Privacy policy

MYLUVISH.COM  ·  ONLINE STORE

Privacy and Cookie Policy

Information on the processing of personal data pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR), including the use of cookies.


1. BASIC PROVISIONS

The controller of your personal data is (the “Controller”):

Company:  Tenalgo s.r.o.

Registered seat:  Novackova 696/66, Husovice, 614 00 Brno, Czech Republic

Company ID (ICO):  045 53 349

E-mail: support@myluvish.com

Telephone:  +421 950 881 280

Website:  www.myluvish.com

Correspondence address:  Hozova 20, 921 01 Piestany, Slovak Republic

The Controller has not appointed a data protection officer.

Personal data means any information relating to an identified or identifiable natural person, in particular a name, an identification number, location data, an online identifier or other identifiers.

2. SOURCES AND CATEGORIES OF PERSONAL DATA PROCESSED

We process the data that you provide to us yourself (for example, when placing an order, registering or communicating with us):

  • name and surname;

  • delivery address, e-mail address and telephone number;

  • billing details;

  • order history and communication history;

  • login details for the user account.

We also process data obtained automatically when you use our website:

  • IP address;

  • cookies;

  • device type, browser and language;

  • information on access to the website and behaviour on the website.

3. PURPOSES AND LEGAL BASES OF PROCESSING

We process your personal data on the basis of the following legal grounds:

  • Performance of a contract under Article 6(1)(b) GDPR – delivery of orders, communication and invoicing.

  • Compliance with a legal obligation under Article 6(1)(c) GDPR – accounting, tax and archiving obligations.

  • Legitimate interest under Article 6(1)(f) GDPR – improving our services, securing the website and direct marketing.

  • Consent under Article 6(1)(a) GDPR – sending newsletters, remarketing and content personalisation.

4. RECIPIENTS OF PERSONAL DATA

We disclose personal data exclusively to verified processors:

  • E-shop platform operator: Shopify.

  • Payment gateways: Shopify Payments, Stripe.

  • IT and hosting service providers.

  • Delivery carrier: Packeta (and, where applicable, other carriers used to deliver your order).

  • Marketing and analytics tools: Google (Google Analytics, Google Ads), Meta (Facebook Pixel), Seznam Sklik, Hotjar, Microsoft Clarity, Klaviyo, Trustpilot.

  • Accounting and tax advisors.

4.1. Some recipients may process personal data outside the European Economic Area (EEA), in particular in the United States (for example, in the case of services provided by Google, Meta and Shopify). Such transfers take place only where an adequate level of protection is ensured – in particular on the basis of a European Commission adequacy decision, including the EU–U.S. Data Privacy Framework for recipients certified thereunder – or subject to appropriate safeguards under Article 46 et seq. GDPR, in particular the standard contractual clauses approved by the European Commission.

5. RETENTION PERIOD

We retain your personal data:

  • for the duration of the contractual relationship;

  • for 10 years from the last performance (accounting and tax documentation);

  • for 2 years from the last interaction, in the case of sending newsletters;

  • or until consent is withdrawn (where processing is based on consent).

After the applicable period has elapsed, the data are securely anonymised or erased.

6. SECURITY OF THE DATA

We protect your personal data by appropriate technical and organisational measures:

  • encryption of data transmission (HTTPS);

  • server firewall and antivirus protection;

  • access rights to the data limited to authorised persons only;

  • training of employees.

7. AUTOMATED DECISION-MAKING AND PROFILING

7.1. No automated individual decision-making within the meaning of Article 22 GDPR takes place at our company. However, we may use personalisation and remarketing tools which, on the basis of cookies, display content according to the user’s previous behaviour.

8. COOKIES

8.1. The processing of cookies that are not technically necessary takes place only on the basis of your consent, in accordance with the ePrivacy rules (Directive 2002/58/EC as implemented in national law; in the Czech Republic under Section 89 of Act No. 127/2005 Coll.) and Article 6(1)(a) GDPR.

On our website we use:

  • Technical cookies – these cookies are necessary for the website to function and cannot be switched off. They are used, for example, to remember the contents of the shopping cart, login or the cookie-consent settings.

  • Preference cookies – these allow the website to remember information that changes the appearance or behaviour of the site, such as your preferred language or the region you are in.

  • Analytical cookies – these help us to monitor and analyse how users use the website (for example, Google Analytics). The data collected are aggregated and anonymous.

  • Marketing cookies – these are used to display targeted advertising based on your interests and previous activity on the website. We use, for example, the tools Meta (Facebook), Google Ads and Seznam Sklik.

8.2. Third-party cookies. Our website may store cookies of partners who provide us with analytical and marketing services. These cookies are managed by those third parties and we have no direct control over them.

8.3. Granting and withdrawing consent. On your first visit to the website, a cookie-settings bar is displayed. There you can grant or refuse consent for the individual types of cookies. Consent can be changed or withdrawn at any time by clicking the “Cookie settings” link at the bottom of the page (in the footer).

8.4. How to disable cookies. Most browsers allow cookies to be disabled or deleted. In your browser settings you can choose which cookies to allow. Disabling technical cookies may prevent you from making full use of our website.

9. RIGHTS OF THE DATA SUBJECT

You have the right to:

  • request access to your data (Article 15 GDPR);

  • request rectification (Article 16 GDPR) and erasure (Article 17 GDPR);

  • restrict processing (Article 18 GDPR);

  • object to processing (Article 21 GDPR);

  • data portability (Article 20 GDPR);

  • withdraw consent (Article 7(3) GDPR);

  • lodge a complaint with the competent supervisory authority.

9.1. The Controller is established in the Czech Republic; the lead supervisory authority is the Office for Personal Data Protection (Urad pro ochranu osobnich udaju), website: www.uoou.cz. If you reside in another Member State of the European Union, you may also lodge a complaint with the supervisory authority in your country of residence.

9.2. You can exercise your rights in writing or by e-mail using the Controller’s contact details set out in Article 1.

10. FINAL PROVISIONS

10.1. This Privacy and Cookie Policy is effective as of 5th of July 2026. The current version is always available at www.myluvish.com. In the event of material changes, we will inform you by e-mail or upon your next login.