PRIVACY POLICY IN REWARDHERO D.O.O.

1. INTRODUCTION
Individual privacy protection is presented as general terms and conditions for the protection and processing of personal data and is applicable to the website https://www.RewardHero.com/ (hereinafter referred to as "general terms and conditions") and the where2look mobile app

2. MANAGER OF PERSONAL DATA
The manager of personal data collected and processed in connection with the use of the website https://www.RewardHero.com/ is the company Rewardhero d. o. o., (hereinafter referred to as "Rewardhero", "we" or "us"):

Rewardhero d.o.o.,
Ulica 15 Maja 10b, 6000 Koper
Registration number: 8816964000
VAT ID: 81420919
Contact phone: +386 (0) 41 964 668, e-mail: [email protected]

3. CONTACT DETAILS
If you have any questions related to or in connection with the General Terms and Conditions, or would like to file a complaint about our process of your personal information or would like to exercise one of your rights (please see point 8), please contact us at the above contact or you can contact our Data Protection Officer (DPO - for more see point 4.10):

DPO name: Marko Kotnik
Postal address: Rewardhero doo, - Data Protection Officer (DPO) Ulica 15 Maja 10b, 6000 Koper / Slovenia
E-mail: [email protected]

4. INDIVIDUALS WHOSE PERSONAL INFORMATION IS PROCESSED
The general terms and conditions apply to the collection and processing of personal data of the users of the website https://www.RewardHero.com/.

5. CATEGORIES OF PROCESSED PERSONAL DATA, PURPOSE OF PROCESSING AND LEGAL BASIS FOR PROCESSING
What personal information do we collect?
We collect and process your personal information that you actively provide us through the https://www.RewardHero.com/ (for example, when you submit an order, confirm the application, send us an email), which includes the following categories of personal information:
• Basic personal information about an individual: name, surname, business name, date of birth;
• Contact details: country, address, postal code, place, telephone, e-mail address;
• Information on selected communication modes,
• Data that allows you to create profiles.
For what purposes do we process your personal information?
We process personal data only for certain, explicit and legitimate purposes and we will not process them in any way that is incompatible with these purposes. Such a purpose may be answers to your inquiry (offers, emails), the execution of the order, answers to your request, which you have sent to us at https://www.RewardHero.com/, improving your user experience at our websites or portals, improving our products and services in general, offering services or applications and marketing campaigns.

What are the legal bases for processing personal data?
In accordance with the regulations governing the protection of personal data, we may process your personal data:
• if you have consented to the processing of personal data;
• if this is necessary so that we can conclude and / or fulfill the contract with you (all in accordance with article 6/1-b of the GDPR);
• if the processing is necessary for the legitimate interests pursued by or another third party, all in accordance with 6/1-f. Article GDPR - e.g. for direct marketing purposes. sending e-mail (for example, for the purpose of informing individuals about the benefits and innovations of the company , providing customer support, sending invitations to presentations of new services and products

6. RECIPIENTS OZ. CATEGORIES OF PERSONAL DATA RECIPES
Access to your personal information is limited to those individuals who need to be acquainted with them to be able to perform their work or contractual obligations. Depending on the purposes for which TPLJ processes your personal information, we can provide them for individual purposes. We disclose your personal information to the following categories of recipients of personal data:
i. authorized employees in the company d.o.o.;
ii. to our contractors (our contractors of personal data), of which we always require that they always comply with the applicable laws, the policy of protecting personal data and pay great attention to the confidentiality of your personal information:
o Advertising, marketing and promotional agencies and service providers eg. Google (Google-only cookie / cookie identifier for remarketing purposes, Google AdWords ad serving email address, cookie / cookie identifier for analytics purposes in Google Analytics, Facebook - cookie / cookie identification only for remarketing purposes, an email address for displaying ads in Facebook Custom Audiences), Pardot, HotJar, SalesForce, InfoBip, and so on, which helps us perform and analyze the effectiveness of our campaigns and promotions.
o companies that provide other services for or on behalf of (for example, external IT service providers, accountancy services, law firms, etc.)
iii. to other third parties:
o where required by law or legally required to protect the rights of the company ;
o where this is necessary in order to ensure compliance with the laws, the requirements of the authorities, the court order, the legal procedures, the reporting obligations and the information to the authorities, etc .;
o in order to protect the rights, property or safety of TPLJ and / or its customers.
Our business partners, referred to in point iii. Above, may only process your personal information in the framework of our instructions and may not use personal information to pursue any of their own interests.

7. RETENTION PERIOD
We will keep your personal information in accordance with the applicable law governing the protection of personal data. We will only store them for as long as necessary for the purposes for which they are processed, or for handling in accordance with the law. When processing your personal information is no longer necessary, we permanently delete or anonymize your personal information so that it can no longer be linked to an individual (unless you need to keep your personal information in order to ensure compliance with legal obligations eg. personal data contained in the contracts, communication, business letters, accounts may be subject to deposit obligations up to 10 years). We retain your personal information on your personal consent until your cancellation. Personal data processed on the base contractual relationship with you is kept for the duration of the contractual relationship and for another 5 years after its termination (in so far as the general limitation period is set).

