```html ```
Customer support:+421 948 123 850info@luxelleparis.com
    Currency
    EUR
    Language
    English
    Home / Privacy Policy

    Privacy Policy

    Privacy Policy

    I. Basic Provisions

    The controller of personal data pursuant to Section 5 letter o) of Act No. 18/2018 Coll. on the Protection of Personal Data, as amended (the “Act”), is:

    MR projects s. r. o., ID No.: 57 013 071, Krmanova 854/6, 040 01 Košice – mestská časť Staré Mesto

    Contact details: info@luxelleparis.com

    (hereinafter the “Controller”).

    Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    The Controller has appointed a data protection officer. Contact details of the DPO: info@luxelleparis.com

    II. Sources and Categories of Personal Data Processed

    The Controller processes personal data that you have provided or personal data obtained by the Controller in the course of fulfilling your order.

    The Controller processes your identification and contact data and data necessary for the performance of the contract.

    III. Legal Basis and Purpose of Processing

    The legal basis for processing personal data is:
    – the Controller’s legitimate interest in providing direct marketing (in particular sending commercial communications and newsletters) under Section 13(1)(f) of the Act,
    – your consent to processing for the purposes of direct marketing (in particular sending commercial communications and newsletters) under Section 13(1)(a) of the Act where no order for goods or services has been placed.

    The purpose of processing personal data is:
    – handling your order and exercising rights and obligations arising from the contractual relationship between you and the Controller;
    – sending commercial communications and conducting other marketing activities.

    The Controller does not engage in automated individual decision-making within the meaning of Section 28 of the Act.

    IV. Storage Period

    The Controller stores personal data:
    – for the period necessary to exercise rights and obligations arising from the contractual relationship between you and the Controller and to assert claims from such relationships (for 15 years after termination of the contractual relationship),
    – until consent to processing for marketing purposes is withdrawn, for a maximum of 5 years, if the processing is based on consent.

    After the storage period expires, the Controller will erase the personal data.

    V. Recipients of Personal Data (Controller’s Processors/Subcontractors)

    Recipients of personal data are persons:
    – involved in delivering goods/services or processing payments under a contract,
    – providing accounting services,
    – providing e-shop operation services (e.g., Shoptet) and other services related to operating the e-shop,
    – providing marketing services.

    The Controller has no intention to transfer personal data to a third country (outside the EU) or to an international organization.

    VI. Your Rights

    Under the Act, you have:
    – the right of access to your personal data (Section 21),
    – the right to rectification of personal data (Section 22) and the right to restriction of processing (Section 24),
    – the right to erasure of personal data (Section 23),
    – the right to object to processing (Section 27),
    – the right to data portability (Section 26),
    – the right to withdraw consent to processing in writing or electronically at the Controller’s postal or email address specified in Article I of these terms.

    You also have the right to lodge a complaint with the supervisory authority for personal data protection if you believe your right to personal data protection has been violated.

    VII. Security of Personal Data

    The Controller declares that it has adopted all appropriate technical and organizational measures to secure personal data.

    The Controller has implemented technical measures to secure data repositories and paper-based records of personal data, in particular by means of passwords and encryption.

    The Controller declares that personal data is accessible only to persons authorized by the Controller.

    VIII. Final Provisions

    By submitting an order via the online order form, you confirm that you have read and fully accept this Privacy Policy.

    The Controller is entitled to amend these terms. The new version of the Privacy Policy will be published on the Controller’s website and will be sent to your email address you provided to the Controller.

    These terms take effect on 22 May 2025.

    Grafický návrh vytvořil a nakódoval Shoptak.cz