I Recitals

1 Pursuant to Article 4(7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as: “GDPR”), the controller of personal data is Aylla shoes s.r.o., Company ID No 06690530, having its registered office at Jiráskova 29, Pardubice 53002 (hereinafter referred to as : “Controller”).

2 The Controller’s contact information is

Address: Sladkovského 414, Pardubice 53002


Phone no: 703 144 482

3 Personal data shall mean any information relating to an identified or identifiable natural person; an identifiable natural person is any natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

4 The Controller has not appointed a Data Protection Officer. 

II Sources and Categories of Personal Data Processed

1 The Controller processes the personal data provided by you or the personal data obtained by the Controller on the basis of fulfilling your purchase order.

2 The Controller processes your identification and contact data necessary for the contract performance.

III Legal Reasons and Purposes of Personal Data Processing

1 The legal reasons of personal data processing include

  • Fulfilment of the contract concluded between you and the Controller in accordance with Article 6(1)(b) of the GDPR;
  • Legitimate interests pursued by the Controller for providing direct marketing (particularly sending of commercial communications and newsletters) pursuant to Article 6(1)(f) of the GDPR;
  • Your consent to processing for the purpose of providing direct marketing (particularly sending of commercial communications and newsletters) pursuant to Article 6(1)(a) of the GDPR in conjunction with Section 7(2) of the Czech Act No. 480/2004 Coll., on certain information society services, where no order for goods or services has been placed.

 2 The purposes of the personal data processing are

  • Fulfilment of your purchase order and exercise of the rights and obligations arising out of the contractual relationship between you and the Controller; personal data necessary for successful fulfilment of the purchase order (name and address, contact details) are required when placing the purchase order; provision of the personal data is a necessary precondition of the contract conclusion and performance, otherwise the contract cannot be concluded or performed by the Controller;
  • Sending of commercial communications and performance of other marketing activities.

 3 The Controller does not engage in any automated individual decision-making within the meaning of Article 22 of the GDPR.

IV Period of Data Retention

1 The personal data are kept by the Controller

  • For the period of time required to exercise all the rights and obligations established by the contractual relationship between you and the Controller, as well as to make the claims based on those contractual relationships (for the period of 15 years of the contractual relationship termination);
  • Until the consent to the personal data processing for marketing purposes is revoked, up to a maximum of 15 years, where the personal data are processed on the basis of consent.

 2 After the lapse of the personal data retention period, the Controller shall erase the personal data.

V Personal Data Recipients (Controller’s Subcontractors)

1 Personal data recipients are parties that 

  • Contribute to the delivery of goods/services or to the implementation of payments on the basis of the contract;
  • Provide e-shop operation services (Shoptet) and other services in connection with the e-shop operation;
  • Provide marketing services.

 2 The Controller does not intend to forward the personal data to third countries (outside of the EU) or international organisations. 

VI Your Rights

1 Subject to the GDPR, you have the right to do the following:

  • Access your personal data pursuant to Article 15 of the GDPR;
  • Have your personal data corrected pursuant to Article 16 of the GDPR or limit the processing pursuant to Article 18 of the GDPR;
  • Have your personal data erased pursuant to Article 17 of the GDPR;
  • Raise an objection to the processing pursuant to Article 21 of the GDPR;
  • Exercise the right to the portability of your personal data pursuant to Article 20 of the GDPR;
  • Withdraw your consent to the processing by post or by email sent to the postal address or email address of the Controller indicated in Article I hereof.

 2 You also have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to protection of your personal data has been violated.

VII Personal Data Security

1 The Controller declares that it has taken all appropriate technical and organisational measures to ensure the security of personal data.

2 The Controller has taken technical measures to secure data repositories and repositories of hard copy personal data.

3 The Controller declares that only persons authorised by the Controller have access to personal data.

VIII Final Provisions

1 By submitting an online order form, you confirm that you are familiar with and accept the Privacy Policy in its entirety.

2 You give your consent to this Privacy Policy by ticking the consent box in the online form. By ticking the consent box, you confirm that you are familiar with and accept the Privacy Policy in its entirety.

3 The Controller is entitled to amend the Privacy Policy. The Controller will publish the amended version of the Privacy Policy on its website and, at the same time, send you the amended version to the email address you have provided to the Controller.


The Privacy Policy takes effect on October 1, 2020.

Back shopping