Privacy Policy

Privacy Policy

1. Data Controller

Data controller (operator of the e‑shop):
Designpropaganda s.r.o.
Company ID: 27879194
Registered office: Vinohradská 34, 120 00 Prague 2, Czech Republic
E‑mail: love@essey.com

The controller operates the online store at:
https://essey.cloud.mafikes.cz (hereinafter the “E‑shop”).

For all questions related to the protection of personal data, you can contact the controller at: love@essey.com.

 

2. Personal data we process

We only process personal data that you provide to us yourself or that are created when you use our E‑shop, in particular:

a) Data of customers when ordering goods:

• first name and surname
• billing address and, where applicable, shipping address
• e‑mail address
• telephone number
• company details (company name, company ID, VAT ID), if you purchase as a business customer
• information about the goods ordered and the chosen payment and delivery method

b) Data when registering a user account:

• first name and surname (or nickname, if applicable)
• e‑mail address
• password (stored in encrypted form)
• data related to your orders and account settings

c) Data from the contact form:

• first name and surname (if you provide it)
• e‑mail address
• telephone number (if you provide it)
• content of your message and any additional information you voluntarily provide

d) Data for sending commercial communications (newsletter):

• e‑mail address
• optionally your name, if you provide it

e) Technical and operational data:

• necessary technical cookies (e.g. to keep the contents of the shopping cart, to maintain user login)
• IP address, access time, browser and device information to the extent necessary for the operation and security of the website

We do not process any special categories of personal data (so‑called sensitive data, such as health data, religious beliefs, etc.).

 

3. Purposes and legal bases of processing

We process personal data for the following purposes:

a) Processing your order and performance of the contract

• receiving and processing your order
• communication regarding your order and delivery of goods
• handling claims, complaints and returns

Legal basis: performance of a contract between you and the controller (Article 6(1)(b) GDPR).

 

b) Compliance with legal obligations (accounting, taxes)

• keeping accounting and tax records
• archiving tax documents in accordance with applicable laws

Legal basis: compliance with legal obligations that apply to the controller (Article 6(1)(c) GDPR), in particular accounting and tax legislation, which may require the retention of some documents for up to 10 years.

 

c) Communication via contact form and e‑mail

• answering your questions, handling enquiries, requests and complaints

Legal basis:

• performance of a contract or taking steps prior to entering into a contract (if your enquiry relates to an order or a request for an offer), or
• the controller’s legitimate interest in communicating with customers and prospective customers (Article 6(1)(f) GDPR).

 

d) User account

• creating and managing your user account
• providing access to order history and account settings

Legal basis: performance of a contract (providing the user account service) and the controller’s legitimate interest in making repeat purchases easier for customers (Article 6(1)(b) and (f) GDPR).

 

e) Sending commercial communications (newsletter)

If you sign up for our newsletter, we process your e‑mail address for the purpose of sending you:

• information about news, offers and discounts
• inspiration and updates related to the E‑shop’s product range

Legal basis: your consent (Article 6(1)(a) GDPR), given by ticking the relevant box during registration, checkout or in another sign‑up form.

You can withdraw your consent at any time by clicking the unsubscribe link in any newsletter e‑mail or by sending a request to our contact e‑mail address. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

 

f) Operation and security of the E‑shop

• ensuring the technical operation of the website and its core functions
• protection against misuse of services and cyber‑attacks
• troubleshooting and security monitoring

Legal basis: the controller’s legitimate interest in operating a secure and functional E‑shop (Article 6(1)(f) GDPR).

 

4. How long we keep your data

We retain personal data only for as long as is necessary for the given purpose and in accordance with applicable legal requirements.

In particular:

• Data related to orders and contracts
  For the duration of the contractual relationship and then for up to 10 years after the end of the tax period in which the transaction took place, for accounting and tax purposes.
• User account data
  For as long as your user account exists. If the account is inactive for an extended period, it may be deleted; in that case, data that must be retained under legal obligations (e.g. accounting records) are kept for the required period, and other data are deleted or anonymised.
• Data for newsletters / commercial communications
  Until you withdraw your consent / unsubscribe from the newsletter, or for a reasonable period after your last interaction (e.g. opening or clicking an e‑mail), or until the purpose of processing ceases, whichever occurs first.
• Contact form and e‑mail communication
  For the time necessary to handle your request and for a reasonable period afterwards (for example up to 3 years) for the purposes of documenting that your enquiry was handled and for the protection of the controller’s rights.
• Technical and necessary cookies
  For the duration of the browser session (until you close your browser) or for a short period necessary for the proper functioning of the E‑shop (e.g. to remember your cart).

