Principles of processing and protecting personal data

These Processing and Personal Data Protection Principles (hereinafter referred to as "Principles") outline the fundamental guidelines followed by Zuzana Hajná, Business ID: 75532301 (hereinafter referred to as the "Company") in the acquisition and processing of personal data. These Principles uphold the rights and obligations of the Company, particularly stemming from the following generally binding legal regulations:

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "GDPR");

  2. Act No. 480/2004 Coll., on certain information society services and on amendment to certain acts (Act on Certain Information Society Services), as amended (hereinafter referred to as "Act on Certain Information Society Services"); and

  3. Act No. 127/2005 Coll., on electronic communications and on amendment to certain related acts (Electronic Communications Act), as amended ("Electronic Communications Act").

These Principles apply to all individuals visiting the website (hereinafter referred to as the "e-shop"), regardless of whether they are in a contractual relationship with the Company or not.

Definition of Personal Data

In accordance with the GDPR, personal data means all information relating to an identified or identifiable natural person (not a legal person). In essence, this includes any information that, either on its own or when combined with other information, can be used to identify a specific individual (hereinafter referred to as "Personal Data").

Types of Personal Data Processed by the Company

The Company may collect the following types of Personal Data:

1. Personal Data Provided by Individuals to the Company.

Such Personal Data includes, but is not limited to, information provided in completed registration, order, or other forms, or information conveyed to the Company via email, telephone, fax, or similar means. Personal Data can also be provided to the Company through [contests], [product or service review submissions], [training session reservations], or [general inquiries]. This primarily includes names, surnames, mailing addresses, email addresses, phone numbers, bank account details, chosen payment method details, etc.

The aforementioned Personal Data will be processed by the Company for the purpose of:

a. providing services, products, or information that you have expressed interest in;

b. providing information about other services or products similar to those previously purchased if you are an existing customer;

c. sending marketing communications and product/service offers to new customers only with explicit consent;

d. evaluating and assessing your job application.

2. Personal Data Collected by the Company

During your visit to our e-shop, the Company may collect certain information necessary for the proper and convenient operation of the e-shop. This information includes internet protocol (IP) data used to connect your computer to the internet, your registration details, browser type and version, time zone settings, browser plug-ins, visit details (including valid Uniform Resource Locator (URL)), path to and from the e-shop (including date and time), viewed or searched products, response times, download errors, duration of visits to specific pages, interaction information during page visits (e.g., scrolling, clicks, and mouse position), or exit methods from pages.

The Company uses this personal data for the management and improvement of the e-shop, internal operations such as issue resolution, data analysis, testing, research, statistical purposes, and frequency recording. Furthermore, this personal data can be used to measure advertising effectiveness and provide relevant advertising.

Provision of Personal Data

Personal data obtained by the Company about you may be shared within the [●] group, i.e. related entities of the Company; and third parties ("Processors") that assist the Company in fulfilling its contractual obligations through the provision of specific services (e.g., service delivery). The Company only provides personal data to Processors that guarantee an adequate level of security for your Personal Data and process them solely based on a data processing agreement.

In this context, the Company may share Personal Data with these Processors:

  1. external collaborators and suppliers to fulfill the Company's contractual obligations;

  2. payment service providers and payment processors to secure financial transactions and payment processing;

  3. postal and delivery service providers for the delivery of products or services offered by the Company;

  4. e-shop administrator.

Under certain circumstances, the Company may be obliged to provide your Personal Data to third parties (e.g., authorities engaged in criminal proceedings) in accordance with applicable legal regulations.

Means of Personal Data Protection

To protect against unauthorized access to Personal Data and to minimize risk, the Company has implemented organizational and technical measures.

These measures include:

  1. organizational restrictions limiting the number of individuals authorized to access Personal Data; and

  2. technical security of the Company's servers and e-shop to prevent unauthorized manipulation.

Individuals accessing Personal Data are informed about data protection principles and are bound by confidentiality during data processing.

Retention Period for Personal Data

The Company retains Personal Data only for the time necessary to fulfill its contractual obligations and obligations arising from relevant legal regulations. Personal data processed based on your consent is retained for the duration of the purpose for which consent was given.

Upon the expiration of the legal basis for processing your Personal Data, the Company will destroy this data and all existing copies.


The Company employs "cookies" during the operation of its e-shop, which are small text files (hereinafter referred to as "Cookies") sent from the Company's server to your browser. Upon revisiting the e-shop, Cookies are sent back to the Company's server. Cookies allow the Company to recognize your browser, remember information about your previous activities on the e-shop, and customize e-shop content to your needs.

The Company uses the following types of Cookies:

  1. [First-party cookies enabling the basic operation and functionality of the website, without which the website's content cannot be correctly displayed;]

  2. [Technical cookies allowing the analysis of website usage, secure login, remembering the order completion process, saving registration details, and the contents of your shopping cart;]

  3. [Advertising cookies enabling targeted advertising, sharing website content on social media, and adding comments to products.]

Cookies can be removed through your browser settings. You can also configure your browser to prevent automatic storage of cookies. However, blocking, disabling, or otherwise rejecting some cookies may result in improper website display or the inability to use certain e-shop services or features.

Rights of Data Subjects

Regarding the processing of your Personal Data by the Company, you have the following data protection rights guaranteed by law:

  1. the right to withdraw consent to Personal Data processing if the processing is based on your consent;

  2. the right to request access to Personal Data and information about which of your Personal Data are being processed by the Company;

  3. the right to rectify inaccurate Personal Data and, in certain cases, to supplement incomplete Personal Data;

  4. the right to erase processed Personal Data;

  5. the right to restrict Personal Data processing;

  6. the right to receive the Personal Data you provided to the Company in a structured, commonly used, and machine-readable format and the right to transmit this data to another controller;

  7. the right to be informed about breaches of Personal Data security;

  8. the right to object to Personal Data processing; and

  9. the right to lodge a complaint with the supervisory authority, the Office for Personal Data Protection, at Pplk. Sochora 27, 170 00 Prague 7, or by data box to address qkbaa2n.

These rights and potential complaints can be exercised with the Company, as the data controller, in writing at the address provided below or via email at