Principles of personal data processing

Title: Nafisipado s.r.o.
Registered Office: Na Pankráci 1062/58, Nusle, 140 00 Praha
Company ID: 17222788

The processing of personal data is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “Regulation“), the Personal Data Processing Act, and Act No. 480/2004 Coll., on certain services of the information society, as amended.

1. Definitions

Data subject: A natural person (consumer or self-employed person) to whom personal data relates (also referred to as “You” or “customer“);

Personal data: Personal Data: All information about an identified or identifiable customer; an identifiable customer is a natural person who can be directly or indirectly identified, in particular by reference to a specific identifier, such as name, identification number, location data, network identifier, or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (also referred to as “data” or “information“);

Controller: The entity that determines the purpose and means of processing personal data, performs the processing, and is responsible for such processing. The controller of personal data is Nafisipado s.r.o.; Na Pankráci 1062/58, Nusle, 140 00 Prague; Company ID: 17222788 (also referred to as “we“);

Processor: The entity that, based on the law or on the controller’s authorization, processes personal data for the controller, based on a contract for the processing of personal data (also referred to as “business partner” or “partner“);

Website: The website available at

Purpose of processing personal data: The reason why personal data is processed. This may include fulfilling a contract, managing user accounts, handling complaints and inquiries, sending commercial communications (newsletters), or displaying advertisements based on customer interests;

Cookies: Short text files stored by your web or mobile browser. Most cookies contain a unique identifier, the so-called cookie ID. It is a character string assigned by websites and servers to the browser that stored the cookie. This allows websites and servers to distinguish and identify individual browsers. Cookies are used to improve the functionality of websites, evaluate their visitation, and better target marketing activities. By browsing our website, we assume that you consent to the use of these files;

Third Countries: States outside the European Economic Area, including mainly the member states of the European Union, Iceland, Liechtenstein, and Norway.


2. What personal data is processed?

We and our contractual processors process the following personal data, or categories of personal data, based on the relevant legal title and purpose of processing:

    1. identification and address data: e.g., name, surname, delivery or other contact address, business headquarters, ID number, VAT ID;
    2. electronic contact details: e.g., phone number, email address; 
    3. other electronic data: IP address, cookies;
    4. other personal data associated with the contractual relationship: bank account number, order history;
    5. other personal data: typically data provided by the customer in the order form or in other documents and in communication with us, including subsequent updates.

3. What is the origin of personal data?

We process data that you provide to us, e.g., when ordering our services, communicating with us, or subscribing to the newsletter. This typically includes:

      • identification and address data;
      • electronic contact details;
      • other personal data associated with the contractual relationship.

We also process data obtained automatically based on your browsing of our website. This typically includes:

      • other electronic data:
        • cookies
        • website from which you came to our website;
        • IP address;
        • date and time of access;
        • search queries;
        • http and https response codes;
        • transferred data groups;
        • information about the browser and operating system of the computer.

4. Why are personal data processed?

Your personal data may be processed for the following purposes:

    • Fulfillment of contractual relationship;
    • Communication with customers, satisfaction assessment, publication of reviews, book recommendations, handling complaints, inquiries, and claims
    • Sending commercial communications and offering our products
    • Direct marketing and creation of personalized content and advertising
    • Improving the quality of our products and services, analyzing the visitation of our website, and analyzing your behavior on the website
    • Accounting and tax purposes
    • Fulfillment of other legal obligations

Your personal data may be processed based on the following legal grounds:

    • Performance of a contract
    • Controller’s legitimate interest in sending commercial communications
    • Consent to the sending of commercial communications

Processing of personal data for the purposes of the contractual relationship, accounting and tax purposes, and fulfillment of other legal obligations are legal or contractual requirements. If you intend to place an order through our website, you are obligated to provide us with your personal data for these purposes.


