Skip to content

Privacy Policy

We process your personal data transparently and in accordance with Regulation (EU) 2016/679 (GDPR) and Czech Act No. 110/2019 Coll. Below you'll find detailed information under Article 13 GDPR.

1. Data controller

The data controller is SPOKAR a.s., registered office at Libkovodská 1428, 393 01 Pelhřimov, Czech Republic, Company ID 25183427.

Contact for data protection matters: eshop@spokar.com.

2. What data we process

  • Identification and contact: name, surname, e-mail, phone, delivery and billing address
  • Order data: order contents, price, payment and shipping method, date, order number
  • Company data (optional): name, Company ID (IČO), Tax ID (DIČ) — only for business orders
  • Technical data: IP address, browser, cookies — see Cookies
  • Marketing consent (optional): only if you actively opt in during checkout

3. Purposes and legal basis

PurposeLegal basisRetention
Contract performance (order processing, delivery, invoicing)Contract (Art. 6(1)(b) GDPR)Duration of contract + 24 months (warranty period)
Accounting and tax documentsLegal obligation (Art. 6(1)(c) GDPR)10 years per Czech tax law
Warranty claim handlingContract and legal obligation5 years after claim resolution
Marketing communications (newsletter)Consent (Art. 6(1)(a) GDPR)Until consent is withdrawn, max 5 years
Traffic analytics and shop optimisationLegitimate interest (Art. 6(1)(f) GDPR)Max 26 months (anonymised)

4. Recipients of personal data

We share your data only to the extent necessary with these recipient categories:

  • Carriers: GLS, Czech Post (Balíkovna) — only data needed for delivery
  • Payment gateway: ComGate Payments, a.s. — only data needed to process payment
  • Accounting and tax advisor
  • ERP system: SPOKAR internal IFS (aggregated order data)
  • Hosting provider
  • Public authorities where required by law

We do not transfer data to third countries outside the EU/EEA.

5. Your rights

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure — "right to be forgotten" (Art. 17 GDPR), unless legal retention applies
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing based on legitimate interest (Art. 21 GDPR)
  • Right to withdraw consent at any time, especially for marketing (Art. 7(3) GDPR)
  • Right to lodge a complaint with the Czech Data Protection Authority (www.uoou.cz)

To exercise your rights, contact us at eshop@spokar.com. We will respond without undue delay, within one month at the latest.

6. Security

We protect your personal data with appropriate technical and organisational measures (HTTPS, restricted database access, regular system updates, encrypted backups).

7. Automated decision-making

No automated decision-making or profiling under Art. 22 GDPR takes place.

8. Updates to this document

This document may be updated. We will inform you of material changes by e-mail or a notice in the online shop.