English
  1. Home
  2. GDPR

GDPR

I. 

Basic Provisions

1. The controller of personal data within the meaning of Article 4(7) of the GDPR is Lucie Veselá, Jičíněves 91, 507 31 Jičíněves, Reg. No.: 71887911, VAT No.: (hereinafter referred to as the “Controller”).

2. Contact details of the Controller: 
Address: Květiny Ruská | Flower Delivery, Ruská 571, 506 01 Jičín 
E-mail: info@kvetinyruska.cz 
Phone: +420 605 467 111

3. Personal data means any information relating to an identified or identifiable natural person as defined in Article 4(1) of the GDPR.

4. The Controller has not appointed a Data Protection Officer, as it is not required to do so under the GDPR.

II. 

Sources and Categories of Processed Personal Data

1. The Controller processes personal data provided by you when placing an order, communicating, registering, or using web services, or personal data obtained in connection with the performance of a contract.

2. The processed data includes in particular:

   a. identification data (name, surname),

   b. contact data (email, phone number, address),

   c. data about the recipient when delivery is made to a third party,

   d. data necessary for the performance of a contract and accounting obligations.

III. 

Legal Basis and Purpose of Processing Personal Data

1. The legal bases for processing personal data are:

   a. performance of a contract pursuant to Article 6(1)(b) of the GDPR,

   b. compliance with legal obligations (especially accounting and tax obligations) pursuant to Article 6(1)(c) of the GDPR,

   c. the Controller’s legitimate interest in direct marketing towards customers pursuant to Article 6(1)(f) of the GDPR and Section 7(3) of Act No. 480/2004 Coll.,

   d. consent of the data subject pursuant to Article 6(1)(a) of the GDPR if you are not a customer and sign up for the newsletter.

2. The purposes of processing personal data are:

   a. handling your order and performing rights and obligations arising from the contractual relationship; without providing personal data it is not possible to conclude or fulfil the contract,

   b. sending commercial communications and carrying out marketing activities,

   c. compliance with the Controller’s legal obligations (archiving, accounting).

3. The Controller does not use automated individual decision-making or profiling within the meaning of Article 22 of the GDPR.

IV. 

Data Retention Period

1. Personal data is retained:

   a. for the duration of the contractual relationship and subsequently for the period required by law (5–10 years) for accounting and tax purposes,

   b. for the duration of the Controller’s legitimate interest in marketing, but no longer than until you object,

   c. based on your consent until it is withdrawn, but no longer than 5 years.

2. After the retention period expires, the Controller will securely delete or anonymise the personal data.

V. 

Recipients of Personal Data (Controller’s Processors)

Recipients of personal data may include:

   a. carriers and persons involved in delivering goods and processing payments,

   b. providers of IT services, hosting, and e-shop operation,

   c. providers of marketing and analytical services.

The Controller may transfer personal data outside the EU only when necessary for technical service provision or contract performance, and only to entities that ensure an adequate level of protection in accordance with Article 46 of the GDPR (e.g., based on EU Standard Contractual Clauses).

VI. 

Your Rights

Under the GDPR, you have the following rights:

   a. the right of access to personal data (Article 15),

   b. the right to rectification (Article 16),

   c. the right to restriction of processing (Article 18),

   d. the right to erasure (Article 17),

   e. the right to object to processing (Article 21),

   f. the right to data portability (Article 20),

   g. the right to withdraw consent at any time.

If you believe that your rights have been violated, you have the right to file a complaint with the Office for Personal Data Protection.

VII. 

Conditions for Securing Personal Data

1. The Controller has implemented appropriate technical and organisational measures to secure personal data.

2. These measures include in particular securing data storage, encryption, regular backups, access controls, security protocols, and antivirus systems.

3. Personal data is processed only by persons authorised by the Controller who are bound by confidentiality.

VIII. 

Final Provisions

1. By submitting an order, you confirm that you have read and agree to these Personal Data Protection Terms.

2. Where consent is required, you grant it by ticking the relevant box; consent may be withdrawn at any time.

3. The Controller is entitled to update these Terms. The updated version will be published on the Controller’s website, and in the event of significant changes, you will be appropriately informed.

These terms take effect on 15.11.2025.

Contact Us

Květiny Ruská | Rozvoz květin
Ruská 571
506 01 Jičín
+420 605 467 111
info@kvetinyruska.cz

ABOUT

Flower Delivery

© 2017 Květiny Ruská | Rozvoz květin. Powered by LaFlora.com.

Your privacy matters to us

To ensure the correct functionality of the website, monitoring traffic, behaviour and data exchange with the website. By selecting "I undestand" you agree to the use of cookies for the reasons described.