What are you looking for?

We recommend

mikina Iconic Ensana Unisex Black Zip-Up Hoodie €69
cepice cerna 2 Ensana Sport & Leisure Black Cap €24
teplaky 2 Ensana Unisex Black Jogger Pants €49
taska Ensana Canvas Tote €14
velka osuska Ensana Bath Towel €22
rucniky Ensana Towel €12
cepice seda 2 Ensana Sport & Leisure Grey Cap €24
triko cerne 2 Ensana Unisex Relaxed Black T-shirt €29
Ensana Bathrobe Edit Ensana Velvet Bathrobe €69
Home / Privacy policy

Privacy policy

PRIVACY POLICY

www.ensana.shop

 

  • INTRODUCTION

 

      1. This privacy policy relates to the processing of personal data by Ensana s.r.o., Company ID: 05456274 (hereinafter "we" or "Company"), in connection with the operation of an online store (e-shop) on the website https://www.ensana.shop/ (hereinafter "Website"), primarily during the conclusion and performance of contracts via our e-shop and other related activities.
      2. The aim of this document is to provide detailed information in accordance with the European Parliament and Council Regulation (EU) 2016/679 of April 27, 2016, on the protection of natural persons in relation to the processing of personal data and on the free movement of such data, and the repeal of Directive 95/46/EC (General Data Protection Regulation) (hereinafter "Regulation"), about how the Company processes personal data.
      3. The information contained in this document applies primarily to customers, individuals who provide their personal data to us, and, to a reasonable extent, also to potential, future, or former customers. It also applies to users of the Website. In addition, the information may also apply to the processing of personal data of other individuals, such as suppliers or individuals whose personal data is processed in connection with a relationship between our Company and a customer.

 

  • IDENTITY and CONTACT DETAILS OF THE DATA CONTROLLER and the Data Protection Officer

 

    1. The data controller is the Company, Ensana s.r.o., Company ID: 05456274, with its registered office at Na příkopě 392/9, Staré Město, 110 00 Prague 1, registered in the Commercial Register kept by the Municipal Court in Prague under file number C 326275.
    2. As the data controller, we determine the purposes and means of processing personal data as described in this document. If you have any questions regarding the processing of your personal data, please do not hesitate to contact us at the Company's office or via the email address info@ensanahotels.com.
    3. To ensure the proper fulfillment of our obligations under the Regulation, we have appointed a Data Protection Officer, who you can also contact for inquiries at dpo@ensanahotels.com.
  1. SOURCES AND SCOPE OF PERSONAL DATA PROCESSING
    1. From you, based on your requests and in the course of shopping on our e-shop, when contacting us through the Website, or during personal, telephone, email, and written communication;
    2. From third parties authorized to handle your personal data and provide it to us when certain conditions are met;
    3. From publicly available sources, particularly from the internet if you publicly disclose data; from public registers, such as the Commercial Register or Insolvency Register, or from debtor registers;
    4. From our own activity when evaluating the data you provide to us.
    1. Identification and contact details: first and last name, date of birth, residential address (street, city, postal code), email, phone number;
    2. Data processed in connection with the user account (login details and information in the user profile);
    3. Payment data: particularly bank account number and necessary data from payment service providers (payment gateway) on our Website;
    4. Data about the mutual contractual relationship or communication: for example, the price of goods or services, contract date, complaints, fulfillment of mutual rights and obligations under the contract, etc.;
    5. Other personal data voluntarily provided to the Company, such as through the "Contacts" contact form and during mutual communication.
    1. We obtain (or may obtain) your personal data primarily:
    2. The Company processes personal data to the extent necessary to fulfill the purposes listed below. The personal data processed includes, in particular:
  2. PURPOSES OF PROCESSING AND THEIR LEGAL BASIS

All personal data is processed lawfully and transparently, and only appropriate, relevant, and necessary data is required in relation to the purpose of the processing.

