GDPR

Privacy Policy

This policy explains how the company Zlatá Morava s.r.o. processes personal data of customers and visitors of the online store svahovesekacky.eu.

1. Basic Provisions

1.1. The personal data controller under Regulation (EU) 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation (GDPR), is Zlatá Morava s.r.o., with its registered office at Lidická 700/19, Veveří, 602 00 Brno, ID No.: 21180385, VAT ID: CZ21180385, registered in the Commercial Register maintained by the Regional Court in Brno, Section C, File 137773 (the "controller").

1.2. The controller's contact details are: e-mail info.zlatamorava@gmail.com, telefon +420 724 250 063 a +420 725 046 371.

1.3. Personal data means any information about an identified or identifiable natural person. Personal data processing is governed mainly by GDPR and Act No. 110/2019 Coll., on Personal Data Processing.

2. What Personal Data We Process

2.1. The controller processes personal data provided by the customer when placing an order, registering a user account, communicating with the controller, making a complaint or submitting an enquiry.

2.2. Processed data may include in particular name and surname, billing and delivery address, e-mail address, telephone number, order details, payment data to the extent necessary to identify payment, data included in communication with the controller and technical data related to website operation.

2.3. The controller does not process special categories of personal data under Article 9 GDPR unless the customer voluntarily provides such data without being requested.

3. Purposes and Legal Bases of Processing

3.1. The controller processes personal data to handle orders, deliver goods, communicate with customers, arrange payments, issue accounting and tax documents, handle complaints and protect legal claims.

3.2. The legal basis for processing is mainly performance of a contract or steps taken before entering into a contract under Article 6(1)(b) GDPR.

3.3. For accounting and tax documents, the legal basis is compliance with a legal obligation under Article 6(1)(c) GDPR.

3.4. For protection of legal claims, basic administration of customer communication and website security, the legal basis is the controller's legitimate interest under Article 6(1)(f) GDPR.

3.5. If the controller processes personal data based on consent, for example for certain marketing or analytical purposes, the legal basis is Article 6(1)(a) GDPR. Consent may be withdrawn at any time.

3.6. Providing personal data necessary for an order is a contractual requirement. Without this data, the order cannot be concluded and fulfilled.

4. Personal Data Retention Period

4.1. Personal data processed for handling an order is stored for the time necessary to perform the contract and subsequently for the period needed to protect legal claims.

4.2. Accounting and tax documents are stored for the period required by legal regulations, especially accounting and tax legislation.

4.3. Data related to complaints is stored for the duration of the complaint procedure and then for the period necessary to protect legal claims.

4.4. Data processed on the basis of consent is stored for the duration of the consent or until it is withdrawn, unless another legal reason for further processing exists.

4.5. After the relevant retention period expires, the controller deletes or anonymises personal data unless there is a legal reason for further processing.

5. Recipients and Processors of Personal Data

5.1. Personal data may be transferred only to the extent necessary to fulfil the above purposes.

5.2. Recipients or processors of personal data may include in particular the provider of website operation and hosting, website administrators, providers of the WordPress and WooCommerce e-shop system to the extent of online store operation, accounting and tax service providers, the controller's bank, carriers or persons ensuring delivery of goods, service partners, legal or tax advisers and public authorities where required by law.

5.3. The online store runs on WordPress with WooCommerce. Elementor, Elementor Pro and Essential Addons for Elementor are used for creating and managing website content.

5.4. If the controller uses third-party analytics or marketing tools, they will be used only in accordance with legal regulations and user consent settings where consent is required.

5.5. The controller does not intend to transfer personal data to third countries outside the European Union or to international organisations unless necessary for a specific service and in accordance with GDPR.

6. Cookies and Technical Data

6.1. The website uses cookies necessary for its operation, especially for basket, checkout, login and website security functions.

6.2. Other cookies, such as analytics or marketing cookies, may be used only in accordance with legal regulations and the website visitor's consent settings.

6.3. Technical data, such as IP address, device information, browser information or website error states, may be processed for safe and reliable operation of the website.

7. Rights of the Data Subject

7.1. Under the conditions set by GDPR, the data subject has the right of access to personal data, the right to rectification of inaccurate data, the right to erasure, the right to restriction of processing, the right to object to processing, the right to data portability and the right to withdraw consent where processing is based on consent.

7.2. The data subject may exercise their rights by e-mail at info.zlatamorava@gmail.com or in writing to the controller's registered office address.

7.3. If the data subject believes that personal data protection regulations are being breached, they have the right to lodge a complaint with the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, website https://uoou.gov.cz.

8. Personal Data Security

8.1. The controller has adopted appropriate technical and organisational measures to secure personal data and restrict access only to persons who need it to perform their tasks.

8.2. Measures include in particular password protection, restricted permissions, technical website administration, updates of used software and appropriate protection of devices and data storage.

8.3. Persons involved in personal data processing are obliged to maintain confidentiality.

9. Automated Decision-Making

9.1. The controller does not carry out automated individual decision-making or profiling that would have legal effects for the data subject or similarly significantly affect them.

10. Final Provisions

10.1. This policy may be updated by the controller, especially in the event of changes to used services, legal regulations or the method of processing personal data.

10.2. The current wording of the policy is always published on the controller's website.

10.3. This policy is effective from 4. 6. 2026.