Privacy Policy

 

Effective Date: June 1, 2026

This Privacy Policy governs the processing of personal data by Friday Look Book s.r.o., a limited liability company registered under the laws of the Czech Republic, with its registered office at Ztracená 266/30, 779 00 Olomouc, Czech Republic, Identification Number (IČO: 22538461) (“the Company,” “we,” “us,” or “our”). As the operator of the e-commerce platform https://flbbeauty.com/ (“the Site”), the Company acts as the Data Controller under the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).

This document outlines our legal obligations and your rights regarding the collection, processing, storage, and protection of your personal data.

1. Scope of Data Collection

We collect and process only the personal data necessary to provide our services, maintain security, and comply with statutory obligations. This data is categorized as follows:

  • Identity and Contact Information: Legal name, shipping address, billing address, email address, and telephone number.

  • Transaction Data: Details regarding payments, order history, invoices, and returns. Credit card and financial details are processed exclusively by PCI-DSS compliant third-party payment gateways and are not stored on our servers.

  • Technical and Usage Data: Internet Protocol (IP) addresses, browser characteristics, operating system, device identifiers, and behavioral data related to your interaction with the Site.

  • Marketing Preferences: Explicit records of your consent to receive promotional communications and newsletters.

2. Legal Basis and Purposes of Processing

Pursuant to Article 6(1) of the GDPR, we process your personal data only when a valid lawful basis applies. The specific purposes and legal grounds are set forth below:

  • Contract Management: Processing registrations, managing orders, processing payments, and executing deliveries or returns. Lawful Basis: Article 6(1)(b) of the GDPR — Performance of a contract to which the data subject is party.

  • Statutory Compliance: Maintaining accounting records, tax reporting, and cooperating with regulatory bodies. Lawful Basis: Article 6(1)(c) of the GDPR — Compliance with a legal obligation to which the controller is subject.

  • System Security & Optimization: Fraud prevention, website troubleshooting, data analysis, and technical maintenance. Lawful Basis: Article 6(1)(f) of the GDPR — Legitimate interests pursued by the controller (ensuring operational security and business viability).

  • Direct Marketing: Sending newsletters, promotional material, and product updates. Lawful Basis: Article 6(1)(a) of the GDPR — Explicit consent of the data subject.

3. Data Sharing and Third-Party Disclosures

We do not sell, rent, or lease personal data to third parties. Disclosure to third-party service providers (Data Processors) is limited strictly to operations necessary to fulfill our contractual and legal obligations. These parties include:

  • E-Commerce Infrastructure Providers: Shopify International Limited.

  • Logistics and Postal Services: Courier services (including Packeta, DHL, and local postal authorities) required for physical order fulfillment.

  • Payment Infrastructure: Authorized payment processors acting as independent data controllers.

  • Analytical and Marketing Services: Software providers utilized for data analysis and communication management (subject to your consent).

All data processors are bound by strict Data Processing Agreements (DPAs) in compliance with Article 28 of the GDPR, ensuring identical standards of data protection.

4. Cross-Border Data Transfers

Your data is stored and processed primarily within the European Economic Area (EEA). In instances where data is transferred to third countries (such as to Shopify infrastructure located in Canada or the United States), the Company ensures appropriate safeguards are maintained. This includes relying on Adequacy Decisions issued by the European Commission or utilizing standard contractual clauses (SCCs) to guarantee an equivalent level of protection.

5. Data Retention Periods

Personal data will be retained only for the duration necessary to fulfill the purposes for which it was collected, or as required by applicable statutory retention laws.

  • Accounting and Tax Records: Retained for a mandatory period of up to 10 years, in accordance with Czech tax and civil law obligations.

  • Contractual Data: Retained for the duration of the contractual relationship and the subsequent statutory limitation periods for legal claims.

  • Marketing Data: Retained until consent is explicitly withdrawn by the user.

6. Statutory Rights of the Data Subject

Under Chapter III of the GDPR, European Union residents possess specific legally enforceable rights regarding their personal data. You may exercise these rights at any time:

  • Right of Access (Article 15): The right to obtain confirmation as to whether your data is being processed and to receive a copy of that data.

  • Right to Rectification (Article 16): The right to demand the correction of inaccurate or incomplete personal data.

  • Right to Erasure / 'Right to be Forgotten' (Article 17): The right to request deletion of your data when it is no longer required for its original purpose, or when lawful basis ceases to exist.

  • Right to Restriction of Processing (Article 18): The right to restrict data processing under specific legal conditions (e.g., disputing accuracy).

  • Right to Data Portability (Article 20): The right to receive your data in a structured, commonly used, and machine-readable format.

  • Right to Object (Article 21): The right to object to processing based on legitimate interests or direct marketing purposes.

  • Right to Withdraw Consent (Article 7(3)): The right to withdraw consent for marketing communications at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To formally execute any of the rights listed above, please submit a written request to care@flbbeauty.com.

7. Cookie Policy and Tracking

The Site utilizes cookies and similar tracking technologies to ensure core functionality, analyze traffic, and manage consumer preferences. Operational tracking is governed by our Cookie Consent Banner. Non-essential cookies (analytical and marketing) will not be deployed without your explicit, unambiguous opt-in consent.

8. Legal Contact Information & Supervisory Authority

For any inquiries regarding this Privacy Policy, or to file a formal request concerning your data privacy rights, please contact our designated compliance officer:

  • Corporate Entity: Friday Look Book s.r.o.

  • Company Identification Number (IČO): 22538461

  • Registered Address: Ztracená 266/30, 779 00 Olomouc, Czech Republic

  • Electronic Correspondence: care@flbbeauty.com

You retain the absolute right to lodge a formal complaint with a supervisory authority if you believe our processing of your personal data violates the GDPR. The competent authority in the Czech Republic is:

The Office for Personal Data Protection

(Úřad pro ochranu osobních údajů)

Pplk. Sochora 27, 170 00 Prague 7, Czech Republic

Website: www.uoou.cz