Privacy and Cookie Policy

Version 1.6

 Effective from 1.3.2026

We would like to inform you below how Tesco Stores ČR a.s. processes your personal data, for what purpose, for how long and what your rights are. The Privacy and Cookies Policy ("Rules") includes, in particular, information on the processing of personal data in the following cases:

• Shop in our stores 
• Online shopping,
• use of the Clubcard loyalty program,
• Use of our mobile applications,
• sending news and marketing communications,
• Contact customer support.
• Communicate with each other via our social media.
• Participate in satisfaction surveys, contests or events we organise.

(collectively, "our Services").

At the same time, we offer services in cooperation with partners whohave their own privacy policies, which we recommend that you familiarize yourself with in advance.

We process your personal data in accordance with the EU General Data Protection Regulation (2016/679) ("GDPR"), Act No. 480/2004 Coll., on Certain Information Society Services and Act No. 110/2019 Coll., on the Processing of Personal Data, as amended.

Data Controller

How to contact us

How we protect your personal data

Rights of data subjects

Tesco Online Shopping

Clubcard

Mobile application Tesco Online shopping CZ, Clubcard, Scan&Shop mobile

Handling complaints and claims via Customer Support and the contact form

Participation in competitions, market research, events organized by Tesco

Sending news and marketing communication

Social Media

Processed personal data obtained through cameras

Other Tesco services offered in cooperation with partners (Tesco mobile)

Job applicants at Tesco

Cookies and similar technologies

Data Controller

The Data Controller of personal data is Tesco Stores ČR a. s., Vršovická 1527/68b, 100 00 Prague 10, ID No.: 453 08 314, registered in the Commercial Register maintained by the Municipal Court in Prague, Section B, Insert 1377 (hereinafter referred to as the "Controller" or "Tesco").

Tesco is part of the Tesco Group, in which, based on the need and necessary circumstances, personal data may also be processed by other companies within the Tesco Group (for example, due to the regional roles of a Tesco employee or the platform used). Although this is subject to individual assessment, we believe it is important to inform you that Tesco group companies may qualify as both data processors and controllers, joint and/or separate, and that Tesco has agreements in place for all of its data processing activities within the organisation, which ensures the security of your personal data.

 Tesco group companies that help us provide our services: 

1. TESCO Stores ČRČR a. s.,. (Czech Republic, Vršovická 1527/68b, 100 00 Prague 10, ID No.: 453 08 314 (hereinafter referred to as "Tesco"); registration number: 45308314);
2. TESCO STORES SR, a.s. (Slovakia, Cesta na Senec 2, 821 04, Bratislava; registration number: 31321828); 
3. Tesco Stores Limited (a company registered in England under company number 519500 and having its registered office at Tesco House, Shire Park, Kestrel Way, AL7 1GB). 

How to contact us

If you have questions about how we process personal data or would like to exercise your rights, please contact us at: 

Phone:  800 222 555

Address:  TESCO Stores ČR a. s.

Vršovická 1527/68b, 100 00 Prague 10

Legal Department

Our Data Protection Officer

In the case of exercising your rights as described below, please send them to ochrana_dat@tesco.com.

Our Data Protection Officer can be contacted by e-mail: CE.DPO@tesco.com and

If you have any questions about camera systems, please send them in writing via data box or by e-mail to: cz.cctvrequest@tesco.com.

How we protect your personal data

To keep your personal information safe, we use computer security measures such as firewalls and data encryption, and enforce physical controls on access to our buildings and files.  We only grant access to employees who absolutely  need it to perform their job duties. We regularly train employees on how to handle personaldata. 

• During transmission, we protect the security of your information by encrypting it using a Secure Sockets Layer (SSL).
• We apply physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal information. We do not disclose any personal information without identity verification.
• When confirming your order, we will only reveal the last four digits of your credit card number
• All payment details are encrypted and stored in a secure environment.
• We adhere to a strict access control policy (rules) and further strengthen it by controlling access to sensitive data (such as payment data) through advanced technologies.
• We follow strict security measures to protect personal data and prevent the leakage or loss of personal data or any security incident or breach of personal data.
• We regularly monitor and test our security framework, both internal and external audits.

While we take appropriate technical and organizational measures to secure your personal data, please note that we cannot guarantee the security of personal data that you voluntarily send to us over the internet.

Rights of data subjects

You have the right to:

Right of access to personaldata

You have the right to receive confirmation from us as to whether personal data concerning you is being processed and, if so, to access the personal data and information that you request or that you consider relevant. In accordance with applicable law, we provide information about the processing of your personal data free of charge. We will respond to your request in writing within 1 (one) month. 

Right to rectification

If the data we process is incorrect, we will correct it without undue delay at your request. You also have the right to have incomplete data completed, including by means of a supplementary statement.

Right to object

Under certain circumstances, you have the right to object to the processing of your personal data and you have the right to object to the use of your data for direct marketing. You can also object if we process your personal data on the basis of legitimate interests (or those of a third party), unless Tesco demonstrates legitimate grounds for the processing that override your interests, rights and freedoms.

Right to restriction of processing

Data processing may be restricted if:

• you contest the accuracy of the personal data for a period that allows us to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
• Tesco no longer needs your personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims;
• you have objected to the processing until it has been verified whether Tesco's legitimate reasons outweigh yours.

Right to erasure ('right to be forgotten')

You have the right to have your personal data deleted without undue delay if any of the following reasons applies:

• the personal data being processed is no longer necessary for the purposes for which they were collected or otherwise processed;
• you withdraw your consent, on the basis of which your personal data pursuant to Art. 6 para. 1 lit.  a) GDPR are processed, and there is no other legal ground for their processing;
• object to the processing of your personal data pursuant to Article 21 (1) of the GDPR. 1 or 2 of the GDPR, whereby in the event of an objection pursuant to Article 21 para. 1 GDPR, there are no grounds that would entitle Tesco to continue processing your personal data;
• the personal data has been unlawfully processed;
• the personal data must be erased by Tesco in order to comply with the applicable legal obligation;
• The personal data have been collected in connection with the offer of information society services pursuant to Article 8(1) of the GDPR. 1 GDPR.

