Privacy policy


pursuant to 110/2019 Coll., on the processing of personal data, as amended, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR") and related legislation.

In the following privacy notice we would like to inform you about the processing of your personal data by us.

1.       Company

The controller of your personal data is nanoSPACE s.r.o., ID No.: 291 61 215, with its registered office at Rohova 98, Dolejší Předměstí, 344 01 Domažlice, Czech Republic, registered in the Commercial Register administered by the Regional Court in Plzeň, section C, insert 27909 (hereinafter as the “Company”), which is mainly engaged in the production and sale of nanotechnology based products.

When processing personal data, the Company may act as a controller or processor of personal data.

2.      Type and origin of data processed by the Company

The customers of the Company are natural persons and legal entities interested in purchasing products offered by the Company.

We process the personal data of data subjects mainly for the purpose of fulfilling contractual and legal obligations arising from our activities so that we can deliver our products to our customers. Where the Company processes personal data as a processor, the purpose and means of processing are determined by the respective controller. Processing means that we obtain, store, erase and in some cases pass on personal data. 

We receive the personal data processed by us directly from our customers in the course of concluding a purchase contract or, where applicable, in the context of monitoring their activity on our website. We may also partially process personal data that we have obtained in accordance with the currently applicable data protection laws in other ways from publicly accessible sources, such as the commercial register or other registers.

3.      Purposes of processing by the Company as a personal data controller and legal titles of processing

If we act as a data controller, we always process personal data only for permitted purposes and in accordance with the currently applicable legal regulations.

3.1. Processing of personal data for the purpose of fulfilling our contractual obligations

We process personal data for the purpose of performance of our contractual obligations towards our customers in relation to the purchase of goods in the e-shop or to carry out the so-called pre-contractual measures following specific requests from the customer.

In the case of purchase of goods on the website, the Company is also in the position of the seller of the goods in question. In view of this, the Company processes the personal data of customers to the following extent: first name, last name, e-mail address, telephone number and delivery address.

The processing of such personal data of customers is carried out for the purpose of execution of the purchase contract between the Company and the customer, delivery of the ordered goods and also for the purpose of protecting the rights and legally protected interests of the Company.

If a product claim is filed with the Company, the Company will also process personal data for the purpose of handling such claim.

The company processes the above personal data of customers for as long as necessary. The personal data stored in the customer account on the website are retained until the customer account is deleted by the data subject or by the Company. Some personal data (e.g. personal data on invoices issued by the Company) are retained for the statutory archiving periods.

The processing of personal data pursuant to this article shall be carried out by the Company itself or by a third party processor. In the event that the ordered goods are delivered to the address specified in the order at the request of the customer, the Company shall also provide the customer's personal data to the relevant carrier.

3.2.  Processing of personal data for the purpose of maintaining our legitimate interests (taking your interests into consideration)

We also process personal data when it is necessary to maintain the legitimate interests of the Company as the data controller. This specifically includes, for example:

  • customer care and claim processing (in connection with claims processing, the Company also processes personal data for the purpose of protecting its rights and legally protected interests in the event of a possible dispute arising from a claim);
  • customer care and claim processing (in connection with claims processing, the Company also processes personal data for the purpose of protecting its rights and legally protected interests in the event of a possible dispute arising from a claim);
  • measures to improve our services and to enhance our customer relationships, e.g. customer surveys, improving and developing website content, measuring website traffic, etc;
  • protection of the Company's rights in the event of litigation related to the services provided;● ensuring the security of our system and website.

For these purposes, we process essentially all the personal data we hold about you, e.g. contact data, data obtained via cookies, security logs of your activity on our website, etc.

3.3.  Processing of personal data upon your consent

We also process your personal data on a case-by-case basis if you have given us your consent to do so. You can withdraw the consent you have given us at any time. Please note, however, that data processing carried out prior to this withdrawal of consent is still permissible.

If a visitor to the Company's website is interested in receiving newsletters and other promotional communications, he shall provide the Company with consent to the processing of personal data for this purpose. In this case, the Company will process the personal data provided by the visitor for these purposes, always at least to the extent of the e-mail address.

