Privacy & PDP Policy for EU - GDPR
Privacy & Personal Data Protection for EU countries - GDPR
Document Version Date: August 1, 2025
Effective From: August 1, 2025
Brand4Brand s.r.o. greatly values your trust and protects your data from misuse.
- Identity and Contact Details of the Data Controller
1.1. The controller of your personal data is Brand4Brand s.r.o., registered office: Branická 213/53, Braník, 147 00 Prague 4, Company ID: 178 22 203, registered in the Commercial Register maintained by the Municipal Court in Prague under file number C 377364 (hereinafter referred to as the “Controller”).
1.2. Contact details of the Controller:
- Mailing address: Branická 213/53, Braník, 147 00 Prague 4
- Email address: contact@brand4brand.com
1.3. The Controller has not appointed a Data Protection Officer.
- Legal Basis for Processing Personal Data
2.1. The legal basis for processing your personal data is that such processing is necessary for the performance of a contract between you and the Controller, or for the implementation of measures prior to entering into such a contract, pursuant to Article 6(1)(b) of Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR).
2.2. The legal basis for processing your personal data is also your consent given to the Controller pursuant to Article 6(1)(a) of the GDPR.
- Purpose of Processing Personal Data
3.1. The purpose of processing your personal data is the performance of a contract between you and the Controller or the implementation of pre-contractual measures.
3.2. The purpose also includes sending commercial communications and conducting other marketing activities by the Controller.
3.3. The Controller does not engage in automated individual decision-making within the meaning of Article 22 of the GDPR.
- Data Retention Period
4.1. We retain personal data only for the period necessary to fulfill legal obligations and business purposes, applying appropriate security measures such as encryption and access controls to prevent unauthorized access. Depending on the category of data and the requirements of applicable laws, retention periods range from 1 to 10 years.
- Recipients of Personal Data
5.1. Recipients of your personal data for contract fulfillment include shipping companies and other entities involved in the delivery of goods or services or payment processing. Other entities that may access your personal data include:
- Website solutions providers
- E-Shop solutions providers
- Marketing solutions providers
- Payments processors and authorities or institutions
- Suppliers and carriers for delivery of goods or services
- Other which are required for processing your orders or services
The Controller does not intend to transfer your personal data to third countries (outside the EU) or international organizations.
- Data Subject Rights
6.1. Under the GDPR, you have the right to request access to your personal data, rectification or erasure, restriction of processing, objection to processing, and the right to data portability (contract fulfillment).
6.2. For marketing purposes, you may withdraw your consent at any time. This does not affect the lawfulness of processing prior to withdrawal. You may withdraw your consent by sending a request to: contact@brand4brand.com
6.3. If you believe your personal data has been processed in violation of the GDPR, you have the right to lodge a complaint with the supervisory authority, which in the Czech Republic is the Office for Personal Data Protection (www.uoou.cz).
6.4. You are not obliged to provide personal data. However, providing your personal data is necessary for the conclusion and performance of the contract. Without it, the contract cannot be concluded or fulfilled.
6.5. For marketing purposes, you are not obliged to provide personal data. It is not a legal or contractual requirement. You have the right to object at any time to the processing of your personal data for direct marketing purposes, including profiling related to such marketing. If you object, your personal data will no longer be processed for these purposes.