🌱 Welcome to my shop! 🌱


Consent to the processing of personal data (GDPR)


I. Basic provisions
  • 1. You hereby grant your consent to the company Petra Zemánková, IČ: 05920191​,
    Domicile Milánská 452, 109 00, Praha, Czech Republic (hereinafter referred to as the
    ,,Administrator“) to process personal data in accordance with Regulation of the
    European Parliament and European Council 2016/679 on the protection of
    natural persons in connection with the processing of personal data and on the
    free movement of this data (hereinafter: ,,GDPR Regulation“) to process the
    following personal data.
II. Category and type of processed data
  • 2. Name and surname, e-mail address, company name, postal address, telephone
    number can be processed based on consent and must be processed for the
    necessary fulfillment of the contract.
III. Legal reason and purpose of personal data processing
  • 3. The legal reason and purpose of personal data processing is:
    • a) Processing necessary for the fulfillment of a contract to which the data subject is a
      party pursuant to Article 6 paragraph 1 letter b) Regulation of the GDPR;
    • b) Processing is necessary for the fulfillment of a legal obligation that applies to the
      administrator according to Article 6 paragraph 1 letter c) Regulation of the GDPR;
    • c) The data subject has given consent to the processing of his or her personal data
      for one or more specific purposes according to Article 6 paragraph 1 letter a)
      Regulation of the GDPR.
  • 3.1 The purpose of personal data processing is:
    • a) Fulfillment of the order resulting from the contractual relationship between the
      subject and the Administrator according to Act No. 89/2012 Coll., or according to
      another contractual relationship.
  • 3.2 There is no automated individual decision-making by the administrator in
    accordance with Article 22 of the GPDR Regulation.
IV. The storage period of your data is
  • 4. The storage period of your personal data depends on the purpose, for which these
    personal data will be used, namely:
    • a) For the purpose of fulfilling the contractual relationship between the entity and the
      Administrator: for the duration of the provision of fulfillment
    • b) For book-keeping records: 15 years
  • 4.1 After the period defined for the storage of your personal data, these personal
    data are deleted by the Administrator.
V. Processing of personal data
  • 5. The processing of personal data is carried out by the administrator, but the
    following processors may also process personal data for him:
    • a) Woocommerce service provider
    • b) Provider of software solutions, applications, services and other processors that the
      Administrator may not currently use
  • 5.2 The administrator and the processor shall take measures to ensure that any
    natural person who acts on behalf of the administrator or the processor and has
    access to personal data, has processed such personal data only based on the
    instructions from the administrator, unless their processing is no longer required by
    the law of the Union or a Member State.
VI. Recipients of the administrator’s personal data
  • 6. Recipients of personal data are companies or natural persons, who are:
    • a) Ensuring the implementation of the contract between the administrator and the
      subject concerned (e.g. shipping companies, payment processing, above standard
      services, etc.);
    • b) Ensuring the operation of the website https://www.tofusenshi.art/
  • 6.1 The administrator does not intend to use services that are not part of the EU and
    thus does not intend to transfer any data to third world countries.
VII. Your rights
  • 7. According to the provisions of the GDPR Regulation, you have the right to:
    • a) The right to access personal data according to Article 15 of the GDPR Regulation
      and at the same time Article 22 and Article 46 of the GDPR Regulation;
    • b) The right to immediate correction of personal data according to Article 16 of the
      GDPR Regulation;
    • c) The right to delete your personal data (,,the right to be forgotten”) according to
      Article 17 of the GDPR Regulation;
    • d) The right to limit the processing of personal data according to Article 18 of the
      GDPR Regulation;
    • e) The right to portability of personal data according to Article 20 of the GDPR
    • f) The right to object to the processing of personal data concerning you, based on
      Article 6 paragraph 1 letter e) or f), including profiling based on these provisions,
      according to Article 20 of the GDPR Regulation;
    • g) The right to revoke the granted consent to the processing of personal data;
    • h) Right to complain to the supervisory authority.

  • 7.1 The Administrator does not further process personal data, unless he proves
    serious legitimate reasons for processing that outweigh the interests or rights and
    freedoms of the data subject, or for the determination, exercise or defense of legal

  • 7.2 Only you or your authorized representative can obtain information about your
    personal data. If the Administrator is not sure of your identity, he may ask you for
    additional information to verify your identity.

  • 7.3 The administrator shall notify the individual recipients to whom the personal data
    has been made available of any correction or deletion of personal data or restriction
    of processing carried out in accordance with Article 16, Article 17 paragraph 1 and
    Article 18 of the GDPR Regulation, except in cases, where this proves to be
    impossible or it requires disproportionate effort. The administrator informs the data
    subject of these recipients if the data subject requests it.
VIII. Security of personal data
  • 8. Taking into account the technical condition of technology, the costs of
    implementation, the nature, scope, context and purposes of the processing, as well
    as the variously probable and variously serious risks to the rights and freedoms of
    natural persons that the processing entails, the administrator shall implement, both at
    the time of determining the means for processing, as well as at the time of processing
    itself, appropriate technical and organizational measures, such as pseudonomination,
    the purpose of which is to implement data protection principles, such as data
    minimization, in an effective way and to incorporate the necessary guarantees into
    the processing, so as to meet the requirements of this regulation and protect the
    rights of data subjects.

  • 8.1 The Administrator shall implement appropriate technical and organizational
    measures to ensure that only personal data that is necessary for each specific
    purpose of the processing is processed by default. This obligation applies to the
    amount of personal data collected, the extent of their processing, their storage period
    and their availability. These measures will in particular ensure that personal data are
    not made available to an unlimited number of natural persons by default without
    human intervention.

This consent to data processing takes effect on August 19, 2022.


  • No products in the cart.