Česky (CZK)
Austria
Belgium
Bulgaria
Croatia
Cyprus
Denmark
Estonia
Finland
Greece
Hungary
Ireland
Italy
Lithuania
Luxembourg
Malta
Netherlands
Poland
Portugal
Romania
Slovenia
Spain
SwedenPersonal data protection
Privacy Policy (GDPR)
Data Controller
Vendula Pilná
Company ID (IČ): 21305412
Address: Luční 745, 595 01 Velká Bíteš, Czech Republic
Email: info@gallaterra.cz
Phone: +420 735 058 234
The Data Controller (hereinafter referred to as the “Controller”) processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
I. Personal Data We Process
We process personal data that you provide to us when:
- placing an order
- registering in the e-shop
- subscribing to newsletters or contacting us
This includes in particular:
- first and last name
- email address
- postal address
- phone number
- order details and payment information (to the extent necessary for contract fulfillment)
II. Purpose and Legal Basis for Processing
We process your personal data for the following purposes:
Contract Performance
Processing orders, issuing invoices, and delivering goods
(Art. 6(1)(b) GDPR)
Legal Obligations
Accounting, tax compliance, and record-keeping
(Art. 6(1)(c) GDPR)
Marketing and Communication
Sending newsletters, commercial communications, and promotional offers:
- existing customers: based on the Controller’s legitimate interest
(Art. 6(1)(f) GDPR) - new subscribers: based on consent
(Art. 6(1)(a) GDPR)
Service Providers
- delivery companies and payment providers (necessary for order fulfillment)
- e-shop platform provider (Upgates) – access only for technical operation and support
You may withdraw your consent to marketing at any time by:
- clicking the unsubscribe link in the newsletter
- contacting us via email at info@gallaterra.cz
Upon withdrawal, your personal data will no longer be processed for marketing purposes, no later than within 30 days.
III. Data Retention Period
- Order and complaint-related data: for the time necessary, max. 3 years after contract completion
- Accounting and tax data: 10 years
- Marketing data: until consent is withdrawn
After this period, data will be securely deleted or anonymized.
IV. Recipients of Personal Data
Your personal data may be shared with:
- delivery companies and payment gateways
- e-shop service providers (e.g., Upgates)
- marketing service providers (newsletter tools, review platforms)
- accounting and tax service providers
All recipients are bound by data processing agreements in compliance with GDPR.
Personal data is not transferred outside the European Union.
V. Your Rights
Under GDPR, you have the right to:
- access your personal data (Art. 15)
- rectification (Art. 16)
- erasure (Art. 17)
- restriction of processing (Art. 18)
- object to processing (Art. 21)
- data portability (Art. 20)
- withdraw consent at any time
You may exercise your rights by contacting us via email at info@gallaterra.cz.
We will respond within 1 month of receiving your request.
VI. Cookies and Tracking Technologies
Our website uses cookies and analytical tools to improve functionality and marketing performance.
For more information, please see our Cookies Policy.
VII. Data Security
We protect personal data using appropriate technical and organizational measures to prevent unauthorized access, loss, misuse, or disclosure.
VIII. Right to Lodge a Complaint
You have the right to lodge a complaint with the supervisory authority:
Czech Data Protection Authority (ÚOOÚ)
Website: www.uoou.cz
Address: Pplk. Sochora 27, 170 00 Prague 7, Czech Republic
IX. Final Provisions
By placing an order, you confirm that you have read and understood this Privacy Policy and agree to the processing of your personal data.
The Controller reserves the right to update this policy at any time. The latest version will always be published on the website.
Effective date: 22 December 2025
Last updated: 22 December 2025
Vendula Pilná