Personal Data Protection Policy

I. General Provisions

  1. The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”) is Atelier - S, a.s.., Oflenda 10, 53901 Mrákotín, Company ID: 25292251 (hereinafter referred to as the “Controller”).

  2. The Controller’s contact details are:

  3. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  4. The Controller has not appointed a Data Protection Officer.

II. Legal Basis for Processing Personal Data

  1. The legal basis for processing personal data is the performance of a contract between you and the Controller pursuant to Article 6(1)(b) GDPR (hereinafter referred to as “Performance of a Contract”), i.e. processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.

  2. The Controller does not carry out automated individual decision-making within the meaning of Article 22 GDPR.

III. Purpose of Processing, Categories and Sources of Personal Data

Legal Basis Purpose Data Data Source
Performance of a Contract Processing an order or responding to an inquiry submitted via the contact form Personal data of clients (contact details) Contact form, order

IV. Data Retention Period

  1. The Controller stores personal data:

    • In the case of inquiries, personal data contained in the form are processed solely for the purpose of responding to or handling your inquiry, for the duration of negotiations on the conclusion of a contract, and no longer than 1 year from the date of your inquiry, unless consent for further processing is granted.

    • In the case of orders, for the period necessary to exercise rights and obligations arising from the contractual relationship between you and the Controller and for the assertion of claims arising from such contractual relationships (up to 15 years from the termination of the contractual relationship).

  2. After the retention period expires, the Controller deletes the personal data.

V. Recipients of Personal Data (Processors of the Controller)

  1. Recipients of personal data include persons:

    • providing website / e-shop operation services (Alexandr Zlesák, DiS. – AZ Computers, Company ID 70163278) and other services related to the operation of the website / e-shop.

    • For the proper performance of a contract, personal data may be provided to delivery service providers, as well as to persons providing legal, accounting, and IT services to the Controller in order to ensure compliance with generally binding legal regulations. The Controller does not intend to transfer personal data to a third country, an international organization, or persons other than those listed above.

VI. Your Rights

  1. Under the conditions set out in the GDPR, you have:

    • the right of access to your personal data pursuant to Article 15 GDPR,

    • the right to rectification of personal data pursuant to Article 16 GDPR, or restriction of processing pursuant to Article 18 GDPR,

    • the right to erasure of personal data pursuant to Article 17 GDPR,

    • the right to object to processing pursuant to Article 21 GDPR,

    • the right to data portability pursuant to Article 20 GDPR.

  2. You also have the right to lodge a complaint with the competent supervisory authority if you believe that your right to the protection of personal data has been violated.

VII. Conditions for Securing Personal Data

  1. The Controller declares that it has adopted all appropriate technical and organizational measures to secure personal data.

  2. The Controller has adopted technical measures to secure data storage and storage of personal data in paper form, in particular passwords, antivirus software, data backups, and physical locking.

  3. The Controller declares that access to personal data is granted only to persons authorized by it.

VIII. Final Provisions

  1. By submitting an order via the online order form or an inquiry via the online inquiry form, you confirm that you are familiar with these personal data protection terms and that you accept them in full.

  2. The Controller is entitled to amend these terms. The new version of the personal data protection terms will be published on its website.

These terms enter into force on 01/01/2026.