Privacy Policy
In effect from 1 April 2025 · PINCORRECT.store s.r.o.
1. Data controller
The data controller is:
Registered office: Sokolova 479/43a, Horní Heršpice, 619 00 Brno, Czech Republic
Company ID (IČO): 06486592
Registered in the Commercial Register kept by the Regional Court in Brno,
Section C, File 102378
Email: info@canwallo.cz
The controller has not appointed a Data Protection Officer (DPO). For data protection matters, please contact info@canwallo.cz.
2. What personal data we process
As part of providing the service, we process the following categories of personal data:
- Registration data: email address, first and last name, phone number
- Delivery data: address or pickup point selected for delivery
- Payment data: information about the payment made (processed by the ComGate payment gateway; we do not store card numbers)
- Photographs: photographs uploaded by the customer for canvas production
- Operational data: IP address, device type, app version, error logs
3. Purposes and legal bases for processing
| Purpose | Legal basis |
|---|---|
| Order processing and delivery | Performance of contract (Art. 6(1)(b) GDPR) |
| Customer account management | Performance of contract |
| Handling complaints | Performance of contract / Legal obligation |
| Accounting and tax records | Legal obligation (Art. 6(1)(c) GDPR) |
| Sending transactional emails (confirmation, tracking) | Performance of contract |
| App improvement and resolving technical issues | Legitimate interest (Art. 6(1)(f) GDPR) |
4. Recipients of personal data
We share personal data only with trusted processors to the extent necessary to provide the service:
- Supabase Inc. – database infrastructure provider. Data is stored exclusively on servers within the European Union. Supabase is a certified processor compliant with GDPR.
- Zásilkovna s.r.o. (Packeta) – delivery partner; we share name, surname, and pickup point ID for parcel delivery.
- ComGate Payments, a.s. – payment gateway; processes payment transactions. We do not store and have no access to payment card numbers.
- Expo / EAS (Expo Application Services) – mobile app infrastructure.
- Vercel Inc. – hosting for the canwallo.cz website.
We do not sell personal data nor share it with third parties for marketing purposes.
5. Data transfers outside the EU
All customer data is stored primarily within the EU (Supabase, European Union). Some technology partners (Vercel, Expo) may process operational and technical data on servers outside the EU. In such cases, transfers are protected by appropriate safeguards under Art. 46 GDPR (standard contractual clauses).
6. Retention period
- Customer account and orders: for the duration of the contractual relationship + 3 years
- Accounting documents: 10 years (as required by Czech accounting law)
- Uploaded photographs: up to 30 days after dispatch of the order, then permanently deleted
- Operational logs: 90 days
7. Your rights
As a data subject under GDPR, you have the following rights:
- Right of access – the right to know what data we process about you
- Right to rectification – you may request correction of inaccurate data
- Right to erasure – under the conditions of Art. 17 GDPR, you may request deletion of your account and data
- Right to restriction of processing – in certain cases, you may restrict processing
- Right to data portability – you can obtain provided data in a machine-readable format
- Right to object – against processing based on legitimate interest
To exercise your rights, send an email to info@canwallo.cz. We will respond within 30 days.
If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Czech Office for Personal Data Protection (uoou.cz). You may also lodge a complaint with the supervisory authority in the EU country of your habitual residence, place of work, or place of the alleged infringement.
8. Security
Access to data is protected by authentication, transport encryption (HTTPS/TLS), and strict access controls. Databases are hosted on the Supabase platform in a data centre within the European Union with SOC 2 certification.
9. Cookies
The canwallo.cz website uses cookies – small text files stored in your browser. We classify cookies into the following categories:
| Category | Purpose | Legal basis |
|---|---|---|
| Necessary | Ensuring basic functionality of the site and app (login, cart, security) | Legitimate interest – cannot be refused |
| Analytics | Measuring traffic and user behaviour (e.g. Google Analytics) to improve the service | User consent |
| Marketing | Showing relevant advertising, remarketing (e.g. Meta Pixel, Google Ads), measuring campaign performance | User consent |
On your first visit, you will be asked for consent to analytics and marketing cookies via the cookie banner. You can revoke or change your consent at any time in the cookie settings available in the site footer.
Necessary cookies are always active and do not require your consent, as the site cannot operate without them.
10. Changes to this policy
This policy may be updated from time to time. The current version is always available at canwallo.cz/gdpr. We will notify you by email of any material changes.