Privacy Policy

Effective: 1 May 2026

1. Introductory Provisions

This Privacy Policy (hereinafter "Policy") governs the processing of personal data by Tomáš Bango in connection with the operation of the website https://sparteq.cz and the provision of e-commerce services.

Data Controller:

  • Name: Tomáš Bango
  • Company ID (IČO): 19786409
  • VAT ID (DIČ): CZ9610116010
  • Registered address: Podroužková 1659/33, 708 00 Ostrava - Poruba
  • Registered in the Trade Register of the Magistrate of the City of Ostrava pursuant to § 71(2) of the Trade Licensing Act
  • E-mail: tomasbango@gmail.com
  • Phone: +420737024460

This Policy is drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), and Act No. 110/2019 Coll., on the processing of personal data.

2. Personal Data We Process

In connection with the operation of our e-shop and the provision of related services, we process the following categories of personal data:

  • Identification data: first name, surname, date of birth
  • Contact data: e-mail address, phone number
  • Address data: billing and delivery address
  • Login credentials: username, password (stored in encrypted form)
  • Payment data: payment card details and transaction data (processed by Teya Pay and Stripe)
  • Technical data: IP address, device information, browser type, operating system
  • Location data: general geographic location information derived from the IP address
  • Order data: order history, preferences, purchasing behaviour
  • Communication data: content of enquiries submitted via the contact form, reviews and comments

3. Purposes of Processing

3.1 Order fulfilment

  • Legal basis: performance of a contract (Art. 6(1)(b) GDPR)
  • Data processed: identification data, contact data, address data, order data
  • Purpose: processing orders, communicating with the customer, delivering goods

3.2 Payment processing

  • Legal basis: performance of a contract (Art. 6(1)(b) GDPR)
  • Data processed: identification data, payment data
  • Purpose: processing payment for ordered goods

3.3 User account management

  • Legal basis: performance of a contract (Art. 6(1)(b) GDPR)
  • Data processed: identification data, contact data, login credentials
  • Purpose: providing user account features, order management

3.4 Customer support

  • Legal basis: performance of a contract (Art. 6(1)(b) GDPR)
  • Data processed: contact data, communication data
  • Purpose: handling enquiries, complaints and technical support

3.5 Marketing communications (newsletter)

  • Legal basis: consent (Art. 6(1)(a) GDPR)
  • Data processed: e-mail address, first name
  • Purpose: informing about news, promotions and offers

3.6 Marketing and behavioural analysis

  • Legal basis: legitimate interest (Art. 6(1)(f) GDPR)
  • Data processed: technical data, website behavioural data, order data
  • Purpose: improving services, personalising content, remarketing

3.7 Compliance with legal obligations

  • Legal basis: legal obligation (Art. 6(1)(c) GDPR)
  • Data processed: all order-related data
  • Purpose: bookkeeping, tax obligations, archiving

4. Legal Bases for Processing

We process personal data on the following legal bases under Art. 6 GDPR:

  • Consent (Art. 6(1)(a)): for sending marketing communications and the use of certain cookies
  • Performance of a contract (Art. 6(1)(b)): for fulfilling orders, processing payments and providing customer support
  • Legal obligation (Art. 6(1)(c)): for bookkeeping and fulfilment of tax obligations
  • Legitimate interest (Art. 6(1)(f)): for user behaviour analysis, service improvement and fraud prevention

5. Data Retention

We retain personal data for the period necessary to fulfil the purpose of processing:

  • Order and accounting data: 10 years from the end of the accounting period (statutory archiving obligation)
  • Payment data: processed by the payment gateway under its own terms; Tomáš Bango does not store this data
  • User accounts: until the account is deleted by the user or 3 years from the last activity
  • Newsletter and marketing consent: until consent is withdrawn
  • Technical analytics data: 26 months (Google Analytics)
  • Customer support communications: 3 years from the last contact
  • Reviews and comments: for the lifetime of the e-shop, unless the user requests deletion

6. Recipients of Personal Data

We may share your personal data with the following categories of recipients:

6.1 Technical services

  • Google Analytics: website traffic analysis
  • Facebook (Meta): remarketing and advertising effectiveness analysis
  • E-mail marketing services: for sending newsletters and marketing communications
  • Sparteq: e-shop platform

6.2 Payment services

  • Teya Czech Republic s.r.o.: card and other payment processing
  • Wise s.r.o.: card and other payment processing

