Privacy Policy

Advice about the processing of your personal data within the Rajče Service

This advice summarizes the basic principles of personal data processing by MAFRA, a.s. if the users of the Rajče Service are individuals.

The personal data controller is the Operator of the Rajče portal, MAFRA, a.s., with its registered office at Karla Engliše 519/11, Prague 5, postal code 150 00, Comp. Reg. No.: 45313351 (hereinafter referred to as “MAFRA”).

When processing your personal data, we follow Regulation No. (EU) 2016/679, the General Regulation on Personal Data Protection (hereinafter referred to as the "Regulation") and related regulations.

Registered Users of the Service

This part of the advice summarizes the basic principles of the processing of your personal data by MAFRA if you are a registered user of the Rajče service.

For what purposes do we process your data?

In this section we provide an overview of the purposes for which we will use (process) your personal data. Each item of data is usually used for multiple purposes at the same time. The means of processing, duration of the processing, etc. also depend on the specified purposes. In certain cases specified in the Regulation, we may process your data for purposes other than those listed below; however, these are exceptional and limited cases which, under the Regulation, are subject to meeting other conditions.

The data obtained within the Rajče Service are used for the following purposes:

  • The primary purpose is to operate the Rajče Service (incl. Rajče forum - hereinafter referred to as the "Discussion Forum"), i.e. providing the Rajče Service that you use through our website, incl. records of users of this Service and contractual relationships. This also applies to contractual relationships arising in connection with an order of any paid services, i.e. the production of photo products for you

  • The protection of our rights or the rights of third parties (e.g. in case of a lawsuit regarding our services or photos published on Rajče and debt collection)

  • For statistical purposes (in this context, however, your data are usually aggregated so that your identity cannot be determined)

  • Measuring traffic to Rajče (including without limitation via Google Analytics)

  • Organization of consumer competitions, delivery of prizes and coverage of such competitions (applies only to competitions which you actively enter)

  • Improving the content of the Rajče website and its development (e.g. through Hotjar measurements)

  • Ensuring the security of our systems and network against attacks from outside or misuse by users to the usual extent carried out on the market

  • For the purposes of keeping accounting records and fulfilling other statutory obligations (documenting the legal basis for the processing of your personal data and fulfilling other obligations pursuant to the Regulation and any other regulations in the field of personal data protection)

  • To a reasonable extent for direct marketing, i.e. the more targeted display of content and advertising on our site to individual users and sending commercial communications

We usually process your data in our own computer systems, although we may also use the systems of third parties (so-called processors). You can also log in to Rajče through our iOS and Android applications. The application allows you to log in to your account, access your albums, create new albums, upload content to them and edit the existing albums. You can subscribe to the discussion forum through your account in the main Rajče Service.

Legal basis of the processing

Any processing of personal data must be lawful — it must be based on one of the legal bases of the processing listed in the Regulation. As with the purpose, each data can be processed for several legal grounds for the processing. If all legal grounds cease to exist, we will stop processing your data. The possible legal grounds for the processing are listed in Art. 6 of the Regulation. Please note that if we process your personal data on the basis of your consent, you may withdraw such consent at any time (to withdraw, use the interface of the service you use, or contact us using the contact details listed below). The withdrawal of consent does not affect the lawfulness of processing based on the consent provided before its withdrawal.

The legal basis for the processing of your personal data is the need to fulfill the contract, incl. e.g. the recovery of receivables if it involves the use of the Rajče Service or the delivery of ordered products, legitimate interests of MAFRA (given by the interest in protecting our rights, processing for statistical purposes, measuring traffic to our site, improving the content of our site and their development, ensuring the security of our systems and network and direct marketing) and third parties (including without limitation our contractual partners involved in the performance for you or the people shown in the photos) and in connection with compliance with the legal requirements (prevention of offences, Act No. 110/2019 Coll., and the Regulation, bookkeeping and fulfillment of obligations under the tax regulations).

