Legal notice

For the provision of our services, sale of goods, and operation of our website, we process certain personal data.

I. Basic Provisions

The processing of personal data is governed in particular by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”).

  1. The data controller pursuant to Article 4(7) of Regulation (EU) 2016/679 is StepAtmo s.r.o., ID: 22472711, with its registered office at Korunní 2569/108, Vinohrady, 101 00 Prague 10, Czech Republic, registered in the Commercial Register maintained by the Municipal Court in Prague under file no. C 416369 (hereinafter referred to as the “controller”).
  2. Contact details of the controller:

Address: Korunní 2569/108, Vinohrady, 101 00 Prague 10

Email: info@tnsky.cz

Phone: +420 777 697 205

  1. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  2. The controller has not appointed a data protection officer.

II. Sources and Categories of Processed Personal Data

  1. The controller processes personal data that you have provided or personal data obtained as a result of fulfilling your order.
  2. The controller processes your identification and contact details, as well as data necessary for contract performance.

III. Legal Basis and Purpose of Processing Personal Data

  1. The legal basis for processing personal data is:
  • the performance of a contract between you and the controller pursuant to Article 6(1)(b) GDPR,
  • the controller’s legitimate interest in direct marketing (in particular, sending commercial communications and newsletters) pursuant to Article 6(1)(f) GDPR,
  • your consent to processing for direct marketing purposes (in particular, sending commercial communications and newsletters) pursuant to Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services, if no goods or services were ordered.
  1. The purpose of processing personal data is:
  • to process your order and exercise rights and obligations arising from the contractual relationship between you and the controller; personal data required for successful order fulfillment (e.g., name, address, and contact information) are necessary for contract conclusion and performance. Without providing this data, the contract cannot be concluded or fulfilled by the controller,
  • to send commercial communications and perform other marketing activities.
  1. The controller does not engage in automated individual decision-making as referred to in Article 22 GDPR. You have explicitly consented to such processing.

IV. Recipients of Personal Data (Controller’s Subcontractors)

  1. Recipients of personal data include:
  • persons involved in delivering goods/services and processing payments under the contract,
  • providers of e-shop operation services (Shopify) and related services,
  • providers of marketing services.
  1. The controller intends to transfer personal data to third countries (outside the EU) or international organizations. Recipients in third countries include providers of mailing services or cloud services.

V. Your Rights

  1. Under GDPR, you have the right to:
  • access your personal data under Article 15 GDPR,
  • rectify personal data under Article 16 GDPR or restrict processing under Article 18 GDPR,
  • erase personal data under Article 17 GDPR,
  • object to processing under Article 21 GDPR,
  • data portability under Article 20 GDPR,
  • withdraw consent to processing in writing or electronically at the controller’s address or email specified in Article III of these conditions.
  1. You also have the right to file a complaint with the Data Protection Authority if you believe your data protection rights have been violated.

VII. Personal Data Security Conditions

  1. The controller declares that it has adopted all appropriate technical and organizational measures to secure personal data.
  2. The controller has implemented technical measures to secure data storage and personal data in physical form, including password protection, encryption, cloud backups, and antivirus software.
  3. The controller declares that access to personal data is granted only to authorized persons.

VIII. Final Provisions

  1. By submitting an order via the online order form, you confirm that you are familiar with the privacy policy and accept it in its entirety.
  2. You agree to these terms by ticking the consent box in the online form. By doing so, you confirm that you are familiar with the privacy policy and accept it in its entirety.
  3. The controller is entitled to amend these terms. The updated version of the privacy policy will be published on its website and sent to your email address provided to the controller.

This policy was last updated on January 15, 2025.