Privacy Policy

TONAK a.s., with its registered office at Zborovská 823/65, 741 01 Nový Jičín, has developed a Privacy Policy aimed at providing information on what personal data regarding natural persons is processed when our company provides services and sells goods, for what purposes and for how long our company processes this personal data in accordance with applicable laws, to whom and for what reason it may be disclosed, and also to inform natural persons of their rights in connection with the processing of their personal data. The Policy is effective as of May 25, 2018, and is issued in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”).

Personal Data Processed for the Purpose of Fulfilling an Order

In our order records, we process your personal data, including your email address, full name, phone number, shipping address, and price information. This data is necessary for order fulfillment, i.e., the performance of the contract. The order is stored along with the invoice. As part of our legal obligation to archive documentation for potential financial audits, orders are retained for a period of 10 years. Our customer database is stored in encrypted form on the Shopify cloud storage platform, which declares that its processes comply with GDPR security regulations. Your personal data is processed exclusively for the internal needs of TONAK a.s., and only for the reasons stated above.

In the registry of registered users who have already placed an order with us or registered themselves, we process personal data to the extent that you provide it to us during registration or profile editing. It is in our legitimate interest to maintain a user database for potential complaint proceedings. Storing personal data from your order allows us to facilitate your next purchase and pre-fill your information into the electronic shopping cart. We process personal data to facilitate purchases based on the legal basis of legitimate interest.
Your personal data is also processed for the purpose of arranging shipping, in order to fulfill the contract. We share this data with the following shipping companies:
• Česká pošta s.p., with its registered office at Prague 1, Politických vězňů 909/4
• GLS Czech Republic s.r.o., Průmyslová 5619/1, Jihlava.

We do not transfer personal data from orders to any third parties for further processing, and TONAK a.s. does not use the services of a so-called data protection officer.

Personal data processed for marketing purposes

Your personal data, provided as part of your order, voluntary registration, or when subscribing to the newsletter, is processed for marketing purposes. We use to send commercial communications. We require your explicit consent for both placing an order and subscribing to the newsletter, which is why we have implemented a double opt-in process to verify your genuine interest. To distribute the newsletter, we use third-party software such as MailChimp, which declares compliance with GDPR requirements. You may unsubscribe from commercial communications at any time. Once you have completely unsubscribed from the newsletter, we will no longer use your personal contact information to send commercial communications, and it will be immediately deleted from our records.

For remarketing purposes, information from cookies—which are small text files that the server places in your web browser when you visit a website—is stored for a maximum of 30 days. Cookies record information about user behavior (i.e., the pages the user has visited) and send it back to the relevant server. Cookies allow us to tailor the content of our website, e-shop, and marketing communications to both your and our needs. Cookies are not directly linked to your name or email address and therefore do not provide any personal data, which remains completely anonymous. No official notification is provided regarding the storage of information from cookies, as this data is used on the legal basis of legitimate interest.

Data obtained with your consent and on the basis of legitimate interest may, if necessary for marketing purposes, be further transferred to the following third parties: Facebook.

Personal data processed for the purpose of evaluating the contest

By voluntarily participating in contests organized by TONAK a.s. on social media, you consent to the processing of personal data, such as your first name, last name, and photograph, for the purpose of evaluating the contest. This data is not further processed by TONAK a.s. in any way, nor is it transferred to third parties. Photographs are not stored by our company or used for further promotional purposes without the written consent of the photograph’s owner and may be published on TONAK a.s.’s social media, but no longer than 5 years after the contest ends.

In the event of a win, the winner will be contacted via a comment on the post or a private message and asked to provide their address solely for the purpose of sending the prize. If necessary, the winner’s address is provided to the shipping company (Česká pošta s.p., with its registered office at Praha 1, Politických vězňů 909/4, or GLS Czech Republic s.r.o., Průmyslová 5619/1, Jihlava) and is not further processed or stored by us in any way.

Rights and obligations under the GDPR

TONAK a.s. is obligated to provide you, upon request, with all personal data that has been processed regarding you. The maximum delay for providing the requested information is set at 30 days.

Furthermore, TONAK a.s. is obligated to delete personal data required for order processing once the defined statutory retention periods have expired (accounting, archiving, etc.).

A data subject who has provided their personal data to TONAK a.s. has the right:

• object to the processing of personal data

Even if your data is processed on the basis of a legitimate interest, you have the right to object to such processing. If you submit such an objection to our official email address eshop@tonak.cz, the objection will be assessed in accordance with the law and its legitimacy.

• the right to restrict the processing of personal data

You have the right to request that we restrict any processing of your personal data if you inform us that the personal data we have collected is inaccurate, until its accuracy has been verified.

• Right to be forgotten (right to erasure of personal data)

You have the right to object if you discover that we are processing your personal data unlawfully or for purposes other than those for which we obtained it. You may report such a situation to the email address eshop@tonak.cz.

The statutory body of TONAK a.s. is responsible for establishing security measures appropriate to the classification of personal data and may delegate this authority to the Data Protection Officer (ÚOOÚ). Security measures are established based on a personal data risk analysis; their proposal is prepared by the Data Protection Officer (ÚOOÚ) together with the Head of the IT Department (for the security of personal data in electronic form) and the heads of individual departments for their respective areas (security of personal data in paper form).

All communication via the www.tonak.cz application is secure for users due to encryption using an SSL certificate.

If you identify an information security risk, you can contact us via email at eshop@tonak.cz or by mail at TONAK a.s., located at Zborovská 823/65, 741 01 Nový Jičín.