Privacy policy

(Personal Data Processing Policy)

The Identity and Contact Details of The Controller

The controller of personal data is a natural person Tomáš Vrana, d/b/a Tomas Vrana Studio, ID No.: 73798193, with registered office at Duchoslávka 2053/6, 160 00 Prague 6-Dejvice, registered in the Trade Register (hereinafter referred to as the “Controller”).

The Controller’s contact details are as follows: delivery address Duchoslávka 2053/6, 160 00 Praha 6-Dejvice, e-mail address hello@tomasvrana.studio, phone +420 605 211 161 (hereinafter referred to as “Controller’s Contact Details”).

The Controller has not appointed a Data Protection Officer.

This Privacy Policy describes how Tomas Vrana Studio (the "Site", "we", "us", or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from tomasvrana.myshopify.com (the "Site") or otherwise communicate with us (collectively, the "Services"). For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use or access any of the Services.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last updated" date and take any other steps required by applicable law.

How We Collect and Use Your Personal Information

To provide the Services, we collect and have collected over the past 12 months personal information about you from a variety of sources, as set out below. The information that we collect and use varies depending on how you interact with us.

In addition to the specific uses set out below, we may use information we collect about you to communicate with you, provide the Services, comply with any applicable legal obligations, enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

What Personal Information We Collect

The types of personal information we obtain about you depends on how you interact with our Site and use our Services. When we use the term "personal information", we are referring to information that identifies, relates to, describes or can be associated with you. The following sections describe the categories and specific types of personal information we collect.

Information We Collect Directly from You

Information that you directly submit to us through our Services may include:

  • Basic contact details including your name, address, phone number, email.
  • Order information including your name, billing address, shipping address, payment confirmation, email address, phone number.
  • Account information including your username, password, security questions.
  • Shopping information including the items you view, put in your cart or add to your wishlist.
  • Customer support information including the information you choose to include in communications with us, for example, when sending a message through the Services.

Some features of the Services may require you to directly provide us with certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features.

Information We Collect through Cookies

We also automatically collect certain information about your interaction with the Services ("Usage Data"). To do this, we may use cookies, pixels and similar technologies ("Cookies"). Usage Data may include information about how you access and use our Site and your account, including device information, browser information, information about your network connection, your IP address and other information regarding your interaction with the Services.

Information We Obtain from Third Parties

Finally, we may obtain information about you from third parties, including from vendors and service providers who may collect information on our behalf, such as:

  • Companies who support our Site and Services, such as Shopify: Shopify International Ltd., Attn: Data Protection Officer, c/o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland, VAT: IE3347697KH and Creative Hub: ID: 06043884, 74 Kingsland Road, London, E2 8DL. England
  • Our payment processors, who collect payment information (e.g., bank account, credit or debit card information, billing address) to process your payment in order to fulfill your orders and provide you with products or services you have requested, in order to perform our contract with you.
  • When you visit our Site, open or click on emails we send you, or interact with our Services or advertisements, we, or third parties we work with, may automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries, and cookies.

Any information we obtain from third parties will be treated in accordance with this Privacy Policy. We are not responsible or liable for the accuracy of the information provided to us by third parties and are not responsible for any third party's policies or practices. For more information, see the section below, Third Party Websites and Links.

How We Use Your Personal Information

  • Providing Products and Services. We use your personal information to provide you with the Services in order to perform our contract with you, including to process your payments, fulfill your orders, to send notifications to you related to you account, purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, facilitate any returns and exchanges and to enable you to post reviews.
  • Marketing and Advertising. We use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you advertisements for products or services. This may include using your personal information to better tailor the Services and advertising on our Site and other websites.
  • Security and Fraud Prevention. We use your personal information to detect, investigate or take action regarding possible fraudulent, illegal or malicious activity. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password, or other access details with anyone else. If you believe your account has been compromised, please contact us immediately.
  • Communicating with you. We use your personal information to provide you with customer support and improve our Services. This is in our legitimate interests in order to be responsive to you, to provide effective services to you, and to maintain our business relationship with you.

