Privacy Policy – Reserve System Admin

Application: Reserve System Admin
Version: 1.1.0
Last Updated: November 20, 2025

1. Introduction

Reserve System Admin is a mobile application designed for ticket verification and event reservation management. This application processes personal data in compliance with the General Data Protection Regulation (GDPR).

2. Data Controller

The data controller is the operator of the reservation system, accessible through the WordPress REST API.

3. What Data We Collect

3.1 Login Credentials

  • Email address
  • Password (hashed)
  • Authentication token

3.2 Reservation Data

  • First name (FORENAME)
  • Last name (SURNAME)
  • Ticket name (NAME)
  • Unique order identifier (UNIQUE_ID)
  • Payment date (PAID_DATE)
  • Total price (TOTAL_PRICE)
  • Ticket check status (CHECKED)
  • Ticket quantity (COUNT)
  • Discount information (IS_DISCOUNTED)
  • Seat reservation (SEAT_RESERVATION)
  • Additional identifiers (ADDITIONAL_ID)
  • Descriptive information (DESC_SINGLE, DESC_MULTI)

3.3 Event Data

  • Event name (NAME)
  • Event description (DESCRIPTION)
  • Event date (ACTION_DATE)
  • Event location (PLACE)
  • QR message (QR_MESSAGE)

3.4 Technical Data

  • Server address (web URL)
  • Selected event (selectedCompetition)

4. How We Collect Data

4.1 Direct Input

We collect data through:

  • Login form (email, password, server address)
  • QR code login

4.2 API Communication

The application communicates with WordPress REST API at https://{server}/wp-json/reserveSystem/v1 and retrieves:

  • List of events
  • Orders and reservations
  • Ticket verification results

4.3 QR Code Scanning

The application uses the device camera to scan ticket QR codes.

5. Purpose of Data Processing

We process personal data for the following purposes:

  • User Authentication – verifying the identity of system administrators
  • Reservation Management – displaying order lists for selected events
  • Ticket Verification – validating ticket authenticity and uniqueness at event entry
  • Ticket Status Tracking – marking already used tickets
  • Order Search – quick search for reservations by name

6. Where We Store Data

6.1 Local Storage (AsyncStorage)

We store on the device:

  • UserSettings – authentication token and server address
  • SelectedCompetition – selected event ID

This data is stored locally on the device and does not leave the device, except when used for API requests.

6.2 Application Memory

We temporarily hold in application memory:

  • Order list for the selected event
  • List of available events

6.3 Server Storage

All reservation data is stored on the WordPress REST API server operated by the system administrator.

7. Sharing Data with Third Parties

The application does not share personal data with any third parties. All communication occurs only between the application and the system administrator’s server.

7.1 Application Permissions

The application requires the following permissions:

  • Camera – for scanning ticket QR codes
  • Internet Access – for communication with the API server

8. Data Security

8.1 Data Transmission

  • All communication occurs over HTTPS protocol
  • Authentication token is sent in the X-USER header
  • Event ID is sent in the C-NAME header

8.2 Local Storage

  • Data in AsyncStorage is protected by the operating system’s security mechanisms (Android/iOS)
  • Password is never stored locally, only the authentication token

8.3 Timeout and Session Termination

  • The application uses AbortController for safe cancellation of network requests
  • Users can log out at any time, which deletes all locally stored data

9. Data Retention Period

9.1 Local Data

  • Authentication token and settings are retained until manual logout by the user
  • Upon logout, all local data is immediately deleted

9.2 Server Data

Data retention period on the server is governed by the WordPress system administrator’s policies.

10. Your Rights

As a data subject, you have the right to:

10.1 Access to Data

You have the right to obtain information about what personal data we process about you.

10.2 Data Correction

You have the right to request correction of inaccurate or incomplete personal data.

10.3 Data Erasure

You have the right to request deletion of your personal data („right to be forgotten“).

10.4 Restriction of Processing

You have the right to request restriction of processing of your personal data.

10.5 Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

10.6 Logout

You can log out of the application at any time, which will delete all locally stored data.

11. Cookies and Tracking

The application does not use cookies or any tracking mechanisms. It does not collect analytics data about application usage.

12. Changes to Privacy Policy

This policy may be updated periodically. You will be informed of significant changes through application updates.

13. Contact

For questions regarding personal data processing or exercising your rights, contact the reservation system administrator via email or the contact form provided on the operator’s website.

14. Supervisory Authority

If you suspect a violation of personal data protection, you have the right to file a complaint with the supervisory authority:

Office for Personal Data Protection (ÚOOÚ)
Pplk. Sochora 27
170 00 Prague 7
Czech Republic

Email: posta@uoou.cz
Web: https://www.uoou.cz

Last Updated: November 20, 2025