Privacy policy
This policy describes how JK Models collects, processes and protects your personal data in compliance with the EU GDPR (Regulation 2016/679) and the Czech Act No. 110/2019 Coll. on personal data processing.
1. Data controller
| Controller: | |
| Address: | Byškovická 182, 250 72 Kojetice, Czech Republic |
| Company ID: | 69059578 |
| VAT ID: | CZ8010240084 |
| E-mail: | jkral@jkmodels.cz |
| Phone: | +420 728 157 948 |
| Web: | www.jkmodels.cz |
2. What personal data we process
2.1 Orders and inquiries
- Name — customer identification, invoicing, shipping
- E-mail — communication, order confirmation, invoices
- Phone — contact for delivery and order clarification
- Shipping and billing address — goods delivery, tax documents
- Company ID and VAT ID (for businesses) — invoicing
2.2 Custom builds
For custom builds we may additionally process from you:
- Plans, photographs and other materials you send to us
- Technical specifications, requirements
These materials are used exclusively for delivering the specific order.
2.3 Technical data
- IP address — abuse prevention (inquiry form rate limiting)
- Session cookie (PHPSESSID) — form protection
- Server logs — standard web logs
3. Purpose and legal basis
| Purpose | Legal basis | Retention |
|---|---|---|
| Order / inquiry processing | Contract performance (Art. 6(1)(b) GDPR) | For the duration of the business relationship |
| Invoicing and accounting | Legal obligation (Art. 6(1)(c) GDPR; Czech Accounting Act) | 10 years |
| Warranty and complaints | Contract performance and legitimate interest | 24 months warranty + 2 years |
| Abuse prevention (rate limiting) | Legitimate interest (Art. 6(1)(f) GDPR) | IP records: max. 24 hours |
| Server logs | Legitimate interest (Art. 6(1)(f) GDPR) | Max. 30 days |
4. Recipients of personal data
We do not sell, rent or share your personal data with third parties for marketing.
Data may be passed only to:
- Hosting provider — server.plusdesign.cz
- Carriers — Czech Post, PPL etc. (goods delivery)
- Accountant — tax document processing
- Public authorities — where required by law
Personal data is not transferred outside the EU/EEA.
5. Data security
- All communication is over HTTPS (encrypted)
- CSRF protection on forms
- Inquiry form rate limiting
- Session cookies with
HttpOnly,Secure,SameSite=Lax - Data files stored outside the document root
- Administration via Google OAuth with a restricted e-mail allowlist
6. Your rights
Under GDPR you have the following rights as a data subject:
- Access (Art. 15)
- Rectification (Art. 16)
- Erasure (Art. 17) — unless conflicting with a legal obligation (e.g. accounting records)
- Restriction of processing (Art. 18)
- Data portability (Art. 20)
- Object (Art. 21) — against processing based on legitimate interest
- Lodge a complaint with the supervisory authority — Czech Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7
To exercise your rights contact us at jkral@jkmodels.cz. We will respond without undue delay, within 30 days at the latest.
7. Automated decision-making
JK Models does not carry out automated decision-making or profiling under Art. 22 GDPR.
8. Changes to this policy
We may update this policy occasionally. Material changes will be announced on the website. We recommend checking this policy periodically.