After the relevant retention period expires, personal data are either securely deleted or anonymised.

 

5. Recipients and processors of personal data

Personal data may be disclosed only to trusted recipients and processors who help us operate the E‑shop and fulfil our obligations. In particular, these may include:

• providers of hosting and technical operation of the E‑shop
• providers of accounting and economic software (e.g. invoicing/accounting system) and external accountants
• providers of payment services and payment gateways (banks, card companies, online payment providers) when you pay online
• providers of shipping and logistics services (carriers, courier services), to the extent necessary for delivering your order
• external developers or agencies involved in the development and maintenance of the E‑shop
• providers of newsletter / e‑mailing tools, if used

All such processors process personal data only on the basis of a written contract, according to our instructions, may not use them for their own purposes and must ensure appropriate technical and organisational security measures.

 

6. Transfers of data outside the EU / EEA

Personal data are not transferred to countries outside the European Union or the European Economic Area, unless expressly stated otherwise.

If, in the future, we use services that involve transfers to third countries (for example some cloud or e‑mailing services), such transfers will only take place in compliance with the GDPR, e.g. on the basis of an adequacy decision or standard contractual clauses.

 

7. How we process and protect personal data

Personal data are processed both manually and by automated means in our IT systems.

We take appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage, including:

• restricting access to personal data to authorised persons only
• using secure passwords and encryption where appropriate
• regularly updating software and systems
• concluding data processing agreements with our processors, including confidentiality and security obligations

Personal data are not subject to automated decision‑making or profiling that would produce legal effects concerning you or similarly significantly affect you.

 

8. Cookies

Our E‑shop uses primarily necessary technical cookies, which are essential for:

• proper display and basic functions of the website
• keeping the contents of your shopping cart
• maintaining user login sessions

These cookies are stored based on our legitimate interest in operating a functional online store and do not require your consent.

At present, we do not use any analytical or marketing cookies for tracking user behaviour or targeted advertising. If we decide to use such tools in the future, we will update this Privacy Policy accordingly and, where required, we will ask for your consent via a cookie banner.

 

9. Your rights as a data subject

In connection with the processing of your personal data, you have the following rights under the GDPR:

1. Right of access
   You have the right to obtain confirmation as to whether or not personal data concerning you are being processed and, if so, access to those data and information about their processing.
2. Right to rectification
   If your personal data are inaccurate or incomplete, you have the right to request their rectification or completion.
3. Right to erasure (“right to be forgotten”)
   In certain cases, you have the right to have your personal data erased, in particular if they are no longer necessary for the purposes for which they were collected or if you withdraw your consent and there is no other legal basis for processing.
4. Right to restriction of processing
   In some situations, you may request that we restrict the processing of your data (e.g. for the period during which we verify the accuracy of your data or handle your objection).
5. Right to data portability
   You have the right to obtain the personal data that you have provided to us in a structured, commonly used and machine‑readable format and to transmit those data to another controller, if the processing is based on consent or on a contract and is carried out by automated means.
6. Right to object
   You have the right to object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests. In such a case, we will no longer process your data for those purposes unless we demonstrate compelling legitimate grounds for the processing.
7. Right to withdraw consent
   If processing is based on your consent (e.g. for newsletters), you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
8. Right to lodge a complaint with a supervisory authority
   If you believe that your rights to data protection have been infringed, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement.
   In the Czech Republic, the supervisory authority is:
   Úřad pro ochranu osobních údajů (Office for Personal Data Protection)
   Pplk. Sochora 27
   170 00 Prague 7
   Czech Republic
   Website: https://uoou.gov.cz

 

10. How to exercise your rights

You can exercise your rights and address any questions or requests regarding personal data by contacting us at:

• e‑mail: love@essey.com

For security reasons, we may need to verify your identity in order to prevent personal data from being disclosed to unauthorised persons.

We will respond to your request without undue delay and in any event within one month of receipt. In justified cases, this period may be extended in accordance with the GDPR, in which case we will inform you of the reasons.

 

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, in particular if there are changes in the services we provide or in applicable legislation.

The current version of this Privacy Policy is always available on our website.

This Privacy Policy is effective as of 13 February 2026.