I. General Provisions
1. By this document, you grant consent to Fraggo.Net, s.r.o., Company ID: 28969855, VAT ID: CZ28969855, with registered office at Na Lysinách 20, 147 00, Prague 4 – Hodkovičky, Czech Republic (hereinafter: "Controller"), to process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: "GDPR"), to process the following personal data.
II. Categories and Types of Processed Data
2. First name and surname, email address, company name, company ID, VAT ID, postal address, and phone number may be processed on the basis of consent and are required for the necessary performance of a contract.
III. Legal Basis and Purpose of Personal Data Processing
3. The legal basis and purpose of personal data processing is: a) processing necessary for the performance of a contract to which the data subject is a party pursuant to Article 6(1)(b) of the GDPR; b) processing necessary for compliance with a legal obligation to which the Controller is subject pursuant to Article 6(1)(c) of the GDPR; c) the data subject has given consent to the processing of their personal data for one or more specific purposes pursuant to Article 6(1)(a) of the GDPR; d) processing necessary for the purposes of the legitimate interests pursued by the Controller or a third party, such as providing marketing in the form of newsletters or commercial communications pursuant to Article 6(1)(f) of the GDPR and Section 7(2) of Act No. 480/2004 Coll. 3.1 The purpose of personal data processing is: a) Processing orders arising from the contractual relationship between the data subject and the Controller pursuant to Act No. 89/2012 Coll., or any other contractual relationship; b) Storing your shopping preferences and subsequently customizing the offer on the Controller's website; c) Running marketing and remarketing campaigns on advertising platforms Google, Seznam.cz, Microsoft, Facebook, as well as through RTB systems Adform, Criteo, Pubmatic and others using advertising purchases through DSP (Demand Side Platforms) and SSP (Supply Side Platforms); d) Sending commercial communications (newsletters, push notifications and others) as part of marketing and remarketing campaigns using the Controller's own resources or third-party resources (email distribution platform, user notification software). 3.2 The Controller carries out automated individual decision-making pursuant to Article 22 of the GDPR. You give your explicit consent to this processing. Consent may be withdrawn at any time, for example by sending an email or letter to the contact details of Fraggo.Net, s.r.o., with registered office at Na Lysinách 20, 147 00, Prague 4 – Hodkovičky, Czech Republic.
IV. Data Retention Period
4. The retention period of your personal data depends on the purpose for which the personal data will be used: a) For the purpose of fulfilling the contractual relationship between the data subject and the Controller: for the duration of the performance b) For marketing purposes: 8 years c) For performance records: 15 years 4.1 After the expiration of the defined retention period for your personal data, the personal data will be deleted by the Controller.
V. Processing of Personal Data
5. The following processors may also process the data subject's personal data on behalf of the Controller: a) Providers of software solutions referred to in Article III, paragraph 3.1, points a), b), c) and d) of this Consent to the Processing of Personal Data; b) Providers of software solutions, applications, services and other processors that the Controller may not currently use; c) Transport companies: Česká pošta, s.p., Direct Parcel Distribution CZ s.r.o. (DPD), General Logistics Systems Czech Republic s.r.o. (GLS), Zásilkovna s.r.o.; d) Stripe, Inc. — processing of online card payments. Payment details (card number, expiration date) are processed directly by Stripe, Inc. and are not stored by the Controller; e) Veruno (operated by Fraggo.Net, s.r.o.) — platform for product data management, order processing and customer communication. 5.2 The Controller and processor shall implement measures to ensure that any natural person acting under the authority of the Controller or processor who has access to personal data processes such personal data only on the instructions of the Controller, unless required to do so by Union or Member State law.
VI. Recipients of the Controller's Personal Data
6. Recipients of personal data are companies or persons who: a) Ensure the execution of the contract between the Controller and the data subject concerned (e.g. shipping companies, payment processing, premium services, etc.); b) Provide marketing services as referred to in Article III, paragraph 3.1, points a), b), c) and d) of this Consent to the Processing of Personal Data; c) Ensure the operation of the websites macooin.com and veruno.art (e.g. partner, marketplace entity, external suppliers, etc.); d) Ensure proper administration of the company: Fraggo.Net, s.r.o., operating the websites macooin.com and veruno.art, in terms of legal requirements (e.g. legal advice, accounting, etc.). 6.1 The Controller intends to use services that are not part of the EU and thus intends to transfer personal data to third countries. Recipients of personal data in third countries are providers of platforms referred to in Article III, paragraph 3.1, points a), b), c) and d) of this Consent to the Processing of Personal Data, and Stripe, Inc., headquartered in the USA (payment processing in compliance with the European Commission's adequacy decision).
VII. Your Rights
7. Under the provisions of the GDPR, you have the right to: a) Right of access to personal data pursuant to Article 15 of the GDPR and also Articles 22 and 46 of the GDPR; b) Right to immediate rectification of personal data pursuant to Article 16 of the GDPR; c) Right to erasure of personal data ("right to be forgotten") pursuant to Article 17 of the GDPR; d) Right to restriction of processing of personal data pursuant to Article 18 of the GDPR; e) Right to portability of personal data pursuant to Article 20 of the GDPR; f) Right to object to the processing of personal data concerning you on the basis of Article 6(1)(e) or (f), including profiling based on those provisions, pursuant to Article 20 of the GDPR; g) Right to withdraw consent to the processing of personal data; h) Right to lodge a complaint with a supervisory authority. 7.1 The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims. 7.2 Only you or your authorized representative may obtain information about your personal data. If the Controller is not certain of your identity, it may request additional information to verify your identity. 7.3 The Controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 of the GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Controller shall inform the data subject about those recipients if the data subject requests it.
VIII. Security of Personal Data
8. Taking into account the state of the art, the costs of implementation, the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons posed by the processing, the Controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this regulation and protect the rights of data subjects. 8.1 The Controller shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons. This consent to the processing of personal data takes effect on 26 March 2026.