Privacy Policy

Effective Date: January 1, 2024

This Privacy Policy explains how Dr.Straightenup s.r.o. (hereinafter “the Controller”) collects, processes, and protects personal data in connection with the operation of the e-shop crystalbohemia.ae. This document is intended as a sample for compliance with the General Data Protection Regulation (GDPR) and should be reviewed by legal counsel to ensure full compliance with applicable laws.

1. Identification of the Data Controller and Responsible Person

Data Controller:
Dr.Straightenup s.r.o.
Address: Za záhradami 894/31, 900 28 Zálesie, Slovakia
Company ID (IČO): 48149501
Tax ID (DIČ): 2120060371
Email: [email protected]
Telephone: +421 915 943 553

The Controller is responsible for ensuring the lawful processing of personal data in accordance with the GDPR.

2. Purposes and Legal Basis for Processing Personal Data

a) Purchase of Goods, Delivery, and Complaint Handling

  • Purpose: To process orders, deliver goods, handle complaints, and manage related insurance claims.

  • Data Processed: Name, surname, address, email, telephone number, order details, payment information, and (in the case of complaints) details regarding the claim.

  • Legal Basis: Article 6(1)(b) and (c) of the GDPR, as processing is necessary for the performance of a contract and compliance with legal obligations.

  • Retention Period: Data are retained for the duration of the contract and the applicable warranty period.

b) Sale of Goods Outside the E-Shop

  • Purpose: To process orders placed outside the online store.

  • Data Processed: Name, surname, contact details, and order details.

  • Legal Basis: Article 6(1)(b) of the GDPR, as processing is necessary based on the customer’s request.

  • Retention Period: Data are retained for the duration of the contract and the applicable warranty period.

c) Non-binding Orders and Inquiries

  • Purpose: To record expressions of interest and manage non-binding inquiries.

  • Data Processed: Name, surname, telephone number, email, and inquiry details.

  • Legal Basis: Article 6(1)(b) of the GDPR, as processing is based on the customer’s interest.

  • Retention Period: Data are retained from the submission of the inquiry until the conclusion of a potential contract or cancellation of the inquiry.

d) Registration and Operation of the E-Shop

  • Purpose: To manage user registration, account administration, and the operation of the online store.

  • Data Processed: Name, surname, email, telephone number, address, and order history.

  • Legal Basis: Article 6(1)(b) of the GDPR, as processing is necessary for account registration and maintenance.

  • Retention Period: Data are retained for the duration of the user’s registration.

e) Customer Support

  • Purpose: To provide telephone and email support to customers.

  • Data Processed: Name, surname, contact details, order history, and communication records.

  • Legal Basis: Article 6(1)(b) of the GDPR.

  • Retention Period: Data are processed for the duration of the support service and the applicable warranty period.

f) Marketing and Newsletter (if applicable)

  • Purpose: To send newsletters and marketing communications.

  • Data Processed: Email address, name, and surname.

  • Legal Basis: Either based on explicit consent under Article 6(1)(a) of the GDPR or on the basis of legitimate interests under Article 6(1)(f) (with the option to withdraw consent at any time).

  • Retention Period: Data are retained until consent is withdrawn.

g) Exercising Claims and Resolving Disputes

  • Purpose: To manage disputes, enforce rights, and protect the Controller’s legitimate interests.

  • Data Processed: Identification details, contact information, order and transaction records, and communication logs.

  • Legal Basis: Article 6(1)(f) of the GDPR.

  • Retention Period: Data are retained for the duration of any legal proceedings or the applicable limitation period.

h) Compliance with Legal Obligations

  • Purpose: To fulfill legal obligations such as accounting, taxation, and other regulatory requirements.

  • Data Processed: Data required for accounting, tax reporting, legal, and archival purposes.

  • Legal Basis: Article 6(1)(c) of the GDPR.

  • Retention Period: Data are retained for the period prescribed by applicable law.

3. List of Data Recipients

Personal data may be shared with the following parties, only as necessary for the purposes described:

  • IT service providers and hosting services (including payment gateways and e-shop platforms)

  • Courier and delivery companies

  • Customer support and service partners

  • Public authorities and regulatory bodies when required by law

  • External legal, accounting, auditing, and tax advisory services

4. Data Security

The Controller has implemented technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures comply with the requirements of the GDPR and ensure a level of protection appropriate to the risk.

5. Rights of Data Subjects

Data subjects have the following rights:

  • The right to access their personal data

  • The right to rectify inaccurate or incomplete data

  • The right to erasure (the right to be forgotten)

  • The right to restrict processing of personal data

  • The right to data portability

  • The right to object to the processing of personal data

  • The right to lodge a complaint with a supervisory authority (e.g., the relevant Data Protection Authority)

These rights can be exercised by submitting a written request to the Controller via the contact details provided below.

6. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected. For contractual obligations, data is kept for the duration of the contract and for any statutory periods following its termination.

7. Changes to this Privacy Policy

The Controller reserves the right to update this Privacy Policy at any time. Any changes will be posted on the e-shop crystalbohemia.ae, and, if necessary, communicated directly to the data subjects.

8. Contact Information

For any questions regarding this Privacy Policy or to exercise your rights under the GDPR, please contact:

Dr.Straightenup s.r.o.
Za záhradami 894/31
900 28 Zálesie, Slovakia
IČO: 48149501
DIČ: 2120060371
Email: [email protected]
Telephone: +421 915 943 553