Where we have disclosed your personal data and are now required to delete such personal data, we will take reasonable measures, taking into account the available technology and the cost of implementation, to ensure that third parties who process such personal data are informed that you wish them to delete any references, copies or replicas thereof.

Right to data portability

You have the right to receive personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format (e.g. doc or .pdf), unless otherwise requested. 

What happens and what you can do if your application is rejected

If Tesco rejects your request for rectification, restriction, erasure or portability of your personal data, we will inform you in writing within one month of receipt of your request as to why we were unable to comply with your request and inform you of your options for procedural defence, in particular the possibility of filing a complaint with the supervisory authority.

You can exercise your rights using the contact details provided in the "How to Contact Us" section below. Please note that if you are exercising more than one right at once, e.g. the right of access and the right to erasure at the same time, we recommend exercising them sequentially. If you delete your account first, we cannot then comply with your request for information on how we process your data.

Complaint of the Office for Personal Data Protection:

You also have the right to lodge a complaint with the Office for Personal Data Protection via the contacts below:

Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, Czech Republic

Tel. +420 234 665 111

Fax +420 234 665 444

E-mail:posta@uoou.cz

Website:http://www.uoou.gov.cz/

The website of the Office for Personal Data Protection also contains further details about the above-mentioned data protection rights.

Judicial protection

In addition to the above, you can file a lawsuit with the competent court.

Tesco Online Shopping

SCOPE OF PROCESSED PERSONAL DATA

If you shop online, we process the following data about you:

• Information about you: name and surname, billing and delivery address, telephone and e-mail, gender, salutation, date of birth;
• Information on the choice of communication channels: email, sms or everything;
• Registration information: login and password, date of registration, Clubcard number;
• Purchase information: shopping cart, order number, time of purchase, payment method, favorites based on purchase history and Clubcard number, order history, redeemed coupons and vouchers, Clubcard points earned for purchases if you are a member, credit card information if you paid by card;
• Delivery information: information about your satisfaction with the services and products provided, the selected time period, the selected pick-up point when using the Click+Pick Up service, the assigned establishment;
• Device information: identification of the device from which you ordered the goods, model, operating system, IP address, browser type, or other information obtained through cookies of your choice (more below);
• Payment Information: Payment Card Information, such as PAN number, card type and expiration date, Customer name and billing address, as well as the Customer's "intention" to pay immediately or to save Payment Details for a later period;
• If you are a member of the Tesco Online Club, we also process the following data about you: the use of exclusive discount coupons, transaction data when paying for membership, booked delivery dates. 
• If you are a member of the Tesco Baby Club, we also process the following data about you: the use of exclusive discount coupons;
• If you use an ISIC card, we process the card number and the validity of your ISIC card;
• Communication channels through which you want us to communicate with you (e-mail, SMS, push notifications or others).

We do not process any special category personal data about you, i.e. sensitive data, e.g. about your health.

If you open a Clubcard account, it will be automatically linked to yourTesco online shopping account. If you shop online through our Tesco mobile application for online purchases, we also process personal data about you in addition to the above data specified in the part of these rules entitled "Mobile Application", for  the purposes set out therein. The processing of personal data in connection with complaints and complaintsabout your online purchase is described in more detail in  the section "Complaint handling through customer support".

For certain categories of goods (e.g. alcohol), we verify the identity of the buyer before issuing the order by consulting the identity document. However, Tesco does not further process and store this personal data. 

PURPOSE AND LEGAL BASIS

We process the above data for the purpose of:

• The provision of services and the delivery of goods that you have ordered, where the legal title for processing is Article 6 para. 1 lit. b) GDPR;
• We process information about the ISIC card and your participation in the Babyclub on the basis of your consent, i.e. Article 6 para. 1 lit. a) GDPR;
• We process technical information on the basis of a legitimate interest, i.e. Article 6 (1) (f) of providing  technical support for online shopping (ensuring the correct display of the website).
• We also process your personal data on the basis of a legitimate interest (Article 6(1)(f) of the GDPR) for the purpose of creating analyses, statistics and market research, internal research and development that help us improve your shopping experience (in particular by offering your favourite products or services) as well as our IT systems, our product range, services and products. We also use your pseudonymised data to improve our services and the delivery of goods (ensuring sufficient supplies, busy delivery hours, etc.).
• When completing the order, delivering the order, you can voluntarily provide an evaluation of the courier and/or the delivered goods, This information serves as a basis for possible complaints. The legal basis in this case is Tesco's legitimate interest (Article 6(1)(f) of the GDPR) to deliver the goods in perfect condition.
• At the same time, if you have not refused, we share your e-mail address and, if applicable, data on the purchased goods with Heureka Group a.s. within the "Verified by Customers" program and Seznam.cz, a.s. within the program Zboží.cz and conversion measurement in order to obtain feedback on our services and goods and facilitate decision-making for other customers, existing or future. Processing takes place on the basis of Article 6 para. 1 (f) of the GDPR and §7 para. 3 of Act No. 480/2004 Coll., while the legitimate interest lies in improving the quality or addressing negative feedback.
• At the same time, if you consent to commercial communications, we may share your email and/or phone number with Google LLC and/or Meta Platforms Ireland Ltd., Inc. to match your consent with targeted marketing to offer you richer content on their websites. The legal basis is your consent (Art. 6 (1) (a) GDPR), which can be revoked at any time using the contact details provided above. 
• If you have given us your consent, we will store and use your payment data for future orders and future payment, in whichcase the  legal basis for the processing of personal data is Article6(1)(a) of the GDPR (i.e. the processing is based on your consent);
• At the same time, if you provide marketing consent, we may share your email with Google LLC and/or Meta Platforms, Inc. in order to match your consents with targeted marketing and thus offer richer content on these companies' websites. The legal basis is your consent (Art. 6 (1) (a) GDPR), which can be revoked at any time at the contacts listed above.

PROCESSING TIME

We process your personal data for the duration of your account, but no longer than for 24 months from your last activity. In the event that we process your personal data on the basis of consent, we store this data until the moment of withdrawal of consent, but no longer than 24 months from your last activity withinyour account. If you ask us to delete your personal data, your registration for your account will be cancelled and your personal data will be permanently deleted or anonymised. In the event that your accountis not used for at least 2 years, it will be automaticallycancelled and your personal data will be deleted. We are obliged to store data on purchased goods for 10 years for reasons of compliance with accounting regulations, but in anonymized form.

