Privacy policy, GDPR & cookies

Your personal data is safe with us. We’ll take care of it with even more love than dictated by Act No. 110/2019 Coll.   

Privacy policy & GDPR

For websites a Last updated 1 January 2022. 

Anna Marešová designers s.r.o., with place of business at Prague 7, Kamenická  746/37, 170 00, ID No: 242 10 234, recorded in the Commercial Register of the Municipal Court in Prague, section C, insert 188943 (hereinafter the Controller), in its capacity as an controller of personal data, in relation to Regulation (EU) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter GDPR) and the related legislation has adopted this privacy policy in order to inform its customers and potential customers about the processing of their personal data in connection with the commercial activities of the Controller.

  1. Data processing purpose and legal basis

    1. Contractual relationship

      The Controller collects and processes personal data provided by its customers when they purchase goods through its online shop. The processing of personal data is necessary for the conclusion and fulfilment of the contract. If the customer does not agree to provide his/her personal data, the contract cannot be concluded. For the purpose of conducting the contractual relationship, the customer’s personal data is processed by means of online registration (name and surname, address, identification number or tax identification number), his/her contact details (email or phone number), and information related to the subject of the contract (identification of the goods, payment method including payment details such as the customer’s bank account number and bank identification information). The Controller is also entitled to process this data for the protection of its rights in case of any potential dispute with the customer. The aforesaid data will be processed and stored for the duration of the contractual relationship, or even longer if required by law or necessary for the protection of the Controller’s rights.

    2. Marketing activities

      On the basis of the valid legislation, the Controller may use the personal data of the customer to disseminate commercial communications concerning product or service offers like those already provided to customers, whereas the personal data will be processed and stored for the duration of the contractual relationship unless the customer revokes his/her consent.

      The legal basis for such processing is the legitimate interest of the Controller.

      In all other cases, the Controller processes the personal data of its customers or potential customers with their consent only. It typically happens when a potential customer grants their consent to being sent newsletters or other commercial messages by the Controller. This also concerns cases when the Controller collects and processes additional data received during their mutual contractual relationship (such as customer purchasing habits, preferences, and logs including IP address or cookies used for identifying such preferences) in order to offer of goods and services directly. The processing of personal data is voluntary and bears no impact on the contractual relationship regardless of whether consent is given or not. If consent is given, it is valid for the time necessary to process the data, unless and until the customer revokes it.

    3. Maintenance of online shop and website

      The Controller also processes log data, which may include IP addresses and/or cookies, for the purposes of operation of the online shop as well as maintenance of the website. If the customer or potential customer does not agree with the processing of this data, he/she may block the use of cookies in his/her browser settings, or refuse the use of cookies directly on the Controller’s website. In such cases, the customer or potential customer acknowledges that the online shop or website may not work properly and that the Controller is not liable for any difficulties. The personal data under this paragraph will be processed and stored only for the time necessary to maintain the website and online shop (no more than a few days or weeks).

  2. Method of processing

    1. The Controller processes personal data under Article 1 above by means of online registration or by concluding a contractual relationship through its online shop. Therefore, personal data is automatically processed in electronic form. If necessary, personal data may be processed manually in paper form, e.g., through a paper order. Personal data is stored in the Controller’s information system and can be backed-up on back-up server/data carriers if necessary.

    2. The Controller has adopted all necessary security measures to prevent any unlawful or accidental access to personal data, its alteration, destruction or loss, unauthorized transmission, or other unauthorized processing or abuse.

    3. As pertains to automated processing, the Controller has adopted security measures that allow access to the automated processing systems to authorized persons only. These persons shall have access only to information corresponding to their authorization and on the basis of the specific user authorizations established exclusively for these persons. The Controller shall keep electronic records that allow for the identification and verification of when, by whom, and for what reasons personal data was accessed or otherwise processed.

