SHOP IS WORK IN PROGRESS, THANK YOU!
Home / Privacy policy

Privacy policy

PRIVACY POLICY

Date: January 14, 2026

 

I. BASIC PROVISIONS

  1. The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: "GDPR") is Lyonis s.r.o., Company ID: 09536655, with registered office at Nám. Svobody 822/1, Jeseník, 79001, Czech Republic (hereinafter: "controller").
  2. Contact details of the controller:
  • Address: Náměstí Svobody 822/1, Jeseník, 79001, Czech Republic
  • Email: info@shoplyonis.com
  • Phone: +420 602 345 754
  1. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

II. SOURCES AND CATEGORIES OF PROCESSED PERSONAL DATA

  1. The controller processes personal data that you have provided to them or personal data that the controller has obtained on the basis of fulfilling your order.
  2. The controller processes your identification and contact details and data necessary for the performance of the contract.

 

III. LEGAL BASIS AND PURPOSE OF PROCESSING PERSONAL DATA

  1. The legal basis for processing personal data is:
  • performance of the contract between you and the controller pursuant to Article 6(1)(b) GDPR,
  • the controller's legitimate interest in providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(f) GDPR,
  • your consent to processing for the purposes of direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(a) GDPR in conjunction with the ePrivacy Directive 2002/58/EC, as implemented in the Czech Republic, in cases where no order for goods or services has been placed.
  1. The purpose of processing personal data is:
  • processing your order and exercising the rights and obligations arising from the contractual relationship between you and the controller; when ordering, personal data is required that is necessary for successful processing of the order (name and address, contact), the provision of personal data is a necessary requirement for concluding and performing the contract, without providing personal data it is not possible to conclude the contract or for the controller to perform it,
  • sending commercial communications and conducting other marketing activities.
  1. The controller does not carry out automated individual decision-making within the meaning of Article 22 GDPR.

 

IV. DATA RETENTION PERIOD

  1. The controller retains personal data:
  • for the period necessary for the exercise of rights and obligations arising from the contractual relationship between you and the controller and the assertion of claims from these contractual relationships (for a period of 15 years from the termination of the contractual relationship) for accounting and legal purposes,
  • for marketing purposes: until you withdraw your consent or object to processing, but no longer than 3 years from your last interaction with us (e.g., last purchase, last email opened).
  1. After the expiry of the retention period for personal data, the controller will delete the personal data.

 

V. RECIPIENTS OF PERSONAL DATA (CONTROLLER'S SUBCONTRACTORS)

  1. Recipients of personal data are persons:
  • participating in the delivery of goods/services/processing of payments under the contract,
  • providing e-shop operation services (Shoptet) and other services related to e-shop operation,
  • providing marketing services (Google Analytics, Meta/Facebook Pixel, Leadhub for email marketing),
  • payment service providers (Shoptet Pay for processing credit/debit card payments, Google Pay, Apple Pay),
  • shipping and delivery service providers within the European Union.
  1. Transfer to third countries:

In certain cases, personal data may be transferred to third countries (outside the EU), particularly when using:

  • Analytics services (Google Analytics - USA)
  • Marketing platforms (Meta/Facebook Pixel - USA, Leadhub)

These transfers are subject to appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission or other mechanisms ensuring adequate protection of your data in accordance with GDPR requirements.

The controller ensures that all third-country transfers comply with Chapter V of the GDPR and provide an adequate level of protection for your personal data.

 

VI. YOUR RIGHTS

  1. Under the conditions set out in the GDPR, you have:
  • the right to access your personal data pursuant to Article 15 GDPR,
  • the right to rectification of personal data pursuant to Article 16 GDPR, or restriction of processing pursuant to Article 18 GDPR,
  • the right to erasure of personal data pursuant to Article 17 GDPR,
  • the right to object to processing pursuant to Article 21 GDPR, and
  • the right to data portability pursuant to Article 20 GDPR,
  • the right to withdraw consent to processing in writing or electronically at the address or email of the controller specified in Article I.2 of these terms.
  1. You also have the right to lodge a complaint with the Office for Personal Data Protection (Úřad pro ochranu osobních údajů) in the Czech Republic if you believe that your right to personal data protection has been violated.
  2. If you are located outside the Czech Republic, you may also lodge a complaint with the supervisory authority in your country of residence.

 

VII. CONDITIONS FOR SECURING PERSONAL DATA

  1. The controller declares that they have taken all appropriate technical and organizational measures to secure personal data.
  2. The controller has taken technical measures to secure data storage and storage of personal data in paper form.
  3. The controller declares that personal data is accessible only to persons authorized by them.

 

VIII. CUSTOMER SUPPORT AND COMMUNICATION

  1. We may process personal data when you contact us through:
  • Email (info@shoplyonis.com)
  • Contact forms on our website
  • Social media platforms
  1. This data is processed based on our legitimate interest in providing customer support and responding to your inquiries pursuant to Article 6(1)(f) GDPR.
  2. Communication data is retained for the duration necessary to resolve your inquiry and for up to 3 years for quality assurance and training purposes.

 

IX. COOKIES AND TRACKING TECHNOLOGIES

  1. Our website uses cookies and similar tracking technologies to:
  • Improve user experience and website functionality
  • Analyze website traffic and user behavior (Google Analytics)
  • Deliver personalized advertising (Meta/Facebook Pixel)
  • Remember your preferences and settings
  1. You can manage cookie preferences through:
  • Your browser settings
  • Our cookie consent banner displayed on first visit
  1. Types of cookies we use:
  • Necessary cookies: Required for basic website functionality (cannot be disabled)
  • Analytics cookies: Help us understand how visitors use our website (Google Analytics)
  • Marketing cookies: Used to deliver relevant advertisements (Meta/Facebook Pixel)
  1. For detailed information about specific cookies we use, including their purpose and retention periods, please refer to our Cookie Policy available on our website.
  2. You have the right to withdraw your consent to non-necessary cookies at any time by adjusting your cookie preferences.

 

X. FINAL PROVISIONS

  1. By submitting an order from the online order form, you confirm that you are familiar with the terms of personal data protection and that you accept them in their entirety.
  2. You agree to these terms by checking the consent box through the online form. By checking the consent box, you confirm that you are familiar with the terms of personal data protection and that you accept them in their entirety.
  3. The controller is entitled to change these terms. The controller will publish a new version of the personal data protection terms on their website and will also send you a new version of these terms to your email address that you provided to the controller.
  4. International customers: These privacy terms apply to all customers regardless of their location. If you are located outside the Czech Republic, your personal data will be processed in accordance with GDPR and applicable local data protection laws.
  5. Language: This Privacy Policy is available in English. In case of any discrepancies between language versions, the English version shall prevail for international customers.

 

These terms become effective on September 4, 2018.
Last updated: [January 14, 2026]

Subscribe to newsletter