Privacy Policy

This Privacy Policy describes how we handle the personal data of our customers and website visitors. The text complies with current legislation and we have tried to write it in a way that is as understandable as possible for every reader.

The main laws and regulations on which the text is based are:

  • Act No. 480/2004 Coll., on certain services of the information society
  • Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR)

If you need more detailed information about the rules, obligations, and rights we follow, we recommend looking into these laws and regulations.

  1. Identity and Contact Details of the Controller 1.1 The controller of your personal data, according to Article 4, paragraph 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR"), is JustCraft s.r.o., ID 23140984, with its registered office at Roháčova 145/14, Žižkov, Prague, 130 00, file number C 422015 registered at the Municipal Court in Prague ("we" or "controller"). 1.2 The contact details of the controller are as follows:

    • Delivery address: Roháčova 145/14, Žižkov, Prague, 130 00
    • Email: [info@justcraft.cz](mailto:info@justcraft.cz) 1.3 According to Article 4, paragraph 1 of the GDPR, personal data means any information relating to an identified or identifiable natural person ("you" or "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. 1.4 The controller has not appointed a data protection officer.

  2. Sources and Categories of Processed Personal Data 2.1 The controller processes personal data that you have provided or personal data that the controller has obtained based on the fulfillment of your order. 2.2 The controller processes your identification and contact details and data necessary for the fulfillment of the contract.

  3. Legal Reasons for Processing Personal Data 3.1 The legal reasons for processing personal data are or may be (always applied according to your specific situation): 3.1.1 Fulfillment of the contract (most often processing the order) between you and the controller, or taking measures by the controller before concluding such a contract, actions directly related to the fulfillment of the contract, and fulfilling the rights and obligations arising directly from the contractual relationship. When ordering, personal data necessary for the successful processing of the order (e.g., name in combination with address and other contact details) are required. Providing personal data is a necessary requirement for concluding and fulfilling the contract, as it is not possible to conclude the contract without them and therefore not possible for the controller to fulfill it. 3.1.1.1 The buyer acknowledges that they are obliged to provide their personal data correctly and truthfully (during registration, in their user account, when ordering from the web interface of the store) and that they are obliged to inform the seller of any changes to their personal data without undue delay. 3.1.2 Legitimate interests of the controller, in accordance with the GDPR, defined below. 3.1.3 Your consent to processing for the purposes of direct marketing (especially for sending commercial communications and newsletters) according to Article 6, paragraph 1, letter a) of the GDPR in conjunction with § 7, paragraph 2 of Act No. 480/2004 Coll., on certain services of the information society, in case no goods or services were ordered.

  4. Purposes of Processing Personal Data 4.1 The purposes of processing personal data are or may be (always according to your specific situation): 4.1.1 Fulfillment of the contract concluded with the customer, most often processing the order, and legal obligations arising from the fulfillment of the contract 4.1.2 Marketing activities, most often sending commercial communications, in accordance with legal reasons 4.1.3 Reasonable determination of satisfaction with the provided goods or services 4.1.4 Publishing a comment on the website if a comment is directly inserted by the user on a page. 4.2 The controller does not engage in automatic individual decision-making within the meaning of Article 22 of the GDPR.

5. Legitimate Interests of the Data Controller 5.1 The legitimate interests of the controller in relation to the processing of personal data are defined in accordance with Article 6 paragraph 1 letter f) of the GDPR and Recital 47 of the GDPR. 5.2 These legitimate interests of the controller include providing direct marketing (especially for sending commercial communications and newsletters) according to Article 6 paragraph 1 letter f) of the GDPR and Recital 47 of the GDPR.

6. Other Recipients of Personal Data 6.1 Other recipients of your personal data are primarily shipping companies or other persons involved in the delivery of goods or the realization of payments based on the purchase contract. 6.2 Other recipients of your personal data may also be service providers who perform activities related to the operation of the controller, such as companies providing programming services, information technology services (e.g., databases, economic systems), accounting services, or marketing services. The controller declares that in such cases, it has taken and will take all necessary organizational and technical measures for the proper protection of personal data in accordance with the GDPR. 6.3 The controller processes data in the Czech Republic or other EU countries. For legal reasons (e.g., an order with delivery outside the EU and the necessary transfer of data to a local carrier), data may also be processed outside the EU. In cooperation with global entities, data may also be processed outside the EU, but in such cases, the entity is always a participant in the Privacy Shield, ensuring an adequate level of protection.

7. Retention Period of Personal Data 7.1 If data is processed for legal reasons, it will be processed for the duration of the effects of the rights and obligations arising from the contract, and further for the period necessary for archiving purposes according to the relevant generally binding legal regulations, but no longer than the period specified by generally binding legal regulations. 7.2 If personal data is processed based on consent, it will be processed until the consent to the processing of personal data is revoked, but no longer than 10 years from the granting of consent or from the last order placed (whichever occurs later).

8. Rights of the Data Subject 8.1 You are not obliged to provide personal data to the controller. However, if the provision of your personal data is a necessary requirement for concluding and fulfilling the contract (e.g., email for order confirmation, name and physical address for delivery of goods, etc.), it is not possible to conclude the contract (i.e., complete the order) or fulfill it by the controller without providing your personal data. 8.2 In accordance with Article 21 paragraphs 1 and 2 of the GDPR, you have the right to object to the processing of personal data or withdraw consent to the processing of personal data at any time, especially if it is processed for direct marketing purposes. The controller will no longer process these personal data unless other legal reasons compel it to do so, which outweigh the interests or rights of the data subject. 8.3 Furthermore, you have the right, under the conditions set out in the GDPR, to: 8.3.1 access your personal data according to Article 15 of the GDPR, 8.3.2 rectify personal data according to Article 16 of the GDPR, 8.3.3 erase personal data according to Article 17 of the GDPR, 8.3.4 restrict processing according to Article 18 of the GDPR, 8.3.5 data portability according to Article 20 of the GDPR, 8.3.6 object to processing according to Article 21 of the GDPR. In case of such requests, please contact the controller at the above contact details. 8.4 If you believe that the processing of your personal data has violated or is violating the GDPR, you also have the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection.

9. Conditions for Securing Personal Data 9.1 The controller declares that it has taken all appropriate technical and organizational measures to secure personal data and their storage in electronic and paper form and that only authorized persons have access to the processed personal data.

10. Final Provisions 10.1 By sending an order from the online order form, you confirm that you are familiar with the privacy policy and that you accept it in its entirety. 10.2 You also agree to these conditions by checking the consent box through the online form. By checking the consent box, you confirm that you are familiar with the privacy policy and that you accept it in its entirety. 10.3 The controller is entitled to change these conditions. The new version of the privacy policy will be published on its website. In case of material changes, the new version of these conditions will be sent to your email address if it has been provided to the controller.

Date of last update: April 9, 2025