The legal basis for the processing of your data may also be your consent, especially if you place the so-called special categories of data on Rajče. In this case, you may withdraw your consent at any time. Please note that the withdrawal of consent shall not affect the lawfulness of processing based on the consent before its withdrawal.

What data do we process and what are their sources?

In this section you will find out what types of personal data we process about you. Personal data means any information relating to an identified or identifiable natural person (also the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The personal data we will process about you will usually be obtained directly from you, or as part of monitoring your activities within our site (accounts). In justified cases (especially when recovering amounts due), we may also seek additional information about you from open sources.

The data we collect in connection with registered users of our Rajče Service will be obtained primarily from you and will usually contain: filled in login data (nickname, e-mail), your password to the service (stored in hash form), access codes to the albums, stored photos/ videos incl. the so-called EXIF (file name, used camera, date of image creation, used ISO value, geolocation of taking the image), profile and header image which you enter into the service incl. EXIF, favourite albums and authors, comments that you enter on other people's photos or within the discussion forum and, if ordering paid services, also the address, contact details for carriers and invoicing data and payment details, incl. the relevant account number. At the same time, we will assign you a user ID generated by our system. We will also process data on how you have registered or, if applicable, how you have given us your consent to the processing of your personal data (usually by storing information on the method and time of registration/granting consent, including e.g. your IP address from which you have clicked the relevant field, or details of the response to the confirmation e-mail) and when you have cancelled the registration or withdrawn your consent.

To the extent that our services allow the sending of messages between users, we will store in the system the texts of such messages which we do not analyze in any way, except in specific cases of suspected infringement (e.g. spam) or protection against it and together with them data on to the sender.

We will also store logs of your activity within your account in the system in order to document your steps and as a security measure. In this context, we will collect information related to you, i.e. the IP address with which you log in to our services or from which you took an action, the date and time of access to these services, and the changes made.

If we are forced to cancel your registration, e.g. after a breach of the terms and conditions of the Service, we will store your basic identification data, registration and cancellation information and possibly granting/withdrawing consents, activity logs and the reason for cancelling the Service for a reasonable period of time, especially to protect our rights and the rights of third parties and the possibility of proving the lawfulness of the processing of your data.

If you enter a competition, we will store the related data for the entire duration of your account.

We will obtain the personal data processed by us either directly from you (by providing them to us as part of registration for the service and your activities within the service interface, or from individual correspondence with you) or as part of monitoring your activity within our service.

As part of our services, the so-called cookies are also used. You can find an overview of them here and the general rules for their use can be found here.

How long will we process the data?

Our company cannot process your data for any length of time, but the processing duration is rather limited to the period when we really need your data. We try to limit the length of this period to take due account of both your and our interests.

All data obtained during registration with the Rajče Service itself and for the period of use of the registered Rajče Service are usually stored for the entire registration period and 3 months after its cancellation, so the account can be reactivated during that period. For a period of 3 months after the cancellation of the account or their deletion, photos/videos are also backed up to the service originally stored in order to protect the rights of our company and of third parties and to prove the lawfulness of the processing of your data. Such backups are deleted after 3 months, except in cases where an incident is currently being resolved in connection with the data in question. Subsequently, only basic registration data, data on granting/withdrawing consent and information on the reason for which the registration was terminated or data forming part of the operational backups and security activity logs within the account are stored for a reasonable period of time (derived mainly from the time when it would be possible to make legal claims against our company).

As for the discussion forum, if the account is cancelled (please ask the administrators to cancel the account), the posts are not automatically deleted; only the user's nickname is replaced with pseudonymized data (so as not to disrupt the continuity of discussion posts). However, once your account is cancelled, you will no longer be able to sign in to your account. Administrators must be specifically asked to delete posts. In the case of the final deletion of posts and thus the final cancellation of the account, the texts of deleted posts and other registration data are backed up for a further period of 6 months.

