1. INTRODUCTION

Welcome to our online store ArtSets. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy describes how we collect, store, use, and protect your personal information in accordance with the GDPR and Czech data protection laws.

2. CONTACTS

Website address: https://artsets.eu
Company name: Artsets DIY s.r.o.
Registered office: Korunní 2569/108, Vinohrady, 101 00 Prague 10
Company ID (IČO): 234 12 704
Email: info@artsets.eu
Phone: +420 702 004 034

3. DATA COLLECTION

3.1 Personal data collected during orders

When you place an order or register on our website, we collect the following personal data:

• Full name
• Address
• Email address
• Phone number
• Ordered items

3.2 Data collected by plugins

3.2 Data collected by third-party tools and plugins

Our website uses various third-party tools and WordPress plugins that may collect or process personal data, including information related to website usage, orders, or user preferences.

Some of these tools may set cookies to enable functionality (e.g., language selection, cart contents, social login, or analytics). The exact cookies and data collected may vary depending on the plugins currently active on the website.

We make every effort to use only plugins that comply with GDPR and ensure that any third-party services we rely on follow appropriate data protection practices.

You can find up-to-date information about cookies and third-party tools used on our website in our [Cookie Policy](/cookie-policy/) or by adjusting your cookie preferences using the cookie banner available on each page.

4. USE OF DATA

4.1 Communication

We use your personal data to send order confirmations, invoices, and occasional newsletters or other marketing messages if you have given your consent. You may withdraw your consent at any time by clicking the “unsubscribe” link in our emails or by contacting us directly.

4.2 No sharing with third parties

We do not share your personal data with third parties unless it is necessary to fulfill your order or required by legal regulations.

4.3 Legal basis for processing

We process your personal data in accordance with Article 6 of the General Data Protection Regulation (GDPR) based on the following legal grounds:

• Performance of a contract – processing is necessary for fulfilling contractual obligations, especially when completing orders and delivering products.
• Consent – for example, for sending newsletters or other marketing communications.
• Compliance with legal obligations – especially in accounting, taxation, and the retention of records in line with applicable legal requirements.
• Legitimate interest – such as ensuring website security, preventing fraud, or improving customer experience.

5. DATA PROTECTION

5.1 Data confidentiality

We treat your personal data as confidential and take steps to ensure it is only accessible to authorized personnel who need it to fulfill their job responsibilities. Every employee with access to personal data is bound by a confidentiality agreement.

5.2 Infrastructure-level security

In addition to basic SSL encryption, we have implemented advanced server and network-level security measures, including firewalls and proactive threat monitoring. We regularly audit our systems for vulnerabilities and update our security practices according to the latest expert recommendations.

5.3 Hosting and security

Our website is hosted on servers provided by Hetzner Online GmbH in Germany. This provider complies with GDPR requirements and ensures an appropriate level of technical protection. We keep our WordPress installation and plugins up to date to protect against vulnerabilities.

5.4 Data retention

We store order-related data for at least 3 years for tax and accounting purposes, or longer if required by law.

Newsletter and marketing consent data is stored for 5 years or until the consent is withdrawn.

5.5 Protection against unauthorized access

We use modern technologies and security procedures to protect your personal data from unauthorized access, loss, destruction, or damage. Access to personal data is limited to authorized employees and partners, who are bound by strict contractual confidentiality obligations.

5.6 Regular security audits

We conduct regular internal and external security audits to identify and resolve any security gaps. This includes reviewing and improving our security protocols and practices on a regular basis.

5.7 Third-party data protection

If we share your data with service providers or partners, we ensure they offer adequate levels of data protection and use the data only for purposes aligned with our privacy policy.

6. USER RIGHTS

6.1 Access and modification

If you have an account, you can access and modify your personal data at any time directly from your profile. You can also contact us to request updates or corrections.

6.2 Right to erasure

You may request the deletion of your personal data if it is no longer needed for the purposes for which it was collected or if you withdraw your consent. In some cases, certain data may be retained if required by law.

6.3 Right to data portability

You have the right to request a copy of the personal data we hold about you in a structured, commonly used, and machine-readable format.

6.4 Withdrawal of consent

If you have given us consent to process your data (e.g., for sending newsletters), you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.

6.5 Right to file a complaint

If you believe that your personal data is not being processed in accordance with the law, you have the right to file a complaint with the Data Protection Authority (www.uoou.cz).

7. CONTACT INFORMATION

If you have any questions, comments, or wish to exercise your rights regarding the protection of personal data, feel free to contact us via e-mail, phone or using contact form.

8. PRIVACY POLICY UPDATES

8.1 Updates on the Website

Any changes to this privacy policy will be published on our website to ensure they are always up-to-date and transparent.

8.2 Regular Review of the Policy

We regularly review this policy to ensure compliance with applicable laws and regulations. Significant changes will be announced in an appropriate manner.

8.3 User Feedback

We welcome any feedback on this policy. If you have suggestions or questions, please contact us – your input helps us improve our privacy practices.

8.4 User Consent to Updated Policy

By continuing to use our website after an update, you agree to the revised terms. If you do not agree, we recommend stopping the use of our services and contacting us for more information.

8.5 Direct Notification

If the changes to the policy significantly affect your rights or obligations, we will inform you using the contact details provided.

8.6 Significant Changes

If we make substantial changes to the way we process your personal data, we will seek your consent before implementing the changes.

Effective date: October 7, 2025