⚠️ High-quality extended range of “non-kratom” 🌿 100% without restrictions. 😉 Click HERE 👈 7% DISCOUNT with code: KryptoniteLife

DATA PRIVACY

PRINCIPLES OF PROTECTION AND PROCESSING OF PERSONAL DATA

according to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), as amended for the year 2025, and related legal regulations of the Czech Republic. These Principles of Protection and Processing of Personal Data supplement our General Terms and Conditions.

1. Introductory Provisions

1.1 The Data Controller is:

Name: Kryptonit-Kratom s.r.o.
ID: 079 20 784
Registered office: Černého 834/32, Bystrc, 635 00 Brno
Company registered in the Commercial Register maintained by the Regional Court in Brno, Section C, Insert 110946
Represented by: Kateřina Havránková, Executive Director
E-shop: www.kryptonite.life
E-mail: info@kryptonit-kratom.cz / info@kryptonite.life
Phone contact: +420 735 091 294
(hereinafter also referred to as the "company" or "seller")

1.2 The Data Subject is:

You, a natural person who has visited the e-shop operated at www.kryptonite.life for the purpose of purchasing goods offered through the catalog, or who has created a user account by registration or concluded a purchase contract with the company by purchasing goods (hereinafter also referred to as the "buyer").

2. Legal Basis for Processing Personal Data

2.1 Performance of a Contract

Purchase contract concluded between the data controller and the data subject. Providing personal data is an obligation of the data subject arising from this contract. Without providing this data, the contract cannot be concluded.

2.2 Legitimate Interest of the Controller

This is based on the existence of a contractual relationship between the data controller and the buyer. It primarily concerns the processing of personal data for the purposes of:

  • Protection of legal claims
  • Internal records and control
  • Direct marketing to existing customers
  • Security of the web interface and protection of user accounts
  • Analysis of site traffic and improving service quality

2.3 Consent to the Processing of Personal Data

In cases specified by legal regulations or in the case of special services, the controller may request consent to process personal data. Granting consent is always voluntary.

2.4 Fulfillment of Legal Obligations

The controller is obliged to process personal data based on obligations arising from the legal regulations of the Czech Republic and the European Union.

3. Scope of Personal Data Processing

3.1 Sources of Personal Data

We process exclusively personal data obtained:

  • Directly from you during registration and purchase
  • From your behavior on our website
  • From publicly available databases (e.g., commercial register, trade register)

3.2 Categories of Processed Personal Data

Specifically, we process the following personal data:

  • Identification data: name, surname, ID, VAT ID
  • Contact details: address, e-mail, phone number
  • Payment details: bank account number, payment history
  • Order data: scope and type of purchased goods, date of purchase, method of delivery, price
  • Website behavior data: visited pages, viewed products, clicks, time spent on pages
  • Technical data: IP address, device type, browser type, cookies and similar technologies

4. Purposes of Personal Data Processing

4.1 Performance of a Contract

We process your personal data for the purpose of fulfilling obligations arising from the purchase contract concluded between the data controller and the buyer. Specifically, this involves:

  • Processing the order and tracking it
  • Communication regarding the order
  • Handling inquiries and requests
  • Ensuring payment and delivery of goods
  • Handling any complaints and returns

For these purposes, we store personal data for the duration of the contractual relationship and for the time necessary to exercise the rights and obligations arising from the contractual relationship.

4.2 Protection of Legal Claims and Internal Control

Based on our legitimate interest, we retain your identification, contact, and descriptive data and data about your orders for the purpose of:

  • Protection of legal claims
  • Internal records and control
  • Protection of the web interface against attacks
  • Protection of user accounts against misuse

We process personal data for these purposes for the duration of the user account, but no longer than 15 years after the conclusion of the last purchase contract, in case of a dispute.

4.3 Direct Marketing

Based on our legitimate interest and/or in accordance with your consent given when creating an order, we process your identification and contact details and data about your orders for the purpose of sending:

  • Information about news and offers
  • Personalized offers based on your purchasing preferences
  • Information about promotions and discounts
  • Newsletters and other marketing communications

For this purpose, we use personal data for the period of:

  • Duration of legitimate interest (1 year from the last order)
  • Validity of your consent (3 years from granting, unless revoked earlier)

By creating an order, the buyer grants the seller consent to process personal data for marketing purposes, especially for sending informative and promotional messages to the buyer's e-mail.

4.4 Communication and Service Improvement

If you communicate with us through various channels, we process your identification and contact details and records of communication for the purpose of:

  • Handling your requests
  • Recording requests and monitoring their fulfillment
  • Proving receipt and handling of the request
  • Improving the quality of our services

For these purposes, we store data for the time necessary to handle the request and then for 3 years for the possibility of proving the handling.

4.5 Fulfillment of Legal Obligations

Based on legal requirements, we process your identification, contact details, and order data for the purpose of fulfilling obligations arising from:

  • Act No. 89/2012 Coll., Civil Code
  • Act No. 634/1992 Coll., on Consumer Protection
  • Act No. 235/2004 Coll., on Value Added Tax
  • Act No. 563/1991 Coll., on Accounting
  • Other relevant legal regulations

For these purposes, we use personal data for the period specified by the relevant legal regulations, usually up to 10 years.

5. Cookies and Other Technologies

5.1 What Are Cookies

Cookies are small text files that are stored on your device when you visit our website. These files allow the website to recognize the user's device and remember certain information about your visit.

5.2 Types of Cookies We Use

  • Necessary cookies: Enable basic site functions such as login, shopping cart, and order process. Without these cookies, the website could not function properly.
  • Preference cookies: Allow the website to remember choices you have made, such as language, region, or last viewed products.
  • Statistical cookies: Help us understand how visitors use the website, which pages are most popular, and how visitors move around the website.
  • Marketing cookies: Track visitors across websites for the purpose of displaying relevant and personalized advertising.

