GDPR
Effective from: 13 June 2026
This Privacy Policy explains how personal data is processed when you use the online shop at www.cocoafarm.eu. Personal data is processed in accordance with Regulation (EU) 2016/679 (GDPR) and Act No. 110/2019 Coll., on Personal Data Processing. Even though the shop is intended for business customers (B2B), personal data of natural persons (e.g. self-employed persons and contact persons of corporate customers) is still processed and protected under these rules.
1. Controller
Tomáš Marek
Častonín 19, 393 01 Pelhřimov, Czech Republic
Company ID (IČO): 04830717
VAT ID (DIČ): CZ9302231554
E-mail: tomas@cocoafarm.de
Phone: +420 722 012 059
2. What personal data we process
We process only the data necessary for the purposes below: identification and contact details (name, company name, billing and delivery address, IČO/DIČ), e-mail and phone number, order and payment data, and technical data related to the use of the website.
3. Purposes and legal bases of processing
We process personal data on the following legal bases under Article 6 of the GDPR:
- Performance of a contract – processing and fulfilment of orders, delivery of goods, payment settlement, and related communication. Providing this data is a necessary requirement for concluding and performing the contract.
- Compliance with a legal obligation – issuing and keeping accounting and tax documents (e.g. invoices) for the periods required by law.
- Legitimate interest – protection of our rights and claims, and basic analysis of website traffic.
- Consent – only where required, in particular for sending newsletters or marketing communications. Consent can be withdrawn at any time.
4. Retention period
Personal data is stored for the period necessary to exercise the rights and obligations arising from the contractual relationship and to handle any claims. Accounting and tax documents are retained for the periods required by applicable accounting and tax legislation, which are longer than the duration of the contractual relationship. After the relevant period expires, the data is deleted.
5. Recipients and processors
Personal data is shared only with the following recipients and processors whose services are necessary for the purposes set out above:
- the carrier / delivery service used to ship the goods (name, delivery address and contact details for delivery),
- Google (Google Analytics and Google Ads) – website analytics and advertising,
- Comgate – payment gateway used to settle payments.
Personal data may also be disclosed to public authorities (such as the tax administration) where the Controller is required to do so by law; under the GDPR, such authorities are not regarded as recipients.
Where a recipient (in particular Google) processes data outside the European Economic Area, such transfer takes place only with appropriate safeguards in accordance with the GDPR (e.g. the EU–U.S. Data Privacy Framework or standard contractual clauses).
6. Your rights
In relation to your personal data, you have the right to:
- access your personal data and obtain a copy,
- rectification of inaccurate or incomplete data,
- erasure of data (the “right to be forgotten”), where the legal conditions are met,
- restriction of processing,
- data portability,
- object to processing based on legitimate interest,
- withdraw consent at any time, where processing is based on consent.
To exercise these rights, please contact the Controller at the contact details above.
7. Right to lodge a complaint
If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the supervisory authority, the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, www.uoou.cz.
8. Data security
The Controller has adopted appropriate technical and organisational measures to secure personal data, in particular password-protected access to systems, up-to-date security software, and regular maintenance.
9. Cookies
The website uses cookies. Detailed information on the cookies used and how to manage them is available in the Cookie Policy.
10. Final provisions
By submitting an order, the buyer confirms that they have read this Privacy Policy. The Controller is entitled to update this Policy; the current version is always published on the website.