Last updated: 28 April 2025
This Privacy Notice (“Notice”) explains how Optimairarium s.r.o, registered under registry code 23309962 and having its registered address at Rybna 716/24, Old Town, 110 00 Prague 1 (“Company,” “we,” or “us”), processes your personal data. This Notice provides details about the types of personal data we collect, purposes and legal grounds for processing, data security measures, your rights, and other key information regarding our data protection practices. Please review this Notice carefully to understand how we handle your personal data when delivering our services.
By accessing or using our services, you confirm that you have read and understood this Privacy Notice.
1. Data Controller
The Company is the “data controller,” meaning we determine the purposes and means of processing your personal data and ensure that all processing activities comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) and related regulations.
2. Contact Details
- Company Name: Optimairarium s.r.o
- Registered Address: Rybna 716/24, Old Town, 110 00 Prague 1
For all privacy and data protection matters, please contact us at info@cosmoscanvas.net.
3. Sources of Personal Data
We collect personal data from the following sources:
- Direct Interactions: When you provide information by creating an account, making a purchase, or contacting customer support.
- Automated Means: Through cookies, analytics, and similar tracking technologies as you use our website and services.
- Third Parties: Including payment processors, service providers, public authorities, and publicly available sources.
4. Types of Personal Data We Process
We may collect, use, store, and transfer the following categories of personal data:
- User Account Data: Photos, full name, passwords, account settings, activity logs, referral links and IDs, employer, job role, etc.
- Contact Information: Name, email address, phone number, home or business address.
- Identification Data: Full name, place of residence, date of birth, identification numbers, and copies/data from ID documents.
- Technical Data: IP address, device information, browser type/version, operating system.
- Transaction Data: Details of orders, purchases, subscriptions, and payment history.
- Payment Data: Bank account information, card details, payment records.
- Marketing Data: Marketing and communication preferences, participation in campaigns and loyalty programs.
- User-Generated Content: Any data, documents, or other materials uploaded or provided via your account.
- Compliance Data: Information required for legal and regulatory compliance (e.g., AML, CFT, KYC).
- User Support Data: Data generated through customer service interactions, support requests, and resolution status.
5. Purposes and Legal Bases for Processing Personal Data
We process your personal data for the following purposes and on the following legal grounds:
|
Purpose |
Data Types Involved |
Legal Grounds |
|
Account Management and Registration |
User Account, Contact, Identification, Support Data |
Performance of contract |
|
Provision of Services |
Contact, Transaction, User-Generated Content |
Performance of contract |
|
Identity Verification |
Compliance, Identification |
Legal obligations; Legitimate interests |
|
Order Fulfillment |
Contact, Transaction |
Performance of contract |
|
Legal Compliance |
Contact, Identification, User-Generated Content |
Legal obligations |
|
Transaction Management |
Payment |
Performance of contract |
|
Risk Management |
Identification, Payment, User-Generated Content |
Performance of contract; Legal obligations; Legitimate interests |
|
Customer Communication and Support |
User Account, User Support |
Performance of contract |
|
Marketing Activities |
User Account, Identification, Technical, Marketing |
Consent; Legitimate interests |
|
Fraud Prevention |
Identification, Technical, Payment |
Legal obligations; Legitimate interests |
|
Security and IT Administration |
User Account, Technical, User Support |
Performance of contract; Legal obligations; Legitimate interests |
|
Technical Support and Service Maintenance |
User Account, Technical, User Support |
Performance of contract |
|
Service Improvement |
User Account, User Support |
Performance of contract; Legitimate interests |
|
Dispute and Claims Management |
User Account, Contact, Identification, Transaction, Payment, User-Generated Content, User Support |
Performance of contract; Legitimate interests |
6. Sharing and Disclosure of Personal Data
We may share your personal data with:
- Service Providers and Partners: Including payment processors, IT service providers, and analytics providers, strictly for the purposes described above and under confidentiality agreements.
- Government Authorities and Law Enforcement: Where required by law or to protect the rights, property, or safety of the Company, our customers, or others.
7. Data Retention
We retain personal data only as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, tax, and accounting requirements. We may retain personal data for:
- A minimum of 6 years for customer/account information for tax and regulatory purposes.
- Up to 5 years for AML-related compliance obligations.