  3. Transfer and access to personal data

    1. Personal data is collected and processed solely by the Controller, on the understanding that the Controller may also use the services of third parties for processing of personal data and these third parties may process this data, for example for the purpose of sending marketing materials. These third parties (IT services, accounting company) are always bound by agreements to preserve confidentiality and must not use information for any other purposes. List of third parties is: ECOMAIL.CZ s.r.o., Na Zderaze 1275/15, Praha 2, 120 00, ID No. 02762943. The Controller also transfers personal data necessary for the delivery of ordered goods to parties responsible for such delivery (i.e., Czech Post, s.p., Politických vězňů 909/4, 225 99, Praha 1, ID No. 471 14 983; PPL CZ s.r.o., K Borovému 99, Jažlovice, 251 01, Říčany, ID No. 251 94 798 or Zásilkovna s.r.o., Českomoravská 2408/1a, 190 00, ID No. 284 08 306).

    2. Personal data will be available only to the employees of the Controller who are bound by confidentiality as regards personal data as well as valid security measures. Employees are entitled to process personal data only per the explicit instructions of the Controller. The confidentiality obligation of employees continues after the termination of the employment relationship.

  4. Links to other sites

    1. The website of the Controller may contain links to other sites that are not operated by the Controller. After clicking on a third-party link, the customer or potential customer will be directed to that third-party website. The Controller has no control over and assumes no responsibility for the content, privacy policies, or practices of any third-party websites or services. The Controller strongly advises its customers and potential customers to review the privacy policy of every site they visit.

  5. Social media widgets

    1. The Controller’s websites may include social media features, such as a Facebook or Twitter button. These features may collect information on the customers or visitors to the website, such as IP address and pages they are visiting and may set a cookie to enable the feature to function properly. The processing of data through interaction with these features is governed by the privacy policy of the company providing it.

  6. Child privacy

    1. The website, online shop, and related marketing services may only be accessed by customers or potential customers who are 18 years of age or older. The Controller does not knowingly collect personally identifiable data from persons under 18. If the customer or potential customer is a parent or guardian and is aware that his/her child has provided the Controller with his/her personal data, the Controller should be informed of this. If the Controller discovers that a person under 18 has provided it with personal data, the Controller will immediately delete such information from its servers.

  7. Right to information

    1. The data subject is always entitled to access personal data which the Controller holds concerning them. The data subject may request a summary of this information by contacting the Controller at [email protected] or +420 778 065 388. In the case of an e-mail request, enter “Request for personal data” as the subject of your e-mail to enable us to process your request as quickly as possible.

    2. The content of this information is always a message about:

      1. the purpose of processing personal data;

      2. personal data or the categories of personal data that are subject to processing, including all available information about its source;

      3. the character of automated processing in relation to its use in decision-making if, on the basis of such processing, operations are being performed or decisions are being made whose content encroaches on the rights and legitimate interests of the data

      4. the recipient and/or categories of recipients.

    3. For the provision of such information, the Controller is entitled to reasonable reimbursement not exceeding the costs necessary for the providing the information.

  8. Right to correction

    1. If the data subject believes the Controller is processing his/her personal data contrary to law or to his/her private or personal life, in particular if his/her personal data is inaccurate regarding the purpose of processing, the data subject may:

      1. Ask the Controller for an explanation.

      2. Demand rectification, i.e., restriction of processing, correction, completion, or deletion of his/her personal data.

    2. If the demand is deemed justifiable, the Controller is obliged to rectify the improper state of affairs without delay. If the Controller does not comply with the demand, the data subject is entitled to directly contact the Czech Data Protection Authority, with registered office at Pplk. Sochora 27, 170 00 Prague 7,

    3. If the basis for processing of personal data is the legitimate interest of the Controller (including direct marketing), the data subject may raise objection to such processing if this processing relates to the purpose being objected to.

    4. If technically feasible, the data subject may also request that the Controller provide his/her personal data for the purpose of further provision of this to the personal data Controller indicated by him/her (either directly or via the data subject).

  9. Changes to this privacy policy

    1. The Controller may update this policy from time to time and will notify customers of any changes by posting the new privacy policy on the website. Customers and potential customers are advised to review this privacy policy periodically for any changes.

  10. Contact us

    1. If you have any questions about this privacy policy or would like to exercise your rights stipulated herein, please contact us at Anna Marešová designers, Kamenická 37, 170 00 Praha 7, [email protected], or by phone at +420 778 065 388.

Cookies policy

Because we also have adult products, we have to ask:
 Have you turned 18 already?