 

  • Contract Fulfillment

 

The data you provide is primarily used for contract fulfillment purposes (such as purchasing on our e-shop). Providing personal data for the purpose of contract fulfillment and for responding to your inquiries or providing requested information is our contractual requirement, and failure to provide this data may result in the non-conclusion of the contract.

This purpose also includes all personal data processing related to negotiations for concluding a contract, fulfilling mutual rights and obligations during the contract, including answering your questions, and potentially negotiating the termination of the contract. It also applies to the processing of data in connection with managing your user account on the Website.

The legal basis is the necessity of processing for the performance of a contract as per Article 6(1)(b) of the Regulation.

For contract fulfillment purposes, we process all personal data mentioned in section 3.2.

 

  • Compliance with Legal Obligations

 

An important use of your personal data is processing for the purposes of fulfilling our legal obligations, particularly regarding accounting, taxes, and archiving. The legal basis is the necessity for compliance with legal obligations as per Article 6(1)(c) of the Regulation.

 

  • Protection of Legitimate Interests of the Company

 

Your data may also be processed for the purposes of protecting the legitimate interests of our Company. In this case, we may process personal data without your consent if the legitimate interests of our Company outweigh your interests or rights and freedoms to protect privacy and personal data. These legitimate interests include:

  1. Evaluating creditworthiness, debt collection, and defending the Company's legal claims;
  2. Handling mutual communications via the Website or other communication channels;
  3. Sending marketing communications (to existing customers with offers of similar products or services);
  4. Evaluating customer satisfaction with our services;
  5. Internal administrative purposes, conducting analyses, reporting, risk assessments, monitoring satisfaction, optimizing, and improving service quality, etc.;
  6. Backing up data from our servers and logging all activities for problem analysis and security purposes;
  7. Ensuring the proper operation of the Website, including the use of necessary cookies.

The legal basis is the necessity of processing for the protection of legitimate interests as per Article 6(1)(f) of the Regulation.

For the protection of legitimate interests, we may process all personal data listed in section 3.2, but only to the necessary extent for the specific legitimate interest of our Company.

 

  • Consent

 

In specific cases, our Company processes personal data for purposes for which none of the above legal bases apply. In such cases, processing is based on the consent of the data subject, where the subject is informed about the purposes of the processing and the possibility of withdrawing consent.

This may involve offering products and services (marketing purposes) to non-existing customers or the use of non-essential cookies (such as analytical or marketing cookies) for which consent is requested.

The legal basis is consent as per Article 6(1)(a) of the Regulation.

  1. HOW LONG DO WE PROCESS PERSONAL DATA?
    1. For contract fulfillment purposes for the duration of the contract;
    2. For compliance with the Company’s obligations regarding archiving, records, accounting, and taxes for a maximum of 10 years from the end of the calendar year in which the performance was provided, unless applicable legal regulations require a longer period;
    3. For the protection of the legitimate interests of the Company, such as enforcing claims or debt collection, for the duration of the limitation period for asserting the Company's rights under the contract;
    4. For marketing purposes (sending business communications about services, products, projects, contracts, and events), for 3 years after the end of the contract or 3 years from granting consent, if no contract is concluded.
    1. Your data will be processed:

After this period, the data will be deleted. If we have specified a particular period for the processing of personal data, we will never exceed it.

