Last Updated: October 2025
This Privacy Policy explains how DONADI ARTS s.r.o. (“Wollem”, “we”, “our”, or “us”) collects, uses, discloses, and protects your personal data when you visit www.wollem.com or purchase products through our Shopify checkout.
We value your privacy and process your personal data transparently, fairly, and in compliance with the General Data Protection Regulation (GDPR) and Czech law.
DONADI ARTS s.r.o. Náměstí Republiky 1090/5, Staré Město, 110 00 Praha, Czech Republic IČO: 19325371
We have not appointed a Data Protection Officer, as it is not legally required for our processing activities.
We collect personal data directly from you when you:
Browse our website
Create or update a cart via our storefront
Complete a purchase through Shopify checkout
Subscribe to our newsletter or contact us via forms
Interact with our support team or social media pages
We may also automatically collect certain technical data through cookies and analytics tools when you visit our website.
The primary legal basis for processing your personal data is the performance of a contract concluded between you and DONADI ARTS s.r.o., or the implementation of pre-contractual measures taken at your request, in accordance with Article 6(1)(b) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
In addition, certain processing activities are necessary for compliance with our legal obligations under Czech and EU law, including but not limited to:
Act No. 235/2004 Sb., on Value Added Tax, as amended;
Act No. 586/1992 Sb., on Income Taxes, as amended;
Act No. 563/1991 Sb., on Accounting, as amended.
These laws require us to process and retain certain data for accounting, tax, and record-keeping purposes.
In addition to the above mentioned laws, we process personal data under the following lawful bases as defined by GDPR:
Contractual necessity (Art. 6(1)(b)) – to process orders, payments, and deliveries.
Legal obligation (Art. 6(1)(c)) – to comply with accounting and tax laws.
Legitimate interest (Art. 6(1)(f)) – to ensure security, prevent fraud, and improve our services.
Consent (Art. 6(1)(a)) – for newsletter subscriptions, analytics, and cookies.
We process personal data primarily to fulfill the agreement between you and DONADI ARTS s.r.o., including the delivery of products, management of orders, handling of warranty or fault claims, and compliance with all legal and tax obligations applicable to our business.
We may also use information obtained through our relationship with customers to improve our products and services, for example through data analysis, customer feedback, and marketing activities carried out with your consent.
We are committed to protecting your personal data and have implemented appropriate organizational and technical measures to ensure its secure and lawful processing.
We use your personal data to:
Process and fulfill your orders and payments
Provide customer support
Deliver transactional and order-related messages
Manage legal and tax compliance
Improve our website, products, and marketing efforts
Send promotional offers (only with your consent)
Prevent fraud and secure our services
We use cookies and similar technologies to improve your browsing experience.
Essential cookies: Required for site functionality (e.g., cart, checkout).
Analytics cookies: To analyze visitor behavior using Cloudflare Analytics and Google Analytics (with IP anonymization).
Marketing cookies: Only if you consent, used for retargeting or advertising (e.g., Facebook Pixel, Google Ads).
You can manage or revoke cookie consent anytime via your browser or our cookie banner.
To comply with our legal obligations and to properly perform our contractual duties, we may share personal data with certain authorized recipients, including:
Public authorities such as courts, tax offices, or other government institutions where required by law;
Service providers assisting us with IT and system maintenance, accounting, marketing, shipping, and transportation;
Payment service providers involved in processing your transactions;
Other trusted partners directly involved in the delivery of goods and performance of our contractual relationship with you.
We adopt appropriate technical and organizational measures to ensure that your personal data is protected against accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure.
We may engage third-party data processors to collect or process your personal data on our behalf. Each processor is contractually bound to handle your data only in accordance with our instructions and in full compliance with applicable data protection laws. All such processors are required to maintain strict confidentiality and implement robust security standards.
Your data may be shared with trusted third parties that help us operate our business:
E-commerce platform: Shopify (for checkout and payment)
Hosting provider: Vercel (for website hosting)
Analytics: Cloudflare, Google Analytics
Email & communication: Google Workspace
Payment processors: Shopify Payments, and any other methods you select
Legal & accounting: Tax authorities or auditors when legally required
All third parties act as data processors under GDPR and are contractually required to ensure data protection and security.
Some partners (like Shopify and Google) may process data outside the EU. In such cases, transfers occur under Standard Contractual Clauses (SCCs) approved by the European Commission to ensure GDPR-level protection.
Our website and services are not intended for children under 16 years old. We do not knowingly collect personal data from minors. If we discover such data, we will delete it promptly.
Personal data will be processed for the term of effect of rights and obligations arising from the agreement concluded between you and the Company; after expiry, the data will be handled in compliance with the relevant legal regulations with regard to archiving purposes.
As a data subject, you have several rights under the General Data Protection Regulation (GDPR) regarding the personal data we process about you. These include:
Right of Access: You have the right to obtain confirmation as to whether we process your personal data, and if so, to receive information about the type of data we process, the purposes of processing, and how your data is used.
Right to Rectification: You have the right to request correction of any inaccurate personal data and to have incomplete data completed without undue delay.
Right to Erasure (“Right to Be Forgotten”): You may request deletion of your personal data where legal grounds for retention no longer apply or where processing is unlawful.
Right to Restrict Processing: You may request that we limit processing of your personal data in certain cases, such as during the verification of accuracy or in connection with an objection you have raised.
Right to Object: You may object at any time to the processing of your personal data carried out on the basis of our legitimate interests or in the public interest. We will cease such processing unless we demonstrate compelling legitimate grounds to continue.
Right to Data Portability: You have the right to obtain your personal data in a structured, commonly used, and machine-readable format and to transfer those data to another controller, or to request that we transfer them directly, where technically feasible.
Right to Withdraw Consent: If processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before consent was withdrawn.
More details about your rights under GDPR are available on the official website of the ÚOOÚ: https://www.uoou.cz/6-prava-subjektu-udaj/d-27276
If you believe that our processing of your personal data is not compliant with applicable laws, you may file a complaint directly with us at [email protected] or contact the Office for Personal Data Protection (Úřad pro ochranu osobních údajů) via www.uoou.cz.
We take security seriously and implement appropriate technical and organizational measures, including:
HTTPS encryption for all communications
Restricted access to personal data
Secure password and authentication systems
Regular security audits and monitoring
However, no online system is completely secure; users should take precautions when sharing data online.
Our site may contain links or integrations (e.g., maps, social media, embedded tools) provided by third parties. We are not responsible for their privacy practices — please review their own privacy policies before interacting with them.
We may update this Privacy Policy from time to time. Material changes will be communicated through a banner on our website or by email, where appropriate. The latest version will always be available at www.wollem.com/privacy-policy