- Until the expiry of relevant statutory limitation periods for potential legal claims (usually up to 10 years).
When personal data is no longer required, we securely delete or anonymize it. Data processed based on consent will be retained until consent is withdrawn.
8. International Data Transfers and Associated Risks
Your personal data may be transferred outside the European Economic Area (EEA), including to countries that may not provide an equivalent level of data protection as required under the GDPR. This may occur when our trusted service providers or business partners operate in jurisdictions outside the EEA.
Whenever such cross-border transfers occur, we take appropriate steps to ensure that your personal data receives an adequate level of protection as follows:
- Transfers are made to countries that the European Commission has officially recognized as providing an adequate standard of data protection; or
- We implement Standard Contractual Clauses (SCCs) approved by the European Commission, or the International Data Transfer Addendum, which contractually oblige the recipient of your data to protect it adequately; or
- We transfer data to third parties certified under an approved data transfer mechanism, such as the EU-U.S. Data Privacy Framework, where applicable.
Despite these safeguards, cross-border data transfers may expose your data to increased risks, including:
- Laws in the recipient country that may allow disproportionate access to your personal data by government authorities;
- Limitations on your ability to enforce your rights, seek remedies, or receive notification of government access requests;
- Absence of equivalent data subject rights or redress mechanisms available in your home jurisdiction.
We assess data transfer risks in accordance with GDPR requirements and take supplementary measures where necessary to mitigate those risks, including data minimization, encryption, and strict access controls.
By interacting with us and using our services, you acknowledge that your data may be transferred, processed, and stored outside of the EEA as described above. You may request further information on cross-border transfers or a copy of the safeguards in place by contacting us at info@cosmoscanvas.net.
9. Essential and Optional Data
Some personal data is mandatory to enable us to provide our services. Where data is required, it will be clearly indicated. You may choose whether to provide optional data, which may be managed via your account settings.
10. Data Security
We take the security of your personal data seriously and implement robust measures, including:
- Advanced encryption for data in transit and at rest.
- Strong access controls, including multi-factor authentication.
- Regular staff training on privacy and data protection.
- Frequent security audits and vulnerability assessments.
- Data minimization, collecting and retaining only what's necessary.
- Incident response plans for managing data breaches.
How you can help protect your data:
- Use complex, unique passwords and update them regularly.
- Enable two-factor authentication where available.
- Stay vigilant against phishing and scams.
- Keep software and devices up to date.
- Use secure networks, especially when dealing with sensitive information.
- Regularly monitor your accounts for unusual activity.
- Install reputable security software.
- Back up important data.
- Limit information sharing online and stay informed of best practices.
11. Your Rights
Subject to legal requirements and limitations, you have the right to:
- Access your personal data and obtain a copy.
- Rectify inaccurate or incomplete data.
- Request erasure where data is no longer necessary or processed unlawfully.
- Restrict processing of your data in certain circumstances.
- Object to certain processing activities, including marketing.
- Data portability to receive your data in a structured format or transmit it to another controller.
- Withdraw consent at any time where processing is based on consent.
To exercise these rights, please contact us using the details provided above. We may require verification of your identity before responding to your request.
12. Automated Decision-Making and Profiling
We do not make decisions about individuals based solely on automated processing that have legal or similarly significant effects. We may use profiling, such as analyzing preferences and usage to personalize your experience, but ensure that such activities do not adversely affect your rights or freedoms.
13. Data of Minors
Our services are not intended for individuals under 18 years of age (“Minors”). We do not knowingly collect or process data from Minors. If you believe a Minor’s personal data has been provided to us, please contact us promptly; we will take appropriate action to delete such data. By using our services, you confirm you are not a Minor.
14. Complaints
If you have any concerns or complaints about how we process your personal data, please contact us at info@cosmoscanvas.net. You may also have the right to lodge a complaint with your local data protection supervisory authority. In Czech Republic, contact:
Office for Personal Data Protection
Pplk. Sochora 27
170 00 Praha 7
Website: https://uoou.gov.cz/en
15. Updates to This Notice
We may update this Notice from time to time to reflect changes in our data processing practices or legal requirements. Substantial changes will be communicated clearly, such as via our website or by direct notification. By continuing to use our services after changes are published, you consent to the updated Notice.