5. How long are personal data processed?

Your personal data is processed:

    • for the time necessary to perform the rights and obligations arising from the contractual relationship between you and us and to assert claims from these contractual relationships (4 years);
    • for the time necessary to fulfill legal obligations (accounting documents 5 years, tax documents 10 years);
    • for the duration of our legitimate interest in sending commercial messages (3 years from the last opening of a commercial message);
    • for the duration of your consent (up to 5 years from its granting, or 5 years from the last order).

6. Who has access to personal data?

The following categories of our partners (recipients) may have access to your personal data:

    • Providers of accounting and tax advisory services
    • Providers of IT services and hosting
    • Providers of security and integrity of our services and websites
    • Providers of analytical services
    • Providers of legal services, lawyers
    • Providers of printing and postal services
    • Partners cooperating with us in loyalty programs, organizing conferences, seminars, and other events
    • Partners who handle direct marketing for us and partners and operators of technical solutions, allowing us to display personalized content and advertising to you
    • Public authorities

7. Are personal data transferred outside the EU?

The administrator intends to transfer personal data to a third country (outside the European Economic Area) or an international organization. Recipients of personal data in third countries include:

    • Partners to whom we provide data for the purpose of analyzing the visitation of our websites, your behavior on websites, and business conversions
    • Providers of IT services and hosting, including cloud services
    • Providers of mailing services
    • Partners who handle direct marketing for us and partners and operators of technical solutions, allowing us to display personalized content and advertising to you

8. How are personal data processed?

Personal data is processed manually and automatically. We keep proper records of all processing activities in accordance with applicable legal regulations.

You are not subject to any decision based solely on automated processing, including profiling, that would have legal effects on you or similarly significantly affect you. We do not create profiles from your personal data for the purpose of analyzing or predicting your preferences, interests, economic situation, reliability, location, or movement (a typical example of profiling is monitoring the behavior of website visitors to track their preferences so that a merchant can approach them in the future with an offer tailored to them).


9. What are the rights of data subjects?

In exercising your rights, please contact us through our contact details provided at the beginning of these principles.

In connection with the processing of your personal data, you have the following rights (Articles 15 to 21 of the GDPR):

    • Right to access personal data
    • Right to rectification of inaccurate and completion of incomplete personal data
    • Right to erasure of personal data
    • Right to restriction of processing of personal data
    • Right to data portability
    • Right to object to processing
    • Right to information about automated decision-making, including profiling

If we process your personal data based on your consent, you have the right to withdraw this consent at any time.

Furthermore, you have the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection, with its registered office at Pplk. Sochova 27, 170 00 Prague 7, tel .: 234 665 111, web:


10. How are cookie files processed?

Processed cookie files can be divided by validity into:

    • temporary cookies (so-called session cookies) that remain stored in your browser only until you close your browser,
    • persistent cookies (so-called persistent cookies) that remain stored in your browser for a long time until their lifespan expires or until you manually delete them (the storage time of cookie files in your browser depends on the settings of the cookie itself and the settings of your browser).

And according to functions into:

    • essential, which are necessary for the functionality of our websites,
    • preference, which allows our websites to remember information that changes how the website behaves or looks (e.g., preferred language or region where you are located), these cookies are not essential for the functioning of our websites but increase their functionality and practicality of use,
    • analytical, which helps us analyze your experience on our websites (so-called User Experience = user experience) and enables us to understand how you use our websites,

We do not use third-party cookies that track multiple websites for the purpose of providing you with personalized content and advertising on third-party websites and other sales channels.


11. Are data about children processed?

Our websites are not intended for children under 16 years of age. Therefore, we do not intentionally collect their personal data. If we accidentally obtain personal data about children under 16, we will take steps to delete this data as quickly as possible, unless we are legally obligated to keep it in certain cases.


12. Conclusion

Legal regulations, as well as our business strategies and related methods of processing your personal data, may change. If we decide to update these principles, we will place the changes on our websites and inform you about these changes. In cases where there is a significant change to these principles or where the law requires us to do so, we will inform you in advance. We ask you to read these principles carefully and regularly check them when communicating with us or using our websites.

Scroll to Top

Interested in details?