PROCESSORS 

Tesco shares your personal data mainly with the followingprocessors:

• TESCO-GLOBAL Áruházak Zártkörűen Működő Részvénytársaság, H-2040 Budaörs, Kinizsi út 1-3., adószám, IČO: 10307078-2-44 and TESCO STORES SR, a. s., Cesta na Senec 2, 821 04, Bratislava, Slovakia, ID No.: 31 321 828, which help us with the  provision of our services to our customers: e.g. they take care of the support of IT systems used to operate online shopping, Clubcard and operate a customer line. These companies only process the data that is necessary to provide the service for these purposes. 
• TESCO-BST Üzleti és Technológiai Szolgáltatások Zártkörűen Működő Részvénytársaság, 1138 Budapest, Váci út 187, Hungary, Company ID No.: 01 10 140160, which provides customer service to Tesco,
• dunnhumby Ireland ltd. Floor 3, Building 2, Harbour Square Crofton Road, Dun Laoghaire Co Dublin, Ireland, which processes purchase information for the purpose of allocating coupons and vouchers, and participates in analytics to improve your shopping experience.
• DoDo Czech s.r.o., Company ID No.: 24128848, with its registered office at Pernerova 702/39, Karlín, 186 00 Prague, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 181207, which ensures the delivery of online purchases for Tesco and processes your personal data to the extent necessary for this purpose.

INDEPENDENT CONTROLLERS OF PERSONAL DATA

Inthe case of granting consent to targetedmarketing, the Controller may share your data with companies:

• Meta Platforms, Inc., with its registered office at Merrion Road, Dublin 4, D04 X2K5, Ireland; and/or
• Google Inc., with its registered office at GooglePlex, 1600 Amphitheatre Parkway, Mountain View, California, USA.

Your email address is provided to both companies, which is uploaded to the so-called Sandbox, in the event that you have given consent to one or the other company at the same time, a match takes place and then you can see the content provided to our customers in the form of targeted advertising on the websites of the respective companies. Ifyou have not given your consent, the address is deleted immediately. Since both companies are separate controllers, we recommend that you familiarize yourself with theirprivacy terms, which can be found here for Google and here for Meta Platforms.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

Where a system-level investigation is required (for example, for fraud detection or consent validation) or the involvement of other Tesco group companies, your personal data may be transferred to the following Tesco group companies: 

• Tesco Stores Limited (a company registered in England under company number 519500 and having its registered office at Tesco House, Shire Park, Kestrel Way, AL7 1GB). The transfer to Tesco Stores Limited is authorised by the European Commission's adequacy decision, which recognises that the UK (currently as a third country) ensures an adequate level of protection of personal data in accordance with the GDPR. 
• Tesco Bengaluru Private Limited (Tesco 81 & 82 Main Campus, EPIP Area, Whitefield, Bengaluru 560066, Karnataka). When we transfer your personal data to Tesco Bengaluru Private Limited, the transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission under the GDPR. These clauses ensure that your personal data is subject to a level of protection substantially comparable to that guaranteed within the EU/EEA. 

Also, if you agree to all cookies and/or marketing cookies, your personal data collected through cookies may be transferred outside the EU/EEA. For further and more detailed information about cookies, please visit the "Cookies and Similar Technologies" section of the Privacy Notice. 

AUTOMATED DECISION-MAKING AND PROFILING

Tesco does not perform automated decision-making. In accordance with market practice, Tesco classifies customers into segments of similar types of customers based on their preferences and interest in products.

In this context, we may group our customers into broad segments or categories (group them with similar customers) based on an analysis of customer interactions with our products and services. These transaction-based customer groups are based on lifestyle patterns. Tesco does not process health data or other special category data. As a result of this grouping, we can better tailor our offer (Clubcard vouchers and coupons) as well as the scope of marketing campaigns (where we have marketing consent) that may be of interest to you. Subsequently, we can also measure the effectiveness of this adaptation.

In practice, this means that customers are placed in groups of similar customers who have either bought the same products or spent similar amounts of money in their store during the week, which is known as the "segment". These segments are then "hashed", so that personal data is deleted, leaving only pseudonymized identifiers. Tesco does not share personally identifiable information, and the information that is matched may only be used for contractually agreed purposes.

PURPOSE AND LEGAL BASIS: Tesco processes your personal data, including data related to your previous transactions, to create and provide offers tailored to your interests and preferences. Next, we measure the effectiveness of this customization. This processing of personal data is based on our legitimate interest in increasing customer satisfaction and optimizing our marketing efforts (pursuant to Article 6(1)(f) of the GDPR). We ensure that this legitimate interest does not outweigh your fundamental rights and freedoms. For the avoidance of doubt, this processing does not have legal effects or any other similar effects for you as a customer.

SCOPE AND NATURE OF DATA: We collect and analyse transaction data as follows:

• purchase history;
• spending;
• frequency and loyalty;
• location;
• date.

We take your privacy seriously and implement extensive measures to protect your data. In addition to the general technical and organisational measures relevant to each type of processing activity, we pay particular attention to personalised content with:

• Data minimization: We only collect data that is necessary for the purposes listed above.
• Anonymization and pseudonymization: Where possible, we anonymize or pseudonymize data to increase privacy.
• Security measures: We use advanced security measures, including encryption and access controls, to protect your information from unauthorized access and breaches.

You have the right to object to the processing of your personal data for our legitimate interest as set out above, including tailored offers and coupons. You can exercise this right at any time by contacting us at CE.DPO@tesco.com. In addition, you have the right to access, rectify or delete your data and to restrict or object to processing pursuant to Articles 15-21 of the GDPR. A detailed description of your rights as a data subject can be found in the section "Rights of the data subject".

Clubcard

SCOPE OF PROCESSED PERSONAL DATA

If you have registered in the Clubcard loyalty program, we may process the following data about you:

• Information about you: name and surname, billing and delivery address, telephone and e-mail, date of birth, gender, salutation, international card number for applying the discount (e.g. ISIC);
• Registration information: login and password, date of registration, Clubcard number;
• Purchase history: whether you have purchased in the store or online, or information in whichstore, shopping cart, time of purchase, payment method, redeemed coupons and vouchers (including date of issue, date of use, place of redemption, value, validity, billing), Clubcard points earned for purchases, credit card information if you paid by card;
• Communication channels through which we may send you information (e-mail, SMS, push notifications, social media or others).

