Privacy policy

I. Basic Provisions

  1. The controller of personal data under Article 4(7) of Regulation (EU) 2016/679 (GDPR) is David Heger, Company ID 480 43 699, with registered office at Dublovice 231 (hereinafter "Controller").
  2. Contact details of the Controller:
    Address: David Heger, Dublovice 231
    Email: david@photoheger.com
    Phone: +420 604 788 562
  3. Personal data means any information relating to an identified or identifiable natural person.
  4. The Controller has not appointed a Data Protection Officer.

II. Sources and Categories of Processed Personal Data

  1. The Controller processes personal data you provided or data obtained during order fulfilment.
  2. Data processed include your identification, contact details, and data necessary for contract performance.

III. Legal Grounds and Purpose of Processing

  1. Legal grounds for processing personal data:
    • Contract performance under Article 6(1)(b) GDPR
    • Legitimate interest in direct marketing under Article 6(1)(f) GDPR
    • Your consent under Article 6(1)(a) GDPR and § 7(2) of Act No. 480/2004 Coll., if no order was made
  2. Purpose of processing:
    • To process your order and fulfill obligations arising from the contractual relationship
    • To send commercial communications and conduct marketing activities
  3. No automated individual decision-making as per Article 22 GDPR occurs. Your explicit consent was given where applicable.

IV. Data Retention Period

  1. Data is retained:
    • For 15 years after the contractual relationship ends
    • For up to 5 years for marketing purposes based on consent, or until consent is withdrawn
  2. After the retention period, data will be deleted.

V. Recipients of Personal Data (Subcontractors)

  1. Recipients include:
    • Service providers involved in delivery and payment processing
    • Operators of the e-shop and related services
    • Marketing service providers
  2. The Controller does not intend to transfer data outside the EU, except to mailing/cloud service providers if applicable.

VI. Your Rights

  1. You have the right to:
    • Access your personal data (Art. 15 GDPR)
    • Rectify or restrict processing (Art. 16 and 18 GDPR)
    • Erase personal data (Art. 17 GDPR)
    • Object to processing (Art. 21 GDPR)
    • Data portability (Art. 20 GDPR)
    • Withdraw consent by writing to the address or email listed in Section III
  2. You may lodge a complaint with the Office for Personal Data Protection if you believe your data rights have been violated.

VII. Data Security Measures

  1. The Controller has implemented appropriate technical and organizational measures to secure personal data.
  2. Security measures include data storage protection, secure backups, and use of strong passwords.
  3. Only authorized persons have access to the data.

VIII. Final Provisions

  1. By submitting an online order, you confirm you have read and accepted this Privacy Policy.
  2. You agree to this policy by ticking the consent checkbox in the form.
  3. The Controller may update this policy and will publish the new version on the website or notify you via email.

Effective date: 24 June 2025