Privacy Policy

1. Data Controller

Halvorne s.r.o. ("Halvorne," "we," "us") is the data controller responsible for processing your personal data. We are registered at Křenová 18, Brno-střed, 602 00 Brno, Czech Republic. For all data protection queries, contact us at: [email protected].

2. What Data We Collect

We collect only the data necessary to operate our service and fulfil your orders. This includes:

• Identity data: name, email address, delivery address, and telephone number provided during ordering or contact form submission;
• Transaction data: order details, payment confirmation references (we do not store full payment card numbers);
• Communication data: messages sent to us via contact form or email;
• Newsletter data: email address provided for batch dispatch subscription;
• Technical data: IP address, browser type, pages visited, and session duration — collected via server logs and limited analytics for site operation purposes only.

3. Legal Basis for Processing

• Contract performance — processing necessary to fulfil your order and manage our customer relationship;
• Legitimate interests — responding to enquiries, improving our website, and fraud prevention;
• Consent — newsletter subscriptions. You may withdraw consent at any time by unsubscribing;
• Legal obligation — compliance with Czech and EU accounting, tax, and consumer protection law.

4. How We Use Your Data

• Process, dispatch, and communicate about your orders;
• Respond to enquiries submitted via our contact form or email;
• Send seasonal batch dispatch newsletters (with consent only);
• Comply with our legal and tax obligations;
• Detect and prevent fraud or abuse.

5. Data Sharing

We share your data only where necessary, with:

• Shipping and courier services (delivery address and contact details only);
• Payment processing partners (transaction data, in compliance with PCI DSS);
• Our accountants and legal advisors, bound by confidentiality obligations;
• Public authorities, where required by applicable law.

We do not transfer your data outside the European Economic Area.

6. Data Retention

We retain your personal data for as long as necessary to fulfil the purpose for which it was collected — typically for the duration of our customer relationship plus 7 years for financial records as required by Czech law. Newsletter subscriber data is retained until you unsubscribe.

7. Your Rights

Under the GDPR, you have the right to:

• Access the personal data we hold about you;
• Correct inaccurate or incomplete data;
• Request erasure ("right to be forgotten") where no legal obligation requires retention;
• Restrict processing in certain circumstances;
• Data portability — receive your data in a machine-readable format;
• Object to processing based on legitimate interests;
• Withdraw consent at any time (for newsletter subscriptions).

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Czech Data Protection Authority (ÚOOÚ) at uoou.cz.

8. Cookies

We use only functional cookies strictly necessary for the operation of this website (session management, security). We do not use analytics, advertising, or preference cookies. No consent banner is required for strictly necessary cookies under applicable law, but you may disable cookies in your browser settings, noting that some site functions may be affected.

9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. Our website uses HTTPS encryption. Access to customer data is restricted to personnel with a specific operational need.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date above will always reflect the most recent version. We will notify active newsletter subscribers of any material changes.