Login

Country

Language

Cart

Your cart is empty

Privacy Policy

Privacy Policy

Last updated: 22 August 2025

This Privacy Policy describes how VALMIO s.r.o. Collects, uses, discloses, and safeguards your personal data when you visit our websites, purchase our products, or otherwise interact with us. It applies to processing subject to the EU/EEA GDPR and the UK GDPR where applicable.

Quick summary

  • Controller: VALMIO s.r.o., Stará Kysibelská 585/23, 360 01 Karlovy Vary, Czech Republic; Email: info@valmio.eu
  • What we collect: contact details, order data, payment and delivery data, account and preferences, support history, device/usage and cookie data.
  • Why: to fulfil contracts, operate and secure our sites, customer support, analytics, and marketing with your consent.
  • Legal bases: contract Art. 6(1)(b), legitimate interests Art. 6(1)(f), consent Art. 6(1)(a), legal obligations Art. 6(1)(c).
  • Your rights: access, rectification, erasure, restriction, portability, object, withdraw consent, and complain to a supervisory authority.

Contents

1. Data controller & contact

The data controller is VALMIO s.r.o., Stará Kysibelská 585/23, 360 01 Karlovy Vary, Czech Republic. Email: info@valmio.eu. Telephone: +420 601 001 585.

We have not appointed a Data Protection Officer. For all privacy queries, please use the contact details above.

2. Personal data we collect

Category Examples Sources
Identity & contact Name, billing and shipping address, email, phone Provided by you when ordering, creating an account, contacting support
Order & fulfilment Order history, cart contents, delivery preferences, returns From our e‑shop checkout and account area
Payment Payment method, transaction IDs (we do not store full card details) Via our payment processors
Support & communication Emails, chat messages, call notes, tickets When you contact us or we reach out to you
Device & usage IP address, device identifiers, browser type, pages viewed, actions, timestamps Automatically via cookies, pixels and logs
Marketing & preferences Newsletter opt‑ins/opt‑outs, interests, campaign interactions Via consent banners, email forms, ads
User‑generated content Product reviews, Q&A, uploaded media Submitted by you on our sites or social pages
Fraud prevention Risk scores, verification checks From anti‑fraud tools and payment partners

3. Purposes and legal bases

Purpose Details Legal basis
Provide e‑shop services & fulfil orders Processing orders, payments, shipping, returns, warranty Contract performance (Art. 6(1)(b)); legal obligations (Art. 6(1)(c))
Customer support Answering queries, troubleshooting, service emails Contract (Art. 6(1)(b)); legitimate interests (Art. 6(1)(f))
Operate, secure & improve websites Analytics, security monitoring, debugging, load balancing Legitimate interests (Art. 6(1)(f)); consent for non‑essential cookies (Art. 6(1)(a))
Marketing & personalisation Newsletters, special offers, retargeting, on‑site recommendations Consent (Art. 6(1)(a)); legitimate interests (Art. 6(1)(f)) where permitted
Fraud prevention & compliance Risk scoring, chargeback handling, record‑keeping, tax & accounting Legitimate interests (Art. 6(1)(f)); legal obligations (Art. 6(1)(c))

4. Cookies & similar technologies

We use cookies and similar technologies on our website and process personal data of visitors (e.g., IP address) to personalise content and ads, integrate third‑party media, and analyse traffic. Data processing only takes place when cookies are set. We share this data with third parties named in the cookie settings. Processing may be based on your consent or on our legitimate interests. You can give or refuse consent, and you have the right not to consent and to change or withdraw consent later at any time via the cookie banner or your browser settings. More details are provided in this Privacy Policy.

Cookie categories in our banner: Essential · Functional · Statistics · Marketing · External media · Further settings.

4.1 Managing cookies

Cookies are small text files stored by your browser. You can control cookies in your browser (block, delete, allow per‑site) and via our on‑site consent banner. Note that disabling certain cookies may limit site functionality (e.g., cart/checkout).

