The Company enables all of the Loyalty Program users to use various benefits offered by the Company through the Program upon registration and admittance. The Loyalty Rewards Program enables its members to accrue points and use them in the form of price discounts, take part in special promotions and use various other benefits. Users may become Program members by filling out and submitting printed applications available at all of the Company’s points of sale or by submitting online application forms available through the Company’s website at www.tommy.hr/program-vjernosti.
Members’ personal information shall be processed for the purposes of user registration and fulfilling contractual obligations, while some of the information (additional information and interests) shall be processed based on Members’ consent. The Company offers general and personalized promotions to Members tailored to their wishes and interests.
The Data Processor is the Tommy d.o.o. company with its seat at 93 Domovinskog rata, 21000 Split, Croatia.
The Data Protection Officer may be reached at firstname.lastname@example.org.
The Company’s Internet pages may be found at: www.tommy.hr/program-vjernosti.
The information is required for the following reasons:
Gender – to address people correctly in Croatian and to adjust promotional materials (for example: programs aimed at women alone);
Full name, date of birth, address – to identify users and additionally screen persons below legal age from signing up for the Loyalty program, as well as to deliver membership cards to a user’s mailing address.
The date of birth is additionally used to create user age groups for the purpose of additional discounts and promotions tailored to certain age groups (for example: special retirement discounts or discounts for students).
The email address and telephone number are used to facilitate contacts with the User in case of application forms not being fully completed, as well as to deliver codes, vouchers and notices, or deliver any other type of promotional material by sending emails or SMS (text) messages.
3.1. Each Member may edit their user profile independently to supply additional information. This information is supplied on a voluntary basis, and each Member may share any additional information with the Company of their own volition. Examples of such additional information are answers to the questions: do you shop online, what store type do you prefer between markets, hypermarkets and supermarkets; how often do you shop: daily, weekly, monthly etc. A second group of additional information pertains to a Member’s interests, for example: are they interested in our hobby gardening program, pet program and other such programs.
This information is used to gain insights into Members’ preferences and interests in order to improve our service and expand the range of products we carry, as well as to inform our loyal Users in a timely manner regarding possible price discounts and to tailor promotional materials to their declared interests. The basis for collecting this information is a Member’s consent; by supplying the information, the Member consents to having the information processed, and the information can also be deleted in the same way.
By analyzing the information supplied, we establish possible links between one or more of a Member’s personal details and interests as it relates/they relate to our products. We use mathematical methods to establish such links, in order to then tailor product offers and promotions to Member’s desires and interests.
We make no decisions during automated data processing which relate to you (as per Article 22 Item 1 of the GDPR), whereas your consent, should you supply additional information, shall be the basis for defining your field of interest as a potential recipient of customized, personalized promotional messaging. Fields of interest shall be based on card use information (purchase history, type of goods bought, frequency and money value of each purchase) as well as gender and age information. In order to gauge the efficacy of promotional messaging, we note which message was sent to you and which products you bought, as well as when and how often you buy them, and also your payment methods. Purchase location is another segmentation criterion. Based on all these factors we determine the types of future customized messaging we may send you. For example, the data described above may allow us to determine, based on your shopping habits, what times or what frequency is the most appropriate for tailored promotional messaging, and which product groups to use.
The Processor shall apply adequate technical and organizational measures to protect the personal information as well as the integrity of the processing itself. In addition to work environment safety measures, we apply communication channel encryption by using the SSL (Secure Socket Layer) protocol.
The Processor shall process personal information in collaboration with various Executors in the field of information technology, namely renowned Croatian companies with substantial experience in the area. These Executors have been carefully vetted and contractually bound to protect the integrity of the information in accordance with Article 28 of the GDPR.
Your data shall not be forwarded to external entities nor transported outside the European Economic Area. The sole exception to this may be in response to demands issued by the Croatian supervisory body (known as AZOP) or compliance with requests originating from judiciary agencies.
Personal information shall be stored and processed throughout the period of active Loyalty Program Membership. Incomplete printed application forms which do not contain a legible communication method are destroyed immediately in a secure manner. Incomplete printed application forms with additional amendments (related to basic info) received via electronic mail shall be stored for 4 (four) months from the day a permanent membership card was initially used. Completed printed application forms shall be stored for 4 (four) months from the day a permanent membership card was initially used.
Upon membership termination, a Member shall be marked as an Inactive User in the system. From the moment a Member is marked inactive, they shall no longer receive promotional materials, discount notices and similar. An Inactive User’s information is erased in a secure manner.
The Company’s Internet pages use a technology known as cookies in order to simplify the use of our pages and enable the use of certain functions.
All our applicants are granted full rights guaranteed by the GDPR. These rights are as follows:
Please note these Rights are not absolute. Depending on the context, legal basis to data processing or the lack thereof, exercising certain rights may be impossible. We undertake to inform you in an appropriate manner should such a situation arise. Members may at any time direct any queries they may have regarding their personal information to the Data Protection Officer at the email address email@example.com.
Applicants may exercise their rights in
the following ways:
Note: the identity of a person making such requests must be ascertained.
Additionally, applicants have the right to submit complaints to the Croatian regulatory body – the Personal Information Protection Agency (Croatian, “Agencija za zaštitu osobnih podataka” or AZOP): 130 Selska cesta, 10000 Zagreb, telephone +385 (0)1 4609 000, firstname.lastname@example.org.
The Tommy d.o.o. company cares for your needs and your personal information, and cares about your opinion. Please feel free to reach out to us any time at 93 Domovinskog rata, 21000 Split, Croatia, or at the Data Protection Officer’s email address at email@example.com.
In Split, November 2, 2021.
Fixed exchange rate1 € =7,53450 kn