Bohéme Collection - hotel facilities
Menu
close
0,00 
0 pcs
Menu
Category

PRIVACY POLICY

I. Introductory provisions

This Privacy Policy describes how Národní export s.r.o., ID No. 24311120, with its registered office at Vejvodova 445/1, 110 00 Prague 1, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File 195528 (hereinafter referred to as the "Controller"), processes the personal data of natural persons in connection with its business activities.

The administrator can be contacted at:
 Address: Vejvodova 445/1, 110 00 Prague 1
 Email: info@narodniexport.com
 Phone +420 606 098 980

Personal data means any information relating to an identified or identifiable natural person.

The controller has not appointed a data protection officer because it does not fall within the categories of mandatory entities under Article 37 of the GDPR.

II. What personal data we process

The administrator only processes data necessary for specific purposes. These include, in particular:

1. Information necessary for concluding and performing the contract:

  • first and last name

  • email address

  • phone number

  • mailing/delivery address

  • order details and history

  • payment details (not payment card details)

2. Data collected when using the website:

  • IP address

  • cookies (technical, analytical, marketing – according to consent settings)

  • data on website behavior (if the analytics tool is enabled)

3. Data for marketing:

  • e-mail (newsletter)

  • history of responses to marketing campaigns

III. Purposes and legal bases of processing

1. Performance of a contract (Article 6(1)(b) of the GDPR)

Includes:

  • order processing

  • communication with customers

  • complaints, returns, service

2. Compliance with legal obligations (Article 6(1)(c) of the GDPR)

Includes:

  • bookkeeping

  • tax obligations

  • archiving of documents in accordance with legal regulations

3. Legitimate interest of the controller (Article 6(1)(f) of the GDPR)

Includes:

  • direct marketing to customers (commercial communications by email pursuant to Section 7(3) of Act No. 480/2004 Coll.)

  • protection of legal claims

  • website security and abuse prevention

4. Consent of the data subject (Article 6(1)(a) of the GDPR)

Includes:

  • sending newsletters to non-customers

  • advanced analytics and marketing cookies

  • personalized offers and remarketing
  • Marketing and analytical cookies include third-party tools (e.g., Google, Meta, Seznam) that may process data about behavior on the website for the purposes of measuring traffic and personalizing advertising.

Consent may be revoked at any time.

❗ The controller does not engage in automated individual decision-making or profiling with legal effects pursuant to Article 22 of the GDPR.

IV. Period of retention of personal data

  • Data for contract fulfillment: for the duration of the contractual relationship and subsequently for 10 years (for accounting and tax legislation reasons).

  • Data for direct marketing: until you opt out.

  • Data processed on the basis of consent: until consent is revoked, for a maximum of 5 years.

  • Cookies: depending on the type – from the end of the session up to 13 months.

After the expiry of the deadlines, the data will be reliably deleted or anonymized.

V. Recipients of personal data

Personal data may be transferred to the following categories of recipients:

  • logistics service providers (carriers)

  • payment service providers

  • IT service and web hosting providers

  • marketing service and email providers

  • accountants and tax advisors

  • analytical tool providers (if consent is given)

The controller may also transfer personal data to the following specific recipients in the field of marketing and analytics, always on the basis of the data subject's consent:

  • Meta Platforms Ireland Limited, with its registered office in Dublin, Ireland
     (Facebook and Instagram marketing and remarketing tools – Meta Pixel)

  • Google Ireland Limited, with its registered office in Dublin, Ireland
     (Google Analytics web analytics, Google Ads advertising system)

  • LinkedIn Ireland Unlimited Company, with its registered office in Dublin, Ireland
     (LinkedIn advertising and analytics tools)

  • Seznam.cz, Inc., based in Prague, Czech Republic
     (Sklik advertising system, analytical and marketing tools, Zboží.cz)

  • Heureka Shopping s.r.o., based in Prague, Czech Republic
     (product comparison site Heureka.cz)

Transfer to third countries

If services from providers based outside the EU are used (e.g., e-mailing tool or cloud), the transfer is based on:

  • EU–US Data Privacy Frameworkif the provider is certified, or

  • Standard Contractual Clauses (SCC) approved by the European Commission.

The administrator only transfers data to providers who ensure an adequate level of protection.

VI. Personal data processors

The controller may use the following processors in particular for processing:

  • e-mailing service provider (e.g., Mailchimp – The Rocket Science Group LLC / SmartSelling a.s.)

  • web hosting provider

  • software system providers (CRM, accounting software)

  • carriers (PPL, DPD, Czech Post, etc.)

  • Internet analytics provider (Google Analytics – based on consent)

The controller uses the following processors to process personal data:

  • SmartSelling, Inc.
     (SmartEmailing e-mailing platform)

  • web hosting and server service providers

  • providers of accounting and invoicing systems

  • transport companies (e.g., PPL, DPD, Czech Post)

  • providers of analytical tools (e.g., Google Analytics – only with consent)

The current list of processors is available upon request.

VII. Your rights

According to the GDPR, you have the following rights:

  • right of access (Article 15)

  • right to rectification (Article 16)

  • right to erasure (Article 17)

  • right to restriction of processing (Article 18)

  • right to object object to processing (Article 21)

  • right to portability (Article 20)

  • right to withdraw consent at any time (Article 7)

You can exercise your rights by sending an email to: info@narodniexport.com

If you believe that there has been a breach of the GDPR, you have the right to lodge a complaint with Office for Personal Data Protection (uoou.cz) or take legal action.

VIII. Personal data security

The controller has taken appropriate technical and organizational measures to ensure the protection of personal data, including:

  • server and database security

  • encrypted communications (HTTPS)

  • restricted access for authorized persons only

  • regular advance payments

  • employee training

IX. Final provisions

By submitting your order or clicking the relevant box, you confirm that you have read and agree to these Principles to the extent that the processing is based on consent.

The administrator is entitled to change these Principles. The new version will be published on the website and, in the event of significant changes, will be sent to the email address you have provided.

These Principles are effective as of January 1, 2026.