This information document is presented to you in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as "GDPR") and Act No. 110/2019 Coll., on the processing of personal data (hereinafter referred to as the "Personal Data Processing Act"), to inform you how we protect and process the personal data we collect.
The data controller is: Amorza s.r.o., with registered office at Bělehradská 858/23, Vinohrady, 120 00 Prague 2, ICO 21053189, registered at the Municipal Court in Prague under file no. C 396227 (hereinafter referred to as 'Controller').
The Controller attaches great importance to the security and legality of the processing of your personal data.
We process the following personal data about you as a user (hereinafter referred to as "data subjects") that you provide to us in connection with logging in and operating the internet dating site AMORZA.
Source of personal data:
Information that you provide to us;
Information collected automatically;
Information we obtain from third parties.
Personal data we obtain through your registration:
Name/nickname, age, gender, location, email address/phone number, photographs;
Personal characteristics (optional data);
Transaction data – your ID, IP address, registration date, date and time of access
Personal data we obtain during your Paid Membership:
First and last name, date of birth;
Bank account details or credit card details collected by a trusted external service provider.
Cookies:
Technical or functional cookies, statistical cookies, marketing cookies.
The purpose of processing personal data is:
negotiating a contractual relationship, its conclusion, and fulfilling the contract;
fulfilling general legal obligations in accordance with the relevant accounting laws or value-added tax laws;
providing the services you request and the customer service you expect;
maintaining a record of users and user accounts;
ensuring communication with you and answering your questions;
conducting marketing campaigns and promotions;
maintaining and protecting the security of our products and services and our websites to prevent and detect security risks, fraudulent practices, or other criminal activities or activities conducted with the intent to cause harm;
analyzing website traffic (analytical cookies);
protecting our rights and legitimate interests, e.g., enforcing our claims against you and/or protecting and enforcing our claims.
We process personal data using appropriate technical and organizational measures to ensure their protection. We have adopted suitable technical and organizational measures, taking into account the state of technology, costs of implementation, nature, scope, context, and purposes of processing, as well as the varying probabilities and severities of risks to the rights and freedoms of natural persons, to ensure a level of security corresponding to the identified risks.
The Administrator's security measures (security requirements for ensuring the protection of personal data) include: physical security, personnel security, system security, communication security, and administrative security.
Providing detailed information about technical and organizational measures may undermine their effectiveness and proper protection.
The Administrator uses, for example, the following technical measures to ensure the protection of personal data:
Securing the data file against unauthorized access.
SSL certificate on the dating site's pages.
Encryption of data used to authorize the person using the application’s features.
Access to the account only after entering an individual username and password.
Regular data backups, data recovery procedures, and mechanisms for accountability for breaches of protected data, software, and hardware protection.
Personal data is processed also with the potential use of support and information systems of third parties under the conditions set by the law on personal data processing and legal order in general. Relationships with third parties arising in this manner are always contractually regulated to prevent violations of the principles of personal data handling (art. 28 GDPR). An overview of specific personal data processors is available from the Administrator.
Sufficient level of security.
We strive to ensure that all administrators with whom we share any personal data provide adequate security for the processed personal data.
Your personal data within the AMORZA dating app will be processed until you deactivate your account and then only as long as necessary to fulfill our contractual and legal obligations or as long as applicable laws allow us to retain them for specific purposes, e.g., for defense in case of legal claims. After that, all your data will be deleted.
In the case of marketing activities – until you raise an objection, unless the law requires us to process this data longer. If we process personal data based on your consent, we do so only for as long as that consent lasts, unless we have another legal reason thereafter.
Verification process – users go through identity verification technology (AI facial recognition scan) during registration. This ensures:
that they are a real person. (biometric liveness detection);
confirmation of the match between the user and the uploaded photographs (face recognition).
User profile creation – is carried out with the help of a chat assistant built on language models (OpenAI, Google Gemini, Anthropic Claude, LLAMA). This assistant gathers information from the user through chat, such as interests, life values, goals, personality, partner preferences, etc. This information is further utilized by an algorithm for Smart Matchmaking, and personalized profiles for each match (for each user) are created based on it.
AI coach Lada – a personal AI assistant for the user, which facilitates the dating process (from profile creation to communication with counterparts).