We do not process any special category personal data about you, i.e. sensitive data, e.g. about your health.

If you open a Tesco Online Shopping account, it will be automatically linked to yourClubcard account. In addition to the above personal data, we may also process personal data about you specified in the "Mobile Application" section if you use the Clubcard application. The processing of personal data in connection with complaints andcomplaints related to your Clubcard is described in more detail in  the section "Complaint handling through customer support".

PURPOSE AND LEGAL BASIS

We process the above data for the purpose of:

• Provision of benefits withinthe Clubcard loyalty system, for which the legal basis for processing is Article 6 (1) (b) of the GDPR;
• Monitoring the use of Clubcard for the purpose of preventing card misuse on the basis of our legitimate interest, according to Art.  6 par. 1 lit. f) GDPR. 
• We also process your personal data on the basis of a legitimate interest (Article 6(1)(f) of the GDPR) for the purpose of creating analyses, statistics and market research, internal research and development that help us improve your shopping experience (in particular by offering your favourite products or services) as well as our IT systems, our product range, services and products.   

PROCESSING TIME

We process your personal data for the duration of your account use, but no longer than 24 months from your last activity. Subsequently, the data is deleted. If you ask us to delete your personal data, your registration for your account will be cancelled and your personal data will be permanently deleted or anonymised. In the event that your accountis not used for at least 2 years, it will be automaticallycancelled and your personal data will be deleted.

PROCESSORS 

Tesco shares your personal data mainly with the followingprocessors:

• TESCO-GLOBAL Áruházak Zártkörűen Működő Részvénytársaság, H-2040 Budaörs, Kinizsi út 1-3., adószám, IČO: 10307078-2-44 and TESCO STORES SR, a. s., Cesta na Senec 2, 821 04, Bratislava, Slovakia, ID No.: 31 321 828, which help us with the  provision of our services to our customers: e.g. they take care of the resistance of IT systems used to operate online shopping, Clubcard and operate a customer line. These companies only process data that is necessary for the purposes mentioned above.
• TESCO-BST Üzleti és Technológiai Szolgáltatások Zártkörűen Működő Részvénytársaság, 1138 Budapest, Váci út 187, Hungary, Company ID No.: 01 10 140160, which provides customer service to Tesco,
• dunnhumby Ireland ltd. Floor 3, Building 2, Harbour Square Crofton Road, Dun Laoghaire Co Dublin, Ireland is located in E-Commerce and Industry, which processes purchase information to allocate coupons and vouchers, and participates in analytics to improve your shopping experience. 

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

Where a system-level investigation is required (for example, for fraud detection or consent validation) or the involvement of other Tesco group companies, your personal data may be transferred to the following Tesco group companies: 

• Tesco Stores Limited (a company registered in England under company number 519500 and having its registered office at Tesco House, Shire Park, Kestrel Way, AL7 1GB). The transfer to Tesco Stores Limited is authorised by the European Commission's adequacy decision, which recognises that the UK (currently as a third country) ensures an adequate level of protection of personal data in accordance with the GDPR. 
• Tesco Bengaluru Private Limited (Tesco 81 & 82 Main Campus, EPIP Area, Whitefield, Bengaluru 560066, Karnataka). When we transfer your personal data to Tesco Bengaluru Private Limited, the transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission under the GDPR. These clauses ensure that your personal data is subject to a level of protection substantially comparable to that guaranteed within the EU/EEA. 

Also, if you agree to all cookies and/or marketing cookies, your personal data collected through cookies may be transferred outside the EU/EEA. For further and more detailed information about cookies, please visit the "Cookies and Similar Technologies" section of the Privacy Notice. 

AUTOMATED DECISION-MAKING AND PROFILING

Tesco does not perform automated decision-making. In accordance with market practice, Tesco classifies customers into segments of similar types of customers based on their preferences and interest in products.

In this context, we may group our customers into broad segments or categories (group them with similar customers) based on an analysis of customer interactions with our products and services. These transaction-based customer groups are based on lifestyle patterns. Tesco does not process health data or other special category data. As a result of this grouping, we can better tailor our offer (Clubcard vouchers and coupons) as well as the scope of marketing campaigns (where we have marketing consent) that may be of interest to you. Subsequently, we can also measure the effectiveness of this adaptation.

In practice, this means that customers are placed in groups of similar customers who have either bought the same products or spent similar amounts of money in their store during the week, which is known as the "segment". These segments are then "hashed", so that personal data is deleted, leaving only pseudonymized identifiers. Tesco does not share personally identifiable information, and the information that is matched may only be used for contractually agreed purposes.

PURPOSE AND LEGAL BASIS: Tesco processes your personal data, including data related to your previous transactions, to create and provide offers tailored to your interests and preferences. Next, we measure the effectiveness of this customization. This processing of personal data is based on our legitimate interest in increasing customer satisfaction and optimizing our marketing efforts (pursuant to Article 6(1)(f) of the GDPR). We ensure that this legitimate interest does not outweigh your fundamental rights and freedoms. For the avoidance of doubt, this processing does not have legal effects or any other similar effects for you as a customer.

SCOPE AND NATURE OF DATA: We collect and analyse transaction data as follows:

• purchase history;
• spending;
• frequency and loyalty;
• location;
• date.

We take your privacy seriously and implement extensive measures to protect your data. In addition to the general technical and organisational measures relevant to each type of processing activity, we pay particular attention to personalised content with:

• Data minimization: We only collect data that is necessary for the purposes listed above.
• Anonymization and pseudonymization: Where possible, we anonymize or pseudonymize data to increase privacy.
• Security measures: We use advanced security measures, including encryption and access controls, to protect your information from unauthorized access and breaches.

You have the right to object to the processing of your personal data for our legitimate interest as set out above, including tailored offers and coupons. You can exercise this right at any time by contacting us at CE.DPO@tesco.com. In addition, you have the right to access, rectify or delete your data and to restrict or object to processing pursuant to Articles 15-21 of the GDPR. A detailed description of your rights as a data subject can be found in the section "Rights of the data subject".

