top of page

Privacy Policy

I. Basic Provisions

  1. The personal data controller under Article 4, Paragraph 7 of the European Parliament and Council Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data ("GDPR") is Petra Sobková, ID: 707 57 542, registered office: Na Jarově 1960/13, Prague 3 - Žižkov, 130 00 (hereinafter referred to as the "Controller").

  2. Controller’s contact details:

    • Name: Petra Sobková

    • Address: V lipkách 1021/35, Prague 5 - Slivenec, 154 00

    • Email: [provide email]

    • Phone: +420 777 910 057

  3. Personal data refers to any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or other specific elements of their physical, physiological, genetic, mental, economic, cultural, or social identity.

  4. The Controller has/has not appointed a Data Protection Officer. Contact details of the Data Protection Officer: [provide details if applicable].

II. Sources and Categories of Processed Personal Data

  1. The Controller processes personal data provided by the Buyer or obtained in connection with order fulfillment.

  2. The Controller processes the Buyer’s identification and contact details and data necessary for contract performance.

III. Legal Basis and Purpose of Personal Data Processing

  1. The legal basis for processing personal data is:

    • The fulfillment of the contract between the Buyer and the Controller pursuant to Article 6(1)(b) GDPR,

    • The Controller’s legitimate interest in direct marketing (including sending commercial communications and newsletters) pursuant to Article 6(1)(f) GDPR,

    • The Buyer's consent for direct marketing (including sending commercial communications and newsletters) pursuant to Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services, in cases where no purchase was made.

  2. The purpose of processing personal data is:

    • The processing of the Buyer's order and the exercise of rights and obligations arising from the contractual relationship; providing personal data is necessary for contract fulfillment,

    • Sending commercial communications and engaging in other marketing activities.

  3. The Controller does/does not use automated individual decision-making per Article 22 GDPR. Explicit consent has been provided for such processing.

IV. Data Retention Period

  1. The Controller stores personal data:

    • For the period necessary to fulfill rights and obligations under the contract and to enforce claims arising from the contract (15 years after contract termination),

    • Until consent for processing for marketing purposes is withdrawn, but no longer than 15 years when data is processed based on consent.

  2. Upon expiration of the retention period, personal data will be deleted.

V. Recipients of Personal Data (Subcontractors of the Controller)

  1. Recipients of personal data include:

    • Entities involved in the delivery of goods/services and payment processing,

    • Providers of e-commerce platform services and other operational services related to the Online Store,

    • Marketing service providers.

  2. The Controller does/does not intend to transfer personal data to a third country (outside the EU) or an international organization. Recipients in third countries include providers of email or cloud services.

VI. Buyer’s Rights

  1. Under GDPR, the Buyer has the right to:

    • Access their personal data (Article 15 GDPR),

    • Correct personal data (Article 16 GDPR) or restrict processing (Article 18 GDPR),

    • Delete personal data (Article 17 GDPR),

    • Object to processing (Article 21 GDPR),

    • Data portability (Article 20 GDPR),

    • Withdraw consent to processing in writing or electronically to the address or email specified in Section III.

  2. The Buyer may also file a complaint with the Data Protection Authority if they believe their personal data protection rights have been violated.

VII. Security Measures

  1. The Controller declares that they have implemented appropriate technical and organizational measures to ensure the security of personal data.

  2. The Controller has adopted technical measures to secure data storage and physical records.

  3. The Controller ensures that only authorized personnel have access to personal data.

VIII. Final Provisions

  1. By submitting an order via the Online Store’s order form, the Buyer confirms awareness of the personal data protection policy and fully accepts its terms.

  2. The Buyer agrees to the terms of this policy by checking the appropriate box in the online form. By checking the box, the Buyer confirms familiarity with and acceptance of the terms of personal data protection.

  3. The Controller reserves the right to amend this policy. The new version will be published on the website and sent to the Buyer’s email address.

These terms take effect on December 20, 2024.

bottom of page