Privacy Policy

Personal Data Protection

I. Basic Provisions

The controller of personal data is Vitalii Boldovskyi, located at Frýdlantská 1312/19, 182 00, Prague 8 - Kobylisy, Identification Number: 19355432, a natural person registered in the trade register (hereinafter referred to as the "controller").

II. Basic Information on Processing Personal Data

  1. Personal data means information related to an identified or identifiable natural person.
  2. Personal data of the client are collected in the case of:
    • registering an account in the online store;
    • placing an order in the online store;
    • subscribing to the newsletter.
  3. In case of account registration, the client provides:
    • first and last name
    • email address
    • postal code and place of residence
    • street and address
  4. When ordering, the buyer provides:
    • email address
    • recipient details
    • postal code and place of residence
    • country
  5. Additional data (IP address, browser type, operating system) may be collected automatically when using the online store.
  6. If required information is not provided, creating an account or placing an order may not be possible.

III. Legal Basis and Purpose of Processing Personal Data

  1. The legal basis for processing personal data is:
    • performance of the contract;
    • consent of the client;
    • compliance with legal obligations.
  2. The purpose of processing personal data includes:
    • order processing;
    • customer account management;
    • communication (newsletters and promotions);
    • compliance with legal obligations.

IV. Recipients of Personal Data

  1. Customer's personal data may be provided to:
    • courier companies (for delivery purposes);
    • payment service providers (for payment processing). One of these providers is Fenige S.A., located at ul. Promienna 38/1, 03-672 Warsaw, Poland. Fenige processes personal data necessary for payment transactions made by customers in the online store. Fenige is a licensed payment institution complying with PCI DSS standards and GDPR regulations.
  2. Service providers are located primarily in the Czech Republic and other EU countries.
  3. Authorized state authorities may receive personal data upon request.

V. Data Retention Period

  1. Personal data retention periods:
    • Order-related data: stored for up to 10 years after transaction;
    • Marketing data: stored for 4 years or until consent withdrawal.

VI. Cookies and IP Address

  1. The online store uses cookies for customer authentication, session management, and website optimization (Google Analytics).
  2. Clients may restrict cookie usage through browser settings.

VII. Rights of Data Subjects

  1. Clients have rights to:
    • access their personal data;
    • correct or complete personal data;
    • delete personal data;
    • restrict personal data processing;
    • data portability;
    • object to data processing.
  2. Requests and complaints can be directed to hennashop2023@gmail.com.
  3. Clients can lodge complaints with supervisory authorities.

VII. Security Management — Password

  1. The store uses SSL encryption for data security.
  2. Passwords are securely managed and can be reset via email.
  3. The controller never requests passwords from clients directly.

VII. Final Provisions

  1. The controller reserves the right to update these terms. Any updates will be published on the controller's website.
  2. By using the online store, clients accept the terms outlined herein.
  3. Questions regarding data protection should be directed to hennashop2023@gmail.com.

Last updated: 17 March 2025