+420 233 357 034 eshop@microshop.com
FAST DELIVERY
----------------------->
(0 ks)

Your cart is empty

Home Privacy Policy

Privacy Policy

Principles of Personal Data Processing

According to Act No. 110/2019 Coll., on the processing of personal data, as amended, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR") and related legal regulations. The following Personal Data Processing and Protection Policy provides information about the processing of personal data by our company.[1]

1. Basic Provisions**

1.1. The controller of your personal data under Article 4(7) of the GDPR is:
Microshop s.r.o.
Pod Marjánkou 4
169 00 Prague 6
Company ID: 26165031
VAT ID: CZ26165031
(hereinafter "our company" or "controller"). The company is engaged in the production and assembly of custom-made solid wood furniture. In the processing of personal data, our company acts as either a processor or a controller of personal data.

1.2. Company contact details:
Address: Pod Marjánkou 4, 169 00 Prague 6
Contact: email: info@microshop.com, tel.: +420 233 357 034

1.3. Personal data are considered to be any information relating to an identified or identifiable natural person. An identifiable person is a natural person who can be identified, directly or indirectly, in particular by reference to certain identifiers – i.e., name, location data, identification number, network identifiers, or elements of the physical, genetic, physiological, economic, mental, cultural, or social identity of that natural person.

1.4. Only the controller is responsible for the protection of personal data; no data protection officer has been appointed.

2. Categories and Sources of Processed Personal Data**

2.1. The controller processes personal data that you have voluntarily provided or personal data obtained in the course of fulfilling your order or by monitoring activity on our company’s website. The controller may also process personal data obtained from publicly accessible sources (e.g., commercial register or other registers) in accordance with applicable data protection laws.

2.2. The controller also processes your contact and identification data, as well as data necessary for the performance of the contract.

3. Purposes and Legal Grounds for Personal Data Processing**

When our company acts as a data controller, personal data are always processed only for permitted purposes and in accordance with applicable legal regulations.

3.1. Processing of personal data to fulfill our contractual obligations:
Personal data are processed for the fulfillment of our company's contractual obligations to our customers in connection with orders placed via the contact form or for the implementation of pre-contractual measures. In the case of ordering furniture via the website eshop.microshop.com, our company also acts as the manufacturer and seller of the ordered goods. Therefore, our company processes personal data available from the order form, i.e., name, surname, email, telephone, and address. This processing is for the purpose of fulfilling the purchase contract/order between our company and the customer, delivery and assembly of the ordered furniture, and for the protection of the company's rights and legitimate interests. If a claim is made regarding delivered furniture, personal data will also be processed for the purpose of handling this claim. All the above personal data are processed only for the necessary period. Customer data stored in customer accounts on our website are retained until the account is deleted by the customer or the company. The company also retains certain personal data for the statutory archiving periods, e.g., data listed on invoices issued by the company. Processing under this article is carried out by the company itself or may be entrusted to a third party as a processor. If the customer wishes the ordered goods to be delivered to the address provided in the order, the company will provide their personal data to the relevant carrier.

3.2. Processing of personal data to protect our legitimate interests (with regard to your interests):
The company also processes personal data if necessary to protect its legitimate interests as a controller. Specifically, this includes customer care and complaint handling (including the protection of the company's rights in the event of a possible dispute), measures to improve services and strengthen customer relationships (e.g., satisfaction surveys, website optimization, traffic measurement), protection of the company's rights in the event of a legal dispute, and ensuring the security of systems and websites. For these purposes, we process personal data such as contact information, cookie data, security logs of activity on our websites, etc.

3.3. Processing of personal data based on your consent:
In some cases, we process personal data based on the consent you have given us. This consent can be withdrawn at any time, but processing carried out before withdrawal remains valid. If a website visitor wishes to receive a newsletter or other marketing communications, they provide consent for this purpose. The company will process at least the email address, and possibly other identification data provided. The newsletter content may be personalized based on data about the visitor’s behavior on the website and in the newsletter. Personal data will be processed only if the visitor fills in the form and confirms the newsletter order according to the instructions in the email. If the order is not confirmed, the data will be promptly deleted. Without consent, newsletters may only be sent to existing or former customers based on the company's legitimate interest, and such communications will relate to similar products or services. Personal data will be processed until consent is withdrawn. Newsletter subscription can be canceled at any time via email or the link in the newsletter.

3.4. Processing of personal data to fulfill our legal obligations:
Some personal data must be processed to fulfill legal obligations arising from Czech and European legal regulations, for example, for the purposes of inspections by the relevant authorities.

