What are cookies?
Cookies in translation mean "biscuits, wafers, cakes". They are named after the British custom to offer the visitor a biscuit to evoke a friendly atmosphere.

In the practice of the Internet, a cookie is a small text file that a website saves in your browser so that it can be read again for the web browser later. An example of usage is that a page recognizes that you've visited it in the past, so it doesn't show you the info window again, so you don't have to confirm it again. It is also used for more complex tasks and, for example, most sites that can be logged in under a user account cannot do without them.

Cookies are not stored in your browser forever. It depends on how your browser is set up and the cookie itself. Some are saved only for as long as necessary, ie when you have certain pages open. Others are valid for days to months.

How do we use cookies?
You sort the products by price, or you add a product to the cart. But then you suddenly have to leave and close the browser. When you return, everything is in the same state, thanks to cookies. This is one of the examples where they make your work with our site more enjoyable. However, we also use key cookies, which will enable proper functionality, for example when logging in.

In order to improve and perfect our services, we need to have a perfect overview of what is happening on the site and how you work with it. We find out which features you use most often to improve them. Where they have problems to prevent and solve them. How often you visit our site to adjust your hardware performance so that your site is not slow. We use Google Analytics analytics cookies for this. They also allow us to analyze the performance of online sales channels and evaluate them.

We use cookies from the Google AdWords, Seznam Sklik and Google Analytics services, which help us with the analysis of the success of sales channels. Simply put, we need to have an overview of how individual ads work in order to optimize them effectively. These cookies can also be used for remarketing, which provides personalization of ads and appropriate targeting, ie that you see ads that are relevant to you and you do not see what you are not interested in.



Kubík a.s.
U Prašné brány 1090/2
111 21, Prague 1

ID: 25928082

Contact details for the Data Protection Officer:

Jana Vlková
Tel .: +420 602 487 431

Appropriate office:

Office for Personal Data Protection
Lt. Col. Sochora 27,
170 00 Prague 7

Tel. +420 234 665 111
data box: qkbaa2n

Terms of personal data protection
I. Protection of personal data
1.1. By sending an order from the online order form for the delivery of goods, the user confirms that he understands the terms of personal data protection, that he agrees with their wording and that he accepts them in full.

1.2 Kubík a.s. (Hereinafter referred to as the Provider) is the controller of personal data of users according to Article 4 point 7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”). The Provider undertakes to process personal data in accordance with legal regulations, in particular GDPR.

1.3. Personal data is any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.4 When ordering, personal data are required, which are necessary for the successful completion of the order (name and address, contact). The purpose of processing personal data is to process the user's order and exercise the rights and obligations arising from the contractual relationship between the Provider and the User. The purpose of personal data processing is also to send business messages and perform other marketing activities. The legal reason for the processing of personal data is the performance of the contract pursuant to Article 6, paragraph 1, letter b) GDPR, fulfillment of the legal obligation of the administrator pursuant to Art. c) GDPR and the legitimate interest of the Provider according to Art. 6 par. 1 let. f) GDPR. The legitimate interest of the Provider is the processing of personal data for the purposes of direct marketing.

1.5 To fulfill the license agreement, the Provider uses the services of subcontractors, especially providers of mailing services (personal data are stored in 3rd countries) and web hosting providers. Subcontractors are checked for the secure processing of personal data. The web hosting provider and subcontractor have concluded a contract on the processing of personal data, according to which the subcontractor is responsible for the proper security of the physical, hardware and software perimeter, and therefore bears direct responsibility to the user for any leakage or breach of personal data.

1.6 The Provider stores the user's personal data for the time necessary to exercise the rights and obligations arising from the contractual relationship between the Provider and the user and the assertion of claims under these contractual relationships (for a period of 15 years from the termination of the contractual relationship). After that, the data will be deleted.

1.7 The user has the right to request from the provider access to his personal data pursuant to Article 15 of the GDPR, correction of personal data pursuant to Article 16 of the GDPR, or restrictions on processing pursuant to Article 18 of the GDPR. The user has the right to delete personal data according to Article 17, paragraph 1, letter a), and c) to f) GDPR. Furthermore, the user has the right to object to the processing according to Article 21 of the GDPR and the right to data portability according to Article 20 of the GDPR. Contact is

1.8 The user has the right to file a complaint with the Office for Personal Data Protection if he believes that his right to personal data protection has been violated.

1.9 The user is not obliged to provide personal data. However, the provision of personal data is a necessary requirement for the conclusion and performance of the contract and without the provision of personal data it is not possible to conclude the contract or perform it by the provider.

1.10 There is no automatic individual decision-making by the Provider in the sense of No. 22 GDPR.

1.11 Interested in using the Provider's services by filling in the contact form:

• 1. agrees to the use of his personal data for the purposes of electronic sending of commercial messages, advertising materials, direct sales, market research and direct product offers by the Provider and third parties, but not more often than once a week, and at the same time

• 2. declares that the sending of information according to point 1.11.1 does not consider unsolicited advertising in the sense of Act no. No. 40/1995 Coll. as amended, as the user is sending information according to point 1.11.1 in conjunction with § 7 of Act. No. 480/2004 Coll. expressly agrees.