Even after the cancellation of the above accounts, we may store information for a longer period of time stating that such an account existed, when it was established and when it was cancelled.

Information on the use of paid services (photo product orders, payment details, etc.) is usually stored for a period of 10 years from delivery in order to prove our performance. For registered users, the background photos are stored in their profile where it is possible to delete them.

Details on the processing of personal data for the purpose of sending commercial communications can be found here.

We reserve the right to disable or delete accounts for accounts that are not used by the user for a reasonable period of time or that have defects.

The above periods of time may be exceeded in cases when appropriate to the circumstances, such as when an inspection is initiated by a regulatory body or in the event of an ongoing dispute.

As for the duration of the processing, if it is not explicitly stated in the terms and conditions of the Service or stipulated by law, we determine the adequacy of the duration of the processing of personal data in particular in the following respects: (i) length of limitation periods with a reservation for us to find out that a lawsuit has been filed or other proceedings have been instituted (ii) the likelihood of legal claims made against our company, (iii) the expected periods of time for detecting attacks on our network or other breaches of security, (iv) common market practices and regulatory recommendations, and (v) probability and significance of the risks involved.

Service cancellation

You can stop using our Rajče Service at any time (does not apply to paid products). If you are interested in cancelling your account, contact the service administrator for this purpose who will complete the cancellation process with you, or you can do it directly from your user account (account cancellation for a discussion forum is only possible through an administrator). By cancelling the registration, we will stop using your data for the provision of the Service itself, except for the publication of contributions

to the discussion forum, the deletion of which must be requested to the administrators separately (posts are left by default due to the continuity of individual discussion threads).

Please also note that as stated above, even after the cancellation of the registration some data will be stored as back ups in order to protect the rights of our company and third parties, IT security and documenting compliance with the laws and regulations, including without limitation on personal data protection and accounting.

To whom can we disclose information about you?

Not all personal data is processed by our company itself. We sometimes hire third parties, the so-called personal data processors, for processing. We try to select only those processors who are sufficiently trustworthy. As part of the Service, we may also disclose your information to providers of other services or in the event of incidents.

If you order a paid service from us (e.g. creation of a photo album, photo printing, etc.), then we will disclose selected information about you to our partner companies that produce such products. Basic identification data will also be shared with The Pay system which allows you to make payments for photo product orders (however, the payment itself takes place within this system and our company only obtains reporting systems without an account number and does not have access to the detailed payment methods).

Otherwise, MAFRA may disclose your personal data to third parties only in cases where it is required or permitted by law or with your consent. MAFRA only discloses personal data to processors or other recipients to the usual extent:

  • Providers of external services for MAFRA (typically programming or other supporting technical services, server services, e-mailing, services related to measuring traffic to our site and adapting their content to user preferences),

  • Operators of backup servers or operators of technologies used by MAFRA that process them in order to ensure the functionality of the relevant MAFRA services,

  • To the extent necessary, MAFRA's legal, economic and tax advisors and MAFRA's auditors that process them for the purpose of providing MAFRA's advisory services,

  • Personal data concerning debtors with overdue debts may also be disclosed to companies providing receivables insurance or collection agencies for the purpose of recovering or collecting of MAFRA receivables

  • In the event of a specific incident being dealt with (e.g. if a third party disputes the legitimacy of the publication of a photograph), a complaint and responses may be sent to the relevant other party for comment,

  • Upon request or in case of suspected infringement, personal data may also be transferred to the relevant public authorities.

  • Of course, if your posts are intended for publication (photos in unprotected albums, discussion posts), we will publish them on the Internet and they will be accessible without restrictions, incl. search engine indexing.

Are you obliged to provide us with the data?

You provide your personal data to MAFRA voluntarily (however, if you want to register for our Service or order a paid product, we require some data as mandatory, i.e. if you do not provide the data to us, you will not be allowed to use the Rajče Service or order paid products). If, in some cases, you are required by a special law to provide personal data for processing, you will be informed of this fact separately.