If the visitor to the website also provides his identification data, the Company also processes this data for the above purposes. The content of the newsletter may be personalised on the basis of the data provided and other data for the personalisation of the content that the Company learns from the visitor's behaviour on the website or the newsletter.

The visitor's personal data will be processed for the purpose of sending the newsletter if the website visitor fills in their personal data in the relevant form and subsequently confirms their newsletter subscription.

Without consent, the Company may only send the newsletter to its current or former customers based on the Company's legitimate interest. These commercial communications will always relate to a similar offer of goods or services that you have already ordered from the Company.

The personal data provided are processed until the consent given is withdrawn. The processing of personal data pursuant to this article shall be carried out by the Company itself or by a third party as a processor. The role of the processor of personal data in this context is usually performed by ECOMAIL.CZ, s.r.o., company ID: 02762943, with the registered office at Na Mlejnku 764/18, Braník, 147 00 Praha 4.

You can unsubscribe by clicking on the “Unsubscribe newsletter” link in the newsletter or advertising message sent to you.

3.4. Processing of personal data in order to comply with our legal obligations

We need to process some personal data in order to comply with the Company's legal obligations. These obligations may arise under applicable Czech law and European law. In particular, this may also entail obligations for the Company to retain, store, report and collect information that is generally used for the control purposes of the competent authorities and bodies concerned.

3.5. Information about change of purpose

If we ever process your personal data for a purpose other than that for which we originally collected it, we will inform you of this new purpose in accordance with the legal regulations.

4.       Purposes of processing by the Company as a processor of personal data

V případě, že Společnost při zpracování Vašich osobních údajů vystupuje jako zpracovatel osobních údajů, stanoví účel a také prostředky takového zpracování vždy příslušný správce osobních údajů. I v takovém případě však naše Společnost dodržuje veškeré právní předpisy týkající se zpracování Vašich osobních údajů a poskytuje jim vysokou míru zabezpečení. 

5.      Recipients of your data

Personal data may in some cases be disclosed to third parties as processors, in particular to external suppliers of our Company, operators of technologies used by the Company, or, to the extent necessary, to the Company's legal or tax advisors.

In addition, we may transfer personal data to other recipients if we are required to do so by law. In all other cases, we will only pass on your personal data to third parties if you have given us the respective permission to do so.

6.       Transfer to third countries or international organisations

Vaše údaje nepředáváme příjemcům v zemích bez přiměřené úrovně ochrany údajů (třetí země). 

7.       We do not transfer your data to recipients in countries without an adequate level of data protection (third countries).

We only process personal data for the purposes of fulfilling our contractual obligations for the time necessary to fulfil our contractual obligations. As soon as the data is no longer necessary for this purpose, it is deleted as a matter of principle.

In order to comply with certain legal requirements or to protect the Company's interests, we must retain certain data even after termination of the contractual relationship.

When assessing the retention period of personal data, we comply with the time limits set by the applicable legislation. If the processing period is not expressly stated in this document or set out in law, we will determine the adequacy of the processing period for personal data, in particular taking into account the length of the limitation period, with a reserve to learn whether a lawsuit or other proceedings have been filed, whether there is a likelihood of legal claims against the Company, and taking into account the expected timeframes for detecting attacks on our network or other security breaches, the usual practices and recommendations of supervisory authorities, and the likelihood and significance of the risks involved.

8.       Obligation to provide personal data

You provide personal data to the Company on a voluntary basis, but the provision of certain data is mandatory for the use of our services and delivery of goods. If there is a legal obligation to provide personal data, we will always inform you of this fact.

9.      Automatic decision making and profiling

We do not use automated decision-making or profiling procedures within the meaning of Article 22 of the GDPR when making decisions that may have legal consequences for you or otherwise materially affect you.

10.    Protecting the privacy of children

The Company does not knowingly engage in the collection of information from children as defined by applicable law. If we become aware that we have collected personal information relating to a child under the age of 16, we will take steps to delete that information as soon as possible. If you have information that a person under the age of 16 is using our website or services provided by the Company, please contact us at:

11.    Use of cookies and website analysis

Cookies are small data files, short texts, which are placed in the web browser of visitors to the Company's website. These cookies are used by the Company on its website to improve its functioning, to evaluate its traffic and to optimize its marketing activities.