8. YOUR RIGHTS
If you have given consent to the processing of your personal data, you can cancel your consent by writing to our DPO email [email protected] directly in writing to the record with the DPO at the headquarters of our company or otherwise published on our website. Revocation of an authorization to process personal data may result that we may not be able to provide one or more of our services, which can not be provided without the personal data, after a cancellation of the personal data processing authorization may be given to you. In order to ensure and exercise your rights, you can always contact our Data Protection Authorized Person (DPO - see points 4.3 and 4.10), which will ensure the immediate exercise of your six fundamental rights:
1. Right to access your personal data (Article 15 of the GDPR): You may have the right to request us to confirm or process your personal information, and if so, you can request us to access personal data and access information include, inter alia, processing purposes, the type of personal data concerned, the users or categories of users to whom their personal data have been or will be disclosed. Notwithstanding this, this is not your absolute right, and the interests of other individuals can limit your right of access to data. You have the right to obtain a copy of the personal data that is being processed. For any subsequent copies you may request, you may be charged a reasonable fee taking into account the administrative costs incurred;
2. The right to correction of your personal information: if you find any error in your personal information, or if you find it incomplete or incorrect, you have the right to request us to correct your inaccurate personal information. Depending on the purpose of the processing, you have the right to supplement incomplete personal information, including the submission of a supplementary statement;
3. The right to delete your personal information: if you no longer want us to store your personal information or there is no longer any purpose for which we have collected or has expired a deadline for the storage of such personal data; under certain conditions you have the right to request us to delete your personal information, and the operator will have the obligation to delete personal information without undue delay;
4. The right to limit the processing of your personal data: under certain conditions, you have the right to request us to restrict the processing of your personal information. In this case, the personal data concerned will be marked and managed by the operator only for certain purposes.
5. The right to the transferability of personal data: under certain conditions, you have the right to receive the personal information that you have provided us in a structured, widely used and machine-readable form, and you have the right to forward this information to another controller without our obstruction;
6. Right to object: under certain conditions, you have the right to, at any time, object to (contradict) the processing of personal data on grounds relating to your particular situation or when your data is processed for direct marketing purposes. In this case, the manager has the obligation to stop processing your personal information. If your personal information is processed for the purpose of direct marketing, you have the right, at any time, to challenge the processing for the purposes of such marketing, or merely automated processing, including the creation of profiles.
In accordance with the legislation governing the protection of personal data, you have the right to file a complaint with the competent data protection authority if you believe that the processing of your personal data is not in accordance with the General Data Protection Act (GDPR) or other applicable law.

9. PROFILE DESIGN
We use certain data to evaluate or evaluate what kind of communication would be most interesting and useful for you. By doing so, we want to increase the opportunity to present you the most relevant products or services. For this purpose, individuals can be classified into different groups (profiles), with which we communicate differently or adapted (individualized). This means that different groups (profiles) of individuals receive marketing messages with different content, including purchase terms (eg discounts or payment terms). When sorting individuals into groups (profiles), we can monitor, record and use the response of an individual to market messages, e.g. opening emails, clicking on links, the time that an individual spends on a particular link, and so on.

10. AUTHORIZED DATA PROTECTION PERSON - DPO
An Authorized Data Protection Officer - the DPO, in an independent way, ensures that correctly applies the rules governing the protection of your personal data by individuals. The mandate and basic task of the DPO is to ensure that , as the data controller, respects its data protection obligations and that the data subjects are informed of their rights and obligations under EU Regulation 2016/679 (GDPR) and in each case the applicable Personal Data Protection Act.
The Authorized Data Protection Officer shall have the following tasks:
• informing the controller or processor and the employees who carry out the processing, and advising those listed of their obligations under the GDPR and other provisions of Union law or the law of the Member State on data protection;
• monitoring compliance with GDPR, other provisions of Union law or the law of a Member State on the protection of data and the policies of the controller or processor in relation to the protection of personal data, including the allocation of tasks, awareness and training of personnel involved in the processing operations, and the related audits;

cooperation with the supervisory authority (Information Commissioner of the Republic of Slovenia);
acting as a focal point for the supervisory authority in matters relating to the processing, including the prior consultation referred to in Article 36, and, where appropriate, consultation on any other matter.
Information about the authorized person for the protection of personal data at the company and its contact details are in point 3 of the subject privacy notice.

11. SECURING YOUR PERSONAL DATA
uses technical and organizational security measures to protect your personal data against unlawful or unauthorized access or use, as well as against unintentional loss or impairment of their integrity. All measures are designed with taking into account your own IT infrastructure, the potential impact on your privacy and costs, and in line with current industry standards and practices. Contractors will process your personal data only if these technical and organizational security measures are taken into account.

12. VALIDITY AND ACCEPTANCE OF THE GENERAL CONDITIONS OF SECURITY AND PROCESSING OF PERSONAL DATA
The subject processing conditions apply and will apply from 25 May 2018.
When implementing new technologies or the offer of additional services, the need to modify and update / update the subject general conditions for the protection and processing of personal data can also be shown, so Little Place reserves the right to change it at any time. Any changes and amendments to these general terms and conditions will be published on the website https://www.RewardHero.com/. you will be notified of the change in another appropriate way.

X