Energy Roofs

en_US EN
en_US EN cs_CZ CS

Privacy Policy

This Privacy Policy describes how we, Ing. Martin Šinkmajer, Company ID: 23134577, with registered office at Litoměřická 120, 411 41 Žitenice, Czech Republic (hereinafter referred to as the “Administrator” or “we”), as the operator of the online store available at https://energetickestrechy.cz (hereinafter referred to as the "e-shop"), we process the personal data of our customers and visitors to the e-shop (hereinafter referred to as "You" or "Data Subject").

The protection of your personal data is important to us. We act in accordance with applicable legal regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act No. 110/2019 Coll., on the processing of personal data.

1. Who is the controller of your personal data?

The controller of your personal data is:

Ing. Martin Šinkmajer
ID: 23134577
Registered office: Litoměřická 120, 411 41 Žitenice, Czech Republic
Contact email: info@energetickestrechy.cz
Contact phone: +420 725 047 980

If you have any questions regarding the processing of your personal data, you can contact us at the above email or address.

2. What personal data do we process?

We primarily process data that you provide to us when creating an order or communicating with us, and data obtained through your activity on our e-shop:

  • Identification data: Name and surname, or business ID and VAT number for natural persons.
  • Contact details: Shipping and billing address, email address, phone number.
  • Order details: Information about purchased goods, price, payment and delivery method, order history.
  • Communication details: The content of communications between you and us (emails, messages).
  • Data from the use of the e-shop: IP address, data about the device from which you are accessing, browser information, data obtained using cookies (if you allow their use).

3. Why and on what basis do we process your data?

We process your personal data for the following purposes and on the basis of these legal bases:

  • Processing your order and fulfilling the contract: The processing of identification, contact and order data is necessary for the conclusion of the purchase contract, delivery of goods, handling of any complaints and communication regarding the order.
    • Legal basis: Performance of the contract (Article 6(1)(b) GDPR).
  • Fulfilling our legal obligations: Processing of identification, contact and billing data for the purposes of accounting and fulfilling tax obligations (issuing and archiving invoices).
    • Legal basis: Fulfillment of a legal obligation (Article 6(1)(c) GDPR).
  • Customer communication and support: Processing of contact and communication data to answer your questions or resolve your requests.
    • Legal basis: Performance of the contract (if the inquiry concerns an order) or our legitimate interest in providing quality customer support (Article 6(1)(b) or (f) GDPR).
  • Marketing communication (newsletters): If you give us your agreement (e.g. by subscribing to our newsletter), we will process your email address to send you information about our news, events and products. You can easily withdraw your consent at any time by clicking on the unsubscribe link in each email or by sending a request to our contact email.
    • Legal basis: Consent (Article 6(1)(a) GDPR).
    • If you are our customer, we can provide you with: legitimate interest send commercial communications regarding similar products to those you have purchased from us. Even in this case, you always have the option to easily unsubscribe.
    • Legal basis: Legitimate interest (Article 6(1)(f) GDPR). [Note: Select one or both options based on your practice and ensure you meet the conditions for legitimate interest if you use it.]
  • Analyzing and improving our services: We may process data about your use of the e-shop (e.g. using cookies) to analyze traffic and improve the operation and offerings of our e-shop. For cookies other than those that are technically necessary, we need your agreement.
    • Legal basis: Legitimate interest (for basic anonymised analysis) or Consent (for more advanced analysis and marketing cookies) (Article 6(1)(f) or (a) GDPR). For more information, see the section on Cookies.
  • Protection of our rights and legitimate interests: In necessary cases, we may process data to protect our rights, for example when collecting debts or defending ourselves in legal disputes.
    • Legal basis: Legitimate interest (Article 6(1)(f) GDPR).

4. How long do we keep data?

We retain your personal data only for the period strictly necessary to fulfill the purposes for which it was collected:

  • Data for order processing and contract fulfillment We store it for the duration of the contractual relationship and for the period necessary to exercise rights arising from this relationship (e.g., for the duration of the warranty period, the limitation period).
  • Data processed for fulfillment of legal obligations (especially accounting and tax documents) we retain for the period specified by the relevant legal regulations (e.g. 10 years for tax documents).
  • Data processed on the basis of consent (e.g. for marketing) until you withdraw your consent.
  • Data processed on the basis of legitimate interest We retain it for the duration of this interest or until you object to such processing.

5. To whom do we transfer your data? (Recipients and processors)

Only our authorized employees and selected partners (processors) who provide certain services for us and with whom we have concluded a processing agreement guaranteeing the protection of your data have access to your personal data. These include in particular:

  • Transport companies: [Czech Post, sp, Zásilkovna sro] – for the purpose of delivering your order. We provide them with the necessary contact and delivery details.
  • Payment gateway provider: Stripe Payments Europe, Limited. You enter your card details directly on the secure gateway page, we do not have access to them. The gateway only provides us with information about the success of the payment and basic transaction identification data.
  • Marketing and analytics tool providers: Google LLC (Google Analytics), Meta Platforms Ireland Limited (Facebook Pixel), The Rocket Science Group LLC (for Mailchimp)].
  • State authorities: In cases stipulated by law (e.g. Czech Police, tax authorities).