Cookies are not used for the purpose of personal identification of visitors to the website, nor do they allow such identification.

If a visitor to the website does not agree to the collection of cookies, he can prevent the collection of cookies by changing the settings of his internet browser using the "Options" or "Help" function.

12.    Using social plugins

The Company's website also contains third-party social plug-ins that allow website visitors to share content with their friends and other contacts. These include:

  • Facebook plug-in administered by Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA;
  • Instagram plug-in administered by Instagram Inc., 1601 Willow Road, Menlo Park, California 94025, USA; and
  • Twitter plug-in administered by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA.

The social plugins are not administered by us and the Company is therefore not responsible for any processing of personal data by the aforementioned operators (administrators) of these plugins or the websites they link to, nor for their functionality or any damage they may cause.

13.    Your rights in relation to the processing of personal data

In connection with the processing of personal data by the Company, the persons concerned have the following rights under the GDPR, or within the limits set by law, (i) the right to information about the processing carried out, (ii) the right to access the personal data processed, (iii) the right to rectification or erasure of personal data, (iv) the right to restriction of the processing of personal data, (v) the right to portability of personal data, (vi) the right to object to processing, and (vii) the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection.

If we receive a request within the meaning of this Article, we will inform the applicant of the measures taken without undue delay and in any event within one month of receipt of the request. This time limit may be extended by up to two months if necessary and in view of the complexity and number of requests. The company shall not be obliged to comply with a request, for example, where the request is apparently unfounded or unreasonable, in particular because of being repetitive. In such cases, the Company may charge a reasonable fee taking into account the administrative costs involved in providing the requested information or, where appropriate, refuse to comply with the request. In the event of reasonable doubt as to the identity of the applicant, the Company shall be entitled to request the applicant to provide additional information necessary to confirm his identity.

In addition, you have the right to withdraw your consent to the processing of your personal data at any time. Such withdrawal does not affect the processing already carried out and therefore does not affect the effectiveness and lawfulness of the processing of personal data carried out up to the time of such withdrawal.

14.    Contact details

Data subjects may contact the Company with their questions about the processing of personal data or in the event of exercising their rights set out in this declaration by e-mail: or at Rohova 98, Dolejší Předměstí, 344 01 Domažlice, Czech Republic.

15.    InInformation on the processing of personal data within the operation of the call centre 

nanoSPACE s.r.o., ID No.: 29161215 with its registered office at Rohova 98, Domažlice, Czech Republic, records telephone communication between the caller and the Administrator's call centre. The acquired telephone records have the nature of personal data of the caller. Callers may contact the Administrator regarding the processing of their personal data at the e-mail address

Personal data is processed to the extent of the recording of telephone communication and information provided by the caller during the telephone call. The Controller makes recordings of telephone communications for the purpose of exercising or defending the Controller's legal claims and improving the quality of service, under Article 6(1)(f) of the GDPR.

The record of telephone communication is kept by the Administrator for a period not exceeding 6 months. After that, the call record is automatically deleted. Records of telephone communications are not passed on to any third parties.

In connection with the processing of their personal data, callers have a number of rights, including the right to request from the Controller access to their personal data (under the terms of Article 15 GDPR), their rectification or erasure (under the terms of Article 16 or Article 17 GDPR), or restriction of processing (under the terms of Article 18 GDPR). The caller also has the right to object to processing (under the terms of Article 21 GDPR) and the right to data portability (under the terms of Article 20 GDPR).

If the caller believes that his personal data is being processed in violation of the law, he has the right to contact the Controller with a request for rectification. If the caller's request is found to be justified, the Controller shall immediately rectify the defective situation. This is without prejudice to the caller's ability to file a complaint directly with the Office for Personal Data Protection.

Provision of personal data by the caller is completely voluntary. The caller has no legal obligation to provide personal data.