Mobile application Tesco Online shopping CZ, Clubcard, Scan&Shop mobile

SCOPE OF PROCESSED PERSONAL DATA

If you use Tesco applications, we may process the following about you: 

• Information about you: name and surname, billing and delivery address, telephone and e-mail, date of birth, gender, international discount card number (e.g. ISIC);
• Registration information: login and password, date of registration, Clubcard number;
• Purchase information: whether you have purchased in the store or online, or information in whichstore, shopping cart, order number, time of purchase, payment method, redeemed coupons and vouchers (incl. date of issue, date of use, place of redemption, value, validity, billing), Clubcard points earned for purchases (incl. history), payment card information, if you paid by card, your opinion expressed through the app;
• Payment Information: Payment Card Information, such as PAN number, card type and expiration date, Customer name and billing address, as well as the Customer's "intention" to pay immediately or to save Payment Details for a later period;
• Device information: IP address of your mobile device, date and time of access, application user request, http response code, amount of data transferred, application version used, or other information obtained through cookies of your choice (more below);
• Your current location, if you have given us your consent to do so;
• The camera of your mobile device can be used to scan QR codes to identify the store in which you are shopping and to scan the barcodes of goods. 
• Anonymized analytics information about how you use the app;
• Information about consent to push notifications.

You can enable Face ID authentication in mobile apps. Apps are only notified if the verification is successful. Tesco does not gain access to Face ID data associated with a registered face through apps. Tesco does not process any personal data related to authentication. 

In the case of the Scan Shop application&, we process some of the abovepersonal data about you  only if you link your Clubcard account to  the application.

PURPOSE AND LEGAL BASIS

We process the above data for the purpose of:

• We process information about you, your registration and your purchase for the purpose of providing the services offered by the App on the basis of Art. 6 para. 1 lit. b);
• We process device information for the protection of our systems, application error analysis and prevention of illegal activity, all on the basis of our legitimate interest pursuant to Article 6 (1) of the GDPR. 1 lit. f);
• If you have given your consent to geolocation when using our app, we use this feature to show you your nearest store based on your current location;
• If you have given us your consent, we will store and use your payment data for future orders and future payment, in whichcase the  legal basis for the processing of personal data is Article6(1)(a) of the GDPR (i.e. the processing is based on your consent);
• Access to yourcamera is necessary to scan QR codes in order to provide the  service offered by the app (Article 6(1)(b)); 
• On the basis of your consent (Art. 6 (1) a) GDPR), we may process analytical information about your use of the App in order to improve your user experience with the App;
• If you give us your consent, you will be sent push notifications to inform you about current offers, products and promotions; 
• We also process your personal data on the basis of a legitimate interest (Article 6(1)(f) of the GDPR) for the purpose of creating analyses, statistics and market research, internal research and development that help us improve your shopping experience (in particular by offering your favourite products or services) as well as our IT systems, our product range, services and products;  
• On the basis of our legitimate interest (Article 6(1)(f) of the GDPR), we also process your answers and opinions regarding the services and products provided, which you voluntarily provide to us by filling in the relevant forms wherethey  are available in the apps, in order to improve our products and services.  

PROCESSING TIME

We process your personal data for the duration of your use of the mobile application, but no longer than 24 months from your last activity in the mobile application. Subsequently, the data is deleted. In the event that we process your personal data on the basis of consent, we store this data until the moment of withdrawal of consent, but no longer than 24 months from the last activity. 

PROCESSORS AND RECIPIENTS

Tesco shares your personal data with thefollowing processors:

• Verint Systems Inc., 175 Broadhollow Rd, Ste 100, Melville, NY 11747, which processes your responses and opinions regarding the products and services provided; 
• TESCO-GLOBAL Áruházak Zártkörűen Működő Részvénytársaság, H-2040 Budaörs, Kinizsi út 1-3., adószám, IČO: 10307078-2-44 and TESCO STORES SR, a. s., Cesta na Senec 2, 821 04, Bratislava, Slovakia, ID No.: 31 321 828, which help us with the  provision of our services to our customers: e.g. they take care of the resistance of IT systems used to operate online shopping, Clubcard and operate a customer line. These companies only process data that is necessary for the purposes mentioned above; and
• dunnhumby Ireland ltd. Floor 3, Building 2, Harbour Square Crofton Road, Dun Laoghaire Co Dublin, Ireland is located in E-Commerce and Industry, which processes purchase information to allocate coupons and vouchers, and participates in analytics to improve your shopping experience. 

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

We do not transfer personal data outside the EU.

AUTOMATED DECISION-MAKING AND PROFILING

Tesco does not perform automated decision-making or profiling.

Handling complaints and claims via Customer Support and the contact form

SCOPE OF PROCESSED PERSONAL DATA

In the case of resolving complaints, we process about you:

• Your contact details: full name, phone number and email address; 
• If you contact us by phone, your voice is considered personal information and a unique ID assigned to your case; 

Data relating to the claim, as well as the data contained in the claim and the following information about the claim: 

• the name and address of the consumer; 
• the place, time and manner of lodging the complaint; 
• a detailed description of the consumer's complaint, a list of documents and other evidence submitted by the consumer; 
• signature of the person making the report and, with the exception of an oral complaint submitted by telephone or other electronic means of the consumer; 
• place and date of registration of minutes; 
• in the case of an oral complaint lodged by telephone or other electronic communication service, a unique identification number of the complaint; 
• Additional information may be obtained from your account if it is relevant and necessary (for example, in the event of a complaint about the price of a product, transaction history may be relevant); 
• a recorded audio recording of a complaint submitted orally through our call centre; 
• minutes of the complaint or inquiry in the case of an oral complaint submitted by telephone; 
• Other information you share with us if it is considered personal information. 

If you interact with Teo, Tesco's virtual assistant, the data collected may include: 

• transcript of the interview, 
• Information on behalf of and requested by the customer, such as information related to your browsing, purchase, and online behavior and activities; and 
• automatic information, such as IP address, operating system, and type of device used. 

After discussing with our customer support, you can provide feedback on the quality and/or your satisfaction with our customer support if you give your consent to submit a survey. While we encourage you not to share any personal information during such feedback, we cannot exclude sharing personal information with us that identifies you. Additionally, due to the nature of the survey, theoretically, the responses obtained could be linked to your account through the support ticket provided for your case.  

