Thank you for visiting our JDMshop! We promise to bring you the best performance and OEM parts for as cheap as possible!
Customer support:info@jdmshop.cz
    Prices in:
    Home / GDPR

    GDPR

     

    PRIVACY POLICY

    (GDPR)

    TheKotlaba s.r.o.

    Effective from: 1 June 2026

    1. Data Controller

    The controller of your personal data is:

     

    TheKotlaba s.r.o.

    Registered office: Heinemannova 2698/11, Praha 6, 160 00, Czech Republic

    Company ID (ICO): 19135564

    VAT ID (DIC): CZ19135564

    (hereinafter "Controller" or "we")

     

    The Controller is registered in the Commercial Register maintained by the competent registry court in the Czech Republic. For all matters relating to personal data protection, please contact us at: info@jdmshop.cz

    2. Personal Data We Process

    Depending on the purpose of processing, we collect and process the following categories of personal data:

     

    2.1 Identification and Contact Data

    • First and last name
    • Billing and delivery address
    • E-mail address
    • Phone number
    • Company ID and VAT ID (for business customers, where applicable)

     

    2.2 Order and Transaction Data

    • Order history and purchased products
    • Payment method (we do not store payment card numbers)
    • Delivery and shipment information

     

    2.3 Customer Account Login Data

    • Username (e-mail address) and hashed password
    • Date of registration and last login

     

    2.4 Technical and Analytical Data

    • IP address and device identifiers
    • Cookies and similar technologies
    • Browser and operating system information
    • Website traffic and behavioural data

    3. Purposes of Processing and Legal Bases

    We always process your personal data on the basis of a relevant legal ground under Article 6 of the GDPR:

     

    3.1 Performance of a Contract (Art. 6(1)(b) GDPR)

    Processing is necessary for handling your order, concluding and performing the purchase contract, processing payment, and delivering goods. Without this data, your order cannot be fulfilled.

     

    3.2 Compliance with Legal Obligations (Art. 6(1)(c) GDPR)

    We are required to retain tax documents and accounting records for the period prescribed by law (in particular Act No. 563/1991 Coll. on Accounting and Act No. 235/2004 Coll. on Value Added Tax).

     

    3.3 Legitimate Interests (Art. 6(1)(f) GDPR)

    On the basis of our legitimate interests, we process data for:

    • Protection of the Controller's rights and claims (records of complaints and disputes)
    • Fraud prevention and e-shop security
    • Sending direct marketing communications to existing customers about similar products (always with the option to unsubscribe)
    • Internal analytics and improvement of our services

     

    3.4 Consent (Art. 6(1)(a) GDPR)

    Based on your explicit consent, we process:

    • Personal data for sending commercial communications and newsletters (if you are not an existing customer)
    • Analytical and marketing cookies

    Consent is voluntary and may be withdrawn at any time without any negative consequences for your purchase.

    4. Recipients of Personal Data

    We share your personal data only with trusted third parties to the extent necessary to fulfil the purposes described above:

     

    • Shipping and courier companies (e.g. PPL, Zasilkovna, DPD, GLS) - for the purpose of delivering goods
    • Payment gateway providers (e.g. GoPay, Stripe, PayPal) - for the purpose of processing payments
    • E-commerce platform and web hosting service providers
    • E-mail and communication tool providers
    • Accountants and tax advisors bound by confidentiality
    • Public authorities and courts - where required by law

     

    We have concluded data processing agreements with all processors in accordance with Article 28 of the GDPR.

    5. Transfers of Personal Data to Third Countries

    We process your personal data primarily within the European Economic Area (EEA). Where transfers to third countries (outside the EEA) take place, they are carried out exclusively:

    • on the basis of an adequacy decision by the European Commission, or
    • on the basis of standard contractual clauses approved by the European Commission, or
    • on the basis of other appropriate safeguards pursuant to Article 46 of the GDPR.

     

    Information about specific recipients and applicable safeguards will be provided upon request.

    6. Data Retention Periods

    We retain personal data for the period strictly necessary to fulfil the given purpose:

     

    • Order and invoice data: 10 years from the taxable supply (statutory obligation)
    • Customer account: for the duration of the account, or 3 years from the last activity
    • Marketing consent / newsletter: until consent is withdrawn or the user unsubscribes
    • Complaint records: 4 years from the resolution of the complaint
    • Cookies: according to the validity period of the specific cookie (see Cookie Policy)

     

    Upon expiry of the retention period, personal data is securely deleted or anonymised.

    7. Your Rights

    As a data subject, you have the following rights under the GDPR, which you may exercise free of charge by contacting us at info@jdmshop.cz:

     

    7.1 Right of Access (Art. 15 GDPR)

    You have the right to obtain confirmation as to whether we process your personal data and, if so, to access that data along with information about the purpose, categories, recipients, and retention period.

     

    7.2 Right to Rectification (Art. 16 GDPR)

    You have the right to have inaccurate personal data corrected or incomplete personal data completed.

     

    7.3 Right to Erasure (Art. 17 GDPR)

    You have the right to request the erasure of your personal data where the purpose of processing has ceased, you have withdrawn your consent, or you have objected to processing, and there is no other legal basis for processing.

     

    7.4 Right to Restriction of Processing (Art. 18 GDPR)

    You have the right to request restriction of processing, for example while the accuracy of data or the lawfulness of processing is being verified.

     

    7.5 Right to Data Portability (Art. 20 GDPR)

    You have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another controller.

     

    7.6 Right to Object (Art. 21 GDPR)

    You have the right to object at any time to the processing of your data on the basis of legitimate interests, including profiling and direct marketing. Where you object to direct marketing, we will no longer process your data for that purpose.

     

    7.7 Right to Withdraw Consent

    Where processing is based on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal.

     

    7.8 Right to Lodge a Complaint

    You have the right to lodge a complaint with a supervisory authority. In the Czech Republic, the competent supervisory authority is:

     

    Office for Personal Data Protection (UOOU)

    Pplk. Sochora 27, 170 00 Praha 7, Czech Republic

    Website: www.uoou.cz

     

    If you are purchasing from another EU member state, you may also contact the supervisory authority in your country of residence.

     

    We will respond to your requests without undue delay and no later than 30 days from receipt.

    8. Cookies

    Our e-shop uses cookies and similar technologies. Detailed information about the cookies used, their purposes and how to manage them is set out in our separate Cookie Policy available on our website.

     

    Consent to analytical and marketing cookies may be given or withdrawn via the cookie banner or through the settings in the website footer.

    9. Automated Decision-Making and Profiling

    We do not carry out automated decision-making within the meaning of Article 22 of the GDPR that would produce legal effects or similarly significantly affect you. Should we introduce such processing in the future, we will inform you in advance and provide you with the relevant rights.

    10. Security of Personal Data

    We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or misuse, including in particular:

    • Encryption of data transmissions using TLS/SSL protocol (HTTPS)
    • Encrypted password storage (bcrypt or equivalent standard)
    • Restriction of access to personal data to authorised personnel only
    • Regular security audits and data backups
    • Confidentiality agreements with employees and processors

    11. Changes to This Policy

    We may update this Privacy Policy from time to time, in particular in response to changes in legislation or our services. The current version is always available on our website. We will notify you of any material changes by e-mail or by a notice on our website.

    12. Contact Details for Data Protection Matters

    To exercise your rights or for any questions regarding the processing of your personal data, please contact us:

     

    TheKotlaba s.r.o.

    Heinemannova 2698/11, Praha 6, 160 00, Czech Republic

    E-mail: info@jdmshop.cz

    Website: www.jdmshop.cz

     

    This Privacy Policy is valid and effective from 1 June 2026