Your experience on this site will be improved by allowing cookies.

DeguApp

Terms and Policies

1. Introductory Provisions

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter “GDPR”) and related legal regulations, we hereby provide information on the processing of your personal data, including the scope of your related rights.

2. Who is the controller of personal data?

The controller of your personal data is Mestilus s.r.o., Company ID No.: 172 11 191, VAT ID: CZ17211191, with its registered office at Na hutích 661/9, Bubeneč, 160 00 Prague 6 (hereinafter “we” or “Deguapp”). In the sale of tickets, Deguapp acts as an intermediary for the organizer of a specific event. In the sale of accompanying goods or services, Deguapp may act as an intermediary for the organizer of a specific event. In such a case, Deguapp and the organizer are independent data controllers, each responsible for personal data processing separately.

3. From what sources is personal data obtained?

Personal data is obtained directly from users, in particular when registering a user on www.deguapp.cz or www.deguapp.com (hereinafter the “Website”) and creating their user profile.

4. What personal data is collected?

  • email address,
  • position selected by the user during registration,
  • payment information only where relevant,
  • data provided when purchasing a ticket and accompanying goods or services, if the user fills in optional billing details,
  • places or events the user visits based on purchased tickets.

5. For what purposes is personal data used?

a. Registration, creation, and management of a user profile

Personal data is processed for the purposes of registration, creation, and management of a user profile (Article 6(1)(b) GDPR), in particular for:

  • purchasing tickets and accompanying goods or services,
  • overview of added items, in particular wineries, vineyards, wines, or tastings,
  • overview of completed purchases.
b. Sale of tickets and accompanying goods or services

Personal data is processed for the performance of a contract (Article 6(1)(b) GDPR), in particular for:

  • informing about changes to an event date or venue, event cancellation, and other event details and requirements,
  • ticket verification and allowing entry to the event,
  • handling complaints.
c. Based on user consent / profile preference settings

Based on user consent, or the user’s own profile preference settings (Article 6(1)(a) GDPR), personal data is processed in particular for:

  • personalized offers for events and related goods and services that may be of interest to the user,
  • connecting with other people with similar interests.
d. Marketing

Personal data is processed for marketing purposes based on Deguapp’s legitimate interest (Article 6(1)(f) GDPR), in particular for:

  • offering similar products and services related to an event (e.g. event tickets, accommodation, transportation, accompanying program),
  • analysis of purchasing behavior.
e. Assertion of claims and prevention of unlawful conduct

Personal data is also processed for the purposes of asserting and settling legal claims of the user or Deguapp, and for preventing and detecting unlawful conduct (e.g. resale of tickets for profit without business authorization), based on Deguapp’s legitimate interest (Article 6(1)(f) GDPR).

f. Compliance with legal obligations

Personal data is also processed to comply with legal obligations, in particular in the area of taxation and accounting (Article 6(1)(c) GDPR).

6. How is personal data processed when registering and creating a user profile on the Website?

Data may be stored about which events the user has saved and which other users they follow. This data is used to create personalized offers and events that may interest the user, and to connect the user with other users with similar interests.

This information may also be used for mutual sharing among users. For example, a user can see which events users they follow are attending. This gives the user inspiration for potential future events.

Within the profile, the user may set marketing communication preferences with Deguapp or the organizer, or use the profile as a social network, according to their own preferences. The user may connect with other people with similar interests or connect the profile with other social networks. Deguapp may use these settings to create personalized offers for events that may interest the user.

If the user links their profile with Facebook, Deguapp gains access to the user’s contact list and may suggest friends on the Deguapp profile.

If you connect your account with Google Calendar, events for which you purchased tickets will be automatically saved to your calendar.

By creating a profile, the user confirms that they are over 18 years of age. If Deguapp finds that this information is untrue, the profile will be canceled and the user’s personal data deleted.

7. Can I cancel my user profile?

A user profile can be canceled at any time and personal data processing within the profile will be terminated.

8. How long is personal data retained?

Personal data is retained for the period necessary to fulfill the purpose of processing. Specifically, personal data is retained for the duration of the event and subsequently for three (3) years after its end, for the purposes of asserting or settling potential legal claims of the user/customer or Deguapp.

If any legal claim is asserted during this three-year period, relevant personal data is retained until such claim is settled or for the period necessary to carry out related legal steps.

After three years, personal data may continue to be retained where required by law, in particular to comply with obligations under the Accounting Act (Act No. 563/1991 Coll.) or the Value Added Tax Act (Act No. 235/2004 Coll.), under which certain data must be retained for up to five (5) or ten (10) years.

Deguapp does not retain personal data longer than authorized; after the legal basis is lost, relevant personal data is deleted.

If the user grants consent to the processing of personal data (e.g. for receiving commercial communications from Deguapp or the organizer), the user’s personal data is processed until consent is withdrawn, but for no longer than 3 years from the date consent was granted.

