Enora s.r.o. processes personal data of its customers, because such processing is necessary for the  performance of contracts regarding the sale of goods entered into with individual customers (or in  order to take steps prior to entering into such contracts, as appropriate). Furthermore, Enora s.r.o.  processes its customers’ personal data insofar as such processing is necessary to comply with the  company’s public law obligations.  

In addition to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April  2016 on the protection of natural persons with regard to the processing of personal data and on the  free movement of such data, and repealing Directive 95/46/EC (General Data Protection  Regulation) (hereinafter the “Regulation”), the processing is also governed by the applicable  legislation of the Czech Republic. 



1.1. Enora s.r.o., with its registered office at Bořivojova 1192/93, Žižkov, 130 00 Prague 3, ID  No. (IČO): 140 11 441, registered in the Commercial Register maintained by the  Municipal Court in Prague under file no. C 358858, shall act in the capacity of the data  controller (hereinafter the “Controller”).  

1.2. The contact details of the Controller are as follows: address for service: Široká 12, 110 00  Prague 1; email address:  

1.3. The Controller has not appointed a data protection officer. 



The legal basis for the processing of personal data is the fact that such processing is necessary  for:  

1.1. Performance of a contract between a customer and the Controller or in order to take steps  prior to entering into such contract within the meaning of Article 6(1)(b) of the  Regulation;  

2.1. Compliance with legal obligations to which the Controller is subject, within the meaning  of Article 6(1)(c) of the Regulation, specifically for the compliance with Controller’s  obligations under generally binding legal regulations, particularly Act No. 235/2004 Coll., on Value added tax, as amended, Act No. 586/1992 Coll., on Income taxes, as amended,  and Act No. 563/1991 Coll., on Accounting, as amended. 


We process the following personal data:  

1.2. Identification data which include, in particular, first name and last name, user name and  password, identification document number, identification number (IČO) and tax  identification number (DIČ), as well as information about corporate title, as appropriate;  

3.1. Contact details which include personal data that make it possible to contact others,  particularly a telephone number, email address, mailing/shipping address, and billing  address;  

3.2. Data relating to ordered products which particularly include data about purchased  products – whether from our online store or in our place of business, as appropriate. This  category also includes payment details, payment account numbers, data about claims and  complaints and service repairs;  

3.3. Information about customer’s web behavior, including an IP address and derived  location, identification of device and its technical parameters. This also includes data  collected from cookies and similar device identification technologies;  

3.4. Data related to the use of telephone contacts or visits to company premises, including,  but not limited to, records of incoming calls, identification of received messages, incl.  identifiers such as IP addresses, and recordings of camera systems installed within the  company premises.  



4.1. The purpose of personal data processing is the performance of a contract between a  customer and the Controller, including the delivery of goods and resolution of liability  for defects, or the implementation by the Controller of measures to be taken prior to  entering into such contract, as well as the Controller’s compliance with any associated  public law obligations.  

4.2. Personal data may also be processed for the purpose of sending commercial  communications and carrying out other marketing activities of the Controller in respect of its customers.  

4.3. The Controller does not use automated individual decision-making within the meaning  of Article 22 of the Regulation.  

4.4. In particular, personal data are processed: 

      1.2.1. To allow the Controller to communicate with a customer about an order, complaint  or service operations, e.g. to send a confirmation thereof;  

      1.2.2. For the purpose of payments relating to shipping or individual orders; in this  context, the Controller may transfer personal data to shipping companies or other  business partners (for more information, see Section 6. Other recipients of personal  data);  

      1.2.3. With regard to complaints, servicing, buybacks;  

      1.2.4. In connection with other customer’s requests made to the Controller, e.g. with  regard to social media reviews, etc.  



5.1. Personal data shall be processed for the duration of any contractual rights and  obligations and further for the period necessary for the purpose of archiving in  accordance with the applicable generally binding legal regulations; however, no longer  than for the period specified therein.  

5.2. For the purpose of marketing activities, personal data shall be stored until the relevant  consent is withdrawn, an objection is raised or a request is made for the deletion thereof  in connection with such processing purpose. If a customer objects to the processing of his  or her personal data for the purpose of direct marketing, such customer’s personal data  shall no longer be processed for such purpose. 




6.1. Other recipients of personal data may include shipping companies and other persons  involved in the delivery of goods or execution of payments on the basis of individual  contracts of purchase, as well as persons ensuring various technical services for the  Controller in connection with online store operations, including the operation of software  systems and data storage services. Other recipients of personal data may include partner  shipping companies and delivery points. The current list of shipping companies and  delivery points is available on the website.  

6.2. Moreover, recipients of personal data processed for the purpose of complying with regulatory obligations may also include financial administration authorities or other  competent authorities, where the Controller is required to disclose such personal data in  compliance with the applicable generally binding legal regulations. 



Cookies and other technologies. These files make it possible to link customer’s activities during  his or her visits to the Controller’s website. If these files are disabled in an Internet browser, the  website may not be displayed correctly and, in some cases, the full range of services may not  be provided. For the relevant list as well as more information regarding the collection and use  of cookies, see our Cookie Policy.



If customers and the Controller communicate via telephone, email or social media, the  Controller processes any collected information on the basis of its legitimate interest (i.e.  without customer’s consent) for the purpose of:  

∙ Processing customer requests;  

∙ Registering customer requests;  

∙ Documenting the receipt and processing of customer requests;  

∙ Analyzing such requests to improve the quality of services.  



During customers’ visits to the company premises, the Controller makes and collects camera  system recordings that may capture customers; such personal data are collected on the basis of  the Controller’s legitimate interest (i.e. without customer’s consent) for the purpose of  protecting property and individuals present in the store and the surrounding areas thereof.  



10.1. Subject to the terms and conditions set out in the Regulation, a customer may request  access to his or her personal data from the Controller. In connection with the right of  access, he or she may request a copy of his or her personal data being processed; the first  copy of such data shall be provided free of charge, with any additional copies provided 

for an administrative fee.  

10.2. Subject to the terms and conditions set out in the Regulation, a customer has the right to  rectification, supplementation or erasure of his or her personal data, right to the  restriction of processing of such personal data, right to object to processing of his or her  personal data, and the right to data portability.  

In connection with data portability, as defined in the Regulation, a customer shall have  the right to receive his or her personal data in a structured, commonly used and machine readable format




With regard to any and all matters relating to the processing of your personal data – whether  you have a question, wish to exercise a right, lodge a complaint or wish to address any other  matter relating to this document – you can contact the Controller at  

We will reply to and process your request without undue delay; however, no later than one  month from the receipt thereof. In exceptional cases, that period may be extended by two  additional months where necessary, taking into account the complexity of your request or  excessive number of requests. You will always be informed about this accordingly.  


Date: 1 October 2022