Our services and children

In some cases, the Regulation or Act No. 110/2019 Coll. restrict the processing of data in connection with web services if they are to be used by children under the age of 15. At the same time, they provide for higher rights to delete data for those users who entered data into the Service when they were not yet 18 years old.

As part of the registration, we reserve the right to directly require the registrant to indicate whether he or she is over or under the age of 15 in order to verify that his or her parent or other legal guardian's consent is/is not required for his or her registration.

If you still register for our service as a person under the age of 18, please note that you have an increased right to request the deletion of all data processed about you entered before the age of 18. We will always try to comply with your deletion request. If you were under the age of 18 when registering for or entering the Service and you will subsequently require us to delete such data, please let us know that this is the case so that we can take your age into account sufficiently and properly.


Consent is only one of the reasons for processing, but the Regulation imposes special requirements on obtaining it. If you feel that your consent is being enforced on our part, please contact us and we will deal with the matter immediately.

Please note that if the legal reason for processing your personal data is your consent (typically granted by a choice in the service settings), you can withdraw such consent at any time free of charge either directly in the service interface or at the contacts listed below. The withdrawal of consent does not affect the lawfulness of processing based on the consent provided before its withdrawal.

Connection with social networks

You can link your Rajče account to the Facebook social network or to your Google account. In such a case, we will obtain your e-mail address, name and profile photo from these services and store them within your account.

Right to object

The right to object is your important right. It allows you to have the processing performed on the basis of our so-called legitimate interest when it justifies your specific situation — that is, when the processing itself is permissible, but there are specific reasons on your part why you do not want the processing to take place. However, the possibility to raise an objection does not apply to all cases of processing, e.g. it is not possible to use it when we process your data necessary for the performance of a contract or when their processing is required by law. The right to object is enshrined in Art. 21 of the Regulation.

You can object to the processing via the contact details below or preferably via e-mail: or In your e-mail, please indicate the specific situation that leads you to the conclusion that MAFRA should not process the data. Please note that even in the above cases, however, the parallel processing of personal data will sometimes take place for other purposes which will justify MAFRA's continued processing of such data.

In the case of data processing for direct marketing purposes (typically sending commercial communications), it is always possible to object without further ado, so in that case you do not have to state any reasons why you no longer wish to be sent such communications. In such cases, it is best to object by unsubscribing by clicking on the link that will normally be included for that purpose. You have the same right under Section 7 of Act No. 480/2004 Coll.

The special rules listed here apply to cookies.

Automated decision making and artificial intelligence

According to the Regulation, as a data subject you have the right not to be the subject of any decision based solely on automated processing, including profiling, which has legal effects for you or significantly affects you in a similar way (Art. 22). Although the Regulation provides for several exceptions for cases where such automated decision-making is possible, our company tries not to carry out such processing.

Our company does not intend to make any automated decision-making that would have legal effects for you or similarly significantly affect you to the extent of Art. 22 of the Regulation. If, for example, you are denied the opportunity to register for our service due to automatic checking, e.g. duplicate e-mail addresses, you can always contact the administrator of the relevant service or our company in general with a request for a final decision, which will always be based on assessment by the operator.

In order to improve the protection of our service against its misuse, we will introduce the automated control of uploaded content for its illegality. For this purpose, we use artificial intelligence which analyzes individual photographs and then our operators are alerted to potentially objectionable photographs. The operators will review such photos and, if necessary, delete or contact the person who stored them. However, the artificial intelligence we use does not serve to identify individuals by monitoring biometric data.

Commercial communications (newsletters)

We will also process data on current or past users of our services or on persons who have provided their consent for the purposes of the so-called direct marketing, which is typically sending e-mails or telephone contacts with offers of similar products or services you have subscribed to from us. The sending of offers is usually not limited in time, but if you express the wish that we no longer send you such offers, we will not send them to you. However, we will continue to process basic sending data for a reasonable period of time to be able to demonstrate why we have sent you such offers. We will not transfer your data to any third parties for the purpose of sending offers (except for the subcontractors/processors who will perform the processing for us).

