Privacy Policy
Your privacy is important to us. Here you will find information about how we process your personal data in accordance with the GDPR Regulation.
Last updated: January 1, 2025
GDPR
Full compliance
SSL/TLS
Encrypted connection
Your rights
Fully respected
Minimal data
Only essential data
Table of Contents
1. Data controller
The controller of personal data is the operator of this online store:
Company name
[Your company name]
Registered office
[Registered address], Czech Republic
Company ID
[Your Company ID]
GDPR email
[gdpr@yourdomain.cz]
The controller has not appointed a data protection officer as it is not required by law. You can contact us regarding all matters related to personal data protection at the email address listed above.
2. What data we process
We only process personal data that you provide to us or that we obtain in connection with your purchase or use of our services:
Identification data
- First and last name
- Billing and delivery address
- Company ID and Tax ID (for business customers)
Contact details
- Email address
- Phone number
Order data
- Order and purchase history
- Payment information (excluding card details)
- Customer support communication
Technical data
- IP address
- Browser and device information
- Cookies and similar technologies
3. Processing purposes
We process your personal data for the following purposes:
Fulfillment of purchase contract
Processing orders, delivering goods, handling complaints and returns.
User account management
Managing your account, displaying order history, saving preferences.
Customer support
Answering your questions, resolving issues, communication regarding orders.
Fulfillment of legal obligations
Bookkeeping, tax records, document archiving as required by law.
Marketing (with consent only)
Sending newsletters and information about news and promotions. You can withdraw this consent at any time.
4. Legal basis for processing
We process personal data based on the following legal grounds:
| Purpose | Legal basis |
|---|---|
| Fulfillment of purchase contract | Art. 6(1)(b) GDPR - contract performance |
| Bookkeeping | Art. 6(1)(c) GDPR - legal obligation |
| Customer support | Art. 6(1)(f) GDPR - legitimate interest |
| Marketing | Art. 6(1)(a) GDPR - consent |
5. Personal data recipients
We may share your personal data with the following categories of recipients who process them as processors or independent controllers:
Shipping companies
For delivering your orders (Zasilkovna, PPL, Czech Post, DPD, etc.)
Payment gateways
For processing online payments (Stripe, PayPal, etc.)
IT service providers
Hosting, email services, analytics tools
Accountants and tax advisors
For fulfilling legal obligations in the area of accounting
We do not transfer your personal data to third countries outside the European Economic Area unless it is necessary to provide the service and unless the given country ensures an adequate level of personal data protection.
6. Data retention period
We retain personal data only for the period necessary to fulfill the purpose of processing:
| Data type | Retention period |
|---|---|
| Order data | 10 years (tax and accounting regulations) |
| User account | Until account deletion + 3 years |
| Marketing consent | Until consent is withdrawn |
| Customer communication | 3 years from last contact |
| Cookies | Max. 12 months |
After the retention period expires, personal data are securely deleted or anonymized.
7. Your rights
In connection with the processing of personal data, you have the following rights:
Right of access
You have the right to obtain confirmation whether your personal data are being processed, and if so, to access them.
Right to rectification
You have the right to rectification of inaccurate personal data and to supplement incomplete personal data.
Right to erasure
You have the right to erasure of personal data if they are no longer needed for the purposes for which they were collected.
Right to restriction
You have the right to restriction of processing in certain cases prescribed by law.
Right to data portability
You have the right to obtain your personal data in a structured, commonly used format.
Right to object
You have the right to object to processing based on the controller's legitimate interest.
How to exercise your rights?
To exercise any of the above rights, contact us at the email listed in the "Data controller" section or through the contact form. We will respond to your request within 30 days.
You also have the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection (www.uoou.cz), if you believe that the processing of your personal data violates the GDPR.
9. Final provisions
This privacy policy takes effect on the date of its publication on the website. We reserve the right to update this policy at any time. We will inform you of significant changes via email or website notification.
By using our website and services, you confirm that you have read this privacy policy.
If you have any questions about the processing of your personal data, do not hesitate to contact us.
Have a question about your personal data?
We will be happy to answer any questions regarding the processing of your personal data or help you exercise your rights.
Contact us