• Ice cream for your brand - 1
  • Ice cream for your brand - 2
  • Ice cream for your brand - 3


Information about the personal data controller

The company PINKO a.s., ID No.: 00565890, with its registered office at Benešov, Vlašimská 409, which is registered in the Commercial Register at the Municipal Court in Prague; date of registration: 30 November 1990 (hereinafter referred to as the "Controller") has adopted the following principles of processing and protection of personal data.


PINKO a.s. acts as a data controller when processing personal data. As a controller, it defines the purpose and means for processing personal data.



Subjects whose data are processed by the company

  • Persons who enter into a purchase contract with the controller in connection with the sale of goods offered by the controller (hereinafter referred to as the "customer")
  • users of the website www.pinko.cz (hereinafter referred to as "website" and "users").

Both groups of entities are also referred to collectively as "providers".



Categories of data processed

  • The data of customers, potential customers and users who themselves provide the controller with electronic means of communication or enter their personal data into a form on the website. This includes, in particular, name, surname, home address or place of delivery, telephone number and e-mail address. If users register on the website only to receive commercial and marketing communications, the controller processes only their e-mail address.
  • Data collected via cookies. If the provider of personal data has allowed his/her web browser to store cookies as part of the cookie settings and agrees to their use, the controller obtains data about his/her activity on the website and his/her preferences in order to improve its product and service offerings.



Purposes of the processing of personal data

  • Performance of the contract between the controller and the purchaser (order processing) - identification data, in particular name, surname, residential address, or place of delivery, contact details (telephone and e-mail). Without these data, the controller cannot process the order. The telephone number is not obligatory, and if the buyer provides it to the administrator, he does so in order to process the order.
  • Handling the provider's enquiry. In the event that the Provider discloses any personal data to the Administrator in the context of an enquiry, whether through a web form or other form of communication, the Administrator will only use this data for the purpose of processing the response to the enquiry. Furthermore, the controller will process the personal data in the context of the enquiry for the purpose of archiving the enquiry and any subsequent related communication with the provider in order to protect its rights.
  • Offer of services or products and also promotion of the controller in the form of commercial communications - e-mail address, occasionally also telephone number. In this case, processing is only carried out on the basis of the consent given by the provider, which is entirely voluntary. Consent can be given when placing an order for goods, when setting up a customer account, or also later in the customer account settings. Consent is also granted by entering an e-mail address in the form used to register for commercial communications on the website. In this case, the administrator only sends its commercial communications by e-mail.
  • Personalisation and improvement of the content and quality of the website, analysis of its traffic and targeting of advertising and promotion of the administrator - data on visits to the website using cookies, products and services viewed and other activity on the website. In most cases, data processing is only possible after consent has been given. On the basis of the data collected, the controller may create statistics, analyses and summaries of the behaviour of visitors to the website. On the basis of this data, the controller can then better target advertising or adapt the content of the website to what visitors are really interested in.



Entities with access to personal data

Personal data is processed by the controller, its agents and employees. All persons who work for or with the controller and have access to personal data are bound to confidentiality. This obligation shall continue even after the termination of their cooperation with the controller.

The controller also entrusts other entities, so-called processors, with the processing of personal data. Any entity that processes personal data for the controller in the manner and for the purpose defined by the controller is considered a processor. The processor may not extend these purposes in any way. If the processing requires the consent of the provider, then the controller shall only transfer the data to the processors after consent has been given. The controller shall only transfer to processors the data that are strictly necessary to provide their services. The processors used by the controller include:


  • Shipping companies - order delivery
  • Google LLC, Facebook Inc., YouTube LLC, Seznam.cz, a.s., YANDEX LLC - online marketing tools
  • Accountants - bookkeeping and accounting control
  • Programmer - information system administration and development



Withdrawal of consent, termination of sending commercial communications

  • Commercial communications - it is possible to cancel the sending of commercial communications by the administrator at any time. Either in the customer account settings or by using the appropriate link located at the end of each commercial communication. Cancellation can also be made by withdrawing consent in writing either to the Administrator's email address or to the Administrator's registered office.
  • Cookies - if the provider wishes to disable the storage of cookies on his device, he can adjust the settings directly in his internet browser. The way to do this varies according to the type of browser. The detailed procedure is usually given in the browser's help. If the administrator cannot store cookies, some parts of the website may not work properly.



Duration of the processing of personal data

  • The controller processes the personal data collected for the purpose of the performance of the contract for the entire duration of the purchase contract and for a period of five years after the termination of the purchase contract. This is for the purpose of asserting any claim related to the purchase contract. The controller subsequently retains certain data contained in accounting documents by law.
  • The Controller sends commercial communications to customers, potential customers and users until their subscription is terminated or until the consent given is withdrawn. However, the longest period of time for which commercial communications are sent is 5 years from the last time consent was granted. Thereafter, the controller shall again invite the provider to confirm whether it is still interested in receiving commercial communications.
  • Personal data obtained in connection with the processing of a customer, potential customer or user enquiry is processed by the controller for the time necessary to compile and send the response. In the case of archiving an enquiry for the protection of rights, the controller shall archive the enquiry for the time necessary for such protection (e.g. with regard to limitation periods, etc.).
  • The controller processes the data obtained for marketing purposes by means of cookies for the entire duration of the consent to the use of cookies, i.e. for as long as the storage of cookies is enabled in the provider's internet browser. The processing may continue even after the withdrawal of consent, however, no longer than until the expiry of the respective type of cookie.
  • Other processing of personal data beyond these time limits is carried out by the controller only if it is strictly necessary for the purposes of its legitimate interests or for the fulfilment of its obligations under the law or contractual obligations.



Rights of the provider of personal data

  • To request information about the personal data processed by the controller, about the purpose and nature of the processing of personal data and about possible recipients of personal data outside the controller.
  • To request access to the data communicated by the provider to the controller during the order process, when setting up a customer account or when registering on the website. If this right is exercised, the controller will confirm whether and what specific personal data is being processed. Where applicable, these data will be made available to the provider together with information about their processing.
  • Request the rectification of personal data if it is in any way inaccurate or incomplete.
  • Request an explanation and rectification (e.g. blocking, rectification, completion or destruction of personal data) if the provider believes that the controller is processing personal data in breach of the protection of his/her personal and private life or in breach of the law.
  • Request the erasure of personal data (the so-called right to be forgotten) or their limited processing if they are no longer necessary for the purposes stated or if the controller no longer has a legitimate reason to process the personal data, including where the provider does not consent to further processing. If these conditions are met, the controller shall erase such data in whole or in part.
  • Request the transfer of the automated personal data obtained on the basis of consent from the controller to another entity. In this case, the controller shall transmit the personal data in a commonly used format to the provider or to another controller as requested by the provider.
  • If the provider considers that the controller has breached its obligations, it may lodge a complaint with the Data Protection Authority.



Security of personal data

The controller processes personal data in a secure manner. The handling of personal data is carried out in full compliance with applicable laws and regulations, including the General Data Protection Regulation (GDPR). The controller takes into account technical and organizational security when processing personal data.

All personal data in electronic form are stored by the controller in databases and systems that can only be accessed by those who have an immediate need to handle the personal data to the extent necessary for the purposes set out in this policy.



Contact details

Providers may contact the controller by email at obchod@pinko.cz regarding the processing of personal data or to exercise their rights.

This policy comes into force on 25 May 2018.