3.5. Information about change of purpose:
If we process personal data for a purpose other than that for which they were originally collected, we will inform you in accordance with legal regulations.

4. Further Information on Personal Data Processing**

4.1. If the company acts as a data processor, the purpose and means of processing are determined by the relevant data controller. However, the company always complies with all legal regulations and ensures the security of processed data.

4.2. There is no automated individual decision-making under Article 22 of the GDPR that would have legal consequences for you or otherwise significantly affect you.

5. Personal Data Retention Period**

5.1. The controller retains personal data:
- for the period necessary to fulfill the contract and exercise rights from the contract (15 years from its termination),
- until consent to the processing of personal data for marketing purposes is withdrawn.

5.2. After the retention period expires, personal data are deleted unless further retention is required by law or to protect the legitimate interests of the company. The retention period is determined by the deadlines set by the relevant legal regulations. If the processing period is not explicitly stated in this document or set by law, the company determines the period reasonably with regard to the limitation period and with sufficient reserve to determine whether a claim has been filed or other proceedings have commenced – considering the likelihood of legal claims against the company, detection periods for network attacks or other security breaches, recommendations and procedures of supervisory authorities, and the significance and likelihood of potential risks.

6. Recipients of Personal Data (Controller’s Subcontractors)**

6.1. Personal data may be transferred to third parties as processors, especially external suppliers of the company, technology providers, and legal or tax advisors. Data may also be transferred to other entities if required by law.

6.2. Recipients of personal data include:
- entities involved in the delivery of goods/services, payment processing,
- operators of the e-shop and marketing services.

6.3. The company does not intend to transfer personal data to third countries outside the EU except for mailing and cloud service providers.

6.4. As part of the "Verified by Customers" service, email surveys are sent to customers based on legitimate interest via Heureka.cz. The questionnaire can be refused using the link in the email. We are obliged to inform you as follows:

> "We determine your satisfaction with your purchase via email surveys as part of the Verified by Customers program, in which our e-shop participates. We send them to you every time you shop with us, unless you refuse their sending within the meaning of § 7 paragraph 3 of Act No. 480/2004 Coll. on certain information society services. The processing of personal data for the purpose of sending surveys under the Verified by Customers program is carried out based on our legitimate interest, which is to determine your satisfaction with shopping with us. For sending surveys, evaluating your feedback, and analyzing our market position, we use a processor, which is the operator of the Heureka.cz portal; for these purposes, we may provide information about the purchased goods and your email address. Your personal data are not provided to any third party for their own purposes when sending email surveys. You can object to the sending of email surveys under the Verified by Customers program at any time by refusing further surveys using the link in the email with the survey. If you object, we will no longer send you thesurvey.

7. Your Rights**

7.1. In accordance with the conditions set out in the GDPR, you have:
- the right to access personal data (Article 15 GDPR),
- the right to rectification or restriction of processing (Articles 16 and 18 GDPR),
- the right to erasure of personal data (Article 17 GDPR),
- the right to object (Article 21 GDPR),
- the right to data portability (Article 20 GDPR),
- the right to withdraw consent to processing (in writing or electronically to the address or email of the controller specified in these terms).

7.2. You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe your rights have been violated.

7.3. If we receive a request under this article, the applicant will be informed of the measures taken without undue delay (in any case within one month of receipt of the request). If necessary, this period may be extended by up to two additional months (depending on the complexity and number of requests). The company is not obliged to comply with a request, for example, if the request is manifestly unfounded or excessive, especially if it is repetitive. In such cases, the company may charge a reasonable fee (taking into account the administrative costs associated with providing the requested information) or may refuse to comply with the request. If the company has reasonable doubts about the identity of the applicant, it has the right to request additional information necessary to confirm the applicant’s identity.

7.4. Furthermore, you have the right to withdraw consent to the processing of your personal data at any time. Such withdrawal does not affect processing already carried out and does not affect the validity and lawfulness of processing carried out before the withdrawal.

8. Conditions for Securing Personal Data**

8.1. The controller has taken all technical and organizational measures to protect personal data and to secure data storage and personal data in paper form.

8.2. The controller further declares that only the controller and persons authorized by the controller have access to personal data.

9. Final Provisions**

9.1. By submitting the order form, you confirm that you are familiar with these personal data protection terms and accept them in their entirety.

9.2. By checking the consent box, you confirm that you are familiar with the personal data protection terms and accept them in their entirety. You confirm your consent by checking the box in the relevant form.

9.3. The company is entitled to change the terms. The new version will be published on its website.

These principles take effect on April 1, 2025.