All products
This document provides essential information on how we process your personal data. It is prepared in accordance with Regulation (EU) 2016/679 (GDPR) and related legal regulations.
The data controller is the entity that determines the purposes and means of processing personal data.
The controller of your personal data is:
FLASH STYLE s.r.o., Company ID No.: 28367073, registered office: Průjezdná 625, 155 31 Prague, Czech Republic, registered in the Commercial Register kept by the Municipal Court in Prague under file no. C 136501.
Controller contact details (privacy contact):
E-mail: info@gogoprint.cz
The controller has not appointed a Data Protection Officer (DPO), as it is generally not required to do so.
We process, in particular, the following categories of personal data:
1. Identification data
● name and surname, or business name
● address, and where provided, company registration number and VAT ID
2. Contact data
● e-mail address and telephone number
3. Order and job data
● shopping cart and order contents, product parameters, selected services (e.g., file check)
● billing and delivery details
● complaint/claim data and its handling
4. Payment and accounting data
● data required for invoicing and recording payments (depending on the selected payment method)
Note: payment card details are typically processed by the payment service provider, not by us.
5. Communication data
● content of communications (e-mail, forms, customer support), records of requests
6. Technical data when using our website
● IP address, device/browser information, logs, online identifiers (cookies and similar technologies)
Details about cookies are provided in a separate document “Cookies”.
● primarily from you (orders, account registration, forms, communications, complaints)
● where relevant, from public registers (e.g., verification of business customer details)
We process your personal data for the following purposes and on the following legal bases:
A) Conclusion and performance of the contract (order, production, delivery, communication)
Legal basis: performance of a contract under Article 6(1)(b) GDPR.
B) Compliance with legal obligations (especially accounting, tax, mandatory records)
Legal basis: legal obligation under Article 6(1)(c) GDPR.
C) Legitimate interests (protection and operation of the E-shop, fraud prevention, security, enforcement/defence of legal claims, dispute handling)
Legal basis: legitimate interest under Article 6(1)(f) GDPR.
D) Marketing and commercial communications
● We send newsletters and marketing offers either based on consent (where required) or based on legitimate interest where permitted by law (typically offers of similar products to existing customers).
● You can opt out at any time (unsubscribe link or objection by e-mail).
Providing data for purposes A) and B) is necessary for concluding and performing the contract and meeting legal obligations. Providing data for marketing beyond this scope is voluntary.
Custom printing often involves print files (graphic files) that may contain personal data of third parties (e.g., business cards, personalised labels, lists, contact details).
● For personal data related to your order (identification, contact, invoicing, delivery) we act as a controller.
● For personal data contained in print files, we typically act as a processor, as we process such data only to manufacture and deliver the job according to your instructions.
If you provide files containing personal data, you are responsible for ensuring you have the necessary rights to use them and that providing the files is compliant with applicable law.
Your personal data may be shared, only to the extent necessary, with the following categories of recipients:
● carriers and shipping providers (e.g., PPL, and depending on the shipping method also Messenger, DHL or other carriers)
● payment service providers and the payment gateway (GoPay)
● IT service providers (hosting, system administration, e-mail, security, support partners)
● accounting, tax and legal advisors, auditors (where necessary)
● public authorities, where required by law or necessary to protect legal claims
If the use of certain suppliers involves transfer of personal data outside the EU/EEA, we only carry out such transfers in compliance with GDPR and with appropriate safeguards (e.g., adequacy decisions or Standard Contractual Clauses).
We retain personal data only for as long as necessary for the purposes for which it is processed:
● accounting and tax documents: for the period required by law (for VAT-relevant tax documents typically 10 years from the end of the tax period)
● order/job data (including communications and complaints): for the duration of the contractual relationship and thereafter for the period necessary to protect legal claims (typically 5 years from job delivery or complaint handling; longer in the event of disputes)
● customer account data: while the account is active; afterwards for a reasonable period to settle outstanding relationships and claims
● print files (graphic files): generally only for the time necessary for production, checks, potential complaints and protection of legal claims; longer storage (e.g., for reprints) may be set in the E-shop or agreed individually
● marketing: until you unsubscribe, withdraw consent or object; at most for a reasonable period where marketing contact remains justified (typically several years), unless the relationship is renewed
After the retention period expires, we securely delete or anonymise the data.
We use cookies and similar technologies. Technical cookies necessary for the operation of the website may be stored without consent. For other cookies (e.g., analytics or marketing), we rely on consent and your settings in the cookie banner and in the “Cookies” document.
We do not carry out automated individual decision-making or profiling that would produce legal effects concerning you or similarly significantly affect you.
Under GDPR, you have in particular the following rights:
● right to information and access
● right to rectification
● right to erasure (where conditions are met)
● right to restriction of processing
● right to data portability (for processing based on contract or consent)
● right to object to processing based on legitimate interests, especially direct marketing
● right to withdraw consent (where processing is based on consent)
● right to lodge a complaint with a supervisory authority
Supervisory authority in the Czech Republic:
Office for Personal Data Protection (ÚOOÚ), Pplk. Sochora 27, 170 00 Prague 7, Czech Republic.
We respond to requests without undue delay, no later than within one month; in complex cases, this period may be extended.
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or damage.
This document is effective from the date of publication on gogoprint.cz. The current version is always available on the website gogoprint.cz.