Privacy Policy
Valid and effective from
Dear NOZONO customers,
It is important to us that you feel safe when using our e-shop. Protecting your personal data is therefore an important element in building the systems and procedures used within our company. These Personal Data Processing Principles (hereinafter the “Principles”) explain how we process your personal data in connection with the functionality of the website www.nozono.cz (hereinafter the “website” or “e-shop”). These Principles are particularly important to you if you have placed an order for goods through the e-shop or subscribed to our newsletter.
When processing personal data, we primarily follow Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter “GDPR”), Act No. 110/2019 Coll., on the Processing of Personal Data, Act No. 480/2004 Coll., on Certain Information Society Services (hereinafter the “ISS Act”), and other relevant legal regulations.
Our company is committed to continuously improving its personal data protection policy, procedures, and security system, and to reasonably innovating and refining them for this purpose. In order to ensure effective protection of personal data, we obtain and apply the latest knowledge in practice. We do not transfer or use your personal data for purposes other than those for which you knowingly provided it to us and which are consistent with these Principles. Employees of our company and other persons involved in our activities are obliged to maintain confidentiality regarding all information and documents relating to your personal data.
The data controller is:
NOZONO s.r.o.
registered office: Butovická 921, Butovice, 742 13 Studénka
Company ID No.: 22600043
VAT ID No.: CZ22600043
registered in the Commercial Register maintained by the Regional Court in Ostrava, file No. C 98739/KSOS
data box: mrkii74
e-mail: info@nozono.com
web: www.nozono.cz
(hereinafter the “controller”, “seller” or “NOZONO”)
The controller has not appointed a data protection officer, as it is not required to do so under Article 37 GDPR. If you have any questions regarding the protection of your personal data, you may send them at any time to the controller’s registered office address or by e-mail to info@nozono.com.
1. What personal data is
1.1. Personal data means any information on the basis of which we can identify you, whether directly or indirectly. Personal data may therefore include, for example, your first name, surname, billing or delivery address, telephone number, e-mail address, bank account number, or IP address.
1.2. GDPR distinguishes a special category of personal data which must be handled with particular care. Special categories of personal data include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data used for the unique identification of a natural person, data concerning health, sex life, or sexual orientation. Our company has no interest in processing special categories of your personal data. If you have provided us with such data yourself (e.g. as part of an inquiry about the suitability of a food supplement in relation to your health condition), we process it solely for the purpose of handling your inquiry and delete it without undue delay after answering it, unless applicable legal regulations require us to retain it for longer.
1.3. A special regime also applies to the processing of children’s personal data. We have no interest in processing the personal data of children under 16 years of age. Our terms and conditions also include a recommendation that some food supplements are not suitable for persons under 18 years of age. Since, in connection with placing an order (taking into account the principle of data minimisation), we do not process the customer’s date of birth or age, it cannot theoretically be excluded that an order may also be placed by a minor. If you discover that a minor child has provided us with their personal data, please inform us at info@nozono.com, and we will ensure its prompt deletion unless applicable law provides otherwise.
2. Why we process personal data
2.1. Processing of personal data means any operation or set of operations performed on personal data, such as collection, recording, organisation, storage, retrieval, use, dissemination, erasure, or destruction, whether carried out by automated means or manually.
2.2. We process your personal data primarily so that we can handle your order for food supplements, longevity products, or related goods, i.e. perform the purchase contract concluded between us and you.
2.3. We also process your personal data in cases where this is required or permitted by the applicable laws of the Czech Republic, as well as in cases where there are overriding legitimate interests of the controller (or, in justified cases, also of other persons), and on the basis of your consent.