The rights of data subjects are established mainly by Chapter III of the GDPR. Every Data Subject has the right to request the following under the GDPR:
access to personal data (Art. 15 GDPR) - the data subject has the right to obtain confirmation from the Controller as to whether personal data concerning them is being processed or not, and if so, has the right to access such personal data and to information about the processing of their personal data.
rectification/updating of data (Art. 16 GDPR) - the data subject has the right to have the Controller rectify inaccurate personal data concerning them without undue delay. Considering the purposes of the processing, the data subject has the right to complete incomplete personal data, including by providing a supplementary statement.
erasure of data (if the conditions of Art. 17 GDPR are met) - the data subject has the right to request the Controller to erase personal data concerning them without undue delay, and the Controller has the obligation to erase personal data without undue delay if one of the following grounds applies:
the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
the data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;
the data subject objects to the processing under Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing under Art. 21 para. 2 GDPR;
the personal data have been processed unlawfully;
the personal data must be erased to comply with a legal obligation under Union or Member State law to which the controller is subject;
the personal data were collected in connection with the offering of information society services under Art. 8 para. 1. GDPR
restriction of processing (if the conditions of Art. 18 GDPR are met) - the data subject has the right to obtain from the Controller restriction of processing in any of the following cases:
the data subject contests the accuracy of the personal data for a period enabling the Controller to verify the accuracy of the personal data;
the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use;
the Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise, or defense of legal claims;
the data subject has objected to the processing under Art. 21 para. 1, pending the verification whether the legitimate grounds of the Controller override those of the data subject.
data portability (if the conditions of Art. 20 GDPR are met) - the data subject has the right to receive the personal data concerning them, which they have provided to the Controller, in a structured, commonly used, and machine-readable format, and to transmit those data to another Controller without hindrance from the Controller to whom the personal data have been provided, in the event that:
the processing is based on consent under Art. 6 para. 1 letter a) or Art. 9 para. 2 letter a) or on a contract under Art. 6 para. 1 letter b);
the processing is carried out by automated means.
objection to processing (if the conditions of Art. 21 GDPR are met) - the data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them, including profiling based on those provisions. The Controller shall no longer process personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
the right to lodge a complaint with a supervisory authority, which is the Office for Personal Data Protection (ÚOOÚ): Pplk. Sochora 27, Prague 7, Postal Code 170 00 (www.uoou.cz) with their complaint.
You can submit your request in person (by prior arrangement) or in writing to the Controller's address mentioned above, or by email at support@amorza.com
The data subject submitting the request must include their identification (name, surname, date of birth, place of permanent residence, or correspondence address), the right being exercised, and a description of what they are seeking, in the request. The Controller must be able to identify the applicant and verify their identity (by presenting a valid identity document in the case of a request submitted in person, an officially certified signature for a paper request, a recognized electronic signature for an electronic request, or submission via a data inbox).
The requested information will be provided without undue delay, at the latest within one month. If the request cannot be handled within this period, the data subject will be informed of the extension, which shall not exceed two months.
Consent to the processing of personal data is voluntary and you can revoke it at any time, either in writing to the address of the company's registered office mentioned above, or by email at support@amorza.com (the subject of the email must include the text "Revocation of Consent").
The data controller has not appointed a data protection officer (hereinafter referred to as the “Data Protection Officer”), but has designated a person responsible for the relevant issues. You can contact this responsible person regarding any matters related to the processing of your personal data and the exercise of your rights. You can contact the responsible person by email at support@amorza.com or in writing at the registered office of the Data Controller; in such a case, please write "For the attention of GDPR" on the envelope.
In addition to the purposes, methods, and extent described in this Document, we will not further process or disclose your personal data to third parties unless required by our legal obligations.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council.
Personal data – any information about an identifiable person, directly or indirectly.
Controller – determines the purposes, means, and methods of processing personal data.
Data subject – the data subject is a natural person to whom personal data refers. The data subject is not a legal entity.
Processing of personal data – any operation or set of operations performed on personal data or sets of personal data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure, or destruction.
Processor – the processor is the entity hired by the controller to carry out processing operations on personal data. In other words, the processor processes personal data on behalf of the controller.
Artificial intelligence (AI) - AI is a technology that simulates human thinking, capable of learning, decision-making, and language processing.
Third party – a natural or legal person, public authority, agency, or entity other than the data subject, controller, processor, and individuals who are authorized to process personal data under the direct authority of the controller or processor.
© Amorza s.r.o. 2025