Privacy policy

Principles of personal data processing and protection

These Principles of Personal Data Processing and Protection (the “Principles”) are the basic principles that Spanholz s.r.o., based at Polenská 4382/2c, 58601 Jihlava, Czechia. Identification Number: 04120299 (the “Company”) follows when obtaining and processing personal data as a personal data administrator. These Principles implement the Company’s rights and obligations arising mainly from the following generally binding legal regulations:

  1. European Parliament and Council Regulation (EC) No. 2016/679 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data and Repealing Directive No. 95/46/EC (General Data Protection Regulation) (“GDPR”);
  2. Act No. 480/2004 Coll., on Certain Information Society Services and on Amendments to Certain Acts (Act on Certain Information Services), as amended (the “Act on Some Information Society Services”); and
  3. Act No. 127/2005 Coll., on Electronic Communications and on Amendment to Certain Related Acts (the Electronic Communications Act), as amended (the “Electronic Communications Act”).

Personal Range

These Principles shall apply to all persons visiting the Company`s website (the “Website”) and all Company’s customers (“Data Subjects”).

By using the Company’s Website, you acknowledge and agree to be bound by these Principles.

Personal data, in accordance with the GDPR, mean any information about a designated or identifiable natural person (not a legal person). In principle, therefore, it is any information which, whether alone or in summary, with other information, can serve to identify a particular individual (“Personal Data”).

Which Categories of Personal Data Are Processed

The Company processes identification data, contact details, descriptive data, payment data, billing data, access data, access and entitlement data, service request data (including cookies), warehouse data, delivery data, order data, and data about business cooperation.

Use of Personal Data

Company`s Personal Data is processed for the following purposes:

  1. providing Company`s products and services, whether within the Website or through standard supplier-customer relationships;
  2. internal evaluation of provided products and services and possible improvements of their provision; and
  3. protection of Company`s legitimate interests (for example, for the purposes of website security and functionality, for marketing or litigation purposes).

Marketing Communications

If you are a Company`s customer or have given a consent, the Company is authorized to use your Personal Data to send news from the world of furniture, special offers and other business communications. Sending business communications can be withdrawn at any time simply by cancellation through the sent business communications or via the email address stated below.

Transmitting Personal Data

The Personal Data which the Company acquires about Data Subjects are further transmitted:

  1. within the Spanholz s.r.o., i.e. to Company`s related parties;
  2. to Company`s business partners, such as carriers, cutting centers, banks, insurance companies, marketing agencies, IT infrastructure providers (e.g. Websites), which subsequently process Personal Data for the Company or separately in accordance with the purpose of their provision but also on the basis of the Company`s legitimate interests (e.g. in the context of credit risk coverage); and
  3. to other third parties to which the Company is entitled (for example, a general court in the event of a dispute) or obliged (for example, law enforcement bodies) to provide Personal Data in accordance with generally binding statutory provisions.

Personal Data Protection Means

In order to protect and minimize the risk of unauthorized access to Personal Data, the Company has adopted organizational and technical measures.

These include, in particular, the technical security of the servers and the Company’s Website against unauthorized access.

Persons in contact with Personal Data are also bound by confidentiality in accordance with Article 28(3)b) of the GDPR.


When operating its Websites, the Company uses so-called cookies, which are text files of a small extent (“Cookies”) sent from the Company’s server to the Data Subject browser/equipment and which are returned to the Company’s server when re-visiting the Company`s Websites, which enables the Company to tailor better the content of the Websites to individual Data Subjects. By using Cookies, the Company:

  1. has information about the Data Subject on past searches;
  2. stores the Data Subjects’ credentials; and
  3. adapts the contents of the Websites to the Data Subject.

The Company uses the following types of Cookies:

  1. technical cookies, which allow the basic operation of the Websites;
  2. relational Cookies, which are needed to properly display the Website and are automatically deleted when the Data Subject leaves the Website;
  3. permanent Cookies, which allow the identification of the Data Subject, its access to the Website, and its behavior on the respective Website. Based on permanent Cookies, a specific Data Subject is then identified when re-visiting the Website. Permanent Cookies can be further used, in particular, to measure and advertise the activity of Data Subjects on the Website; and
  4. Ad Cookies, which allow individual Data Subjects to display targeted advertising to a respective advertising system based on the competence of individual Cookies.

Of course, you may disable using Cookies in specific cases or block them long-term through your browser. In such a case, however, it is likely that certain services and functions of the Company’s Websites will not be fully functional or available.

Google Analytics

The Company uses the Google Analytics services provided by Google LLC on the Websites. Google Analytics allows the Company to collect, process, and evaluate data (including, but not limited to, Personal Data) about Website visits.

Google Analytics service also uses Cookies, which are stored on Google LLC servers and cannot be accessed by the Company.  For the protection of personal data by Google LLC, see

Contact Details

For further information about the protection and processing of your personal data, as well as your requests, please use the following email address:

Data Subjects Rights

Data Subjects have the following rights related to their Personal Data protection:

  1. the right to withdraw the consent to the processing of Personal Data if the processing is subject to it;
  2. the right to request access to Personal Data and the information specified in Article 15(1) of the GDPR;
  3. the right to correct inaccurate Personal Data and also to supplement incomplete Personal Data;
  4. the right under the conditions laid down in Article 17 of the GDPR to delete Personal Data;
  5. the right, under the terms and conditions of Article 18 of the GDPR, to restrict Personal Data processing;
  6. the right, under the terms and conditions provided for in Article 20 of the GDPR, to obtain Personal Data concerning him/her, which he/she has provided to the Company, in a structured, commonly used and machine-readable format, and the right to pass such data to another person;
  7. the right to be informed, under the terms and conditions of Article 34 of the GDPR, of a violation of Personal Data security;
  8. the right, under the terms and conditions of Article 21 of the GDPR, to object to the processing of Personal Data; and
  9. the right to lodge a complaint with the Supervisory Authority, i.e. with the Office for Personal Data Protection, at the address Pplk. Sochora 27, 170 00 Prague 7, or through a data box at the address qkbaa2n