• 3. The user may revoke the consent pursuant to this paragraph at any time in writing to

1.12 The Provider uses so-called cookies in its presentation to increase the quality of services, personalize the offer, collect anonymous data and for analytical purposes. By using the website, the User agrees to the use of the mentioned technology.

II. Rights and obligations between the controller and the processor (processing contract)
2.1 In relation to the personal data of users' clients, the Provider is a processor in accordance with Article 28 of the GDPR. The user is the administrator of this data.

2.2 These conditions regulate the mutual rights and obligations in the processing of personal data to which the Provider has gained access within the performance of the license agreement concluded in the form of agreement of the general terms and conditions at (hereinafter "license agreement") concluded with the User on the date of establishment. account.

2.3. The Provider undertakes to process personal data for the User to the extent and for the purpose specified in Articles 2.4 - 2.7 of these conditions. Processing resources will be automated. As part of the processing, the Provider will collect, store on information carriers, store, block and dispose of personal data. The Provider is not entitled to process personal data in contravention or beyond the scope set out in these conditions.

2.4 The Provider undertakes to process personal data for the User to the following extent: 1. ordinary personal data, 2. special categories of data pursuant to Article 9 of the GDPR, which the User has obtained in connection with its own business activities.

2.5. The Provider undertakes to process personal data for users for the purpose of operating the e-shop

2.6. Personal data may be processed only at the workplaces of the Provider or its subcontractors in accordance with Article 2.8 of these Terms and Conditions, in the territory of the European Union.

2.7. The Provider undertakes to process personal data of the User's clients for the User, all for the time necessary to exercise the rights and obligations arising from the contractual relationship between the Provider and the User and from asserting claims from these contractual relationships (for 15 years from the termination of the contractual relationship).

2.8 The user grants permission with the involvement of a subcontractor as an additional processor under Article 28 (2) of the GDPR, which is the Wedos hosting provider. The User further grants the Provider general permission to involve another processor of personal data in the processing, however, the Provider must inform the user in writing of any intended changes concerning the acceptance of other processors or their replacement and provide the user with the opportunity to object to these changes. The Provider must impose on its subcontractors, as the processor of personal data, the same obligations for the protection of personal data as set out in these conditions.

2.9. The Provider undertakes that the processing of personal data will be ensured in particular in the following way:

1. Personal data are processed in accordance with legal regulations and on the basis of the User's instructions, ie for the performance of all activities necessary for the provision of the Shoptet eshop platform in the form of a license agreement.

2. The Provider undertakes to technically and organisationally ensure the protection of the personal data processed in such a way that unauthorized or accidental access to the data, their change, destruction or loss, unauthorized transfers, their other unauthorized processing and other misuse cannot occur, and that all obligations of the personal data processor arising from legal regulations are ensured in a personnel and organizational manner for the duration of the data processing.

3. The technical and organizational measures taken shall be proportionate to the degree of risk. The provider uses them to ensure the constant confidentiality, integrity, availability and resilience of processing systems and services, and to restore the availability of and access to personal data in a timely manner in the event of physical or technical incidents.

4. The Provider hereby declares that the protection of personal data is subject to the Provider's internal security regulations.

5. Only authorized persons of the Provider and subcontractors according to Article 2.8 of these conditions will have access to personal data, which will be set by the Provider and the conditions and scope of data processing and each such person will access personal data under its unique identifier.

6. The Provider's authorized persons who process personal data in accordance with these conditions are obliged to maintain the confidentiality of personal data and security measures, the disclosure of which would jeopardize their security. The Provider shall ensure their demonstrable commitment to this obligation. The Provider shall ensure that this obligation for the Provider and the authorized persons will continue even after the termination of the employment or other relationship with the Provider.

7. The provider shall assist the user through appropriate technical and organizational measures, as far as possible, to fulfill the user's obligation to respond to requests for the exercise of the data subject's rights set out in the GDPR; as well as in ensuring compliance with the obligations under Articles 32 to 36 of the GDPR, taking into account the nature of the processing and information available to the Provider.

8. After the termination of the provision of performance, which is associated with processing, according to Article 2.7 of these conditions, the Provider is obliged to delete all personal data or return them to the User, if he is not obliged to store personal data under a special law.

9. The Provider shall provide the User with all information necessary to prove that the obligations under this Agreement and the GDPR have been fulfilled, and shall enable audits, including inspections, to be performed by the User or another auditor authorized by the User.

2.10 The User undertakes to immediately report all facts known to him that could adversely affect the proper and timely fulfillment of obligations arising from these conditions and to provide the Provider with the cooperation necessary for the fulfillment of these conditions.

III. Final Provisions
3.1 These conditions expire at the end of the period specified in Article 1.6 and Article 2.7 of these conditions.

3.2 The user agrees to these conditions by checking the consent via the online form. By checking the consent, the user expresses that he has read these conditions, that he expresses his consent to them and that he accepts them in full.

3.3 The Provider is entitled to change these conditions. The Provider is obliged to publish a new version of the conditions on its website without undue delay, or sends the new version to the User to his e-mail address.

3.4. Contact details of the Provider in matters concerning these conditions: +420 775 229 993, info @

3.5 Relationships not expressly regulated by these conditions are governed by the GDPR and the legal order of the Czech Republic, in particular Act No. 89/2012 Coll., The Civil Code, as amended.

These conditions take effect on 1 May 2018.
Thank you and have a nice day