In order to send the so-called commercial communications to you, we will process the following personal data: Your name, surname, your e-mail address and, if applicable, an overview of the e-mails we have sent you. In this context, we may, to a reasonable extent, use other data entered by you within our service in order to place you in a general group of people with similar preferences and in some cases to limit the commercial communications sent to you only to those that might be of interest to you. We will process such data for the purpose of sending commercial communications, i.e. for the purpose of the so-called direct marketing. This involves sending commercial communications from our company especially concerning the Rajče Service or other similar services from our company.

We will send you commercial communications at reasonable intervals, usually a few times a month. You will be able to refuse to be sent such communications at any time by clicking in each received communication.

In connection with sending e-mails, services sending e-mails also usually store information about whether the e-mail was opened, when it happened and how you responded to the e-mail, as well as information about your IP address and approximate geolocation or version of your system. This information is used to protect our rights or the rights of third parties and our IT security and direct marketing (so that we can modify the content of our e-mails to include more interesting information for you).

You will always be able to refuse to be sent commercial communications within each received message, or at the contacts listed below.

We will process data on the fact that we have sent you messages and on what basis, or a list of sent messages, for the purposes of our IT security, protection of our rights and the rights of third parties and documentation of the requirements set by personal protection legislation for a reasonable period of time after you have disagreed with being sent such messages.

Updating data

One of our obligations as a personal data controller is to process accurate data or, depending on the circumstances, to complete any incomplete data. If you provide us with information about a change in your data, you will help us to fulfill this obligation properly. Therefore, if there is a change in the data provided by you, we would like to ask you to send information about such a change or to make a change to the data in the service interface.

"Report inappropriate content" feature

The Rajče Service is a so-called information society service. This means that the person who stored photos is primarily responsible for the content of the stored photos. However, the Rajče Service allows inappropriate content to be reported using a simple form. In connection with sending the form, we store the data entered in the form, the IP address from which it was sent and the time of submission. If the report is made by a registered user, the information that he or she has used this functionality and how is als ostored. If you feel that any of the published photographs or other embedded content violates your rights or the rights of third parties, please use the above function to report such inappropriate content. We will review such reports immediately. Of course you can contact us in another way.

In justified cases (especially if the reason for the report is the misuse of a photograph), we may confront the user who has stored the photograph with the content of the report. We can also forward his or her reply to the complainant for comment. We can also use other data to resolve the incident, such as EXIF data of the relevant photograph and other similar photographs, which can help us determine whether the photographs were taken by the same user or not.

"Comment" function

The Rajče Service allows you to comment on individual photographs for both registered and unregistered users. Comments are displayed publicly on the Rajče website. Together with the comments (their text), the IP addresses from which they have been sent are stored; for unregistered users, the nickname used and the text and time of sending the comment are stored. If you have commented on a photograph as an unregistered user and want to delete it, please contact us.

Photo product creation function

The Rajče Service allows both registered and unregistered users to create various photo products.

To order photo products for which photographs are to be imported from the Rajče Service, the user must be logged in to his or her interface where the information on how the photographs have been used will be then stored for the entire duration of the account.

In case of a registered user, photo products in-process incl. the uploaded photographs are stored for a period of 6 months and the user has the option to delete them at any time (however, they can still be stored in the processor's system for a reasonable period of time to resolve complaints).

If an unregistered user imports photographs into the interface and does not place an order, such photographs are automatically deleted after 30 days and, during this time, access to them is ensured thanks to a cookie stored on the computer from which the photographs have been uploaded.