The processing of special categories of personal data is not intended; However, it cannot be ruled out that during the process the controller may become aware of this data (for example, by sharing it by the data subject). In such cases, if the processing of such data is not necessary to achieve its purpose, the Controller will delete or otherwise protect the data within the scope of possible possibilities. If, due to the nature of the processing, the processing of such data makes the handling of such data unavoidable or necessary (for example, the subject of the complaint is personal injury that could be considered as health data), the controller shall extend its processing activities with a legal basis in accordance with Article 9 of the GDPR. 

TEO Assistant and the use of artificial intelligence

Please note that Teo, our virtual assistant, does not use AI capabilities for either training or functional purposes. Our customers use our contact pages where they have the opportunity to start a chat. When they enter the chat, they communicate through a simple triage bot (no AI) that tracks a static set of questions and options for the customer line. Once the case/query is resolved, the entire case is handed over to an agent who will use this information to resolve the customer complaint through their existing systems (Zendesk, etc.) in the same way as a phone call or complaint sent by email. 

PURPOSE AND LEGAL BASIS

We process the above data for the purpose of:

• We process personal data related to complaints and complaints because we are required to do so by law in the case of complaints, or on the basis of a legitimate interest in the case of  other complaints (Article 6 (1) (c) and (f) of the GDPR);
• If you have given your consent to the recording of the call, the legal basis is your consent according to Article 6 (1) (a) of the GDPR. You can revoke your consent at any time at the above contacts for exercising the rights of subjects. The recording will be deleted immediately after the consent is withdrawn.
• Improving the quality of complaint handling, where the legal basis is a legitimate interest under Article 6 of the Criminal Code. 1 lit. f) GDPR.

PROCESSING TIME

We process your personal data for the period necessary to resolve a specific complaint or claim, or for the duration of the limitation period, and in the event of the initiation of judicial, administrative or other proceedings,  we process your personal data to the extent necessary for the entire duration of such proceedings. Subsequently, the data is anonymized for statistical purposes. In the event of  consent to the recordingof a phone call or through the Tea Assistant with customer support, the retention period is 3 months, provided that you do not withdraw your consent beforehand. Subsequently, the recording is deleted.

PROCESSORS AND RECIPIENTS

Tesco shares your personal data with the following processors:

• TESCO-GLOBAL Áruházak Zártkörűen Működő Részvénytársaság, H-2040 Budaörs, Kinizsi út 1-3., adószám, ID: 10307078-2-44
• TESCO STORES SR, a. s., Cesta na Senec 2, 821 04, Bratislava, Slovakia, ID No.: 31 321 828,
• TESCO-BST Üzleti és Technológiai Szolgáltatások Zártkörűen Működő Részvénytársaság, 1138 Budapest, Váci út 187, Hungary, Company ID: 01 10 140160,

To help us provide our services to our customers: e.g. to support the IT systems used to operate Clubcard and to operate the customer service. These companies only process data that is necessary to resolve a claim or complaint.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

We do not transfer personal data outside the EU.

AUTOMATED DECISION-MAKING AND PROFILING

Tesco does not perform automated decision-making or profiling.

Participation in competitions, market research, events organized by Tesco

SCOPE OF PROCESSED PERSONAL DATA

In the event that you enter a competition, market research or other event organised by Tesco (the "Event"), we will process the following about you:

• Information about you: name and surname, telephone and e-mail, or other identification data according to the terms and conditions of the specific Promotion;
• Other information provided by you during or in connection withthe Promotion.

We do not process any special category personal data about you, i.e. sensitive data, e.g. about your health.

PURPOSE AND LEGAL BASIS

We process the above data in accordance with Article 6 (1) of the GDPR. 1 lit. b) GDPR, for the purpose of organizing Events.

PROCESSING TIME

We process your personal data for the necessary period of time, which is set for each individual Event. We recommend that you familiarize yourself with the terms and conditions of individual Events.

PROCESSORS AND RECIPIENTS

Tesco shares your personal data with the following processors:

• TESCO-GLOBAL Áruházak Zártkörűen Működő Részvénytársaság, H-2040 Budaörs, Kinizsi út 1-3., adószám, IČO: 10307078-2-44 and TESCO STORES SR, a. s., Cesta na Senec 2, 821 04, Bratislava, Slovakia, ID No.: 31 321 828, which help us with the organization and evaluation of Events.
• Tesco Endowment Fund: we share your data to the extent  of your name, surname, contact details and/or other personal data that you have provided in order to participate in the event with other non-governmental organizations that participate in the organization of these events. 

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

We do not transfer personal data outside the EU.

AUTOMATED DECISION-MAKING AND PROFILING

Tesco does not perform automated decision-making or profiling.

Sending news and marketing communication

SCOPE OF PROCESSED PERSONAL DATA

You can subscribe to newsletters and marketing communications via your Online Shopping Account or Clubcard account or on the Tesco website  in the Newsletter Subscription section. If  you subscribe to newsletters or marketing communications, we will process the following about you:

• Information about you: name and surname, telephone and e-mail;
• Information about the consent granted to marketingactivities;
• Information about the store where you regularly shop;
• Preferences regarding communication, especially via e-mail.

If you give us your marketing consent, Tesco will tailor offers, coupons and advertisements to your specific shopping habit. Example: A customer receives a milk coupon, but a customer with marketing consent receives a coupon for milk from the brand they are purchasing. In this way, Tesco ensures that the customer is satisfied and receives targeted offers. Tesco does not sell data to any third parties other than aggregated data, e.g. sales of dairy products increased by x%. We also share your email address and phone number with Google and Meta to show you ads that are tailored to your needs, while avoiding showing you ads that may be irrelevant to you. Consent to marketing can be revoked at any time in the contact provided. Withdrawing consent does not affect data collected before revocation. We do not process any special categories of special category personal data, i.e. sensitive data, such as health data. 

PURPOSE AND LEGAL BASIS

We process the above data on the basis of your consent pursuant to Article 6 (1) of the GDPR. 1 lit. a) GDPR, in order to:

• send you newsletters, send you relevant marketing communications, or contact you for marketing surveys;
• sending satisfaction questionnaires;

News and marketing communications relate to our products and services, including Clubcard or Tesco online shopping, and to the products and services of partners who are part of the Tesco Group. 

