You cannot fill out this field
Home / Podmínky ochrany osobních údajů

Podmínky ochrany osobních údajů

I. Basic Provisions

1. The controller of personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation, hereinafter referred to as “GDPR”, is Cukrář Skála s.r.o., Company ID: 06473181, VAT ID: CZ06473181, with its registered office at Říční 539/2, Malá Strana, 118 00 Prague 1, Czech Republic, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File 282761, hereinafter referred to as the “controller”.

2. Contact details of the controller are:

Address: Říční 539/2, Malá Strana, 118 00 Prague 1, Czech Republic
E-mail: info@cukrarskala.cz
Phone: +420 739 267 079
Website: www.cukrarskala.cz

3. Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to a specific identifier, such as a name, identification number, location data, online identifier or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

4. The controller has not appointed a data protection officer. Questions regarding the processing of personal data may be sent to info@cukrarskala.cz.

II. Sources and Categories of Personal Data Processed

1. The controller processes personal data provided by the customer, especially when placing an order, registering a customer account, communicating with the controller, subscribing to commercial communications, making a complaint, withdrawing from a contract or using the online store.

2. The controller also processes personal data obtained in connection with fulfilling an order, delivering goods, processing payment, handling a complaint, maintaining a customer account, communicating with the customer or the technical operation of the online store.

3. The controller processes in particular the following categories of personal data:

  • first name and surname,
  • billing address,
  • delivery address,
  • e-mail address,
  • phone number,
  • business identification details if the customer purchases as an entrepreneur, especially company ID, VAT ID and business name,
  • data on orders, purchased goods, payments, delivery, personal pickup and order history,
  • data necessary for handling a complaint, withdrawal from a contract or another customer request,
  • data contained in mutual communication between the customer and the controller,
  • data necessary for maintaining a customer account, if a customer account is created,
  • technical data related to visits to the online store, especially IP address, information about the device, browser, operating system, cookies and similar online identifiers, if used during a website visit.

4. The controller does not process special categories of personal data within the meaning of Article 9 GDPR unless the customer provides such data on their own initiative. The customer should not provide the controller with data concerning health, allergies or other sensitive circumstances unless this is necessary for handling their specific request.

5. If the customer provides the controller with information about a food allergy or intolerance, the controller processes such information only to the extent necessary for handling a specific order, inquiry or customer request.

III. Legal Basis and Purpose of Personal Data Processing

1. The controller processes personal data mainly for the following purposes:

  • processing an order and fulfilling a purchase contract,
  • delivering goods, enabling personal pickup or another agreed form of handover of goods,
  • processing payment, issuing accounting and tax documents,
  • maintaining a customer account, if a customer account is created,
  • communicating with the customer regarding an order, goods, payment, delivery, personal pickup or another request,
  • handling a complaint, withdrawal from a contract, claim or another exercise of customer rights,
  • fulfilling the controller’s legal obligations, especially in the areas of accounting, tax and consumer protection,
  • protecting the controller’s legal claims, especially in the event of a dispute, inspection or debt recovery,
  • sending commercial communications to customers if the legal conditions are met,
  • sending newsletters or other marketing communications based on consent, if consent is required,
  • measuring website traffic, analytics, content personalization and marketing, if the user has given consent through the cookie banner or another appropriate tool,
  • ensuring the security of the online store and preventing misuse of the website or customer account.

2. The legal basis for processing personal data is:

  • performance of a contract pursuant to Article 6(1)(b) GDPR, especially when processing an order, delivering goods, processing payment, maintaining a customer account and communicating in relation to a contract,
  • compliance with a legal obligation pursuant to Article 6(1)(c) GDPR, especially when keeping accounts, issuing and retaining tax documents and fulfilling obligations under legal regulations,
  • legitimate interest of the controller pursuant to Article 6(1)(f) GDPR, especially when protecting the controller’s legal claims, maintaining basic internal records, ensuring the security of the online store and sending commercial communications to existing customers under the conditions set by legal regulations,
  • consent of the data subject pursuant to Article 6(1)(a) GDPR, especially when sending newsletters to persons who are not customers and when using analytical, marketing or personalization cookies, if consent is required.

3. Providing personal data necessary for processing an order is a contractual requirement. Without such data, the order cannot be created, confirmed or properly fulfilled.

4. The controller does not carry out automated individual decision-making within the meaning of Article 22 GDPR.

IV. Retention Period of Personal Data

1. The controller retains personal data only for the period necessary to fulfill the purpose for which it was processed, or for the period required by legal regulations.

2. Personal data processed for the purpose of contract performance is retained by the controller for the duration of the contractual relationship and subsequently for the period necessary to protect the controller’s legal claims.

3. Personal data contained in accounting and tax documents is retained by the controller for the period required by the relevant legal regulations.

4. Personal data processed for the purpose of handling a complaint, withdrawal from a contract, claim or another exercise of customer rights is retained by the controller for the period necessary to handle the given request and subsequently for the period necessary to protect legal claims.

5. Personal data processed for maintaining a customer account is retained by the controller for the duration of the customer account. The customer may request cancellation of the customer account unless this is prevented by the controller’s legal obligations or the controller’s legitimate interest in protecting legal claims.