Cookies and third party services

We use so-called cookies to distinguish individual computers and individual settings of some services. These are small text files that our servers (as well as many other servers) store on individual computers using a web browser. Cookies can be thought of as the memory of a website which recognizes the user of the same computer the next time they visit the website. Cookies take up almost no space on your computer's disk and are usually a few kilobytes in size. Cookies are not used to obtain any sensitive personal data.

We use our own cookies on the Rajče website, or cookies of other operators are placed in your browser within the Service.

Rajče’s cookies are made up of the following cookies:

Cookie name Storage duration Cookie type Cookie purpose
PHPSESSID Until browser closes Session Session information 1 year Technical cookie photo detail information (EXIF)
rajceNetCode 1 year Technical cookie Visitor identifier
remember 1 year Technical cookie stored login token
rememberToken 1 year Technical cookie stored login token

Information about other cookies used by MAFRA and the general rules for the use of cookies can be found here.

The Rajče Service also enables the function of sharing content on social networks via third-party applications, i.e. via the "Like" button on Facebook and further sharing within the social network Twitter. These applications can independently collect and use information about your behaviour on the MAFRA website.

This processing is governed by the terms and conditions of these companies which can be found here:



The Rajče Service also allows you to activate measurements via Google Analytics. More details about this service can be found here. You can find the Google Analytics Privacy Policy here, and the Cookie Policy here.

If you do not want Google Analytics to work on your computer, you can use the opt-out add-on.

The Rajče Service also uses Hotjar cookies from time to time to improve the Service and better understand how our visitors use the Service. Details about cookies within this Service can be found here. You can find the option to refuse data processing within the Hotjar service here.

Risks and recommended practices

Every processing of personal data carries certain risks. These can be different with regard to the scope of processed data and the method of their processing. Here are some recommended practices to help you protect your data:

  • For photographs, always consider whether it is appropriate to publish them or whether they should remain locked only for users who know the code for them. If specific people

  • are recognizable in a photograph, it should be accessible to all only if it is permitted by law, i.e. especially in the case of a photograph of an artistic, news character or with the consent of the person shown. The place where the photograph was taken, whether at a public event or as part of an event with a limited number of participants, also plays a role. Take special care to protect children. Sometimes a simple rule can also help you — ask yourself whether you would like it to be accessible without restrictions if you or your loved ones were in the photograph being published. For photographs that are out of date, consider hiding or securing them with a code. Of course, only post photographs for which you are the author or have the author’s consent on our website. Although we try to randomly check the content submitted to our server to see if it contains infringing content, we may not always be able to recognize or intercept such content. We will appreciate if when you find such content, you notify us using the appropriate button or our contacts.

  • The Rajče Service is not intended to replace a secure storage of confidential documents; if you want to share confidential documents with a high level of security with someone, use one of the specialized services. The code protection of albums will help you make content inaccessible to third parties, but it also does not serve as a full-fledged replacement for specialized secure services. If you only hide the album (without code protection), keep in mind that if you provided someone with a link to the photographs in it, or those photographs were indexed by a search engine before you hid the album, the link will continue to work, or it cannot be completely ruled out that someone can randomly obtain the link. Alternatively, you may want to move such photographs to a new album which will be hidden from the beginning.

  • If you provide us with your data, always think about whether it is necessary to provide the data. In particular, you should carefully consider provision of the data that relates to your personal life and aspects that are unrelated to the purposes for which you provide it. If you feel that we require too much information from you, please contact us and we will check the adequacy of our request.