More information on the content and method of sending news or marketing communication is provided in the form for granting consent to the sending of news and newsletter. You can withdraw your consent at any time via the link in the email, or in the settings of your marketing preferences in the relevant application or at the above contacts for exercising the rights of subjects. If you withdraw your consent, you will unsubscribe from all newsletters and marketing communications. If you subsequently decide to subscribe to the newsletter, it is necessary to change the marketing preferences settings, or to subscribe again to the newsletter.

PROCESSING TIME

We process your personal data for a period until the withdrawal of consent, but no later than 24 months from your last interaction with  the Company's products or services.

PROCESSORS AND RECIPIENTS

Tesco shares your personal data with the following processors:

• TESCO-GLOBAL Áruházak Zártkörűen Működő Részvénytársaság, H-2040 Budaörs, Kinizsi út 1-3., adószám, IČO: 10307078-2-44 and TESCO STORES SR, a. s., Cesta na Senec 2, 821 04, Bratislava, Slovakia, ID No.: 31 321 828, which help us with the preparation and distribution of news and marketing communication or marketing surveys;
• dunnhumby Ireland ltd. Floor 3, Building 2, Harbour Square Crofton Road, Dun Laoghaire Co Dublin, Ireland, which processes purchase information for the purpose of allocating coupons and vouchers, and participates in analytics to improve your shopping experience.

INDEPENDENT CONTROLLERS OF PERSONAL DATA

Inthe case of granting consent to targetedmarketing, the Controller may share your data with companies:

• Meta Platforms, Inc., with its registered office at Merrion Road, Dublin 4, D04 X2K5, Ireland; and/or
• Google Inc., with its registered office at GooglePlex, 1600 Amphitheatre Parkway, Mountain View, California, USA.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

. We do not transfer personal data outside the EU. 

AUTOMATED DECISION-MAKING AND PROFILING

Tesco does not perform automated decision-making or profiling.

Social Media

Tesco manages official social media pages (such as Facebook and LinkedIn) to communicate with customers and the public. The general objective of our presence on these platforms is to inform customers about offers, products, services, promotions, draws, topics and news related to Tesco, however, due to the nature of the technology, personal data is processed to a certain extent (e.g. when responding to comments, moderation) and based on the customer's interaction with the platform (e.g. based on likes, commenting or watching content), we can measure audiences and we have statistics about our pages on social media networks. In these cases, personal data about you is processed jointly by us and the platform provider.  

Currently, Tesco maintains its presence on the platforms listed below:  

• https://www.instagram.com/tesco.cz
• https://www.facebook.com/itesco.cz
• https://www.youtube.com/user/tescocz
• https://www.tiktok.com/@tesco_cesko

Scope of processed personal data  

• information about your interactions with our site (e.g., likes, comments, shares); 
• Page Insights provided by Meta to help us understand how users interact with our content; 
• information you share with us (for example, if you contact us in a private message); 
• technical data, such as IP address, device information, and cookies used by the platform.

We do not process any special category personal data, i.e. sensitive data, e.g. health data. 

Purpose and legal basis 

We process the above data on the basis of your consent pursuant to Art. 6 para. 1 lit. a) GDPR, in order to: 

• engage and communicate with customers (including answering questions, responding to suggestions, etc.); 
• advertising and targeting, where relevant, sending newsletters, sending you relevant marketing communications or contacting you for marketing surveys; 

The length of data processing and communication with you is set by default by the platform operator, with the proviso that in the event of inappropriate content, Tesco may delete the post.

Since the providers of the platforms are also separate controllers, we recommend that you review their privacy policies before visiting these platforms:

• Instagram: https://www.facebook.com/privacy/policy/
• Facebook: https://www.facebook.com/privacy/policy/
• Tiktok: https://www.tiktok.com/legal/page/us/privacy-policy/en
• LinkedIn: https://privacy.linkedin.com/

Processed personal data obtained through cameras

SCOPE OF PROCESSED PERSONAL DATA

Inthe event that you visit one of our stores, we will process about you:

• Video recording of your person via installed cameras
• Video and audio recording of your person obtained by means of body cameras (so-called Body Wear Cameras), which may be worn by some employees of the Controller or security guards.

PURPOSE AND LEGAL BASIS

We process the above data for the purpose of:

• Legitimate interest pursuant to Article 6 (1) of the Constitution. 1 lit. f) GDPR consisting in the protection ofě property and safety of persons
• Legitimate interest pursuant to Article 6 (1) (f) GDPR consisting in the preventionof undesirable behaviour.

PROCESSING TIME

We will not keep your personal data longer than necessary, for a maximum of 14 days from the date of your visit to our stores, unless we are obliged to keep it longer, for example, for the establishment, exercise or defence of legal claims, but no longer than during the limitation period for such claims.

PROCESSORS AND RECIPIENTS

Record processors/recipients can be:

• technology companies ensuring the operation of CCTV systems and their maintenance; 
• security service providers;
• A public authority where the sharing of personal data is required by law or a public authority, or where the sharing of personal data is necessary to identify, exercise or defend our legal claims (this includes providing personal data to others for fraud prevention purposes).

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

We do not transfer personal data outside the EU.

AUTOMATED DECISION-MAKING AND PROFILING

Tesco does not perform automated decision-making or profiling.

Other Tesco services offered in cooperation with partners (Tesco mobile)

SCOPE OF PROCESSED PERSONAL DATA

If you use any of the services offered by Tesco together with its partners, we may process the following about you:

• Your identification data: name and surname, address, date of birth, and others depending on the service used.
• Information about the scope of the service: we further process information to the extent of therequested service.

We do not process any special category personal data about you, i.e. sensitive data, e.g. about your health.

You can find more information about the processing of your personal data in connection with the Tesco mobile service here. 

PURPOSE AND LEGAL BASIS

We process the above data for the purpose of providing performance under the contract (Art. 6 (1) (b) GDPR).

PROCESSING TIME

We process your personal data for the period specified inthe concluded  contract.

PROCESSORS AND RECIPIENTS

Tesco does not use processors. However, we recommend that you familiarize yourself with the Information on the processing of personal data of partners who may use processors.