4.2 Technically necessary (essential) cookies

These are required for core functionality such as cart, checkout, authentication, security and load balancing. Processing is based on our legitimate interests in providing a secure and functional website (GDPR Art. 6(1)(f)).

4.3 Functional cookies

Remember preferences (e.g., language, currency, region). Processing is based on consent where required.

4.4 Statistics (analytics)

We use analytics to understand site usage and improve services. Where required, analytics only run with your consent (GDPR Art. 6(1)(a)).

  • Google Analytics 4 (Google Ireland Limited): page views, events, device data; IP is truncated before transfer; we may use Google Signals (cross‑device) and Advanced Consent Mode. Transfers to the USA are safeguarded (e.g., adequacy decision / SCCs). You can withdraw consent at any time.

4.5 Marketing & remarketing

Used to show relevant offers and measure campaign performance. These technologies run only with your consent unless otherwise permitted by law.

  • Meta Pixel (Facebook/Instagram, Meta Platforms Ireland): ad personalisation and conversion measurement; joint‑controller arrangement applies for collection and transmission; you can opt out in the banner.
  • Google Ads (incl. conversion tracking and remarketing) by Google Ireland; may include Advanced Consent Mode.
  • Microsoft Advertising (Bing Ads) by Microsoft Corporation: conversion tracking and audience measurement.
  • Pinterest Tag by Pinterest Europe Limited (if enabled on our shop).
  • Email marketing (newsletter beacons/links) via our ESP (e.g., Klaviyo/Mailchimp/Brevo) to measure opens and clicks; used only with your opt‑in.

4.6 External media

  • YouTube embeds (Google Ireland): videos are loaded with "privacy‑enhanced" mode; data transfers occur only when you play the video.
  • Social widgets or map services may load content from third‑party domains when you activate them.

4.7 Consent management

Our cookie banner records and stores your consent choices to meet legal obligations (GDPR Art. 6(1)(c)). It may set a cookie to remember your selections.

5. Detailed processing information

5.1 Server log files

When you access our websites, your browser transmits data to us or our hosting providers which is stored in server logs (e.g., requested URL, timestamp, IP address, referrer, user‑agent, data volume). Processing is based on our legitimate interests in operating a secure website and improving our services (GDPR Art. 6(1)(f)).

5.2 Proactive contact by email

If you contact us by email, we process your message and contact details to handle your request. If the contact aims at pre‑contractual steps or relates to an existing contract, processing is based on Art. 6(1)(b); otherwise on Art. 6(1)(f). You may object to processing under Art. 6(1)(f) on grounds relating to your situation.

5.3 Contact forms

When using our contact forms, we process the data you provide to respond (Art. 6(1)(b) or Art. 6(1)(f)). We retain only as long as necessary or as required by law.

5.4 Customer account

If you open an account, we process the data you provide to improve your shopping experience and simplify orders. Processing is based on your consent (Art. 6(1)(a)), which you can withdraw at any time; your account will then be deleted unless retention is required by law.

5.5 Orders & fulfilment

For orders we process only the data necessary to fulfil and handle your purchase and queries (Art. 6(1)(b)). We share data with delivery partners (e.g., Česká pošta, DPD, GLS, Packeta/Zásilkovna), payment providers (e.g., PayPal, Stripe, Apple Pay, Google Pay, or local PSPs), order‑processing and IT service providers. Transfers are limited to what is necessary.

5.6 Reviews & user content

If you post reviews or comments, we process the data you submit to display them (Art. 6(1)(a)); you may withdraw consent at any time.

5.7 Newsletters

We send newsletters only with your explicit consent (Art. 6(1)(a)). Our email service provider may use tracking pixels/links to compile anonymous statistics (opens, clicks). You can unsubscribe at any time via the link in each email; we then remove your address from the list.

5.8 Payment services

Depending on the payment method you select, processing by payment providers (e.g., PayPal; card processors; Apple Pay; Google Pay; local providers) is necessary to execute the contract (Art. 6(1)(b)). Some providers may perform credit checks under their legitimate interests (Art. 6(1)(f)); please refer to their privacy notices.

