1. Home
  2. Privacy Policy

Privacy Policy

This Privacy Policy (hereinafter referred to as the “Policy”) describes how personal data obtained through the website interface www.mialis.cz (hereinafter referred to as the “website interface”) is collected, used, and otherwise processed.

Data Controller:

Mialis s.r.o. registered office: Petrská 1131/2, Nové Město, 110 00 Prague Company ID: 09635866 registered in the Commercial Register maintained by the Municipal Court in Prague

Contact details of the Data Controller: contact email: info@mialis.cz

The protection of personal data is important to us. We recommend that you carefully read this Policy, as it contains important information about how we process your personal data and what rights you have.

1. Introductory Provisions

When processing personal data, we proceed in accordance with the legal regulations of the Czech Republic and directly applicable European Union legislation, in particular Regulation (EU) 2016/679 (GDPR), Act No. 110/2019 Coll., on Personal Data Processing, and Act No. 480/2004 Coll., on Certain Information Society Services.

2. Legal Basis and Purpose of Processing

2.1.

We process your personal data only to the extent necessary to fulfil the following purposes:

a) Performance of a contract

We process your personal data for the purpose of concluding and performing a purchase contract, in particular for:

  • processing orders,
  • manufacturing custom-made products,
  • ensuring delivery of goods,
  • communication with the customer,
  • processing payments.

b) Compliance with legal obligations

We process personal data for the purpose of fulfilling legal obligations, in particular:

  • maintaining accounting records,
  • issuing tax documents,
  • fulfilling obligations towards public authorities.

c) Legitimate interest of the controller

Based on legitimate interest, we process personal data in particular for the purpose of:

  • protecting our rights and legal claims,
  • handling disputes and complaints,
  • direct marketing towards existing customers.

The data subject has the right to object at any time to the processing of personal data for direct marketing purposes.

d) Consent of the data subject

Based on your consent, we process personal data in particular for:

  • sending commercial communications to persons who are not our customers,
  • using analytical and marketing tools (e.g. Google Analytics, Meta Pixel).
2.2. Automated decision-making and profiling

Personal data may be subject to basic profiling for marketing and content personalization purposes.

However, no automated decision-making is carried out that would have legal effects for the data subject.

2.3. Obligation to provide personal data

The provision of personal data is voluntary; however, in certain cases it is necessary for the conclusion and performance of a contract. Without providing such data, it is not possible to process an order.

3. Scope of Processed Data

We process in particular the following personal data:

  • name and surname,
  • delivery and billing address,
  • email address,
  • telephone number,
  • order-related data,
  • payment data,

Additional data, such as information obtained through cookies, IP address (network identifier), including browser type, device, operating system, time and number of accesses to the website interface, and other similar information.

4. Data Retention Period

Personal data is stored for the period necessary to perform the contract, handle complaints, and exercise rights arising from warranties.

Tax documents and order-related data are stored for a period of 10 years from the end of the accounting period in which the document was issued, in accordance with applicable legal regulations.

After this period, the data is deleted or anonymized.

5. Recipients of Personal Data (Processors)

Personal data may be disclosed to the following categories of recipients:

Carriers

For the purpose of delivering goods (e.g. Zásilkovna, Czech Post, DHL, FedEx).

Payment services

For the purpose of processing payments (e.g. GoPay, PayPal, banking institutions).

IT and e-commerce platform

Providers of hosting and IT services ensuring the operation of the website.

Marketing tools

Google LLC (Google Analytics, Google Ads), Meta Platforms, Inc. (Facebook, Instagram), and other advertising platforms (e.g. Pinterest, TikTok).

Accounting and tax advisors

For the purpose of fulfilling legal obligations.

Public authorities

If required by law.

6. Transfer of Data Outside the EU

In some cases, personal data may be transferred to third countries (e.g. USA), in particular in connection with the use of services provided by Google LLC and Meta Platforms, Inc.

In the case of orders outside the EU, personal data may be transferred to carriers in the destination country for the purpose of delivery and customs clearance.

In all cases, appropriate safeguards are applied in accordance with GDPR.

7. User Accounts

7.1. Use of a user account

A user account serves as a technical means for managing orders, storing purchase history, and facilitating repeat purchases.

7.2. Processing of personal data within the account

Within a user account, personal data provided during registration and during the use of the account is processed, in particular identification and contact data and order-related data.

7.3. Account deletion at the request of the user

The user has the right to delete their user account at any time by sending a request to the controller’s email address: info@mialis.cz.

7.4. Controller’s right to delete an account

The controller reserves the right to delete a user account, in particular in the event of technical changes, termination of the service, or violation of the terms and conditions by the user.

7.5. Relationship between the account and personal data

Deletion of a user account does not affect the retention of personal data related to orders (billing data), which the controller is required to retain in accordance with legal regulations (in particular accounting and VAT regulations).

7.6. Access to data without an account

The customer has the right to request information about their orders and exercise their rights under GDPR even without a user account.

8. Rights of the Data Subject

As a data subject, you have the following rights:

  • the right to access your personal data and information about its processing,
  • the right to rectify inaccurate or incomplete data,
  • the right to erasure of personal data if it is no longer necessary or has been processed unlawfully,
  • the right to restrict processing in cases defined by law,
  • the right to data portability,
  • the right to object to processing, in particular for marketing purposes,
  • the right not to be subject to automated decision-making where it has legal effects,
  • the right to lodge a complaint with a supervisory authority.

The supervisory authority is the Office for Personal Data Protection (www.uoou.cz).

We respond to your requests without undue delay, no later than within 30 days.

In the event of correction, deletion, or restriction of processing, we inform recipients of personal data, unless this proves impossible or requires disproportionate effort.

9. Security of Personal Data

Personal data is protected using appropriate technical and organizational measures.

We use secure connections (SSL) and ensure protection of data against unauthorized access, loss, or misuse.

10. Notification of Personal Data Breaches

In the event of a personal data breach, we proceed in accordance with Articles 33 and 34 of GDPR.

If the breach is likely to result in a high risk to the rights and freedoms of natural persons, we will inform the affected individuals without undue delay.

11. Notification Obligation Towards Recipients

In the event of correction, deletion, or restriction of processing of personal data, we inform individual recipients to whom the data has been disclosed, unless this proves impossible or requires disproportionate effort.

Upon request, we will provide you with information about these recipients.

12. Cookies and Analytical Tools

Our website uses cookies and similar technologies.

Essential cookies

These cookies are necessary for the proper functioning of the website and cannot be disabled. They are used, for example, to ensure security and basic website functionality.

Optional cookies

These cookies are used for analytical and marketing purposes, in particular to analyse website traffic and display personalized content.

We use in particular the following third-party tools:

  • Google LLC (Google Analytics, Google Ads)
  • Meta Platforms, Inc. (Facebook, Instagram)
  • Pinterest
  • TikTok

These tools may process personal data through cookies.

Optional cookies are used only on the basis of your consent, which you provide via the cookie banner. You may withdraw your consent to the use of optional cookies at any time.

In some cases, personal data may be transferred to third countries (e.g. the USA), with appropriate safeguards in place in accordance with GDPR.

You can change your cookie settings at any time in your browser or via the settings on our website.

13. Final Provisions

These Policies may be updated from time to time. The current version is always available on our website.

These Policies are effective as of 22 March 2026.