-select/remove the favourite stores selection), you can do so at any time free of charge, without giving any reasons as to why and with the effect of revocation for the future.

Retention period

This personal data is processed until you revoke your consent or delete your account in the SPAR app. After that these data are deleted or anonymized. Additionally, if you change your favourite stores selection, information on the previous selection is not further stored (i.e. only the current selection is processed).

Recipients

SPAR has contractually obliged the data processors (recipients) to use personal data only in relation with specific requests, such as the operation or development of the SPAR app. Data processors are prohibited from using personal data for their own purposes and are obliged to delete personal data per SPAR’s instruction.

  • SPAR Business Services GmbH, Europastraße 3, 5015 Salzburg, Austria   
  • Microsoft Ireland Operations Limited, One Microsoft Place, South County Industrial Park, Dublin 18, Irska
  • SAP Österreich GmbH, Lassallestraße 7b, 1021 Vienna, Austria.

 

Digital receipts

 

Subject and purpose of data processing

If you provide us with your specific consent, SPAR may issue your receipts in the digital form and store them in the same (digital) form within the SPAR app.

Categories of data subjects and personal data

For these purposes, we process the following personal data of the SPAR app User:  

  • e-mail address;  
  • SPAR Code and unique identification number (ID);
  • the system info on selection of the digital receipt option (the so-called PrintBon tag); 
  • digital receipt;   
  • date and time of purchase, store and cash register number;    
  • information on the savings achieved.

Legal basis

The processing of your data is based on your consent within the meaning of Article 6 (1) (a) GDPR. You give your consent by checking the appropriate field in the part of the SPAR app called "More" --> "Legal". You can also revoke your consent in that same section of the SPAR app. You can revoke your consent at any time free of charge, without giving any reasons as to why and with the effect of revocation for the future.

Retention period

The digital account as such is available in the SPAR app for a maximum of 24 months from its creation.  The other personal data listed here is processed and stored for as long as your user account is active. After your user account has been deactivated or deleted, your personal data will be deleted or anonymized.

Recipients

SPAR has contractually obliged the data processors (recipients) to use personal data only in relation with specific requests, such as the operation or development of the SPAR app. Data processors are prohibited from using personal data for their own purposes and are obliged to delete personal data per SPAR’s instruction.

  • SPAR Business Services GmbH, Europastraße 3, 5015 Salzburg, Austria 
  • Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Irska    
  • INOVA IT, Jadranska 25a 2000 Maribor, Slovenia.

 

Security of personal data

 

We collect and process your personal data in a manner that ensures appropriate security and confidentiality for their processing. We effectively implement all of the data protection principles, particularly the data minimisation principle, the purpose limitation principle, storage limitation principle and we ensued data availability.

We take all appropriate technical and organisational protection measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure, insight or access to data.

All employees and/or persons acting as representatives of SPAR (in its role of data controller) undertake to keep personal data safe by signing a confidentiality statement. The obligation to maintain secrecy and confidentiality of personal data applies even after the termination of the employment or other relationship in SPAR.

All of SPAR’s data processors or contractual partners are also obliged to the same standard of protective measures.

 

Your rights

 

In accordance with the GDPR and other applicable regulations for the protection of personal data, you have the right to exercise any of your data subject’s rights, and you can do so at any time. You have the following rights:

1.  Right of access

You have the right to access your personal data processed by us. You can request detailed information on the purpose of data processing, the type/categories of personal data we process, you can ask to be given an insight into your personal data, you have the right to be informed on the recipients or categories of recipients of your personal data and on the envisaged retention period for your data. Access to personal data may be restricted only in cases prescribed by European Union law or our national legislation, or when such restriction respects the essence of the fundamental rights and freedoms of others.

2. Right to rectification

You have the right to request the rectification or completion of personal data if your data is inaccurate, incomplete or if it is not up-to-date.

If you wish to exercise this right, please note that it is necessary to specify what data is incorrect, incomplete or is not up-to-date. The request should also describe how should the data be corrected or updated. You should also submit the necessary documentation in support of your allegations.

3. Right to erasure

You have the right to request the erasure of your personal data if one of the following conditions is met:

  • Your personal data is no longer necessary in relation to the purpose for which we collected or process it;    
  • you have revoked the consent on which the processing is based in accordance with Article 6(1)(a) of the GDPR and if there is no other legal basis for the processing;  
  • you have objected to the processing of your personal data in accordance with Article 21 (1) of the GDPR and if there are no overriding legitimate grounds for the processing on our part;
  • the personal data has been processed unlawfully;
  • personal data must be erased in order to comply with a legal obligation under the law of the European Union or the law of the data controller’s jurisdiction;
  • the personal data were collected in connection with the offer of information society services referred to in Article 8(1) of the GDPR.

The above rights are not applicable to the extent that the processing is necessary   

  • for the exercise of the right to freedom of expression and information;
  • to comply with a legal obligation requiring processing in European Union or Member State law of the data controller’s jurisdiction, or for the performance of a task in the public interest or in the exercise of official authority of the data controller;   
  • for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1), to the extent that the right referred to in paragraph 1 is likely to prevent or seriously jeopardise the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.

4. Right to restriction of processing

You have the right to ask for restriction of processing of personal data if:

  •  you dispute their accuracy;
  •  if the processing is unlawful and you oppose their deletion;
  •  if the controller no longer needs the personal data, but you have requested it in order to establish, exercise or defend legal claims;  
  • if you have objected to the processing of your personal data.

5.  Right to object to SPAR

If we rely on our legitimate interests when processing your personal data, you can object to such processing.

You can exercise all the rights we have listed in points 1 to 5 of this chapter by contacting our Data Protection Officer, in writing:

  • via post to the address SPAR: Personal Data Protection Officer, Slavonska avenija 50, 10000 Zagreb; or
  • via e-mail: [email protected].

6.  Right to object to a supervisory authority

Additionally, you have the right to file a complaint with the supervisory authority for the protection of personal data in the Republic of Croatia: Personal Data Protection Agency, Ulica grada Vukovara 54, Zagreb.

 

Changes to the Statement

 

We regularly update this Data Protection Statement to keep it accurate and up-to-date and we reserve the right to change its content if we deem it necessary. You will be informed about all changes and additions in a timely manner through the SPAR app in accordance with the principle of transparency.