Privacy Policy

I. Basic Provisions

1. The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council ("GDPR") is BAHNIK.cz s.r.o., ID No. 24850829, with registered office at Gorkého 609, 530 02 Pardubice, Czech Republic ("controller").

2. Contact details of the controller:

   • E-mail: info@bahnik.cz

   • Phone: +420 608 744 442

3. Personal data means any information about an identified or identifiable natural person.

4. The controller has not appointed a Data Protection Officer.

II. Sources and Categories of Personal Data Processed

1. The controller processes data provided by the data subject or obtained in connection with contract performance.

2. Data processed include: name, surname, address, billing details, e-mail, phone number, purchase and activity history.

III. Purpose, Legal Basis and Method of Processing

1. The purposes of data processing are:

   • Fulfilment of orders and contractual obligations

   • Direct marketing (newsletters and commercial communications)

   • Service improvement, system security, analytics

2. Legal basis:

   • Article 6(1)(b) GDPR: contract performance

   • Article 6(1)(f) GDPR: legitimate interest (marketing)

   • Article 6(1)(a) GDPR and the Digital Economy Act: consent of the data subject

3. The controller does not process data using automated decision-making within the meaning of Article 22 GDPR.

IV. Cookies and Tracking

1. This website uses cookies:

   • Technical (necessary for site functionality)

   • Analytical (e.g. Google Analytics)

   • Marketing (e.g. Facebook Pixel, email tracking)

2. Cookies are stored only with the user’s consent (except technical cookies).

3. The user can withdraw their consent at any time.

V. Data Retention Period

1. Personal data are stored:

   • For the duration of the contractual relationship and 15 years thereafter

   • Until withdrawal of consent for marketing (max. 15 years)

2. Data will be securely deleted after the retention period expires.

VI. Data Recipients and Transfers

1. Data may be shared with:

   • Carriers and payment service providers

   • E-shop platform providers (e.g. Shoptet)

   • Mailing and cloud service providers (e.g. Mailchimp, Google Workspace)

2. Transfers to third countries (outside the EU) are carried out based solely on standard contractual clauses under Article 46 GDPR.

VII. Personal Data Security

1. The controller implements technical and organizational measures to protect personal data:

   • Encryption, secure passwords, access controls

   • Secured physical storage

   • Regular audits and updates

VIII. Data Subject Rights

The data subject has the following rights:

1. Right of access (Article 15)

2. Right to rectification (Article 16) and erasure (Article 17)

3. Right to restriction of processing (Article 18)

4. Right to data portability (Article 20)

5. Right to object (Article 21)

6. Right to withdraw consent at any time (Article 7(3))

7. Right to lodge a complaint with the Czech Data Protection Authority

IX. Internal Management and Documentation

1. The controller maintains records of processing activities pursuant to Article 30 GDPR.

2. If there is a high risk, the controller performs a DPIA (data protection impact assessment).

3. Where necessary, the controller consults the Czech Data Protection Authority.

X. Artificial Intelligence, Automation and CRA

1. If the controller uses AI or automation tools (e.g. chatbots, recommendation engines), it is done in accordance with applicable legislation.

2. The controller does not use prohibited AI systems under the AI Act (e.g. social scoring, manipulative systems).

3. The controller is preparing for compliance with the Cyber Resilience Act (CRA).

XI. Final Provisions

1. By submitting an order or checking the relevant box, the user confirms they have read and agree to this Privacy Policy.

2. The controller reserves the right to amend the policy.

3. The updated version will be published on the website and/or sent to the user via e-mail.

Last Updated: 12.6.2025