Cookies

Like many websites, we use Cookies on our Site. For specific information about the Cookies that we use related to powering our store with Shopify, see https://www.shopify.com/legal/cookies. We use Cookies to power and improve our Site and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve and optimize the Services). We may also permit third parties and services providers to use Cookies on our Site to better tailor the services, products and advertising on our Site and other websites.

Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies through your browser controls. Please keep in mind that removing or blocking Cookies can negatively impact your user experience and may cause some of the Services, including certain features and general functionality, to work incorrectly or no longer be available. Additionally, blocking Cookies may not completely prevent how we share information with third parties such as our advertising partners.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

  • With vendors or other third parties who perform services on our behalf (e.g., IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping).
  • With business and marketing partners, including Shopify, to provide services and advertise to you. Our business and marketing partners will use your information in accordance with their own privacy notices.
  • When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations, with your consent.
  • With our affiliates or otherwise within our corporate group, in our legitimate interests to run a successful business.
  • In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

We have, in the past 12 months disclosed the following categories of personal information and sensitive personal information (denoted by *) about users for the purposes set out above in "How we Collect and Use your Personal Information" and "How we Disclose Personal Information":

Category Categories of Recipients
  • Identifiers such as basic contact details and certain order and account information
  • Commercial information such as order information, shopping information and customer support information
  • Internet or other similar network activity, such as Usage Data
  • Vendors and third parties who perform services on our behalf (such as Internet service providers, payment processors, fulfillment partners, customer support partners and data analytics providers)
  • Business and marketing partners
  • Affiliates

 

We do not use or disclose sensitive personal information for the purposes of inferring characteristics about you.

User Generated Content

The Services may enable you to post product reviews and other user-generated content. If you choose to submit user generated content to any public area of the Services, this content will be public and accessible by anyone.

We do not control who will have access to the information that you choose to make available to others, and cannot ensure that parties who have access to such information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information that you make publicly available, or for the accuracy, use or misuse of any information that you disclose or receive from third parties.

Third Party Websites and Links

Our Site may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

Children’s Data

The Services are not intended to be used by children, and we do not knowingly collect any personal information about children. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.

As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we “share” or “sell” (as those terms are defined in applicable law) personal information of individuals under 18 years of age.

Security and Retention of Your Information

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.

How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, to provide the Services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies.

Newsletters and Marketing

Provision of Personal Data

By filling in and submitting his/her e-mail address in the request to receive the Controller’s newsletter, the natural person (hereinafter referred to as the “Data Subject”) grants the Controller consent to the processing of personal data (hereinafter referred to as “Consent”) pursuant to Article 6(1)(a) and Article 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as “GDPR”). This consent is also granted pursuant to Act No. 480/2004 Coll., on certain information society services, as amended. In connection with the processing of personal data, the Controller provides the Data Subject with the following information pursuant to Article 13 GDPR.

The Controller will process the following personal data about the Data Subject on the basis of the consent granted:
– e-mail address
– name and surname
(hereinafter referred to as “Personal Data”).

Purpose of Processing Personal Data

Based on this Consent, the Controller will process Personal Data for sending the Controller’s newsletters, sending discounts on goods offered by the Controller, sending offers and information emails about goods and services offered by the Controller and other advertising, marketing or commercial communications of the Controller, including conducting market research by the Controller.

No automatic individual decision-making within the meaning of Article 22 of the GDPR is made by the Controller on the basis of the Consent.

Giving Consent is not a contractual requirement of the Controller and is not conditional on the continuation of any relationship.

Other Recipients of Personal Data

Personal data of the Data Subject may be disclosed by the Controller to the following
third parties (persons providing server, web, e-commerce platform, cloud or IT services to the Controller and/or other recipients) i.e.

  • ECOMAIL.CZ, s.r.o., ID No.: 02762943, registered office: Na Zderaze 1275/15, 120 00 Praha 2-Nové Město, which provides bulk e-mail distribution for the Controller;
  • Shopify International Ltd., Attn: Data Protection Officer, c/o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland, VAT: IE3347697KH, which provides e-commerce solution for the Controller.

The Controller does not transfer the Personal Data of the Data Subject to a third country or an international organization.

Storage Period of Personal Data

The Personal Data of the Data Subject will be processed by the Controller for the period necessary to fulfill the purpose of the processing of Personal Data, but no longer than ten (10) years after granting the Consent.

