This store requires javascript to be enabled for some features to work correctly.

✨🎄❤️ Holiday Magic: 15% Off With Code XMAS2025 ❤️🎄✨

PRIVACY & COOKIE POLICY

This Privacy and Cookie Policy explains how Carbickova Crowns s.r.o. (“we”, “us”, “our”) collects, uses, and protects personal information of customers in the European Union, the United States, and worldwide. We comply with the General Data Protection Regulation (GDPR) and with applicable United States privacy laws, including the California Consumer Privacy Act (CCPA/CPRA) and similar state-level privacy laws.    


1. Who We Are

Carbickova Crowns s.r.o.

Moskevská 640/55

46001 Liberec

Czech Republic 

Company ID (IČO): 10834184

VAT ID: CZ10834184    

Email: carbickovacrowns@gmail.com 

Phone: +420 725 044 852   

We are the Data Controller responsible for processing your personal data.   


2. Personal Data We Collect    

We collect personal data when you place an order, create an account, contact us, or use our website.    


 2.1 Information you provide   

 • Name and surname 

 • Email address 

 • Billing and shipping address 

 • Phone number 

 • Optional company details 

 • Order details and history 

 • Account login details (email and encrypted password)  

 

 2.2 Information collected automatically   

When you visit our website, we may automatically collect:    

 • IP address 

 • Browser type and version 

 • Device and operating system information 

 • Referrer URL and pages visited 

 • Interaction with the website (via Shopify) 

 • Cookies and similar tracking data   


 2.3 Information from partners   

We may receive information from:   

 • Payment processors (Stripe, Shopify Payments) 

 • Shipping carriers (Česká pošta, DHL Express) 

 • Analytics and advertising providers (if enabled)   

We do not intentionally collect sensitive personal data (such as health information, political opinions, or biometric data).   


3. Legal Basis for Processing (EU GDPR)   

We process your personal data on the following legal bases:   

 • Contract performance (Art. 6(1)(b) GDPR) - To process and deliver your orders, handle complaints, and provide customer support.  

 • Legal obligation (Art. 6(1)(c) GDPR) - To comply with tax, accounting, and other legal requirements (for example, keeping invoices).   

 • Consent (Art. 6(1)(a) GDPR) - For sending newsletters, marketing communication, and for the use of non-essential cookies and marketing tools.   

 • Legitimate interest (Art. 6(1)(f) GDPR) - To prevent fraud, ensure security of our website, perform analytics, and improve our services.   


4. Purposes of Processing   

We use your personal data for the following purposes:   

 • Processing and fulfilling orders, including delivery and returns 

 • Payment processing and prevention of fraudulent transactions 

 • Customer support and communication 

 • Creating and managing user accounts 

 • Sending newsletters and marketing messages (only if you have given your consent) 

 • Operating, maintaining, and improving our website 

 • Conducting analytics and statistics about the use of our website 

 • Complying with legal obligations   

We do not sell your personal data.   


5. Retention Period   

We store your personal data only for as long as necessary for the purposes for which it was collected, or as required by law.   

Typical retention periods are:   

 • Orders and invoices: 10 years from the end of the accounting period 

 • Customer accounts: until you request deletion or the account is inactive for a longer period 

 • Marketing communication: until you withdraw your consent or unsubscribe 

 • Customer support messages: 3–5 years, depending on the nature of the communication 

 • Cookies: from 1 day to 2 years, depending on the type of cookie   


6. International Data Transfers    

Some of our service providers process data in countries outside the European Union.    

This includes in particular:   

 • Shopify (Canada and the United States) 

 • Stripe and other payment-related infrastructure 

 • Email and marketing platforms (if used) 

 • DHL Express (international logistics and tracking)   

Where personal data is transferred outside the EU/EEA, we use appropriate safeguards, such as Standard Contractual Clauses (SCC) or other mechanisms approved by the European Commission, to ensure an adequate level of data protection.   


7. Data Security   

We take appropriate technical and organizational measures to protect your personal data against loss, misuse, and unauthorized access. 

These measures include, for example:   

 • SSL/TLS encryption of our website 

 • Secure hosting via Shopify 

 • Encrypted passwords and access controls 

 • Limiting access to personal data to authorized personnel only 

 • Regular updates and monitoring of our systems   

Paper documents, where used, are stored in secure premises and are not accessible to unauthorized persons.   


8. Sharing of Personal Data   

We share personal data only with trusted partners and only to the extent necessary for the purposes described above.   