9. To whom may Deguapp provide personal data?

User personal data may be provided, to the extent necessary for fulfilling the purpose of processing, to the following categories of recipients:

a. Event organizers

Personal data may be transferred to the organizer of a specific event for the purposes of performance of the ticket sale contract and for processing based on the organizer’s legitimate interest, or based on user consent for sending commercial communications.

b. Payment service providers

Personal data may be provided to payment service providers to the extent necessary for payment processing.

c. Digital marketing and advertising service providers

If consent is granted for marketing purposes, your data may be shared with:

  • Google Ireland Limited, ID: 368047, Gordon House, Barrow Street, Dublin 4, Ireland, in accordance with Google Privacy Policy;
  • Meta Platforms Ireland Limited, ID: 462932, Merrion Road, Dublin 4, D04 X2K5, Ireland, D04 X2K5, for personalized advertising on Facebook and Instagram in accordance with Meta Privacy Policy.
d. Contracted processors

User personal data may also be made available to contractual partners providing services to Deguapp, in particular in IT, accounting, tax and legal advisory, or customer support. All such entities act as personal data processors and are bound by a data processing agreement under Article 28 GDPR.

e. Public authorities and other entities authorized by law

User personal data may also be provided to public authorities or other entities authorized by law to request such data (e.g. courts, law enforcement authorities, administrative authorities).

10. Is providing personal data voluntary?

Providing user personal data is entirely voluntary and based on a contractual basis; if you refuse to provide the required personal data, it is not possible to create a user profile.

If the user grants consent to personal data processing (e.g. for receiving commercial communications from Deguapp or the organizer), such consent is granted voluntarily and may be withdrawn at any time.

11. What rights does the user have regarding personal data in connection with purchasing tickets and accompanying goods or services?

a. Right of access to personal data

The right to request a copy of your personal data that we process.

b. Right to rectification of personal data

The right to request updating, supplementation, or correction of personal data if the user believes it is inaccurate or incomplete.

c. Right to erasure of personal data

The right to request deletion of your personal data if it is no longer needed for the purpose for which it was processed.

d. Right to object to personal data processing

The user may object at any time to personal data processing based on legitimate interest. In such case, Deguapp will no longer process the user’s personal data unless it has a legal basis to do so and/or unless this would conflict with the purpose of processing.

e. Right to data portability

The right to so-called portability of personal data to another controller, where technically feasible.

f. Right to restriction of processing

The right to request restriction of processing if the user disputes the accuracy of their personal data, or if processing is unlawful but the user refuses deletion of such personal data.

The user also has this right if Deguapp no longer needs the personal data for processing purposes, but the user requests further processing (to a limited extent), for example to assert a claim in court for which the user needs personal data processed by Deguapp.

12. What are the deadlines for handling my requests?

Deguapp will respond to user requests regarding the exercise of user rights without undue delay, within 30 days of receipt of the request via the contact form in the Contacts section.

Deguapp will, without undue delay, inform recipients of personal data about a request for restriction of processing, correction, supplementation, or deletion of personal data. The only exceptions are cases where informing the recipient is impossible or would require disproportionate effort.

13. How does Deguapp ensure personal data protection?

Technical and organizational measures are implemented according to the nature, scope, context, and purposes of personal data processing, protecting user personal data against unauthorized access or transfer, loss or destruction, or other possible misuse.

In particular, the following measures are implemented:

  • Access to personal data is restricted through access rights management.
  • Encryption, firewall, antivirus and antimalware protection, regular backups, and secure backup storage are used.
  • Systems are subject to regular updates and monitoring for security incidents.
  • Employees and contractual partners processing personal data are bound by confidentiality obligations.
  • All activities related to personal data processing are subject to internal rules and control mechanisms.
  • Access to premises where personal data processing takes place is physically restricted and protected against unauthorized entry.
  • Availability of personal data and access to it in the event of a physical or technical incident is ensured through regular backups, allowing restoration of data to a specific point in time within a reasonable period.
  • Effectiveness of adopted measures is tested, evaluated, and, where necessary, updated so that they correspond to current technological and operational standards.

14. How can the user help protect their personal data?

Below are some recommended practices that may help the user protect their data:

  • If the user logs in to the Website, always use a unique strong password that is not used for other devices or access. The user must not disclose or make the password available to anyone, including Deguapp employees. Deguapp will never ask the user to disclose their password. Therefore, special care should be taken with various email requests for passwords, even if signed in Deguapp’s name. These are likely fraudulent attempts to obtain and misuse passwords.
  • If the user sends confidential data, it is important to use a secure communication method, e.g. password-protecting a file combined with encryption and providing the password via a different communication channel.
  • If the user believes that Deguapp is not fulfilling all obligations, that an unauthorized data leak has occurred, or that someone is falsely impersonating a Deguapp associate, this should be reported to Deguapp as soon as possible via the contact form in the Contacts section.

15. Does Deguapp transfer user personal data to countries outside the EU or to an international organization?

In connection with the use of third-party marketing and analytics tools (e.g. Google, Meta), user personal data may be transferred to third countries outside the European Union and the European Economic Area, in particular to the United States of America, where required by the conditions of such services.

Such transfer will always be based on a European Commission adequacy decision (EU-US Data Privacy Framework), or on standard contractual clauses adopted by the European Commission. In such cases, appropriate technical and organizational measures have been adopted to ensure the level of personal data protection required by European Union law.

16. Where can you file a complaint about personal data processing?

The user has the right to lodge a complaint if they believe that rules on personal data protection have been breached in processing their personal data, with the supervisory authority, which is the Office for Personal Data Protection at Pplk. Sochora 27, 170 00 Prague 7.

17. How can anyone contact Deguapp or the data protection officer?

If anyone relevant wishes to exercise any of the above rights or has any question regarding personal data, Deguapp can be contacted through the contact form in the Contacts section.

18. Policy Updates

Deguapp may amend or update this policy. If the user continues to use Deguapp services after amendments or updates to this policy, the user thereby expresses agreement with them.

In Prague, dated February 1, 2026