PRIVACY POLICY
JANUARY 1, 2026 · BOLDHUMAN S. R. O.
1. Controller
The controller of your personal data is:
BoldHuman s. r. o.
Štúrova 128/17, 05801 Poprad, Slovak Republic
IČO: 54297346 | VAT ID: SK2121624516
E-mail: info@boldhuman.studio
2. Data Protection Officer (DPO)
We have appointed a Data Protection Officer (DPO):
Samuel Kušnír – info@boldhuman.studio
3. What personal data we process
We process only data necessary to sell and deliver physical goods (t-shirts) in the EU, handle payments, accounting, and complaints.
A) Order & delivery data (Stripe checkout + delivery):
- identification data (name, surname)
- contact data (email; phone number if provided/required for delivery)
- delivery address and billing address
- order details (product, size, quantity), delivery method, shipping fee
- optional business details if you provide them (company name, VAT ID)
B) Payment data (Stripe):
- payment status, payment method, transaction identifiers (e.g., Stripe payment ID)
- We do not store full card details; Stripe processes payment data.
C) Complaints / customer communication:
- your email communication, defect description, photos if you send them, and related order identifiers
D) Website analytics (GA4):
- online identifiers and technical data collected via cookies/trackers (e.g., device/browser information, pages visited, approximate location derived from IP, interactions)
4. Purposes and legal bases
We process personal data for the following purposes:
1. Order processing and delivery (contract performance)
2. Legal basis: Article 6(1)(b) GDPR.
3. Payments (contract performance)
4. Legal basis: Article 6(1)(b) GDPR.
5. Accounting and tax obligations (invoicing, bookkeeping)
6. Legal basis: Article 6(1)(c) GDPR (legal obligation).
7. We retain accounting records for 10 years (typical statutory retention for accounting/tax evidence).
8. Handling complaints and legal claims
9. Legal basis: Article 6(1)(f) GDPR (legitimate interest to handle and document complaints and protect legal rights) and/or Article 6(1)(c) where required.
10. Security, fraud prevention, abuse prevention
11. Legal basis: Article 6(1)(f) GDPR.
12. Website analytics (GA4)
13. Legal basis: Article 6(1)(a) GDPR (consent) for analytics cookies/trackers. Slovak guidance generally requires prior consent for non-essential cookies (including analytics).
5. Recipients of personal data
We share personal data only with providers necessary for the purchase:
- Stripe (payment processing)
- Packeta (delivery)
- SuperFaktúra (invoicing)
- External accountant (accounting/tax processing)
6. International transfers (outside the EEA)
Some providers (notably Stripe and Google) may process data outside the EEA. Where applicable, transfers are protected by safeguards such as the EU Standard Contractual Clauses (SCCs) used in their data processing terms.
7. Cookies and Google Analytics 4 (GA4)
We use cookies/trackers to ensure basic functionality and, with your consent, to measure and improve website performance via Google Analytics 4.
- Necessary cookies: required for the Website to function (consent not required).
- Analytics cookies (GA4): used only if you consent (opt-in).
- We use Complianz as our cookie consent tool to manage cookie categories and to ensure GA4 is loaded only after consent (or configured so analytics storage is denied until consent, depending on setup)
GA4 data retention: we intend to set GA4 user-level data retention to 14 months (or less).
8. How long we keep your data (retention)
We keep personal data only as long as necessary:
- Orders, invoices, and accounting records: 10 years
- Order support communication: up to 2 years after the order is completed (unless longer is required for legal claims)
- Complaints/reclamations documentation: up to 2 years after the complaint is closed (unless longer is required for legal claims)
- GA4 analytics data: according to the GA4 retention setting (intended: 14 months)
- Consent logs (Complianz): as long as needed to demonstrate compliance
9. Your rights
You have the right to access, rectification, erasure (where applicable), restriction, portability (where applicable), objection (legitimate interest), and to withdraw consent at any time (for analytics/cookies).
Contact: info@boldhuman.studio (or mark your request “DPO”).
10. Supervisory authority
You can lodge a complaint with the Slovak supervisory authority:
Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov SR), Námestie 1. mája 18, 811 06 Bratislava, Slovak Republic.
11. Security
We apply reasonable technical and organizational measures (access controls, minimization, vetted providers, secure handling procedures).
12. Changes
We may update this Privacy Policy. The current version is always published on the Website with the effective date.
Boldhuman s. r. o.
Štúrova 128/17
05801 PopraD
ID:54297346
tax ID: 2121624516
VAt ID: SK2121624516
Terms & conditions
Right of withdrawal
complaints policy
Privacy Policy
cookies Policy