Privacy Policy

Data Processing and Data Protection Regulation


  1. Scope of the Regulation

The present Data Processing and Data Protection Regulation (henceforth: the Regulation) governs the services and data processing directly related to the website found at the address.

The Regulation is valid for an indefinite period.  The Controller may amend the Regulation at any time, informing users of the amendment in an appropriate manner (in a newsletter or a pop-up window at login). Such notices shall be given before the amendment comes into force, in time for users to decide between accepting the amendment  or cancelling their registration.

Unless provided otherwise, the scope of the Regulation does not extend to services and data processing related to the promotions, prize games, services, or other campaigns of third parties that advertise on the website. Unless provided otherwise, the scope of the Regulation does not extend to services and data processing on websites accessible via hyperlinks found on the website.


  1. Definitions
  2. User: person who uses the services of the website operated by the controller and has made a correct purchase on the site
  3. Personal data: any data that can be linked to a specific natural person (henceforth: the person concerned) and any conclusion relating to the person concerned that can be reached from such data. During the course of data processing personal data retain this classification as long as their connection to the person concerned can be restored.
  4. Data processing: any operation or set of operations which is performed upon personal data, regardless of the procedure used, such as collection, recording, registration, organisation, storage, alteration, use, transmission, publication, alignment or combination, blocking, erasure or destruction, as well as preventing further use of such data.
  5. Controller: the operator of the website, as indicated in the General Terms of Agreement.
  6. Data transmission: making data available to a specific third party.
  7. Publication: making data available to everyone
  8. Erasure: making data unrecognisable in such a way that they can no longer be restored.
  9. Data processing: performing the technical tasks related to data processing operations, regardless of the method and means used to perform these operations or the location of their application.
  10. Processor: natural or legal person or entity without legal personality who or which performs the processing of personal data on behalf of the controller - including commissions based on legislative provisions.
  11. Automated data set: set of data to be processed automatically.
  12. Mechanical processing: consists of the following operations, if those are performed fully or in part using automated means: data storage, logical or arithmetical operations performed using data, changing, erasing, retrieving or disseminating data.


III. Range of processed data and their display

  1. Data that may be given based on the decision of the user: e-mail address, first and last name, address, telephone number.
  2. Data recorded using technical means during the operation of the system: details of the computer used by the user for login, which are recorded automatically by the system of the controller during use of the service and as an automatic result of technical processes (including, in particular, the IP address and in certain cases the type of the operating system and of the browser).

These automatically recorded data are logged by the system automatically upon login/logout, without the need for any further declaration or action by the user. These data cannot be associated with other personal data of the user, with the exception of mandatory cases stipulated by law. These data are only accessible to the controller.

  1. The controller is entitled to change the content of the registration menu, delete or create data fields, particularly if the needs and habits of users make this necessary or justified.
  2. The controller does not have the right to change the provided data.


  1. Aim and conditions of data processing
  2. Data processing is carried out based on a voluntary declaration by the users of internet content found on the website, which is based on suitable information. This declaration contains the express consent of users to the use of their personal data provided during use of the website. The voluntary consent of the person concerned constitutes the legal grounds for data processing.
  3. The purpose of data processing is to provide the services available on the website. Within this:

- the e-mail address serves for contact,

- the e-mail and the password serve for the identification of the user at login,

- other data serve for providing the service, delivery, and invoicing.

  1. Automatically recorded data serve for the creation of statistics, technical development of the IT system, and protecting the rights of users.
  2. If the user has consented to such at the time of registration, or at any subsequent occasion during use of the service, the controller may send promotional emails, newsletters, or advertisements related to the service to the email address provided during registration.
  3. If the user has consented to such, the controller may use the data provided during registration to customise the advertisements displayed on the downloaded pages and to select the page that should load at logout. These operations take place automatically, without human intervention, and are performed by a computer program.
  4. The controller may not use the provided personal data for any purpose different from those specified in these articles.
  5. The controller does not check the provided personal data. The person who provides these data is exclusively responsible for their correctness and veracity. By providing an email address the user warrants being the sole person to use the service from that email address. In light of this assumption of responsibility all responsibilities related to logins from a given email address lies with the user who registered that address.


