Privacy Policy

Effective from 1 January 2025 · Last updated: 1 January 2025 · In accordance with EU Regulation 2016/679 (GDPR)

1. Data Controller

The data controller within the meaning of Art. 4(7) GDPR is:

  • Company name: Ing. arch. Jan Lorenc
  • Registered address: Útulná 505/19, 100 00 Praha 10, Česká republika
  • Company ID (IČO): 04404106
  • Email: info@vyhoreliarchitekti.cz
  • Phone: +420 721 403 503

Ing. arch. Jan Lorenc has not appointed a Data Protection Officer (DPO), as this is not required for our scale of operations.


2. What Personal Data We Process

Data provided directly by the customer

  • Full name
  • Email address
  • Phone number
  • Delivery and billing address
  • Payment information (processed exclusively by Stripe – we do not have access to your card details)

Data collected automatically

  • IP address and browser type
  • Pages visited and time of visit
  • Cookies (see Section 7)

3. Purposes and Legal Bases for Processing

Performance of a contract (Art. 6(1)(b) GDPR)

We process your contact and delivery details in order to fulfil your order, deliver the goods, and communicate about your order.

Compliance with a legal obligation (Art. 6(1)(c) GDPR)

Tax documents and accounting records are archived for the period required by law (generally 10 years under the Accounting Act).

Legitimate interests (Art. 6(1)(f) GDPR)

We process analytics data and logs to improve the website and protect against misuse.

Consent (Art. 6(1)(a) GDPR)

If you subscribe to our newsletter, we process your email address to send marketing communications. You may withdraw your consent at any time.


4. Recipients of Personal Data

We do not sell or rent your personal data to third parties. Data is shared only with the following categories of recipients:

  • Shipping companies – for the purpose of delivering your order (name, address, phone number).
  • Payment gateway Stripe – for payment processing; their privacy policy is available at stripe.com/privacy.
  • Accountants and tax advisors – to the extent necessary to comply with legal obligations.

Transfers to third countries outside the EU/EEA occur only on the basis of adequate safeguards (EU Standard Contractual Clauses).


5. Data Retention

  • Order data – for the duration of the contractual relationship and for a further 3 years for potential warranty claims.
  • Tax documents – 10 years under the Accounting Act.
  • Newsletter consent – until consent is withdrawn.
  • Analytics data26 months.

6. Your Data Protection Rights

As a data subject, you have the following rights, which you may exercise by emailing us at info@vyhoreliarchitekti.cz:

  • Right of access – to obtain confirmation and a copy of your personal data (Art. 15 GDPR).
  • Right to rectification – to correct inaccurate or incomplete data (Art. 16 GDPR).
  • Right to erasure – the "right to be forgotten" (Art. 17 GDPR), where no grounds for continued processing exist.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability – to receive your data in a machine-readable format (Art. 20 GDPR).
  • Right to object – to processing based on legitimate interests (Art. 21 GDPR).
  • Right to withdraw consent – at any time, without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with the supervisory authority – the Office for Personal Data Protection (ÚOOÚ), www.uoou.cz.


7. Cookies

Our website uses cookies — small text files stored in your browser that help us ensure the website works correctly and allow us to analyse traffic.

Types of cookies

  • Essential cookies – required for core functionality (cart, login). These cannot be declined.
  • Analytics cookies – anonymously measure traffic (e.g. Google Analytics). These require your consent.
  • Marketing cookies – track behaviour for targeted advertising. These require your consent.

You can change your cookie settings at any time in your browser preferences.


8. Security of Personal Data

All communication is transmitted over an encrypted HTTPS connection. Access to personal data is restricted to authorised individuals bound by confidentiality obligations. We regularly review and update our security measures.


9. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. The date of the last update is shown in the header of this document. We recommend checking this document periodically.