6. Personal data processed on the basis of consent is retained by the controller until consent is withdrawn, but no longer than the period stated when consent was given or in the settings of the relevant service.

7. Personal data processed for sending commercial communications is retained by the controller for the duration of the controller’s legitimate interest or until the customer refuses to receive commercial communications.

8. After the relevant retention period expires, the controller deletes, anonymizes or otherwise securely disposes of the personal data.

V. Recipients of Personal Data

1. Personal data may be made available to persons involved in the operation of the online store, processing orders and fulfilling the controller’s legal or contractual obligations.

2. Recipients of personal data may include in particular:

  • the operator of the Shoptet e-commerce solution,
  • providers of web hosting, server and cloud services,
  • providers of IT services, technical support and website administration,
  • providers of payment gateways and payment services,
  • banks and other payment institutions,
  • carriers, courier services, operators of pickup points and parcel lockers,
  • providers of accounting, tax and legal services,
  • providers of e-mailing, analytical and marketing tools, if used,
  • public authorities, if required by legal regulations.

3. The controller transfers personal data to processors only to the extent necessary to fulfill the given purpose and on the basis of appropriate contractual or legal safeguards.

4. The controller does not intend to transfer personal data to a third country outside the European Union or the European Economic Area or to an international organization unless this is necessary for the use of a specific service or tool. If such transfer takes place, the controller will proceed in accordance with GDPR and ensure appropriate legal safeguards.

VI. Commercial Communications and Newsletter

1. The controller may send commercial communications to a customer’s e-mail address if the controller obtained that e-mail address in connection with the sale of goods or services, the commercial communication concerns the controller’s own similar goods or services, and the customer has not refused to receive commercial communications.

2. The controller sends newsletters or other commercial communications to persons who are not customers only on the basis of prior consent.

3. Consent to receive commercial communications must be freely given, specific, informed and unambiguous. The controller is entitled to retain information on when, how and for what purpose consent was given.

4. Receiving commercial communications may be refused at any time through the unsubscribe link included in each commercial communication or by sending a request to info@cukrarskala.cz.

5. Refusal to receive commercial communications does not affect the lawfulness of processing carried out before such refusal.

VII. Cookies and Similar Technologies

1. The online store uses cookies and similar technologies. Cookies are small data files that may be stored on the user’s device when visiting websites.

2. Technical cookies necessary for the operation of the online store may be used without the user’s consent. Without these cookies, some parts of the online store may not function properly.

3. Analytical, marketing and personalization cookies are used only on the basis of the user’s consent, unless legal regulations allow their use without consent.

4. The user may give, refuse, change or withdraw consent to the use of cookies at any time through the cookie banner or cookie settings available on the website.

5. Information about the specific cookies used, their purpose, storage period and any third parties is provided in the cookie settings or in a separate cookie policy, if published on the website.

6. Browser settings alone are not considered sufficient consent to the use of analytical, marketing or personalization cookies if the controller is unable to prove such consent.

VIII. Rights of the Data Subject

1. Under the conditions set by GDPR, the data subject has the following rights:

  • the right of access to their personal data pursuant to Article 15 GDPR,
  • the right to rectification of inaccurate or incomplete personal data pursuant to Article 16 GDPR,
  • the right to erasure of personal data pursuant to Article 17 GDPR,
  • the right to restriction of processing pursuant to Article 18 GDPR,
  • the right to data portability pursuant to Article 20 GDPR,
  • the right to object to processing pursuant to Article 21 GDPR,
  • the right not to be subject to automated individual decision-making pursuant to Article 22 GDPR,
  • the right to withdraw consent if processing is based on consent,
  • the right to lodge a complaint with the Office for Personal Data Protection.

2. The data subject may exercise their rights by e-mail at info@cukrarskala.cz or in writing to the controller’s address.

3. The controller may request reasonable verification of the data subject’s identity if this is necessary to protect personal data and prevent disclosure to an unauthorized person.

4. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

IX. Security of Personal Data

1. The controller has adopted appropriate technical and organizational measures to secure personal data.

2. The controller takes care in particular to protect personal data against unauthorized access, loss, destruction, alteration, unauthorized disclosure or other unauthorized processing.

3. Personal data is accessible only to persons who need it to fulfill their employment, contractual or legal obligations.

4. Persons involved in the processing of personal data are bound by confidentiality or an equivalent contractual obligation.

5. For the operation of the online store, the controller uses technical service providers, especially the provider of the e-commerce solution, hosting, payment, e-mailing, analytical and marketing services. These providers process personal data only to the extent necessary to provide the relevant service.

X. Final Provisions

1. By submitting an order, the customer confirms that they have read this Privacy Policy.

2. If the processing of personal data is based on consent, the data subject gives consent by a separate active action, especially by ticking the relevant checkbox, clicking a confirmation button or selecting an option in the cookie settings.

3. The controller is entitled to amend this Privacy Policy. The current version of the Privacy Policy is always published on the controller’s website.

4. This Privacy Policy becomes effective on 1. 1. 2026.

What are you looking for?

We recommend