5.3 Cookie Management

You can manage cookies through your browser settings. You always have the option to delete already stored cookies or limit their use. Detailed information about cookie settings in specific browsers can be found on the websites of browser manufacturers.

You can also adjust cookie settings directly on our website through the cookie bar that appears on your first visit.

6. Other Provisions on Protection and Processing of Personal Data

6.1 Special Categories of Personal Data

We do not process personal data of children under 16 years of age without the consent of their legal representative, nor do we process special categories of personal data (so-called sensitive personal data) within the meaning of Art. 9 GDPR.

6.2 Disposal of Personal Data

After deleting a user account, terminating a contractual relationship, or expiration of the reason for processing data, we will dispose of personal data unless legal regulations require their further retention.

6.3 Security of Personal Data

We have adopted and maintain all possible currently known technical and organizational measures that prevent misuse, damage, or destruction of personal data. We will always make maximum effort to prevent unauthorized processing of personal data by other persons.

6.4 Commercial Communications

Commercial communications sent on the basis of legitimate interest or consent granted by creating an order are not considered unsolicited commercial communications within the meaning of Act No. 40/1995, on Advertising, and Act No. 480/2004, on Certain Information Society Services.

6.5 Security Incidents

In the event that we become aware of a security risk associated with your personal data, we will alert you to this without undue delay.

6.6 Accuracy of Data

You confirm to us that the provided personal data is truthful, accurate, and relates exclusively to your person, or that you have provided data whose use did not interfere with the rights of third parties. You undertake to inform us of changes in personal data.

6.7 Method of Processing

Personal data is processed electronically through automated procedures. We do not perform automated individual decision-making or profiling that would have legal effects for the data subject or similarly significantly affect them within the meaning of Art. 22 GDPR.

7. Recipients of Personal Data

Your personal data may be transferred to these recipients:

  • Delivery service providers - for the purpose of delivering ordered goods
  • Payment gateway providers - for processing payments
  • IT service and cloud solution providers - for operation and maintenance of our systems
  • Providers of analytical and marketing tools - for improving our services
  • External accountants, tax and legal advisors - for fulfilling legal obligations
  • Public authorities - in cases stipulated by law
  • Other recipients according to the needs and instructions of the buyer

All these recipients are bound by confidentiality and compliance with the principles of personal data protection.

8. Duration of Personal Data Processing

8.1 Standard Processing Period

Personal data will be processed for the duration of the contract with the buyer and after its termination, it will be handled according to valid legal regulations, especially according to:

  • Act No. 499/2004 Coll., on Archives and Records Service
  • Act No. 280/2009 Coll., Tax Code
  • Act No. 563/1991 Coll., on Accounting
  • Act No. 235/2004 Coll., on Value Added Tax
  • GDPR Regulation and related legal regulations

8.2 Processing in Case of Disputes

In the event of initiation of judicial, administrative, or other proceedings, we process your personal data to the extent necessary for the entire duration of such proceedings and the remaining part of the limitation period after its termination.

9. Rights of the Buyer

In accordance with GDPR, the buyer has the following rights:

9.1 Right of Access to Personal Data and Right to Rectification

The buyer has the right to obtain information from the controller about the processing of their personal data and to request the correction of inaccurate data. We will provide the first copy of the processed personal data free of charge, additional copies with a fee.

9.2 Right to Erasure of Personal Data

The buyer has the right to erasure of their personal data if:

  • The data is no longer necessary for the purposes for which it was processed
  • The buyer has successfully objected to the processing
  • The processing is unlawful
  • The controller is obliged to erase the data according to legal regulations

We cannot perform erasure if the processing is necessary for:

  • Fulfillment of a legal obligation
  • Establishment, exercise, or defense of legal claims
  • Other reasons set out in Art. 17 GDPR

9.3 Right to Restriction of Processing

The buyer has the right to restriction of processing if:

  • They deny the accuracy of personal data until its correctness is verified
  • The processing is unlawful and the buyer refuses to erase the data
  • The controller no longer needs the data, but the buyer requires it for the establishment, exercise, or defense of legal claims
  • The buyer has objected to the processing

9.4 Right to Data Portability

The buyer has the right to obtain their personal data in a structured, commonly used, and machine-readable format and the right to transfer this data to another controller.

9.5 Right to Object to Processing

The buyer has the right to object at any time to the processing of personal data that is based on the legitimate interests of the controller. In the case of marketing activities, the processing will be terminated without further ado; in other cases, the objection will be assessed with regard to the legitimate interests of the controller.

9.6 Right to Lodge a Complaint

The buyer has the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.

10. Exercise of Data Subject Rights

10.1 Contact Details for Exercising Rights

In all matters related to the processing of personal data, you can contact:

10.2 Deadlines for Handling Requests

We will handle your request without undue delay, no later than one month from receipt. In exceptional cases, we may extend the deadline by another two months, of which we will inform you.

11. Final Provisions

11.1 Establishment of a Contract on Personal Data Processing

By creating a user account or purchasing on our e-shop, a contract on the processing of personal data between the controller and the buyer is established.

11.2 Changes to Personal Data Protection Principles

The controller reserves the right to change these principles, especially due to changes in legal regulations, development of technologies, or changes in the purpose of processing. We will inform about changes on the website www.kryptonite.life.

11.3 Governing Law

All private-law relationships arising in connection with the processing of personal data are governed by the legal order of the Czech Republic, with the exception of mandatory provisions of EU law on consumer protection.

11.4 Effectiveness

These Principles of Protection and Processing of Personal Data are valid, effective, and binding from March 1, 2025, and replace the previous version from February 1, 2019.

ShareTweetPin It