We do not transfer your personal data outside the European Union or the European Economic Area unless this is necessary and standard data protection mechanisms are ensured (e.g. standard contractual clauses).

6. What are your rights?

You have the following rights in connection with the processing of your personal data:

  • Right of access: You can ask us for confirmation as to whether we are processing your personal data and, if so, for access to this data and information about its processing.
  • Right to rectification: If your data is inaccurate or incomplete, you have the right to have it corrected or supplemented.
  • Right to erasure ("right to be forgotten"): You can request the deletion of your data if it is no longer necessary for the purposes for which it was collected, you have withdrawn your consent, you have objected to processing based on legitimate interest and there are no overriding legitimate reasons, or if the data has been processed unlawfully or deletion is required by law.
  • Right to restriction of processing: You can request restriction of processing if you dispute the accuracy of the data, the processing is unlawful but you refuse erasure, we no longer need the data but you require it for the establishment, exercise or defence of legal claims, or you have objected to the processing.  
  • Right to data portability: You have the right to receive the data you have provided to us and which we process automatically based on consent or contract, in a structured, commonly used and machine-readable format, and the right to transmit this data to another controller.  
  • Right to object: If we process your data on the basis of a legitimate interest (e.g. direct marketing to existing customers, certain analyses), you have the right to object to such processing. In such a case, we will no longer process the data unless we demonstrate compelling legitimate grounds for the processing which override your interests or rights. You may object to processing for direct marketing purposes at any time and without further conditions.  
  • Right to withdraw consent: If the processing is based on your consent, you may withdraw it at any time (e.g. by email or via a link in the newsletter). Withdrawing consent does not affect the lawfulness of the processing before its withdrawal.
  • Right to lodge a complaint with a supervisory authority: If you believe that the processing of your personal data violates the GDPR, you have the right to file a complaint with the Office for Personal Data Protection (ÚOOÚ), Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.  

You can exercise your rights by sending a request to our contact e-mail info@energetickestrechy.cz or in writing to our address Litoměřická 120, 411 41 Žitenice, Czech Republic. We will respond to your request without undue delay, no later than within one month.

7. Cookies

Our e-shop uses cookies. Cookies are small text files that are stored on your device (computer, mobile phone) when you visit websites.

  • Necessary (technical) cookies: These cookies are necessary for the proper functioning of the e-shop, for example to maintain the contents of the cart or to log in the user. We do not need your consent to use them, but we inform you about them.
  • Analytical cookies: They help us understand how visitors use our online store so we can improve it. We use Google Analytics. To use them, we need your agreement.
  • Marketing (advertising) cookies: They allow us to display relevant advertising on other websites and social networks. We may use Facebook Pixel. To use them, we need your agreement.

When you first visit the e-shop, you will see an information bar (cookie banner) where you can grant or refuse (by closing the bar with a cross) consent to the use of analytical and marketing cookies. You can change your choice at any time using the page with more detailed information about the specific cookies we use, their purpose and validity period, listed on https://energetickestrechy.cz/zasady-pouzivani-souboru-cookies/.

8. Tools and plugins used

WooCommerce

When making a purchase, we process the data necessary to fulfill the contract: name, e-mail, telephone, billing and delivery address, information about the goods and payment. The data is stored according to legal deadlines and is not passed on to entities other than those who ensure logistics and payments.

Compliance

We use Complianz to manage cookie consents. The IP address is anonymized. Complianz does not process any personally identifiable data and the data is not passed on to third parties.

WP Statistics

We use WP Statistics to anonymously track traffic. Your IP address is anonymized, cookies are not set, and data is not sent outside our server.

Google Analytics and Google Tag Manager

We use Google Analytics to measure traffic and Google Tag Manager to manage measurement scripts. These services may set cookies and collect information about your behavior on the website. This data is processed by Google LLC, based in the USA, and may be transferred outside the EU. This data is collected only with your consent.

Facebook Pixel

We use Facebook Pixel to measure the effectiveness of Facebook ads. This tool tracks user interaction with our website and enables targeted advertising. Processing is only done with your consent. The provider is Meta Platforms Ireland Ltd.

Site Reviews

If you add a review, we process the data provided in the form, IP address and email hash for verification via Gravatar. The data may be checked by Akismet for spam detection.

MailPoet

We use MailPoet to send newsletters. We track open and click-through rates, IP address, and email. The data is stored on our server and is not shared with third parties. You can unsubscribe at any time.

9. Data security

We have taken appropriate technical and organizational measures to protect your personal data against loss, misuse, unauthorized access, disclosure or alteration. These measures include the use of encrypted connections (SSL/TLS), password protection, and regular system updates.

10. Changes to the Privacy Policy

We may update this Privacy Policy from time to time, for example in response to changes in legislation or in our processing practices. The current version can always be found on our e-shop. We recommend that you familiarize yourself with it regularly.

This Privacy Policy is valid and effective from 16. 5. 2025.