PRIVACY POLICY
DavidCerny, s.r.o.
Zborovská 889/46, Smíchov, 150 00 Praha 5, Czech Republic
Company ID: 056 84 544
Contact: eshop@musoleum.cz
1. Introduction
We take your privacy seriously. This Privacy Policy explains what personal data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) (EU) 2016/679.
2. Data Controller
3. What Data We Collect
When you place an order or contact us, we may collect:
- —Identity data: name, surname
- —Contact data: email address, phone number
- —Delivery data: shipping address
- —Transaction data: order details, payment confirmation (we do not store full card details)
- —Newsletter data: email address, locale and consent timestamp (only if you subscribe to our newsletter)
- —Technical data: IP address, browser type, strictly necessary cookies (see Section 8)
4. Legal Basis for Processing
| Purpose | Legal Basis |
|---|---|
| Processing and fulfilling your order | Contract performance (Art. 6(1)(b) GDPR) |
| Legal obligations (invoicing, accounting) | Legal obligation (Art. 6(1)(c) GDPR) |
| Complaint handling | Contract performance / Legal obligation |
| Marketing emails (if opted in) | Consent (Art. 6(1)(a) GDPR) |
5. How We Use Your Data
- —Process and fulfil your order
- —Send order confirmations and shipping notifications
- —Handle complaints and returns
- —Comply with legal and accounting obligations
- —Send newsletter emails about events and exhibitions — only with double-opt-in consent; every email contains a one-click unsubscribe link
6. Data Sharing
We do not sell your personal data. We may share it with:
- —Shipping carriers (e.g. DHL, DPD, Czech Post) — for delivery purposes
- —Payment processors — for secure payment handling
- —Accounting/legal advisors — where required by law
- —IT service providers — who process data on our behalf under data processing agreements
For international shipments, your data may be transferred outside the EEA. In such cases, we ensure adequate safeguards are in place (e.g. Standard Contractual Clauses).
7. Data Retention
| Data type | Retention period |
|---|---|
| Order & transaction data | 10 years (accounting law) |
| Customer account data | Until account deletion or 3 years of inactivity |
| Marketing consent | Until withdrawn |
| Complaint records | 4 years |
8. Cookies
Our website uses only strictly necessary cookies required for the shop and admin login to function (session, language preference, shopping cart). We do not use analytical, advertising, or third-party tracking cookies, and we do not require a cookie consent banner under the ePrivacy Directive Article 5(3) exemption for technically necessary cookies.
- —Session cookie — keeps you signed in to the admin or maintains your shopping cart
- —Locale cookie — remembers your selected language
You can disable cookies in your browser settings; the shop will not function correctly without session cookies enabled.
9. Your Rights
Under GDPR, you have the right to:
- —Access — your personal data
- —Rectification — of inaccurate data
- —Erasure — "right to be forgotten" where legally permitted
- —Restriction — of processing
- —Data portability
- —Object — to processing based on legitimate interests
- —Withdraw consent — at any time (where processing is based on consent)
To exercise any of these rights, contact us at eshop@musoleum.cz. We will respond within 30 days.
You also have the right to lodge a complaint with the Czech supervisory authority:
10. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The current version will always be available at musoleum.com/privacy-policy.
This Privacy Policy is effective as of 1 May 2026.