Job applicants at Tesco

SCOPE OF PROCESSED PERSONAL DATA

• Information shared by you through your CV, cover letter or other documents sent to Tesco;
• Information provided during recruitment;
• Information frompublicly available sources – public registers, professional networking networks (e.g. LinkedIn), etc.
• Copies of documents submitted prior to employment with Tesco (necessary for the preparation of the employment contract and/or wage deductions);
• Confirmation froma medical  examination of the ability or limitations to perform employment.

We do not process any special category personal data about you, i.e. sensitive data, e.g. about your health.

PURPOSE AND LEGAL BASIS

We process the above-mentioned data for the purpose of concluding an employment contract (Art. 6 (1) (b) GDPR) and on the basis of our legitimate interest (Art. 6 (1) (f) GDPR) for the purpose of handling complaints from applicants regarding the selection procedure and the protection of our rights and interests. Unsuccessful applicants may give their consent to the processing of personal data (Article 6(1)(a) of the GDPR) for the purpose of inclusion in the database of job seekers and contacting Tesco with other job offers that correspond to your professional profile. Consent can be revoked at any time at the above contacts for exercising the rights of subjects.

PROCESSING TIME

Tesco retains personal data for the duration of the selection process; in the event that you are unsuccessful in the selection procedure, your personal data will be deleted within 6 months of their provision. In the event of concluding an employment contract, personal data will be the subject of your personal file and will be archived and shredded in accordance with applicable law after the termination of the employment relationship.

In the event that you have given your consent to be included in the database of applicants and to be contacted with future job offers that correspond to your professional profile, we process your personal data for the period until the consent is withdrawn, but no longer than 3 years after its provision. 

PROCESSORS AND RECIPIENTS

Tesco uses the following processors or recipients:

• TESCO-GLOBAL Áruházak Zártkörűen Működő Részvénytársaság, H-2040 Budaörs, Kinizsi út 1-3., adószám, ID No.: 10307078-2-44 and TESCO STORES SR, a. s., Cesta na Senec 2, 821 04, Bratislava, Slovakia, ID No.: 31 321 828;
• Alma Career Czechia s.r.o., Dock in Five, Menclova 2538/2, Libeň, 180 00 Prague 8, which maintains our database of applicants and technically supports the career side of https://kariera.itesco.cz/.

Employment agencies: if you have sent us your CV through an employment agency/intermediary, please check how they process your personal data. Insome cases, it is not a processor but a processorto whom you give special consent and who may use personal data differently from Tesco.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

We do not transfer personal data outside the EU.

AUTOMATED DECISION-MAKING AND PROFILING

Tesco does not perform automated decision-making or profiling.

Cookies and similar technologies

How We Use Cookies

Cookies are small text files containing a unique identifier that are stored on your computer or mobile device so that your device can be recognized when you use a particular website or mobile application. They can only be used for the duration of your visit, or they can be used to measure how you interact with the Services and Content over time. Cookies help to provide important features and functionality on our website and mobile applications, and help improve your customer experience.

Types of cookies

Cookies can be divided based on several criteria. Depending on who creates and processes cookies, cookies can be divided into two categories:

A first-party cookie is created directly by websites or scripts on the same domain. Most often, it is used to ensure the basic functionality of the website.

Third-party cookies are created by other websites. These websites own some content on the website you visit, such as ads, images, or videos.

Cookies can also be divided according to their durability into:

Session cookies are temporary. They are stored on your device only until you stop working with your internet browser and are deleted when you close it. These cookies are necessary for the proper functioning of the website or associated applications.

We may use persistent cookies to make your navigation on our website easier and more convenient (for example, easier and faster navigation). These cookies remain in your browser for a longer period of time or until you manually delete them. The length of this period depends on the selected settings of the Internet browser. Permanent cookies allow information to be transferred to the web server each time you visit the website.    

According to the purpose of use, cookies can be divided into:

Strictly necessary (essential) cookies that are required for the operation of the website. These include, for example, cookies that allow you to log in to secure areas of our website. These cookies do not collect information about users that can be used for marketing purposes or to remember what pages users have visited on the internet.

We use performance cookies to improve how the website works. These cookies collect information about how visitors use the website, such as which pages visitors go to most often and whether they receive error messages from the website. They also allow us to record and count the number of visitors to the website, which allows us to track how visitors use the website. These cookies do not collect information that would allow the user to be personally identified. The information collected using these cookies is aggregated and anonymous.

Functional cookies make it easier to use and improve the functionality of the website. They are used to activate specific features of the website (e.g. playing videos) and to set them according to your choices (e.g. language), in order to improve your experience on the website. At the same time, functional cookies are used to remember your preferences when you visit the website again. However, they do not collect information that can identify you.

Targeting and advertising (profiling) cookies are used to track the preferences you discover through the use of the website and to send or display advertising messages in accordance with those preferences. 

 We use these cookies

www.itesco.cz

www.nakup.itesco.cz

www.zabezpeceni.itesco.cz

 *Google cookies may process personal data. The controller of the personal data in question is Google Inc., based in the USA, which may share the collected data with othercompanies. Before accepting these cookies, we recommend that you familiarize yourself with the Information on the Processing of Personal Data of  Google Inc. https://policies.google.com/terms?hl=cs

Your choices regarding cookies

Web browser cookies

We use cookies to make our website easier for you to use and to show you customized content. It is up to you which of them you allow us to apply. You can revert to your preferences at any time and change them by using Cookie Preferences and/or by setting up a banner from OneTrust.

You can use your browser settings to accept or decline new cookies and delete existing cookies.  This allows you to set your browser to notify you of any new placement of cookies on your computer or other device.  You can find more detailed information on how you can manage cookies through your browser's help function.

You can also manage cookies related to advertising on our services by opting out through the service providers listed in the table above, or by visiting the YourOnlineChoices website. Where personalized ads for other organizations' websites are displayed, you'll typically see an AdChoices icon.  By clickingon this icon, you will receive specific help on how to control your preferences in the area of online advertising.  Further information is available on the YourAdChoices website.

Mobile Applications

Cookies work differently on mobile applications, as they are encoded in the applications themselves, and use a unique identifier created by your mobile device for the use of advertising activities. You can turn off or reset this advertising identifier through the privacy settings of your mobile device.

This version 1.6 of the Privacy and Cookie Policy is effective from March 1, 2026.