5.9 Anti‑spam & bot protection

We may use Google reCAPTCHA to protect forms from abuse. Processing is based on consent (where applicable) or our legitimate interests in securing our services.

5.10 Retention

After contractual processing is completed, we retain data for warranty periods and legal retention (especially tax and accounting), then delete or anonymise it, unless you have agreed to further processing.

5.11 Your rights & complaints

You have the rights of access, rectification, erasure, restriction, portability, objection (incl. to direct marketing), and to withdraw consent. Contact us at info@valmio.eu. You may lodge a complaint with your supervisory authority; in the Czech Republic: Úřad pro ochranu osobních údajů (ÚOOÚ), Pplk. Sochora 27, 170 00 Praha 7.

6. Disclosure to service providers & partners

5. Disclosure to service providers & partners

We share personal data with trusted recipients who help us run our business, under contracts that protect your data:

  • E‑commerce & hosting: platforms and hosting providers (e.g., Shopify or Upgates).
  • Payments: payment gateways and processors (e.g., Stripe, PayPal, or local providers) – we do not store full card numbers.
  • Delivery & logistics: shipping partners (e.g., DPD, DHL, Packeta) to deliver your orders and handle returns.
  • Customer support & reviews: helpdesk, live‑chat, and review platforms.
  • Professional services: accounting, legal and auditing providers where required.

We only disclose what is necessary for each purpose and require recipients to protect your information in line with applicable laws.

6. International data transfers

If personal data is transferred outside the EU/EEA or the UK, we ensure appropriate safeguards, such as adequacy decisions or the European Commission’s Standard Contractual Clauses, and conduct transfer risk assessments where required.

7. Data retention

We keep personal data only as long as necessary for the purposes set out in this policy, and to meet legal, accounting or reporting requirements. Typical retention periods:

  • Order & accounting records: 5–10 years (per local law)
  • Customer accounts: active period + 24 months of inactivity
  • Support communications: 24 months
  • Marketing consents & preferences: until withdrawn, then minimal logs to demonstrate compliance
  • Analytics data: per tool settings and your consent choices

8. Security

We apply technical and organisational measures to protect personal data, including encryption in transit, access controls, least‑privilege policies, regular updates and monitoring. No method of transmission or storage is 100% secure; we work to continuously improve our safeguards.

9. Your rights

Subject to legal conditions and limits, you have the right to:

  • Access your personal data and obtain a copy;
  • Rectify inaccurate or incomplete data;
  • Erase data ("right to be forgotten");
  • Restrict processing in certain cases;
  • Data portability to another controller;
  • Object to processing based on legitimate interests, including direct marketing;
  • Withdraw consent at any time for processing based on consent.

To exercise your rights, contact us at info@valmio.eu. We will respond within one month (extendable by two months for complex requests). We may need to verify your identity.

10. Children’s data

Our services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us to request deletion.

11. Automated decision‑making & profiling

We do not engage in automated decision‑making producing legal or similarly significant effects. We may use limited profiling (e.g., segmenting customers for offers) to tailor content and ads; you can object to such processing at any time.

12. Changes to this policy

We may update this Privacy Policy from time to time. The revised version will be posted on this page with an updated “Last updated” date. Material changes may be communicated by email or site notice.

13. How to contact us & complaints

If you have questions or concerns about this policy or our data practices, contact:

VALMIO s.r.o.
Stará Kysibelská 585/23, 360 01 Karlovy Vary, Czech Republic
Email: info@valmio.eu · Tel.: +420 601 001 585

You also have the right to lodge a complaint with your local supervisory authority. In the Czech Republic, this is the Office for Personal Data Protection (ÚOOÚ).


This Privacy Policy is intended to meet the transparency requirements of GDPR Arts. 12–14. It does not create contractual or third‑party beneficiary rights.

Full-grain leather

Quality Guarantee

Money-Back Guarantee

worldwide shipping