Privacy policy

 

Privacy Policy

Last updated: April 2026

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection legislation is:

CNA Trade s.r.o.
28. října 770/6, 702 00 Ostrava, Czech Republic
E-mail: info@rollz.cz
WhatsApp / Phone: +420 733 121 290

2. General Principles

We process personal data only to the extent necessary to provide a functioning website and our services. All processing is carried out on the basis of the GDPR and applicable national data protection law.

Legal bases we rely on:

  • Art. 6(1)(a) GDPR – your consent (e.g. for marketing and analytics cookies)
  • Art. 6(1)(b) GDPR – performance of a contract with you (e.g. processing your order)
  • Art. 6(1)(c) GDPR – compliance with a legal obligation (e.g. tax retention requirements)
  • Art. 6(1)(f) GDPR – our legitimate interests (e.g. fraud prevention, security)

3. Personal Data We Collect

Depending on how you interact with our store, we may collect the following categories of personal data:

  • Contact data: name, postal address, billing address, delivery address, phone number, e-mail address
  • Payment data: payment method, transaction details (card data is processed directly by the payment provider and not stored by us)
  • Account data: username, encrypted password, preferences and settings
  • Transaction data: order history, cart contents, returns and exchanges
  • Communication data: content of support requests or messages sent to us
  • Device data: IP address, browser type, operating system, access times
  • Usage data: page views, click paths, session duration

4. Sources of Personal Data

  • Directly from you – when you create an account, place an order, or contact us
  • Automatically – via cookies and similar technologies when you visit our website
  • From service providers – e.g. payment processors, shipping companies
  • From partners – e.g. marketing and analytics partners

5. Purposes of Processing

  • Order fulfilment: processing orders, payments, shipping and returns — legal basis: Art. 6(1)(b) GDPR
  • Customer communication: responding to enquiries, sending order confirmations — legal basis: Art. 6(1)(b) GDPR
  • Marketing: sending promotional e-mails and displaying personalised advertising — legal basis: Art. 6(1)(a) GDPR (consent only)
  • Security and fraud prevention: detecting and investigating suspicious activity — legal basis: Art. 6(1)(f) GDPR
  • Legal obligations: e.g. tax retention periods — legal basis: Art. 6(1)(c) GDPR

6. Third-Party Tools and Service Providers

6.1 Shopify

This store is hosted by Shopify Inc., 151 O'Brien Street, Ottawa, ON, Canada, which processes data on our behalf as a data processor. Shopify may transfer personal data outside the EEA; such transfers rely on the EU Standard Contractual Clauses. For more information: https://www.shopify.com/legal/privacy

6.2 Google Analytics 4 (GA4)

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. GA4 uses cookies and similar technologies to analyse website usage. Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner). Data may be transferred to the USA; Google LLC is certified under the EU–U.S. Data Privacy Framework. To opt out: https://tools.google.com/dlpage/gaoptout

6.3 Meta Pixel (Facebook / Instagram)

We use the Meta Pixel provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. This allows us to track visitor behaviour following a click on a Meta advertisement and measure the effectiveness of our ads. Legal basis: Art. 6(1)(a) GDPR (consent). Data may be transferred to the USA; Meta is certified under the EU–U.S. Data Privacy Framework. To manage your ad preferences: https://www.facebook.com/settings?tab=ads

6.4 Cookies

Our website uses cookies. Technically necessary cookies are set on the basis of Art. 6(1)(f) GDPR. Marketing and analytics cookies are only set with your explicit consent (Art. 6(1)(a) GDPR), which you may withdraw at any time via the cookie banner.

7. Sharing of Personal Data

We share your data only where legally permitted or required:

  • Service providers acting on our behalf (e.g. Shopify, payment processors, shipping companies) – under data processing agreements pursuant to Art. 28 GDPR
  • Marketing partners – only with your consent
  • Authorities – where required by law
  • In connection with business transactions (e.g. merger or sale) – in compliance with GDPR

8. International Data Transfers

Where we transfer personal data outside the European Economic Area (EEA), we rely on:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR
  • Certifications under the EU–U.S. Data Privacy Framework

9. Retention Periods

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law (e.g. statutory retention obligations). Data is routinely deleted once the applicable retention period has expired.

10. Minors

Our store is intended exclusively for persons aged 18 and over. We do not knowingly collect personal data from persons under the age of 18. If we become aware that such data has been collected, we will delete it immediately.

11. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR) – to request information about the personal data we hold about you
  • Right to rectification (Art. 16 GDPR) – to request correction of inaccurate data
  • Right to erasure (Art. 17 GDPR) – to request deletion of your data
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR) – to processing based on Art. 6(1)(f) GDPR
  • Right to withdraw consent (Art. 7(3) GDPR) – without affecting the lawfulness of prior processing

To exercise your rights, please contact us at: info@rollz.cz

12. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The authority competent for your country of residence applies. A list of EEA supervisory authorities is available at: https://www.edpb.europa.eu

For the Czech Republic (company's registered seat): Úřad pro ochranu osobních údajů (UOOU) – www.uoou.cz

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal or regulatory reasons. The current version is always available on our website. The date of the last update is indicated above.

14. Contact

E-mail: info@rollz.cz
WhatsApp / Phone: +420 733 121 290
Address: CNA Trade s.r.o., 28. října 770/6, 702 00 Ostrava, Czech Republic