Privacy Policy

1. Basic provisions

1.1. The controller of personal data pursuant to Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“GDPR”) ) is the company Petr Červený-Floriánova huť, IČO: 12031615, with its registered office at Pod Holým vrchem 1744, Česká Lípa, 470 01 (hereinafter referred to as the “administrator”).

1.2. Admin contact information is:
Address: Častolovice 16, Česká Lípa, 47001
Email address:

Telephone: +420603894297

If you have any questions or comments about the processing of your personal data or you wish to exercise any of your rights listed below, please contact the administrator using the contact details provided.

1.3. Personal information means any information about an identified or identifiable individual. An identifiable natural person is a natural person who can be directly or indirectly identified, in particular by reference to a specific identifier, such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, mental, economic, cultural elements. or the social identity of that natural person.

1.4. The administrator has not appointed a privacy officer.

2. Sources and categories of personal data processed

2.1. Your administrator processes the personal information you provide or the personal information that your administrator has obtained through the execution of your order.

2.2. The administrator primarily processes your identification, address, and payment information. The administrator thus processes your personal data in particular to the extent: title, name, surname, ID number, VAT number, address, or delivery address, telephone, e-mail, bank details, data on possible complaints and its settlement, accounting documents, access data to the customer account, purchase information, and purchase history.

2.3. Personal information is processed automatically and manually.

3. Legal basis and purposes of personal data processing

3.1. The processing of your personal data by the administrator is based on the following legal bases of processing:

  • performance of the contract between you and the administrator pursuant to Article 6 (1) (a) b) GDPR,
  • compliance with the legal obligation under Article 6 (1) (a) c) GDPR,
  • the legitimate interest of the administrator under Article 6 (1) (a) f) GDPR,
  • Your consent to processing for the purposes of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6 (1) (a) a) GDPR in conjunction with the provisions of Section 7, Paragraph 2 of Act No. 480/2004 Coll., on Certain Information Society Services in the event that no goods or services have been ordered.

3.2. It follows from the above that the controller is entitled to process personal data in particular without the consent of the data subject, as he performs the processing necessary for the performance of the contract and the fulfillment of legal obligations. Personal data is therefore necessary for the continuation of business cooperation. The administrator is also entitled to process personal data due to its legitimate interests (eg claims in litigation), as well as the administrator is entitled to process your personal data for direct marketing purposes based on the legitimate interest of the administrator, unless you object to such processing. The administrator is also entitled to process your personal data with your consent, unless you revoke this consent.

3.3. The administrator processes personal data mainly for the purposes of: receiving and processing your orders, invoicing, delivery of goods, business communications, records, user account management, fulfillment of all rights arising from purchase agreements concluded between you and administrator, bookkeeping. The administrator also processes personal data for the purpose of direct marketing, where he addresses you with interesting offers suitable for you, including sending business messages (eg news, discounts and information about new products) by electronic means (e-mail, SMS), if you did not refuse to send business messages. For the purpose of direct marketing, the administrator may also contact you on the basis of your consent to the processing of personal data.

3.4. There is no automatic individual decision by the administrator within the meaning of Article 22 of the GDPR.

4. Retention period

4.1. The administrator stores your personal information:

  • For a maximum period of 10 calendar years after the end of the cooperation with the administrator,
  • Tax and accounting records will be retained for the period specified by applicable law (5-10 years from the end of the accounting period).
  • In the case of processing personal data for direct marketing purposes, the controller will keep the personal data until you object to the processing for direct marketing purposes. cooperation with the administrator;
  • in the case of the processing of personal data with the consent of the data subjects, until the consent to the processing of personal data for marketing purposes is withdrawn.

4.2. After the retention period, the administrator will delete the personal data.

5. Processors and recipients of personal data

5.1. In addition to the controller’s employees, your personal information is also processed by third parties authorized by the controller under the personal data processing agreement. The administrator uses the processor, for example, in bookkeeping or in connection with the operation of the e-shop.

5.2. As far as the recipient of personal data is concerned, your personal data may be provided to third parties if necessary for the execution of the order (eg by the carrier of the ordered goods), disclosure is a legal obligation (e.g. law enforcement agencies, courts) or the data are made available to protect the rights of the controller (eg lawyers).

5.3. The controller does not intend to transfer personal data to a third country (non-EU) or to an international organization.

6. Rights of data subjects (customer)

6.1. Under the conditions set out in the GDPR, you have the following rights:

  • The right to information about the processing of personal data
  • The right to access personal data, including the right to a copy of personal data,
  • The right to rectification or to restrict processing
  • The right to transfer personal data to another controller
  • The right to delete personal data
  • The right to withdraw consent to the processing of personal data.

6.2. You can object to the processing of personal data for direct marketing purposes at any time and the personal data will be deleted (unless the administrator has another reason to process it).

6.3. You may also object to the processing of personal data due to other legitimate interests of the controller at any time and the personal data will be deleted unless the controller demonstrates compelling legitimate reasons for processing that outweigh the interests or rights of the customer.

6.4. All applications must be submitted through the administrator’s contact information above.

6.5. You also have the right to file a complaint with the Privacy Office if you believe that your right to privacy has been violated.

7. Data security

7.1. The administrator declares that he has taken all appropriate technical and organizational measures to secure personal data.

7.2. The administrator has taken technical measures to secure data repositories and personal data repositories, in particular…

7.3 . The controller declares that only persons authorized by him have access to personal data.

8. Final provisions

8.1. By submitting an order from the online order form, you acknowledge that you are familiar with this personal information processing information.

8.2. You also agree to this information by consenting via the online form. By checking the consent, you confirm that you are familiar with the conditions of personal data protection and that you accept them in full.

8.3. The administrator is authorized to change this information. It will publish the new version of the information on personal data protection on its website and at the same time send the new version to your e-mail address provided to the administrator.

In Česká Lípa on January 1, 2020