  1. Access to the processed data
  2. Unless mandatorily provided otherwise by legislation, personal data may only be disclosed to third parties or authorities with the express prior consent of the user.
  3. The controller reserves the right to involve a processor for certain technical operations.


  1. Duration of data processing
  2. The controller may use the personal data provided by the user until the latter deregisters from the service - with the given username. Data will be erased within 15 days of the receipt of deregistration by the user (erasure request).

In the event of the use of unlawful or misleading personal data or a criminal act or attack against the system by the user, the Controller is entitled to erase the data of the user with immediate effect, simultaneously with cancelling their registration. At the same time, if commission of a crime or civil liability is suspected, the controller may also retain such data for the duration of the procedure to be conducted.

  1. The controller may handle personal data provided by the user - also in case the user does not deregister from the service - until the user expressly requests in writing the cessation of their handling. The request of the user aimed at the cessation of data handling, without deregistration from the service, does not affect their right to use the service, but without their personal data they may be unable to use certain services. Data will be erased within 15 days of receiving the request to this effect.
  2. Data recorded during the operation of the system automatically, through technical means, are stored in the system from the time of their generation as long as this is justified for ensuring the operation of the system. The controller warrants that such automatically recorded data cannot be associated with other personal data, with the exception of mandatory cases stipulated by law. If the user has withdrawn their consent to the handling of their personal data or has deregistered from the service, their person will not be subsequently identifiable from their technical data.


VII. Disposal over personal data

  1. Upon request of the user the controller shall inform them of the scope of data it handles, the purpose, legal grounds, and duration of data processing, the name and address of eventual processors and their activities connected with data processing, as well as the names of those who receive or have received these data and the purpose for which this took place. The user may send its request for this to the controller in writing, by post or via email, using the contact details found on the website. The controller shall reply within 15 days of receiving the request. For emails the date of receipt shall be the next working day after their transmission.
  2. The controller may only refuse to provide information if this is permitted by law. The controller must inform the user of their reason for refusing to provide information.
  3. Requests to amend or delete personal data shall be sent to the contact details of the controller indicated on the website in writing, by post or electronically.
  4. Certain personal data may also be edited on the personal profile page of the website.
  5. Following the deletion or amendment of personal data upon request, previous (deleted) data can no longer be restored.


VIII. Responsibility of the user

  1. Users shall respect legislation in force and during use of the website refrain from any activity that is unlawful or which prejudices the interests of other users.
  2. During use of the website – e.g. on the forum – users may only disclose data of other persons or make them available to others if the person concerned has consented to this.
  3. The consent of the person concerned is not necessary in case of public appearances or regarding data which they have previously published without restrictions.
  4. If any person finds that their personal data has been made available on the website, they can notify the operator of the website of this. If their concern is demonstrated, the operator shall delete these data. The operator may also notify users without demonstration of justified concern that a complaint has been made in connection with data made available by the user.


  1. Responsibility of the controller
  2. The controller shall take all reasonable and necessary measures to protect data and ensure their appropriate level of protection, particularly against unauthorised access, alteration, transmission, publication, erasure, or destruction, as well as accidental erasure or destruction.
  3. The operator of the website shall use the personal data which are absolutely necessary for using the services of the controller based on the consent of the person concerned, and exclusively for a specific purpose.
  4. In all cases when the controller wishes to use the provided data for a purpose different from that for which it was originally recorded, it shall inform the user of this, and obtain their prior, express consent, as well as give them the opportunity to forbid such use.
  5. The controller warrants that it shall use the obtained data in accordance with the legislation in force and will not disclose them to third parties. An exception to this is use of data in a statistically summarised form, which may not contain the name of the user concerned nor any other data suitable for their identification in any form.


  1. Enforcement of rights

In connection with any complaints or pleas relating to data processing and use of the website users may contact the controller directly, who shall use its best efforts to eliminate and remedy any infringements.