Privacy Policy | CBDsvět.cz

1. Data Controller

vinireto s.r.o.

Registered office: Školská 660/3, Nové Město (Praha 1), 110 00 Prague
Company ID (IČO): 23101717
Data Box ID: yczu4tp
Email: [email protected]

vinireto s.r.o. (the “controller”) processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (the “GDPR”).

2. Personal Data We Process

When you purchase goods:

first name and surname,
email address,
phone number,
delivery and billing address,
for businesses: company name, Company ID (IČO), VAT ID (DIČ), registered office,
bank account number (for bank transfer payments).

When you register a user account:

first name and surname,
email address.

When you visit the website:

IP address,
cookies and browsing data (see Cookie Policy).

3. Purpose and Legal Basis of Processing

Purpose	Legal basis	Retention period
Performance of the purchase contract	Article 6(1)(b) GDPR	For the duration of the contract + 10 years
Bookkeeping	Article 6(1)(c) GDPR	10 years from the end of the accounting period
User account	Article 6(1)(a) GDPR — consent	For the duration of use + 3 years from the last login
Marketing (newsletter)	Section 7(3) of Act No. 480/2004 Coll.	3 years from the last purchase
Traffic analytics	Article 6(1)(f) GDPR — legitimate interest	See Cookie Policy

4. Recipients of Personal Data

Personal data may be passed to the following recipients (processors):

Carriers — to the extent necessary to deliver the goods (Zásilkovna, Česká pošta, PPL, etc.),
Web hosting provider — WEDOS Internet, a.s., Company ID 28115708,
Accounting system provider — iPodnik Cloud s.r.o.,
Payment gateways — to the extent necessary to process payment,
Analytics tools — Google Analytics (Google Inc.).

Personal data will not be transferred to third countries outside the EU/EEA without appropriate safeguards under Chapter V of the GDPR.

5. Your Rights

As a data subject, you have the following rights under the GDPR:

Right of access

You have the right to obtain confirmation of whether your data is being processed and to request a copy.

Right to rectification

You have the right to have inaccurate data corrected and incomplete data completed.

Right to erasure

You have the right to request erasure of your data once the purpose of processing has ended.

Right to restriction

You have the right to request restriction of processing under certain conditions.

Right to portability

You have the right to receive your data in a machine-readable format.

Right to object

You have the right to object to processing based on legitimate interest.

Right to withdraw consent

You may withdraw your consent to processing at any time, without affecting the lawfulness of processing prior to withdrawal.

Right to lodge a complaint

You may lodge a complaint with the Office for Personal Data Protection (ÚOOÚ).

6. Office for Personal Data Protection

Office for Personal Data Protection (ÚOOÚ)

Pplk. Sochora 27, 170 00 Prague 7
Tel.: +420 234 665 111
Web: www.uoou.cz

7. Data Security

The controller has implemented appropriate technical and organisational measures to safeguard personal data, including encryption of data in transit (SSL/TLS), password-based access control, and regular security updates.

This privacy policy is effective from 1 January 2025.