Privacy policy

Last updated: Dec 30, 2025

This Privacy Policy explains how Papeora, Pavla Miksová (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit www.papeora.com or purchase digital products.

We comply with the General Data Protection Regulation (GDPR), Czech data protection laws, and internationally recognized privacy standards.

1. Data Controller

Papeora
Pavla Miksová
IČO: 04065794
Address: Podebradova 2264, Úvaly, 250 82, Czech Republic
Email: hello@papeora.com

2. Personal Data We Collect

A. Data You Provide
  • Name

  • Email address

  • Billing address / country

  • Order details

  • Customer support communication

We do not store credit card information — payments are processed by Shopify Payments, or PayPal.

B. Automatically Collected Data
  • IP address

  • Browser type

  • Device information

  • Referring/exit pages

  • Cookies and tracking pixels

  • Website usage analytics

3. Purpose of Processing & Legal Basis

Purpose

Legal Basis

Processing your order

Contract

Delivering digital products

Contract

Customer support

Legitimate interest

Fraud prevention & platform security

Legitimate interest

Accounting & tax compliance

Legal obligation

Email marketing (if subscribed)

Consent

Analytics & performance

Legitimate interest / Consent

4. Cookies

We use cookies to:

  • ensure Website functionality

  • analyze traffic

  • improve user experience

  • remember preferences

You may manage cookie preferences via your browser or our Cookie Settings (if applicable).

See our Cookie Policy for more details.

5. Sharing of Data

We only share data with trusted third parties necessary to operate our business:

  • Shopify (store platform)

  • Shopify Payments / PayPal (payment providers)

  • Email providers

  • Analytics tools (Google Analytics, Meta Pixel, etc.)

These processors follow GDPR-compliant data protection safeguards.

6. International Data Transfers

Some of our service providers (such as Shopify, payment processors, and analytics tools) are located outside the European Union, including the United States.

When this happens, we ensure that your personal data is protected using appropriate legal safeguards required by GDPR, such as standard contractual clauses or other approved mechanisms.

7. Data Retention

  • Orders & accounting: 10 years (legal obligation)

  • Customer support messages: 1–3 years

  • Newsletter subscription: until consent is withdrawn

  • Cookies: per cookie expiration settings

8. Your Rights

You may request:

  • access to your data

  • correction of inaccurate data

  • deletion (“right to be forgotten”)

  • restriction of processing

  • data portability

  • withdrawal of consent (e.g., unsubscribe from marketing)

Contact: hello@papeora.com

If you believe your rights are violated, you may complain to:
Úřad pro ochranu osobních údajů (Czech Data Protection Authority)

9. Security

We use technical and organizational measures to secure your data and prevent unauthorized access.

10. Updates

This Privacy Policy may be updated periodically.
Changes become effective upon publication.