Homepage / Privacy Policy

Privacy Policy

I. Basic Provisions

  1. The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”) is Haris Group s.r.o., registered office: Karlovy Vary, Krymská 1056/5, Postal Code 36001, Company ID: 21805679, registered in the Regional Court in Plzeň, Section C, Insert C 45468 (hereinafter referred to as “Controller”).
  2. Personal data refers to any information about an identified or identifiable natural person; an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more specific elements of physical, physiological, genetic, mental, economic, cultural, or social identity.

II. Sources and Categories of Processed Personal Data

  1. The Controller processes personal data provided by you or obtained by the Controller as a result of fulfilling your order.
  2. The Controller processes:
    • Basic identification data (name, surname);
    • Contact details (email);
    • Data on purchase history and website visit history.

III. Legal Grounds and Purpose of Data Processing

  1. The legal grounds for processing personal data are:
    • Necessity to comply with legal obligations,
    • Necessity to prepare and fulfill a contract,
    • Necessity for the purposes of the Controller’s legitimate interests,
    • Based on informed, explicit, and voluntary consent.
  2. The purposes of processing personal data are:
    • Fulfilling your order and exercising rights and obligations arising from the contractual relationship between you and the Controller. Personal data required for a successful order (name, address, contact) are necessary for concluding and fulfilling the contract; without this data, it would be impossible to conclude or perform the contract.
    • Analyzing visitor behavior on the website; identifying visitor preferences; testing new features and applications to improve services and web content, as well as protecting the ICT infrastructure.
    • Sending business communications and conducting other marketing activities.

IV. Email Business Communications

  1. You may receive information, offers, and updates related to the seller or their products, sent to your email address. These communications are not unsolicited; they are sent based on legitimate interest.
  2. Business communications unrelated to the offered products are sent based on consent. Potential customers may also receive such communications if they have provided consent.
  3. You can unsubscribe from all email communications at any time via the unsubscribe link included in the email or by adjusting your account settings on the website. Separate unsubscriptions are required for different email accounts if you use multiple accounts.

V. Cookies

  1. The Controller’s website temporarily or permanently stores small text files (cookies) in the visitor’s browser or device to collect data.
  2. Necessary functional cookies ensure login and registration capabilities. These cookies are processed to fulfill the contract or due to legitimate interest in ensuring functionality.
  3. Analytical cookies are used to evaluate traffic and improve website functionality. These data are anonymized and processed for legitimate interest.
  4. Disabling cookies may limit website functionality. Consent for data sharing through remarketing cookies is managed via browser settings.

VI. Data Retention Period

  1. The Controller retains:
    • Data from cookies for up to 3 years.
    • Contract-related data for up to 10 years, unless otherwise specified by law.
    • Data processed based on consent for 10 years or until consent is withdrawn.
  2. If legal proceedings are initiated, personal data may be retained for the duration of the proceedings and the subsequent statutory limitation period.
  3. Upon expiry of the retention period, the Controller deletes the personal data.

VII. Recipients of Personal Data

  1. Recipients of personal data include:
    • Persons involved in delivering products and processing payments.
    • Marketing service providers.
  2. The Controller does not intend to transfer personal data to third countries (outside the EU) or international organizations.

VIII. Your Rights

  1. Under GDPR, you have the following rights:
    • Right to access your personal data (Article 15),
    • Right to rectify data (Article 16) or restrict processing (Article 18),
    • Right to erasure of data (Article 17),
    • Right to object to processing (Article 21),
    • Right to data portability (Article 20),
    • Right to withdraw consent for processing by contacting feelkarlovyvary@gmail.com.
  2. You can also lodge a complaint with the Data Protection Authority if you believe your rights have been violated.

IX. Final Provisions

  1. These principles are drawn up in Czech and English. In the event of any discrepancies, the Czech version shall prevail.
  2. The Controller reserves the right to modify these principles at any time.
  3. These principles are valid and effective as of September 24, 2024.