6.3 Delivery services

  • Zásilkovna s.r.o.: order delivery

6.4 Other

  • Accounting and legal services: external providers for bookkeeping and legal counsel
  • IT support: external technical support providers

7. International Data Transfers

Some of our partners are based outside the European Union:

  • Google Analytics, Facebook: data may be processed in the USA on the basis of the European Commission's adequacy decision (EU-US Data Privacy Framework) or standard contractual clauses
  • E-mail marketing services: where the provider is based outside the EU, transfers are made on the basis of standard contractual clauses approved by the European Commission

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. Detailed information about the cookies used, their purpose and settings can be found in the separate Cookie Policy available on our website.

Basic categories of cookies used:

  • Essential cookies: enable basic website functionality
  • Analytical cookies: Google Analytics for measuring traffic
  • Marketing cookies: Facebook Pixel, remarketing

9. Rights of Data Subjects

In connection with the processing of your personal data, you have the following rights:

9.1 Right of access (Art. 15 GDPR)

You have the right to obtain information about whether we process your personal data and, if so, to access that data and information about its processing.

9.2 Right to rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate personal data and the completion of incomplete data.

9.3 Right to erasure (Art. 17 GDPR)

Under certain conditions, you have the right to request the erasure of your personal data.

9.4 Right to restriction of processing (Art. 18 GDPR)

Under certain circumstances, you have the right to request the restriction of the processing of your personal data.

9.5 Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used and machine-readable format.

9.6 Right to object (Art. 21 GDPR)

You have the right to object to processing based on legitimate interest or for the purposes of direct marketing.

9.7 Right to withdraw consent (Art. 7(3) GDPR)

Where processing is based on consent, you have the right to withdraw your consent at any time.

9.8 Right to lodge a complaint

You have the right to lodge a complaint with the Office for Personal Data Protection if you believe that the processing of your personal data infringes the GDPR.

You may exercise your rights by sending an e-mail to tomasbango@gmail.com or in writing to the registered address of Tomáš Bango.

10. Security of Personal Data

Tomáš Bango implements appropriate technical and organisational measures to protect personal data against unauthorised or accidental access, alteration, destruction, loss, unauthorised transmission or other unauthorised processing.

These measures include:

  • Encryption of sensitive data
  • Restricting access to personal data to authorised persons only
  • Regular security updates of systems
  • Data backups
  • Employee training in personal data protection

11. Data Protection Officer

Tomáš Bango is not required under the GDPR to appoint a Data Protection Officer. For matters relating to personal data protection, please contact the controller directly using the contact details provided in Article 1 of this Policy.

12. Changes to this Policy

Tomáš Bango reserves the right to amend or supplement this Policy. Users will be informed of material changes via the website or by e-mail. We recommend checking the current version of this Policy regularly.

13. Contact and Supervisory Authority

Controller contact:

  • Tomáš Bango
  • E-mail: tomasbango@gmail.com
  • Phone: +420737024460
  • Address: Podroužková 1659/33, 708 00 Ostrava - Poruba

Supervisory authority:

  • Office for Personal Data Protection (Úřad pro ochranu osobních údajů)
  • Address: Pplk. Sochora 27, 170 00 Praha 7
  • Website: www.uoou.gov.cz
  • E-mail: posta@uoou.gov.cz
  • Phone: +420 234 665 111

14. Effective Date

This Privacy Policy is effective as of 1 May 2026.

Acceptable Use Policy – Payments

The Stripe payment integration available within Sparteq is an optional feature. Any tenant who enables it must comply with the following rules, in addition to Stripe's own Restricted Businesses policy.

Permitted use

The payment gateway may be used for selling physical goods, food and beverages, flowers, digital products, and local services — such as restaurants, florists, and consumer electronics retailers.

Prohibited use

The payment gateway must not be used for:

  • Weapons, firearms, or ammunition
  • Controlled substances or drug paraphernalia
  • Adult content or services
  • Gambling or betting services
  • Any product or service that violates Stripe's Restricted Businesses policy (stripe.com/legal/restricted-businesses)
  • Any activity that is illegal under applicable law

Sparteq reserves the right to suspend payment processing for any tenant found to be in violation of this policy. Each tenant who activates Stripe payments undergoes identity and business verification directly through Stripe's KYC onboarding process.