GDPR

Last updated: January 2025

Thank you for visiting our online store. The protection of your personal data is very important to us. This Privacy Policy explains how Woodboards s.r.o. (“we”, “us”, “our”) processes your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable national data protection laws (such as the German DSGVO).

1. Controller and Contact Information

The controller responsible for data processing on this website is:

Lukáš Marcinka
Na Drahách 429
Veselí nad Moravou, 69801
Business ID (IČ): 05807328
VAT ID (DIČ): CZ9207064592

Contact Email: info@woodboards.eu Phone: +420 737 453 687

If you have any questions regarding the processing of your personal data or this policy, please contact our data protection team directly at: info@woodboards.eu

2. Personal Data We Collect

We collect and process the following types of personal data:

  • Contact & Identity Data: Name, billing address, delivery address, email address, phone number.

  • Order Data: Products purchased, order history, payment method.

  • Payment Data: We do not store your full credit card details. This data is securely processed and tokenized by our third-party payment providers.

  • Technical & Usage Data: IP address (often anonymized), browser type, device information, pages visited, time of access, cookie data.

  • Communication Data: Any correspondence, feedback, or inquiries you send to us.

3. Purpose and Legal Basis for Processing

We process your personal data only for specific purposes and when we have a valid legal basis to do so:

  • A. For the Performance of a Contract (Art. 6(1)(b) GDPR)

    • To process and fulfill your order, including managing payments and shipping.

    • To manage your customer account (if created).

    • To provide customer service and respond to your inquiries.

    • Data used: Contact, Order, Payment, and Communication Data.

  • B. For Compliance with a Legal Obligation (Art. 6(1)(c) GDPR)

    • To comply with legal retention periods, primarily for tax and commercial law (e.g., storing invoices for 10 years).

    • Data used: Contact and Order Data.

  • C. Based on our Legitimate Interests (Art. 6(1)(f) GDPR)

    • To ensure the security, stability, and functionality of our website.

    • To analyze website traffic (in an aggregated or anonymized way) to improve our store and product offerings.

    • To prevent fraud and abuse.

    • Data used: Technical & Usage Data.

  • D. Based on Your Explicit Consent (Art. 6(1)(a) GDPR)

    • To send you our email newsletter (if you have subscribed).

    • To use non-essential cookies for analytics and personalized marketing (e.g., Google Analytics, Meta Pixel).

    • Data used: Contact Data (Email), Technical & Usage Data.

4. Data Storage and Retention

Your personal data will be stored only as long as necessary for the purposes for which it was collected.

  • Contract & Billing Data: Retained for the duration of statutory retention periods (typically 10 years in Germany/Czech Republic for tax purposes).

  • Account Data: Retained as long as your account is active.

  • Consent-Based Data (e.g., Newsletter): Retained until you withdraw your consent.

5. Sharing of Data (Recipients)

We do not sell your data. We only share your personal data with trusted third-party service providers (data processors) when necessary to provide our services, and only under a strict Data Processing Agreement (DPA):

  • E-commerce Platform: Shopify, Inc. (our shop host).

  • Payment Processors: Shopify Payments, Stripe, PayPal, Klarna.

  • Shipping Companies: DHL, DPD, GLS, to deliver your order.

  • Analytics & Marketing (with your consent): Google Analytics, Meta (Facebook) Pixel.

  • Email Marketing (with your consent): Ecomail, Shopify Email.

6. International Data Transfers

Some of our service providers (like Shopify, Google, Meta) are based outside the EU/EEA. We ensure your data is protected through:

  • Adequacy Decisions: For transfers to countries deemed adequate by the EU Commission (e.g., Canada, where Shopify is based)

  • EU-US Data Privacy Framework: For transfers to US companies that are certified under this framework.

  • Standard Contractual Clauses (SCCs): For all other transfers, we use SCCs approved by the European Commission, supplemented by additional security measures.

7. Your Rights as a Data Subject

You have the following rights under GDPR:

  • Right of Access (Art. 15): To request information about the data we hold about you.

  • Right to Rectification (Art. 16): To correct inaccurate data.

  • Right to Erasure (“Right to be forgotten”) (Art. 17): To have your data deleted (unless we are legally required to keep it).

  • Right to Restriction of Processing (Art. 18): To limit how we process your data.

  • Right to Data Portability (Art. 20): To receive your data in a machine-readable format.

  • Right to Withdraw Consent (Art. 7): To withdraw your consent at any time (e.g., for newsletters or cookies).

  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. Our lead authority is the Czech Office for Personal Data Protection (ÚOOÚ), or you may contact your local authority (e.g., in Germany or Austria).

    To exercise your rights, please contact us at info@woodboards.eu

     

Your Right to Object (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6(1)(f) GDPR (Legitimate Interests).

Crucially, where personal data is processed for direct marketing purposes, you have the right to object at any time, without giving any reason. If you object to processing for direct marketing, your data will no longer be processed for these purposes.

8. Cookies and Tracking Technologies

Our website uses cookies. Some are technically essential for the website to function (e.g., the shopping cart). We only use non-essential cookies for analytics and marketing after receiving your explicit consent via our cookie consent banner.

  • Google Analytics: With your consent, we use Google Analytics with IP anonymization enabled. This means your IP address is truncated by Google within the EU/EEA before being sent to the US.

  • Meta Pixel / Google Ads: With your consent, these tools help us measure the effectiveness of our advertising.

You can withdraw or change your cookie consent at any time, usually via a "Cookie Settings" link in the website footer

9. Newsletter and Marketing

If you subscribe to our newsletter, you must confirm your email address (Double Opt-In). This verification process ensures that you are the owner of the email address and consent to receiving marketing communications. You can unsubscribe at any time by clicking the “Unsubscribe” link provided in every newsletter or by contacting us.

10. Data Security

We take data security seriously. We use technical and organizational measures, including SSL/TLS encryption for all data transmission, to protect your data from unauthorized access, loss, or alteration.

11. Changes to This Policy

We may update this Privacy Policy to reflect legal or technical changes. The current version is always available on this page, indicated by the “Last updated” date.