Customer support:+420571116425info@worldofstones.eu
    Currency
    EUR
    Language
    English
    Home / Privacy Policy

    Privacy Policy

    PRIVACY POLICY (PERSONAL DATA PROTECTION TERMS)

    This Privacy Policy (“Policy”) describes how SVĚT KAMENŮ s.r.o., Company ID: 07496303, with its registered office at nábřeží Dukelských hrdinů 2269, 756 61 Rožnov pod Radhoštěm (“Controller” or “we”) processes personal data of e-shop visitors and customers in connection with the operation of the online store www.worldofstones.eu, in accordance with Regulation (EU) 2016/679 (“GDPR”).

    1. Basic provisions
      1. The Controller of personal data is SVĚT KAMENŮ s.r.o., Company ID: 07496303, with its registered office at nábřeží Dukelských hrdinů 2269, 756 61 Rožnov pod Radhoštěm.
      2. Controller contact details:
        Contact person: Pavla Křenková
        Address: nábřeží Dukelských hrdinů 2269, 756 61 Rožnov pod Radhoštěm
        E-mail: info@svetkamenu.cz
        Phone: +420 571 657 766
      3. The Controller has not appointed a Data Protection Officer (DPO).
      4. Personal data means any information relating to an identified or identifiable natural person.
    2. What personal data we process (data categories) and where we obtain it
      1. We obtain personal data mainly directly from you (when placing an order, creating an account, or communicating with us), and also automatically when you use our website (cookies/online identifiers).
      2. We typically process the following categories of personal data:
        • Identification data: first name, last name; and company name/Company ID/VAT ID if you purchase as a business.
        • Contact data: e-mail, phone number, delivery and billing address.
        • Order data: order contents, date, price, chosen delivery and payment method, and any order notes.
        • Payment data: payment status information and transaction identifiers (we do not process payment card numbers).
        • Delivery data: chosen carrier, pickup point, delivery details and shipment tracking information.
        • Communication data: the content of e-mail/phone communication (e.g., inquiries, complaints, withdrawals).
        • Technical data: cookies, IP address, device/browser type, and website usage data (mainly for analytics and advertising measurement).
    3. Purposes and legal bases of processing
      1. Order processing and performance of the contract (including delivery, order communication, handling complaints and withdrawals): processing is necessary for the performance of a contract under Article 6(1)(b) GDPR.
      2. Compliance with legal obligations (especially accounting and tax obligations, consumer rights handling): processing is necessary for compliance with a legal obligation under Article 6(1)(c) GDPR.
      3. Protection of legal claims and operational security (e.g., fraud prevention, debt recovery, legal defence): processing is based on our legitimate interest under Article 6(1)(f) GDPR.
      4. Direct marketing (sending commercial communications/newsletters):
        • if you are our customer, we may send you offers of similar products in accordance with applicable laws; you can object/unsubscribe at any time (opt-out),
        • if you are not our customer, we will send marketing communications only based on your consent (opt-in) under Article 6(1)(a) GDPR.
      5. Analytics and advertising measurement (e.g., Google Analytics / Google Ads): processing is carried out based on your consent via the cookie banner, where such consent is required (Article 6(1)(a) GDPR).
      6. Automated individual decision-making: The Controller does not carry out automated individual decision-making within the meaning of Article 22 GDPR.
    4. Retention period
      1. Data related to your order and the contract is stored for the duration of the contractual relationship and thereafter for the period necessary to protect our legal claims (typically for the duration of limitation periods).
      2. Accounting and tax documents are stored for the period required by applicable laws.
      3. Data for sending marketing communications is stored until you unsubscribe/object, or withdraw your consent (as applicable).
      4. After the relevant retention periods expire, we delete or anonymise the personal data.
    5. Recipients of personal data (processors) and data sharing
      1. We share your personal data only to the extent necessary and only with the following categories of recipients:
        • E-shop platform, hosting and e-mailing provider: Shoptet (operation of the e-shop, hosting and mailings).
        • Payment gateway: GoPay (processing online payments).
        • Carriers: DPD and Packeta (Zásilkovna) (delivery, pickup points, tracking; and for cash on delivery also payment collection).
        • Google: tools for analytics and advertising measurement (Google Analytics, Google Ads) – depending on your cookie consent settings.
      2. We do not share personal data with other third parties unless we have a legal basis to do so or your instruction/consent.
    6. Transfers to third countries (outside the EU/EEA)
      1. In connection with the use of analytics or advertising tools (e.g., Google services), the Controller may transfer or make personal data accessible to providers established outside the EU/EEA, where necessary and where appropriate safeguards are ensured (in particular Standard Contractual Clauses, or an adequacy decision where applicable).
      2. Current information about cookies used and potential recipients is available in the cookie settings on our website.
    7. Cookies and similar technologies
      1. We use cookies and similar technologies on our website to ensure the functionality of the e-shop, security, traffic measurement, and marketing evaluation.
      2. Consent settings (granting/refusing) for analytics and marketing cookies are managed through the cookie banner / cookie settings on the website.
      3. You can change your cookie consent at any time in the cookie settings.
    8. Your rights
      1. Under the conditions set out in the GDPR, you have in particular the right to:
        • access your personal data (Article 15 GDPR),
        • rectification (Article 16 GDPR),
        • erasure (“right to be forgotten”) (Article 17 GDPR),
        • restriction of processing (Article 18 GDPR),
        • object to processing (Article 21 GDPR), especially direct marketing,
        • data portability (Article 20 GDPR),
        • withdraw consent (where processing is based on consent) at any time, without affecting the lawfulness of processing before withdrawal.
      2. You may exercise your rights by e-mail at info@svetkamenu.cz or in writing to the Controller’s address stated in Section 1.
      3. You also have the right to lodge a complaint with the supervisory authority: Úřad pro ochranu osobních údajů, Pplk. Sochora 27, 170 00 Praha 7, Czech Republic.
    9. Personal data security
      1. The Controller has implemented appropriate technical and organisational measures to protect personal data (in particular access security, communication encryption, and access rights management).
      2. Personal data is accessible only to authorised persons of the Controller or contractual processors to the extent necessary.
    10. Final provisions
      1. By placing an order and/or ticking the relevant boxes in the e-shop, you confirm that you have familiarised yourself with this Policy.
      2. The Controller is entitled to amend this Policy; the current version is always available on the e-shop website.
      3. This Policy is effective as of 1 January 2026.
    Vytvořil Shoptet | Design Shoptak.cz