These partners include:   

 • Shopify – e-commerce platform and hosting 

 • Payment processors – Stripe, Shopify Payments 

 • Shipping carriers – Česká pošta, DHL Express 

 • Accounting and tax advisors 

 • IT, analytics, and marketing service providers (only where consent is given, if required)   

We never sell your personal data to third parties.   


9. Your Rights (EU GDPR)   

If you are located in the European Union, you have the following rights under GDPR:   

 • Right of access   You have the right to obtain confirmation whether we process your personal data and to request a copy of such data.   

 • Right to rectification   You have the right to request correction of inaccurate or incomplete personal data.   

 • Right to erasure (“right to be forgotten”)   You may request deletion of your personal data if the legal conditions are met (for example, if the data is no longer needed or you withdraw your consent).   

 • Right to restriction of processing   You may request that we limit the processing of your personal data under certain conditions.   

 • Right to data portability   You may request that we provide your data in a structured, commonly used, and machine-readable format, or that we transfer it to another controller, where technically feasible.   

 • Right to object   You may object to processing based on our legitimate interests, including profiling, and to processing for direct marketing.   

 • Right to withdraw consent   Where processing is based on your consent, you may withdraw it at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.   

 • Right to lodge a complaint   You may lodge a complaint with the competent supervisory authority. In the Czech Republic, this is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů – ÚOOÚ).   


10. Your Rights (United States – All States)   

Residents of the United States may have certain rights under state privacy laws (including California, Colorado, Connecticut, Utah, Virginia, and others), such as:   

 • Right to know which categories of personal information we collect and how we use them 

 • Right to access personal information 

 • Right to request deletion of personal information, subject to legal exceptions 

 • Right to request correction of inaccurate personal information 

 • Right to receive information about how we share personal information 

 • Right to opt-out of targeted advertising (if used) 

 • Right to non-discrimination for exercising privacy rights 

 • Right to limit the use of sensitive personal information (we do not process sensitive personal information)   


Special notice for California residents (CCPA/CPRA). California law provides additional protections, including the right to:    

 • Request detailed disclosure of collected, used, and shared personal information 

 • Opt-out of “sharing” personal information for cross-context behavioral advertising (if applicable) 

 • Not be discriminated against for exercising privacy rights   We do not sell personal information as defined by CCPA/CPRA.   

To exercise any of these rights, you can contact us using the details in section 12. We will respond within the time limits required by applicable law (typically 45 days for United States privacy laws).   


11. Automated Decision-Making   

We do not use automated decision-making that produces legal effects concerning you or similarly significantly affects you.   

If you have given your consent, we may use:   

 • Analytics segmentation 

 • Advertising targeting and remarketing 

 • Product recommendations   

These activities are used only to improve your experience and do not create legal or similarly significant effects.   


12. Contact for Privacy Requests   

If you have any questions about this Privacy and Cookie Policy or if you wish to exercise your rights, you can contact us at:   

• Email: carbickovacrowns@gmail.com 

• Phone: +420725044852  


13. Cookie Policy   

Our website uses cookies and similar technologies to ensure its proper operation, improve user experience, analyze traffic, and support marketing (where consent is given).  

 

 13.1 What are cookies?   

Cookies are small text files that are stored on your device when you visit a website. They help the site remember your actions and preferences (such as login, language, and cart contents) over a period of time.   


 13.2 Types of cookies we use   

 • Necessary cookies - These cookies are essential for the basic functioning of the website, such as navigation, adding items to the cart, and processing orders. Without them, the website cannot function properly.   

 • Functional cookies - These cookies allow the website to remember your preferences and settings to provide a more personalized experience.   

 • Analytics cookies - These cookies help us understand how visitors use our website, which pages are most frequently visited, and how users move around the site. This may include tools such as Shopify Analytics or Google Analytics (if enabled). The data is generally aggregated and used to improve the website.   

 • Marketing cookies - These cookies may be used, with your consent, to display relevant advertising on other websites, for example through platforms such as Meta Ads, Google Ads, or TikTok Pixel (if enabled). They help us measure the effectiveness of advertising campaigns.   


 13.3 Cookie consent and management   

When you first visit our website, you may see a cookie banner asking you to consent to the use of non-essential cookies (analytics and marketing). You can:   

 • Accept all cookies 

 • Reject non-essential cookies 

 • Customize your preferences   

You can also manage or delete cookies in your browser settings. If you disable certain cookies, some functions of the website may not work properly.   


14. Changes to This Privacy & Cookie Policy   

We may update this Privacy & Cookie Policy from time to time to reflect changes in our practices, legal requirements, or technology.   

Any updates will be published on this page with a new “Last Updated” date. We encourage you to review this Policy periodically to stay informed about how we protect your data.   


Last Updated: November 2025