Privacy Policy

Data Controller

The entity responsible for processing your personal data is:

Me & Maty
Prašný Újezd 1
Mlečice, 338 08
Czech Republic

For all privacy-related questions, contact us at sa@meandmaty.com.

What Data We Collect

When You Place an Order

• Full name (for billing & shipping)
• Email address (for order confirmations)
• Postal address (for delivery)
• Phone number (for delivery notifications, optional)
• Payment details (processed securely by Stripe — we never store card numbers)

When You Visit Our Website

• IP address (anonymised after 24 hours)
• Browser type, device, screen resolution
• Pages visited, time spent, referring URL
• Cookies (see our Cookies Policy)

When You Contact Us

• Name, email, and any information you include in the message

Why We Process Your Data

Performance of Contract (GDPR Art. 6(1)(b))

• Processing your order and delivering products
• Issuing invoices and receipts
• Handling returns, refunds, and complaints

Legal Obligation (GDPR Art. 6(1)(c))

• Accounting and tax record keeping (10 years under Czech law)
• Consumer rights and dispute resolution

Legitimate Interest (GDPR Art. 6(1)(f))

• Website security and fraud prevention
• Improving our products and user experience
• Basic analytics (anonymised)

Consent (GDPR Art. 6(1)(a))

• Marketing emails (only if you opt in)
• Non-essential cookies (only if you accept)

Third Parties We Share Data With

We work with carefully selected service providers, each bound by GDPR-compliant data processing agreements:

Payment Processing

• Stripe Payments Europe Ltd. (Ireland) — handles all card payments. We never see or store your card number.

Shipping & Delivery

• Czech Post / Czech Post (Czech Republic) — receives your name, address, phone for delivery
• DPD / Česká pošta — for shipments outside Czech Post network

Technical Infrastructure

• Web hosting provider — stores website data on EU servers
• SEOPress — SEO functionality (no personal data shared)
• WP Mail SMTP — for sending order confirmation emails

How Long We Keep Your Data

Order Data

Kept for 10 years after order completion — required by Czech tax law (Act No. 235/2004 Coll.).

Customer Communications

Email correspondence kept for 3 years for customer service and dispute resolution purposes.

Analytics & Cookies

Anonymous analytics data kept for 14 months. Cookie data managed per your consent — see our Cookies Policy.

Marketing Lists (if you opt in)

Kept until you unsubscribe. Every email contains a one-click unsubscribe link.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of access — request a copy of all data we hold about you
• Right to rectification — correct any inaccurate or incomplete data
• Right to erasure (“right to be forgotten”) — delete your data (subject to legal retention obligations)
• Right to restrict processing — limit how we use your data
• Right to data portability — receive your data in a machine-readable format
• Right to object — object to processing based on legitimate interest
• Right to withdraw consent — anytime, for any opt-in activity
• Right to lodge a complaint — with the Czech Data Protection Office (www.uoou.cz)

To exercise any of these rights, email sa@meandmaty.com. We’ll respond within 30 days.

International Data Transfers

Your data is primarily processed within the European Economic Area (EEA), where GDPR applies. In some cases, data may be processed outside the EEA by our service providers (e.g., Stripe operates globally).

When this happens, we ensure adequate protection through:

• European Commission adequacy decisions, or
• EU Standard Contractual Clauses (SCCs), or
• Binding Corporate Rules approved by EU authorities

Data Security

We take reasonable technical and organisational measures to protect your data:

• HTTPS encryption on all pages (SSL/TLS certificate)
• Encrypted database with access controls
• Stripe handles all payment data — PCI DSS Level 1 certified
• Regular security updates of WordPress, WooCommerce, and plugins
• Limited access to personal data on a need-to-know basis
• Regular backups stored in encrypted form

Despite our efforts, no online system is 100% secure. We commit to notify you and the relevant authority within 72 hours of becoming aware of any data breach affecting your data.

Cookies & Tracking

We use a cookie consent banner that asks for your permission before setting any non-essential cookies. You can change your preferences anytime by clearing the cookie banner cookie.

For full details about cookies we use, please see our dedicated Cookies Policy.

Do Not Track

Our website respects browser’s “Do Not Track” signals — when enabled, no analytics or marketing cookies are set even if you previously accepted them.

Children’s Privacy

Our website and products are intended for adults (18+). We do not knowingly collect personal data from children under 16.

If you believe a child has provided us with their personal data, please contact us at sa@meandmaty.com and we’ll delete it immediately.

Updates to This Policy

We may update this Privacy Policy occasionally to reflect changes in our practices, legal requirements, or service providers. The “Last updated” date at the top will always reflect when the policy was last revised.

For material changes that affect how we use your data, we’ll notify you via email (if we have your address) or with a prominent notice on the website.