  • If you provide us with or publish personal data of third parties in our services, in forum posts (photographs of your family members or third parties, etc.), consider whether it is appropriate to publish them as accessible to all and whether it is appropriate to publish them at all. If necessary, seek the consent of such persons

  • If one of our colleagues asks you to provide data, do not be afraid to ask whether it is necessary and whether the goal of processing cannot be achieved without such data

  • Each individual must have their own access to the relevant service, access sharing is strictly prohibited

  • People under the age of 18 are particularly vulnerable. If you are under the age of 18, if you are in doubt as to whether you are able to make the right decision, discuss the matter with your parent (or other legal guardian) or contact us separately. For people under the age of 15, we can request the special consent of their parents or legal guardians

  • If you log in to our systems with a password, always use a strong, unique password that you will not use for other devices and accesses. Do not share or disclose your password to anyone, not even our employees. We will never ask you for your password, so pay particular attention to various e-mail prompts to provide your passwords, even if they are signed on behalf of MAFRA. These are probably forgeries in order to lure and subsequently misuse the password. If you protect your albums with a code, always use a code different from the passwords you use, as this code is less protected than access passwords to the service!

  • If you send us confidential data, try to use a secure method of communication, such as encrypting a file associated with encryption and passing the password through another communication channel

  • If you feel that our company does not fulfill all its obligations, that there has been an unauthorized data leak, or that someone is illegally pretending to be our co-worker, please let us know as soon as possible. Contacts for our company can be found here

  • We always try to keep this advice up to date. Therefore, we will make adjustments to these rules from time to time. We will inform you separately for more substantial modifications, but it might be worthwhile to read these rules again from time to time

  • Keep your data in the interface of our services up to date.

Advice about your rights under the GDPR

According to Regulation (EU) No. 2016/679 of the European Parliament and of the Council

At our company as the personal data controller, an individual has the right to:

a) Request access to personal data processed by the controller, which means the right to obtain confirmation from the controller whether or not the personal data concerning the individual are being processed and, if so, to have access to those personal data and other information referred to in Art. 15 of the Regulation,

b) Require the rectification of personal data which are processed about the individual if they are inaccurate. Taking into account the purposes of processing, in some cases he or she has the right to request to have incomplete personal data completed (Art. 16 of the Regulation),

c) Request the erasure of personal data in the cases provided for in Art. 17 of the Regulation.

d) Require the restriction of the processing of data in the cases provided for in Art. 18 of the Regulation,

e) Obtain personal data concerning the individual; and

(i) Which we process with his or her consent, or

(ii) Which we process for the performance of a contract to which such an individual is a party or for the implementation of measures taken before the entering into of the contract at his or her request

in a structured, commonly used and machine-readable format, having the right to pass such data to another controller under the terms and conditions and with the restrictions set out in Art. 20 of the Regulation and

f) He or she has the right to object to the processing to the extent of Art. 21 of the Regulation on grounds relating to his or her specific situation.

If we receive such a request, we will inform the requester of the measures taken without undue delay and in any case within one month of receipt of the request. This period may be extended by an additional two months if necessary and taking into account the complexity and number of applications. In certain cases stipulated by the Regulation, our company is not obliged to comply with the request in whole or in part. This will be the case, in particular, if the request is manifestly unjustified or inadequate, in particular because it is repeated. In such cases, we may (i) impose a reasonable fee taking into account the administrative costs associated with providing the requested information or communication or performing the required actions, or (ii) refusing to comply with the request.

If we receive the above request but have reasonable doubts about the requester's identity, we may ask him or her to provide the additional information necessary to confirm his or her identity.

We will keep information about the fact that the data subject has exercised his or her rights and how we have processed his or her request for a reasonable period of time (usually 3-4 years) in order to document this fact, for statistical purposes, to improve our services and to protect our rights.

In the event that the data subject believes that MAFRA processes his or her personal data unjustifiably or otherwise violates his or her rights, he or she has the right to lodge a complaint with the supervisory authority (i.e. the Office for Personal Data Protection) or has the right to seek judicial protection.

How can you contact us?

You can use the following contact details for any comments and questions regarding the protection of personal data and for contacts regarding the exercise of your legal rights:

MAFRA, a.s.
Karla Engliše 519/11, Praha 5, postal code 150 00
e-mail:, případně
Phone: 225061234 (please request to be put through to the company's legal department)
Data box ID: tu3cfw9

You can also contact our Privacy Officer directly:
Phone: 225063133