Privacy Policy

The data controller is: Cin Cin Wine Bar Dal Corso s.r.o. Václavské náměstí 47, 110 00 Praha 1, Czech Republic IČO: 195 83 958 | DIČ: CZ19583958 Registered in the Commercial Register maintained by the Municipal Court in Prague, Section C Email: info@cincinbar.cz For all data protection matters, contact us at the email address above.

We collect personal data only when you interact with us directly: • Reservation system: name, contact details (email or phone), date and time of visit, party size. • Private event enquiry form: name, email or phone, preferred date, estimated guest count, occasion type, and any message you submit. • Website usage: anonymised analytics data (page views, session duration, device type). This data does not identify you individually. • Cookies: see Section 7 below. We do not collect sensitive categories of personal data (GDPR Article 9).

We process your data on the following legal bases under GDPR Article 6: • Article 6(1)(b) — Performance of a contract or pre-contractual steps: processing reservation requests and event enquiries at your request. • Article 6(1)(f) — Legitimate interests: responding to enquiries, improving our service, and maintaining records of our communications with customers. • Article 6(1)(a) — Consent: where you explicitly agree to receive marketing communications. You may withdraw consent at any time.

Your personal data is used solely to: • Confirm and manage your reservation or event enquiry. • Communicate with you about your booking or event (confirmation, follow-up). • Respond to any contact you initiate. • Comply with applicable legal and regulatory obligations. We do not use your data for automated profiling or decision-making.

We retain personal data only as long as necessary: • Reservation data: 2 years from your visit date, then deleted. • Event enquiry data: 1 year from submission if no booking results, or 2 years from the event date if a booking is confirmed. • Legal or accounting records: retained for the period required by applicable Czech law (typically 5–10 years). You may request deletion of your data at any time (see Section 8).

We share data only with processors necessary to operate the service, each bound by a data processing agreement: • Website hosting provider — operates the server infrastructure on which this website runs. • Email delivery provider — sends transactional emails related to your private-event enquiry. Reservations are currently handled by telephone and involve no third-party online processor. We do not sell, rent, or trade personal data to any third party.

Our website uses only the following cookies: • Strictly necessary cookies: required for the website to function and to remember your preferences (such as language and light/dark theme). Under Czech law these do not require consent. For statistics we use privacy-friendly, cookieless analytics that set no cookies and do not identify you individually. We do not use advertising, profiling, or cross-site tracking cookies. If cookie-based tracking were ever introduced, we would ask for your consent beforehand through a cookie banner, in accordance with Section 89 of the Czech Electronic Communications Act (No. 127/2005 Coll.).

Under GDPR Chapter III, you have the following rights: • Right of access (Art. 15): request a copy of the personal data we hold about you. • Right to rectification (Art. 16): request correction of inaccurate or incomplete data. • Right to erasure (Art. 17): request deletion of your data, subject to our legal retention obligations. • Right to restriction (Art. 18): request that we limit how we use your data in certain circumstances. • Right to data portability (Art. 20): receive your data in a structured, machine-readable format. • Right to object (Art. 21): object to processing based on legitimate interests. • Rights related to automated decision-making (Art. 22): we do not engage in automated profiling. To exercise any right, contact us at info@cincinbar.cz. We will respond within one calendar month.

If you believe we have not handled your data in accordance with GDPR, you have the right to lodge a complaint with the Czech supervisory authority: Úřad pro ochranu osobních údajů (ÚOOÚ) Pplk. Sochora 27, 170 00 Praha 7 www.uoou.cz

We may update this Privacy Policy from time to time. The current version is always available at this address. The date at the top of this page indicates when it was last revised.