Datenschutzerklärung

Controller:
SNUSHUS s.r.o., Jičínská 226/17, CZ‑13000 Prague 3, Czech Republic
E‑mail: info@nicoshop.eu
Website: www.nicoshop.eu
(VAT ID: CZ09775498)

This policy explains what personal data we process, for what purposes, on which legal bases, to whom we disclose it, how long we retain it, and what rights you have. We process personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Czech Act No. 110/2019 Coll., on the Processing of Personal Data.

1) Security and processing principles

• We apply appropriate technical and organisational measures (encrypted transmission, access controls, backups, logging, data minimisation and pseudonymisation, staff training).

• Data is primarily processed within the EU/EEA. If a transfer outside the EU/EEA occurs (e.g. via cloud/analytics providers), we ensure compliance with Chapter V GDPR (notably EU Standard Contractual Clauses and transfer impact assessments).

• Our products are for 18+ only; we may carry out age verification to meet legal obligations.

2) Purposes and legal bases of processing

a) Contact form / enquiries

• Data: first name, last name, e‑mail, message content and related communication.

• Purpose: responding to questions/offers.

• Legal basis: Art. 6(1)(b) GDPR (pre‑contractual steps at your request).

• Retention: up to 24 months from the last communication if no contract is concluded.

b) Purchase and customer account

• Data: identification and contact details, delivery/billing address, phone, e‑mail, age (18+), order and payment details.

• Purpose: contract conclusion and performance, delivery, customer support, returns/claims.

• Legal bases: Art. 6(1)(b) GDPR (contract) and Art. 6(1)(c) GDPR (legal obligations – in particular accounting and tax).

• Retention: for the duration of the contractual relationship + 24 months from the last performance; accounting documents 10 years in line with applicable law.

c) Marketing and newsletter (soft opt‑in)

• If you have purchased from us and have not refused marketing, we use your e‑mail to send news and offers (soft opt‑in).

• Legal basis: Art. 6(1)(f) GDPR (legitimate interest – direct marketing to customers); you always have the right to object/unsubscribe.

• Retention: until you unsubscribe or 24 months from your last purchase.

• If you subscribe without a prior purchase, processing is based on your consent (Art. 6(1)(a) GDPR) until withdrawn.

d) Cookies, analytics and advertising

• Strictly necessary cookies: site operation, security, cart, login.

• Analytics/statistics cookies: measuring visits and improving the site (only with your consent).

• Marketing cookies: personalised ads and remarketing (only with your consent).

• Legal bases: Art. 6(1)(f) GDPR (strictly necessary), or Art. 6(1)(a) GDPR (analytics/marketing). You can manage consents at any time in the cookie banner or your browser.

3) Recipients and processors

We disclose data only to the extent necessary:

• E‑shop/hosting & IT (platform provider, site administration, security and cloud services),

• Payment services (e.g. Klarna) and anti‑fraud providers,

• Carriers/fulfilment & warehousing (dispatch and delivery),

• Analytics and marketing services (only if you give consent),

• Advisers and public authorities (legal/tax duties, enforcement of claims, audits, regulatory oversight).

We have data processing agreements with processors under Art. 28 GDPR. Current categories of recipients can be specified upon request.

4) Retention periods

We keep data only for as long as necessary for each purpose:

• communications: up to 24 months,

• contracts: duration of the relationship + 24 months,

• accounting/tax records: 10 years,

• newsletter/marketing: until unsubscribe or 24 months from last purchase,

• cookies: according to type and your consent settings (see cookie banner/browser).

5) Your rights (GDPR)

You have the right to request: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20) and to object to processing (Art. 21), especially against direct marketing. Where processing is based on consent, you may withdraw it at any time (without affecting the lawfulness of processing before withdrawal).

Send your request to info@snushus.eu or by post to the controller’s address. To protect your data we may ask for additional information to verify your identity. We will inform you about the handling of your request within 30 days (in exceptional cases we may extend the period by up to 60 days).

Supervisory authority (CZ):
The Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7
Website: www.uoou.cz
You have the right to lodge a complaint with the supervisory authority or seek a judicial remedy.

6) Cookies – details

Cookies are small text files stored on your device. You can manage them via the cookie banner and in your browser settings. Please note that rejecting some cookies may limit site functionality.

How to manage cookies in popular browsers:

• Microsoft Edge: https://support.microsoft.com/windows/microsoft-edge-browsing-data-and-privacy-63d1e0aa-3a93-4f16-be41-77c9e7b89c6b

• Google Chrome: https://support.google.com/chrome/answer/95647

• Mozilla Firefox: https://support.mozilla.org/kb/enable-and-disable-cookies

• Apple Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471

• Opera: https://help.opera.com/latest/security-and-privacy/

7) Automated decision‑making and profiling

We do not carry out decision‑making solely by automated means that would produce legal effects concerning you or similarly significantly affect you. We may create marketing profiles only with your consent via marketing cookies.

8) Privacy contact

For questions and to exercise your rights: info@nicoshop.eu,
We have not appointed a DPO – this is not required given the nature of our processing.

9) Changes to this policy

We may update this policy; the current version is always available on our website. We will inform you of material changes in an appropriate manner (e.g. banner/e‑mail).