Rights of The Data Subject

In accordance with the applicable data protection legislation, the Data Subject has the
following rights:

1. RIGHT OF ACCESS to Personal Data at the Controller, which means that the Data Subject may at any time request confirmation from the Controller as to whether or not Personal Data are processed, and if so, for what purposes, to what extent, to whom they are disclosed, how long they will be processed, whether they have the right to rectification, erasure, restriction of processing or to object, where the Personal Data were obtained from, and whether automated decision-making, including possible profiling, occurs on the basis of the processing of Personal Data. The data subject also has the right to obtain a copy of the Personal Data, whereby the first provision is free of charge, and the Controller may require reasonable administrative costs for further provision;

2. THE RIGHT TO RECTIFICATION of Personal Data, which means that the Data Subject may at any time request the Controller to rectify or supplement the Personal Data if it is inaccurate or incomplete;

3. THE RIGHT TO DELETE Personal Data, which means that the Controller must delete the Personal Data if (i) it is no longer necessary for the purposes for which it was collected or otherwise processed, (ii) the Data Subject withdraws consent and there is no further reason for the processing, (iii) the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing, (iv) the processing is unlawful, or (v) a legal obligation to do so exists;

4. THE RIGHT TO RESTRICT THE PROCESSING of Personal Data, which means that until the disputed issues regarding the processing of Personal Data are resolved, namely if (i) the Data Subject disputes the accuracy of the Personal Data, (ii) the processing is unlawful but instead of erasing the Personal Data the Data Subject only wants to restrict the processing, (iii) the Controller no longer needs the Personal Data for the purposes of the processing
but the Data Subject does, or (iv) if the Data Subject objects to the processing pursuant to Art. 6. of this Information Clause, the Controller may only store the Personal Data and further processing is subject to the Data Subject’s consent or that the Personal Data is needed for the establishment, exercise or defence of legal claims;

5. RIGHT TO DATA TRANSMISSIBILITY, which means that the Data Subject has the right to obtain Personal Data that he or she has provided to the Controller with consent to processing or for the purposes of performance of a contract, in a structured, commonly used and machine-readable format, and further has the right, if technically feasible, to have the Controller transfer such data to another controller;

6. RIGHT TO OBJECT to the processing of Personal Data, which means that the Data Subject may lodge a written or electronic objection to the processing of his or her Personal Data with the Controller. The Controller will no longer process the Personal Data unless it demonstrates compelling legitimate grounds for processing that override the interests of the Data Subject or his or her rights and freedoms. The Data Subject has the right to object at any time to the processing of Personal Data concerning him or her for direct marketing purposes.

The Data Subject may exercise all his/her rights set out in the preceding paragraph with the Controller either in writing by registered letter or electronically at the Controller’s contact details.

Furthermore, the Data Subject has the right to lodge a complaint against the processing of Personal Data with the Office for Personal Data Protection at Pplk. Sochora 27, 170 00 Prague 7.

Withdrawal of Consent

This Consent may be revoked by the Data Subject at any time, therefore it may be done even before the above-mentioned facts have ended. The Data Subject may revoke the consent in any form through the Contact Details of the Controller.

Withdrawal of Consent shall not affect the lawfulness of processing based on Consent granted prior to its withdrawal. Upon expiry of the Consent in accordance with this Article, the Personal Data will be deleted unless there is another lawful reason for further processing.

You may exercise any of these rights where indicated on our Site or by contacting us using the contact details provided below.

We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, such as your email address or account information, before providing a substantive response to the request. In accordance with applicable laws, You may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request in a timely manner as required under applicable law.

Complaints

If you have complaints about how we process your personal information, please contact us using the contact details provided below. If you are not satisfied with our response to your complaint, depending on where you live you may have the right to appeal our decision by contacting us using the contact details set out below, or lodge your complaint with your local data protection authority.

International Users

Please note that we may transfer, store and process your personal information outside the country you live in, including the United States. Your personal information is also processed by staff and third party service providers and partners in these countries.

If we transfer your personal information out of Europe, we will rely on recognized transfer mechanisms like the European Commission's Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

Contact

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please email us at hello@tomasvrana.studio.

Last updated: 20. 10. 2023