Sign In

I. Opening Provisions

  1. By submitting your order, you grant your consent to Smolík Cookie Cutters s.r.o., ID No.: 28858778, VAT No.: CZ28858778, with its registered office at Svratouch 372, 539 42 Svratouch, Czech Republic (hereinafter the “Data Controller”) which allows it to process the following personal data within the meaning of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “GDPR”) and Act No. 110/2019 Sb., on personal data processing:

  • first and last name,

  • residing address or delivery address, if different than the place of residence,

  • email address,

  • phone number.

  1. The personal data are processed in accordance with the previous paragraph based on a legal ground specified in Article 6(1b) of the GDPR, i.e., for the purpose of concluding a purchase agreement (hereinafter the “Agreement”) and implementation of rights and obligations arising from the Agreement (e.g., payment transaction, billing, tax obligations, goods distribution) concluded for the performance of business activity between the Data Controller and the customer (hereinafter the “Data Subject”). The Data Controller does not require your explicit consent for the aforementioned personal data processing. 

  2. By signing up for the newsletter on the Data Controller’s website, you grant the Data Controller your explicit consent to process your personal data specified in paragraph 1 for the purpose of direct marketing, i.e. sending commercial communication and newsletters. Providing personal data for this purpose is voluntary. You can opt out of the commercial communication and newsletters at any time; either by directly opting out of the newsletter or by written request addressed to the Data Controller at the email address or to the address of the Data Controller’s registered office.

  3. The personal data will be processed in an electronic form using automation or in a paper form without automation. 


II. Cookies

  1. On the Data Controller’s website, you grant your explicit consent to the Data Controller to use cookies. These pieces of data allow for processing personal data – third-party cookies (IP addresses or domain names on computers used by the users browsing the website, URI/URL addresses of required sources, request time, the method used to send the request, the volume of the file received in return, data on website browsing, browser details and other parameters related to the operating system and users). The data are required for using the web services and are also processed for the following purposes:

  • obtaining statistical data on using the services (most frequently visited websites, number of visitors during a specific time period or a day, geographical background etc.);

  • monitoring the functionality of services offered.

  1. The rules for using or blocking cookies can be adjusted at any time by going to Cookies Settings or directly in your internet browser. 

  2. The users may allow or reject all cookies (except for the “necessary” cookies used for the technical performance of the website or service provision) or just some of the cookies (e.g., third-party cookies). Blocking the cookies can have an adverse effect on the usability of the website and service.

  3. This website stores data from the following parties to the internet browser of those users who allow cookies in their cookies settings of individual browsers:

  1. If you object to the processing of technical cookies necessary for the functionality of the website, we cannot ensure the fully functional and compatible behaviour of the website.


III. Data Retention

  1. The Data

  • Controller retains the personal datafor the time necessary to perform the rights and obligations arising from the contractual relationship between you and the Data Controller and exercise the rights arising therefrom (for 2 years after such contractual relationship ends);

  • for the time until the consent with personal data processing for marketing purposes is revoked if such personal data are processed based on a given consent.

  1. After the retention period lapses, the personal data will be handled according to the legal regulations, mainly of Act No. 110/2019, on personal data processing, and the GDPR.


IV. Personal Data Recipients 

  1. The Data Controller intends to transfer the personal data to a third country (outside the EU) or international organisation. The third-country personal data recipients are providers of email services, data and file storage, analytical tools and direct marketing services. The personal data can be processed on behalf of the Data Controller by the following processing software, service and application providers that the Data Controller uses: Google Analytics, AdWords, Facebook, [doplnit]. 

  2. As the Data Subject, you hereby consent to providing your email address for the purpose of sending a customer satisfaction survey from the operator of the website, Heureka Shopping s.r.o., Karolinská 650/1, 186 00 Prague 8 – Karlín, Czech Republic, registered at the Municipal Court in Prague under file No. C 218977, ID No.: 02387727, VAT No.: CZ02387727. 

  3. The personal data may also be provided to:

  • the Data Controller’s employees and associates, such as authorised persons, internal data processors or system administrators, persons processing payment transactions and carriers;

  • other company or entity (such as IT consulting company, insurance company etc.), with your consent or to perform the activities necessary for an authorised professional task, or to a third-party service provider acting on behalf of the Data Controller, such as a third-party data processor.

  1. Your personal data will not be provided to third parties for a purpose which is not admissible under law or is in violation of this statement.

  2. The personal data are not transferred to other EU member countries.


V. Your Rights

1.  In accordance with the provisions of the GDPR, you can exercise the following rights:

a) right of access to the personal data – to obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information on processing methods. You also have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning yourself. You have the right to have incomplete personal data completed at any time.

b) The right to obtain from the Data Controller the erasure of personal data means the Data Controller is obliged to erase your personal data without undue delay where specific grounds apply and upon your request.

c) You have the right to obtain from the Data Controller restriction of processing in some instances. You have the right to object at any time to the processing of your personal data based on the legitimate interest of the Data Controller or third party or such personal data necessary for performing a task in the public interest or when exercising public authority.

​d) The right to data portability is the right to receive the personal data you have provided to the Data Controller in a structured, commonly used and machine-readable format. You have the right to transmit those data to another data controller or to have the personal data transmitted directly from one controller to another, where technically feasible.

2.  If the Agreement is not concluded, the consent to personal data processing can be revoked at any time by sending an email to or a letter to the Data Controller’s registered office. The right to revoke the consent to the processing of personal data provided based on the concluded Agreement at any time (as specified in Article I (1) does not apply when the personal data are processed based on the performance of the agreement concluded with you under Article 6(1b) of the GDPR and not based on the processing consent.


3.  If the customer is in any way dissatisfied with the processing of their personal data by the Data Controller, the customer may lodge a complaint directly to the Data Controller or to the Office for Personal Data Protection.

4.  For more information on your rights, visit the website of the Office for Personal Data Protection.


VI. Personal Data Security Criteria

  1. The Data Controller confirms it has taken every possible technical and organisational step to secure the personal data. The Data Controller has adopted technical measures to secure the personal data storage (both in electronic and paper form).

  2. The Data Controller declares that the personal data is only accessible by persons authorised to do so and data processors specified in Article IV based on a contractual relationship with the Data Controller.


VII. Final Provisions

  1. By submitting the order form, you confirm that you are acquainted with this Privacy Policy, and you accept it in full.

  2. By checking that you consent to receive commercial communication and newsletters, you confirm that you are acquainted with the personal data security criteria, and you accept them in full. You may revoke this consent at any time, as specified above.

  3. The Data Controller is entitled to amend this Privacy Policy. The Data Controller will publish the new version of the Privacy Policy on its website and notify you thereof via email at the address you provided.


In Svratouch, on 21 June 2022.