Privacy Policy

I.
Basic Provisions

  1. The data controller according to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (hereinafter: "GDPR") is FOXON s.r.o., Company ID 27358917, registered office: Česká 615/25, Liberec, 463 12, Czech Republic, registered in the Commercial Register maintained by the Regional Court in Ústí nad Labem, Section C, File 25820 (hereinafter: the "Controller").
  2. Controller’s contact details:
    Address: Česká 615/25, Liberec 25 – Vesec, 463 12
    Email: foxon@foxon.cz
    Phone: (+420) 488 588 746
  3. Personal data means any information about an identified or identifiable natural person; an identifiable person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
  4. The Controller has not appointed a Data Protection Officer.

II.
Sources and Categories of Processed Personal Data

  1. The Controller processes personal data that you have provided or personal data obtained in connection with fulfilling your order.
  2. The Controller processes your identification and contact data, and data necessary for contract performance.

III.
Legal Basis and Purpose of Personal Data Processing

  1. The legal basis for personal data processing is:
    • performance of a contract between you and the Controller under Article 6(1)(b) GDPR,
    • the Controller’s legitimate interest in providing direct marketing (especially for sending commercial communications and newsletters) under Article 6(1)(f) GDPR,
    • your consent for the purposes of direct marketing (especially for sending commercial communications and newsletters) under Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on Certain Information Society Services, if no goods or services have been ordered.
  2. The purpose of personal data processing is:
    • to process your order and fulfil rights and obligations arising from the contractual relationship between you and the Controller; when placing an order, personal data necessary for successful order processing (name, address, contact) are required. Providing personal data is a necessary condition for concluding and fulfilling the contract; without providing the data, it is not possible to conclude or perform the contract,
    • sending commercial communications and carrying out other marketing activities.
  3. The Controller performs automated individual decision-making, including profiling for marketing purposes, in accordance with Article 22 GDPR. By using our services, you have explicitly consented to such processing.

IV.
Purpose, Categories, Sources, and Recipients of Personal Data

Legal Basis Purpose Data Source of Data Recipients (Processors)
Contract Performance Processing orders and responding to inquiries via contact form Customer personal data (contact details) Email communication, contact form, telesales Subcontractors, mailing services, cloud storage, printed documents
Legitimate Interest Providing direct marketing (especially for sending commercial communications and newsletters) Customer contact details Order data, contact form, telesales Mailing services, cloud storage, subcontractors, websites
Consent Marketing and website promotion Emails, potential customer names, IP addresses, other technical identifiers Newsletter form Website hosting provider, email marketing services (Ecomail)
Consent Targeted advertising (retargeting) Up to 38 months: Third-party cookies, IP addresses, browser and website usage data Viewing specific pages on the website Advertising platforms for retargeting (Google Ads, Sklik, Facebook, Youtube)
Consent Demographic insights in traffic statistics Third-party cookies, demographic data (age, gender, interests, purchase intent, and other categories) DoubleClick cookie, Android Advertising ID, iOS Advertising ID Google Analytics 4

V.
Data Retention Period

  1. The Controller stores personal data:
    • for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the Controller, and to assert claims from these contractual relationships (for 15 years after the contractual relationship ends),
    • until consent to the processing of personal data for marketing purposes is revoked, but no longer than 10 years, if the data is processed based on consent.
  1. After the retention period expires, the Controller deletes the personal data.

VI.
Recipients of Personal Data (Controller's Subcontractors)

  1. Recipients of personal data are individuals or entities:
    • involved in delivering goods / services / processing payments based on a contract,
    • providing services related to the operation of the e-shop and related services,
    • providing marketing services.

The Controller has a Data Processing Agreement with all personal data recipients.

Google US Website behavior analytics, online advertising via Google Ads and Google Analytics 4
Seznam.cz CZ Online advertising via Sklik
Microsoft US CRM system
Upgates CZ E-shop platform
Joomla US Website platform
WordPress US Website platform
Ecomail CZ Email marketing services
Bookeo AUS Training and event reservations
LinkedIn US Online marketing
Facebook US Online marketing
Twitter US Online marketing
Česká pošta CZ Order delivery
TNT CZ Order delivery
UPS CZ Order delivery
Schenker CZ Order delivery
Paypal US Paypal online payments

VII.
Cookies

  1. When you visit our website, the Controller processes your personal data via cookies. The purpose of this processing is to analyze website traffic, gather information about website usage, ensure website functionality, customize content, and provide targeted advertising.
  2. Cookie processing is based on your consent, which you can grant via the cookie banner when you first visit the website. You can withdraw your consent at any time via cookie settings.
  3. If you do not wish to receive cookies, you can delete all cookies from your computer's disk in your browser settings, block cookies entirely, or set up a notification before each cookie is saved.

VIII.
Your Rights

  1. Under GDPR, you have the following rights:
    • the right to access your personal data under Article 15 GDPR,
    • the right to rectification of personal data under Article 16 GDPR, or restriction of processing under Article 18 GDPR,
    • the right to erasure of personal data under Article 17 GDPR,
    • the right to object to processing under Article 21 GDPR,
    • the right to data portability under Article 20 GDPR,
    • the right to withdraw consent to processing in writing or electronically to the Controller's address or email provided in section I of these terms.
  2. You also have the right to lodge a complaint with the Data Protection Authority if you believe your personal data protection rights have been violated.

IX.
Personal Data Security Measures

  1. The Controller declares that it has taken all appropriate technical and organizational measures to secure personal data.
  2. The Controller declares that it has implemented technical measures to secure data storage and storage of personal data in paper form.
  3. The Controller declares that only authorized persons have access to personal data.

XII.
Final Provisions

  1. By submitting an order via the website order form, you confirm that you have read and accepted the Privacy Policy in its entirety.
  2. By ticking the consent box in the website form, you confirm that you have read and accept the Privacy Policy in its entirety.
  3. The Controller reserves the right to amend this Privacy Policy. The updated version will be published on the Controller’s website and sent to your email address provided to the Controller.

This Privacy Policy is effective from May 28, 2025.