  1. RECIPIENTS OF PERSONAL DATA
    1. Providers of server, web, cloud, and IT services;
    2. Providers of marketing services;
    3. Providers of tax, legal, accounting, and administrative services;
    4. Payment service providers (payment gateway).
    1. Personal data is shared with third parties who cooperate with our Company and are involved in processing personal data, or to whom the data may be made available for other reasons in accordance with applicable legal regulations. Appropriate safeguards are put in place to ensure adequate protection of personal data. Personal data may be provided to:
    2. Personal data is processed exclusively within the territory of the European Union.
  2. SECURITY OF PERSONAL DATA AND METHODS OF PROCESSING
    1. The Company processes personal data both manually and automatically within its information systems. Automated processing includes the evaluation (profiling) of customer data; however, no decisions are made based solely on automated processing that would have a legal effect or significantly affect the customer.
    2. We advise that there is always a risk of personal data being leaked, misused, or lost. We take all necessary measures to avoid such incidents, including employee training and using reliable technical solutions. If a security breach occurs that poses a high risk to your rights and freedoms, we will promptly inform you via the provided email address and on our Website, providing all necessary details.
  3. Cookies
    1. Necessary cookies: Required for the operation of the Website, enabling functions like logging into secure areas. This category cannot be disabled.
    2. Analytical/statistical cookies: Allow us to recognize and count visitors and monitor how they use the Website. They help improve the functionality of the Website.
    3. Advertising cookies: Track preferences and allow targeted ads based on your interests and online behavior.
    1. We would like to inform you that our website uses cookies. Cookies are text files containing small amounts of information that are downloaded to your device when you visit our website. These cookie files are then sent back to the website or another website that recognizes them on each subsequent visit.
    2. Cookies serve various purposes, such as enabling efficient navigation on the website, remembering your preferences, and generally improving the user experience. They can also ensure that online advertisements are better tailored to you and your interests.
    3. On the website, we use the following cookies:
    4. Consent to cookies can be given through a so-called cookie banner. You can also reject cookies or set the use of only some cookies in the cookie banner.
    5. Please note that third parties (including, for example, external service providers) may also use cookies and/or access data collected by cookies on the website.
  4. RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA
    1. Right of Access to Personal Data. You have the right to obtain confirmation from the Company as to whether or not personal data concerning you is being processed, and if so, you have the right to access this personal data and other specified information. In such a case, the Company will also provide a copy of the personal data being processed.
    2. Right to Rectification. You also have the right to have the Company rectify inaccurate personal data concerning you without undue delay. Taking into account the purposes of processing, you have the right to complete incomplete personal data, including by providing an additional statement.
    3. Right to Erasure ("Right to be Forgotten"). You have the right to request the Company to erase personal data concerning you without undue delay, and the Company has the obligation to erase the personal data without undue delay if there is any of the reasons stipulated by regulation, and the Company is not entitled to retain the personal data for another reason.
    4. Right to Restriction of Processing. You have the right to request the Company to restrict the processing of personal data, particularly if you dispute the accuracy of the personal data, if you raise an objection to the processing, and in other cases stipulated by the regulation.
    5. Right to Data Portability. You have the right to obtain from the Company the personal data concerning you and which you have provided to the Company, in a structured, commonly used, and machine-readable format, and the right to transfer such data to another controller, in cases where processing is based on consent and is carried out automatically.
    1. In connection with the processing of personal data by the Company, you have the following rights:
  5. RIGHT TO WITHDRAW CONSENT AND RIGHT TO OBJECT
    1. Right to Withdraw Consent. In the case of processing personal data based on consent, you are not obligated to grant your consent for processing, and if you do, you are also entitled to withdraw your consent at any time. If you wish to withdraw your consent for the processing of personal data, you can contact us using the contact details above. Withdrawal of consent does not affect the processing of personal data in cases where consent is not required.
    2. Right to Object. In situations where personal data is processed for the purposes of protecting the legitimate interests of the Company or third parties, you are entitled to object to such processing.
    1. Without prejudice to the rights in the previous Article 9, we particularly draw attention to the following rights:
  6. RIGHT TO LODGE A COMPLAINT
    1. If you believe that your personal data is being processed in violation of legal regulations, you can file a complaint with the Office for Personal Data Protection, address: Pplk. Sochora 27, 170 00 Prague 7, phone: +420 234 665 111, website: https://www.uoou.cz/.
  7. FINAL PROVISIONS
    1. These privacy policies may be changed from time to time. All changes will be published on the Website. If the changes are significant, we will notify you by email.
    2. If you need any part of this text explained, advice, or wish to discuss further processing of your personal data, you can contact us at any time at info@ensanahotels.com.
    3. These privacy policies are valid and effective as of February 26, 2025, with the current version published on the Website and also available at the Company's headquarters.