Data Protection and Cookie Policy

Effective from: 1 May 2025

Introduction

Father’s Coffee Roastery s.r.o. (hereinafter "the Controller") processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), Act No. 110/2019 Coll. on the processing of personal data, and Act No. 127/2005 Coll. on electronic communications.

This document describes what personal data we collect, why we process it, how long we retain it, to whom we disclose it, and what your rights are. It also contains information about the use of cookies on fathers.cz.

Data Controller

The controller of your personal data is:

  • Father’s Coffee Roastery s.r.o.
  • ID No.: 06533604, VAT ID: CZ06533604
  • Registered office: Mitrovická 128/66, Ostrava 724 00
  • E‍-‍mail: info@fathers.cz
  • Phone: +420 736 532 744

What Personal Data We Process

Depending on your interaction with our website, we process the following categories of personal data:

  • Identification data – first name, last name
  • Contact data – email address, phone number
  • Address data – billing, contact and delivery address
  • Transaction data – order contents, price, payment and delivery method, order status, invoice number
  • Customer account data – login email, order history, subscription, pricing level
  • Behavioural and analytics data – IP address, browser type, pages visited, visit times, on‍-‍site interactions (collected via Google Analytics and Hotjar)
  • Marketing data – interactions with advertising campaigns (Meta Ads, Google Ads), tracking identifiers (collected with consent only)

Purposes and Legal Basis of Processing

We process your personal data exclusively for the purposes listed below and always on the basis of an appropriate legal ground under Art. 6 GDPR.

Order fulfilment and contract performance

Processing and delivery of your order, issuing an invoice, communication about shipment status, handling complaints or withdrawal from the contract.

Legal basis: Art. 6(1)(b) GDPR – performance of a contract. Retention for 10 years for tax and accounting purposes (legal obligation under Art. 6(1)(c) GDPR).

Customer account management

Maintaining your customer account, access to order history, managing subscriptions and personal preferences.

Legal basis: Art. 6(1)(b) GDPR – performance of a contract (contractual relationship arising from registration). Data is retained for the duration of the customer account and 3 years after its cancellation.

Compliance with legal obligations

Bookkeeping, archiving invoices, fulfilling obligations towards tax authorities, and protecting rights in the event of a legal dispute.

Legal basis: Art. 6(1)(c) GDPR – compliance with a legal obligation. Retention for the period required by applicable law (typically 10 years).

Direct marketing and newsletter

Sending commercial communications (newsletter, promotions, news) by email or via retargeting ads on social networks (Meta Ads).

Legal basis: Art. 6(1)(a) GDPR – your consent (for new contacts), or Art. 6(1)(f) GDPR – legitimate interest of the controller (for existing customers). Consent can be withdrawn at any time by unsubscribing.

Traffic analytics and website improvement

Measuring website traffic, analysing user behaviour, and optimising the user interface using Google Analytics 4, Google Tag Manager, and Hotjar.

Legal basis: Art. 6(1)(a) GDPR – your consent given via the cookie banner. Data is anonymised or pseudonymised and retained for a maximum of 26 months (GA4).

Recipients and Processors of Personal Data

We share your personal data only with vetted third parties that are necessary for operating the e‍-‍shop or for compliance with legal obligations. Each recipient is bound by confidentiality and processes data solely on the basis of a data processing agreement:

  • Fakturoid s.r.o. – invoicing system; billing and contact data for issuing documents (EU)
  • GoPay s.r.o. – payment gateway; payment data necessary for processing online payments (EU)
  • PPL CZ s.r.o. / DPD – delivery services; name, address and phone number of the parcel recipient (EU)
  • Google LLC – Google Analytics 4, Google Tag Manager, Google Ads; anonymised analytics and advertising data; transfer to the USA under Standard Contractual Clauses (SCC)
  • Meta Platforms Ireland Ltd. – Meta Pixel (Facebook / Instagram Ads); advertising and retargeting data; transfer to the USA under SCC
  • Hotjar Ltd. – user behaviour analytics (heatmaps, session recordings); pseudonymised behavioural data; transfer to the USA under SCC
  • Amazon Web Services EMEA SARL – cloud infrastructure (hosting, database, emails); data stored in the EU region (Frankfurt); transfers outside the EU under SCC

We do not sell, rent, or otherwise disclose your personal data to third parties for their own marketing purposes.

Your Rights

As a data subject, you have the following rights under GDPR, which you can exercise in writing at the controller's address or by email at info@fathers.cz:

  • Right of access (Art. 15) – the right to obtain confirmation of whether we process your personal data and to access that data
  • Right to rectification (Art. 16) – the right to have inaccurate data corrected or incomplete data completed
  • Right to erasure (Art. 17) – the right to have data deleted when the processing purpose has ceased or consent has been withdrawn and no other legal basis exists
  • Right to restriction of processing (Art. 18) – the right to request that processing be restricted in cases provided by law
  • Right to data portability (Art. 20) – the right to receive your data in a structured, machine‍-‍readable format
  • Right to object (Art. 21) – the right to object to processing based on legitimate interest or for direct marketing purposes
  • Right to withdraw consent – consent to processing (marketing, cookies, analytics) can be withdrawn at any time without affecting the lawfulness of processing prior to withdrawal
  • Right to lodge a complaint – the right to lodge a complaint with the supervisory authority: Office for Personal Data Protection (ÚOOÚ), Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz

We will respond to your request without undue delay and no later than 30 days. In exceptional cases, the deadline may be extended by a further 2 months, and we will inform you of this.

Contact and Complaints

Please send all inquiries, requests to exercise rights, or complaints regarding the processing of personal data to:

  • Email: info@fathers.cz
  • By post: Father’s Coffee Roastery s.r.o., Mitrovická 128/66, Ostrava 724 00

If you believe that the processing of your personal data violates GDPR, you have the right to lodge a complaint with the Office for Personal Data Protection (ÚOOÚ): www.uoou.cz, tel. +420 234 665 111.

Cookie Policy

Cookies are small text files stored in your browser when you visit our website. We use them to improve website functionality, analyse traffic, and personalise content and advertisements. Cookies stored without consent are strictly necessary for the website to function; other cookies are activated only on the basis of your voluntary consent given via the cookie banner.

You can change or withdraw your cookie consent at any time by clicking the “Cookie settings” link in the website footer or directly in your browser settings. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

Strictly necessary cookies

These cookies are necessary for core website functionality – logging in to your customer account, managing the cart, selecting language, currency and delivery country. Without them the website would not function correctly. They are stored without your consent on the basis of the controller's legitimate interest (Art. 6(1)(f) GDPR). Their validity is limited to the session or a maximum of 1 year.

Analytics cookies

Analytics cookies help us understand how visitors use the website. We collect anonymised or pseudonymised data about pages visited, time spent on the site, and interactions. We use Google Analytics 4 (operated by Google LLC) and Hotjar (operated by Hotjar Ltd.) to collect data. GA4 data is retained for a maximum of 26 months and transferred to the USA under Standard Contractual Clauses. These cookies are activated only with your consent.

Marketing cookies

We use marketing cookies to display relevant advertisements on social networks and in search engines. We use Meta Pixel (Facebook / Instagram, operated by Meta Platforms Ireland Ltd.) and Google Tag Manager for managing advertising tags including Google Ads. This data is transferred to the USA under Standard Contractual Clauses. These cookies are activated only with your explicit consent and can be withdrawn at any time.

Current list of all cookies used on this website, including their provider, purpose and expiry:

Cart