Privacy Policy (GDPR)


1. Introductory Provisions

1.1 The Data Controller referred to in Article 4 (7) of Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC Protection of Personal Data) (hereinafter: " GDPR ") is: Mgr. Jana Vejrikova, Business ID 69959641, with registered office at Obeti nacismu 1, 350 02 Cheb, Czech Republic, registered at the office responsible pursuant to Section 71 (2) of the Trade Licensing Act: City Authority of Cheb No. 0021/2011/CH (hereinafter referred to as the "Data Controller").

1.2 The contact details of the Data Controller are

Address: Jana Vejrikova –, Obeti nacismu 1, 350 02 Cheb


Telephone: +420 608 129 774

1.3 Personal data means all information about an identified or identifiable natural person (hereinafter referred to as the "Data Subject" ); an identifiable natural person is a natural person that can be identified directly or indirectly, in particular by reference to a particular identifier such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, psychological or economic identity of this individual.

1.4 The Data Controller did not appoint a Data Protection Officer.

2. Categories and Sources of Processed Personal Data

2.1 The Data Controller processes personal data provided by the Data Subject or personal data received by the Data Controller during the order and its processing.

2.2 The Data Controller handles the identification and contact information of the Data Subject and the data necessary for the performance of the Purchase Agreement, including: organization name and/or name and surname, address and/or residence, email address, telephone number (optional), and Business ID if applicable.

2.3 The Data Controller uses cookies within the website

3. Legitimate Reason and Purpose of Processing Personal Data

3.1 The legal reason for the processing of personal data is:

  • in the case of personal data of the Data Subject – the performance of the purchase agreement
    between the Data Subject and the Data Controller under Article 6 (1) b) GDPR.

  • in the case of cookies – the legitimate reason / legitimate interest permitted by Article 6 (1) (f) of
    the GDPR.

3.2 The purpose of processing personal data is

  • in the case of a personal data of the Data Subject – a successful execution of the order and the exercise of the rights and obligations arising from the contractual relationship between the Data Subject and the Data Controller; these data are necessary for the conclusion and performance of the contract, without which the contract cannot be concluded or performed by the Data Controller.

  • in the case of cookies – to ensure the necessary operation and functionality of the website, as well as to measure traffic and to create statistics on traffic. Cookies are anonymous and are considered a data set that does not enable to identify individuals. The website of the Data Controller may also be used in a mode that does not allow cookies to be collected (e.g. by using an anonymous browser window or by refusing to collect selected cookies in browser settings; each browser provides information concerning this matter). If cookies are disabled in the browser, the website may not
    function properly.

3.3 Collected cookies are processed solely by the Data Collector.

3.4 No automatic individual decision making within the meaning of Article 22 of GDPR is made by the Data Controller.

4. Retention Period

4.1 The Data Controller holds personal data for the time necessary to exercise the rights and obligations arising from the contractual relationship between the Data Subject and the Data Controller and from the enforcement of the claims under these contractual relationships, and to meet the requirements imposed by applicable laws, i.e. for the period starting from concluding the agreement to the last obligation to submit regular tax return, unless the tax authority extends this period (up to 10 years), or unless there occurs another factor that would require an extension of the deadline (e.g. litigation). Such processing of personal data is allowed on the basis of Article 6 (1) c) af) GDPR - processing of personal data is necessary to exercise the legal obligation and for the purposes of the legitimate interests of the Data Controller.

4.2 After the retention period, the data Controller shall delete the personal data.

5. Personal Data Processors (subcontractors of the Data Controller)

5.1 Personal Data Processors who process personal data for the Data Controller are:

  • Data Processors involved in the delivery of goods:

Czech Post, s.p., with registered office at Politickych veznu 909/4, 225 99 Praha 1, Czech Republic

Zasilkovna/Packeta s.r.o. (Ltd.), with registered office at Drahobejlova 1019/27, 190 00 Praha 9, Czech Republic, and its subcontractors, such as DPD, InTime, etc.)

  • Data Processors involved in the execution of payments under the contract: GoPay s.r.o., with registered office at Plana 67, 370 01 Plana, Czech Republic

  • Data Processors providing services related to the operation of the website (a webhosting company): Wedos Internet, a.s.

  • Data Processors providing services related to processing of customer

  • We review your satisfaction with the purchase through e-mail questionnaires as part of the Verified by Customers program, in which our e-store is involved. We send these questionnaires to you every time you make a purchase from us, unless you - in the sense of § 7 paragraph 3 of Act No. 480/2004 Coll. on certain Information Society Services - disallow this upon placing your order. We process personal data for the purpose of sending questionnaires as part of the Verified by Customers program on the basis of our legitimate interest, which consists in ascertaining your satisfaction with your purchase from us. For sending questionnaires, evaluating your feedback and analyzing our market position, we use a processor that is the operator of the portal; for these purposes, we may pass on information about the purchased goods and your e-mail address. When sending e-mail questionnaires, your personal data is not passed on to any third party for its own purposes. You can object to the sending of e-mail questionnaires as part of the Verified by Customers program at any time by opting out of further questionnaires using the link in the e-mail with questionnaire you receive. In case of your objection, we will not send you the questionnaire any further.

5.2 Personal data will not be transferred to a third country (to a non-EU country) or an international

6. Data Subject's Rights

6.1 Based on the conditions set out in the GDPR, the Data Subject shall has

  • the right of access to their personal data under Article 15 of the GDPR,

  • the right to repair personal data under Article 16 of the GDPR, or the restriction of processing under Article 18 GDPR,

  • the right to delete personal data under Article 17 of the GDPR, unless this is inconsistent with the applicable law or legitimate interests of the Data Controller,

  • the right to object to processing under Article 21 GDPR, and

  • the right to data portability pursuant to Article 20 GDPR.

6.2 Furthermore, the Data Subject has the right to file a complaint with the Personal Data Protection Office if he/she considers that his/her right to the protection of personal data has been violated.

7. Privacy Policy

7.1 The Data Controller declares that he/she has taken all appropriate technical and organisational measures to secure personal data.

7.2 The Data Controller has taken technical measures to secure the data repositories and personal data repositories in paper form.

7.3 The Data Controller declares that personal data are accessible only to persons authorised by him/her.

8. Final Provisions

8.1 By submitting an order using an online order form at, the Data Subject confirms that he/she is fully aware of the terms of protection of personal data.

8.2 The Data Controller is entitled to change these terms. The new version of the Privacy Policy will be
published at the website

This Privacy Policy comes into effect on November 01, 2020.