3. For what purposes and on what legal bases we process personal data
| We process your personal data on the legal basis of: | We process your personal data for the purpose of: | The personal data we process for this reason mainly includes: |
|---|---|---|
|
3.1. Pre-contractual negotiations, i.e. answering your inquiries in connection with our offer of goods [Art. 6(1)(b) GDPR] |
Handling your request for information. For this purpose, we take steps prior to entering into a contract, for example if you contact us with a question about our goods by e-mail or through the contact form. | First name, surname, e-mail address, telephone number (if provided), and the information you provide in your request. |
|
3.2. Performance of rights and obligations under the purchase contract concluded between us as controller and you as data subject [Art. 6(1)(b) GDPR] |
Performance of contractual rights and obligations. Without processing your personal data, we would not be able to handle your order, deliver the ordered goods to you, and fulfil other obligations under the terms and conditions (e.g. handle a complaint or withdrawal from the contract). | Data necessary to conclude the contract and process / deliver the order: first name and surname, e-mail address, telephone number, billing and delivery address, IBAN / bank account number (for any refund), the IP address from which the order was placed, information on whether you are a consumer or a business customer (for business customers also Company ID No., VAT ID No., registered office), the subject of the order, payment details, and delivery details. |
|
3.3. Compliance with the controller’s legal obligations [Art. 6(1)(c) GDPR] |
We must process part of your personal data because legal regulations impose this obligation on us, in particular Act No. 563/1991 Coll., on Accounting, Act No. 235/2004 Coll., on Value Added Tax, Act No. 634/1992 Coll., on Consumer Protection, and regulations governing the placing of food and food supplements on the market. | Personal data contained in accounting and tax documents (invoices, tax documents, payment details), data necessary to handle complaints or withdrawal from the contract, data for record-keeping within the meaning of the Foodstuffs and Tobacco Products Act. |
|
3.4. The controller’s overriding legitimate interest [Art. 6(1)(f) GDPR] |
In the interest of the efficient conduct of our business activities, we use the services of third parties who may process your personal data for us as processors (hereinafter “processors”). In particular, processors provide us with: (i) operation of the e-shop, hosting, and IT support (especially the Shopify platform); (ii) accounting and warehousing services; (iii) legal services; (iv) analytics and website performance measurement tools; (v) tools for managing customer reviews on our e-shop (Judge.me); (vi) targeted advertising and remarketing tools. We also carry out a limited form of customer profiling based on their purchasing behaviour for the purpose of more effective targeting of marketing communication content (e.g. product recommendations based on previously ordered food supplements). Other legitimate interests include protection against misuse of our services, fraud prevention, and ensuring the security of the e-shop. In relation to all processing operations under this point, we have carried out a so-called balancing test, the result of which was the controller’s overriding legitimate interest consisting in particular in the efficient organisation of business processes and product promotion. In particular, we took into account: the provisions of GDPR (recitals 47–49), which presume the controller’s legitimate interest in some of these operations; standard market practices in relation to the use of processors; the reasonable expectations of data subjects arising from the existence of a contractual relationship; the scope and nature of the data processed, which does not involve special category data; and the relative simplicity of terminating processing in the case of marketing operations. |
(i) platform and hosting provider (Shopify): first name and surname, e-mail address, telephone number, billing and delivery address, IP address, order details; (ii) providers of accounting / IT / legal services: data necessary for the performance of the relevant services (especially order and invoice details); (iii) analytics tool providers: pseudonymised identifier (cookie, device ID), IP address (shortened/anonymised), website behaviour data; (iv) review tool provider (Judge.me): name (or nickname), e-mail address, and review content; (v) targeted advertising service providers: pseudonymised identifier, e-mail address (hash) for the purposes of so-called custom audiences; (vi) profiling: data on the types, brands, values, and timing of purchased products; data on interaction with our newsletter (whether it was opened and which links were opened). |
|
3.5. Direct marketing of our own similar products and services to existing customers [Section 7(3) of the ISS Act] |
The ISS Act allows us to carry out direct marketing by electronic mail even without your consent if it concerns marketing of our own similar products and services, we obtained your contact details in connection with your order, and you have the option to easily and free of charge refuse such messages at any time. The option to refuse (unsubscribe) is included in every delivered marketing message. | First name, surname, e-mail address, and possibly data on previous purchases for the purpose of recommending similar products. |
|
3.6. Marketing purposes based on your consent [Art. 6(1)(a) GDPR and Section 7(2) of the ISS Act] |
Sending marketing communications about special offers, new products in the range, discount campaigns, and other marketing activities of the controller. You give your consent voluntarily (e.g. by ticking a box when subscribing to the newsletter) and you may withdraw it at any time. However, withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. | Name (or nickname), e-mail address, telephone number (if provided), preferences regarding the type of content that interests you, data on interaction with e-mail campaigns (message opening, link clicks). |
|
3.7. Cookies and similar technologies [Art. 6(1)(a) or (f) GDPR] |
Website functionality, traffic measurement, marketing, and remarketing. Details on cookies are set out in Article 10. | IP address, device / browser identifier, website behaviour data, data on goods added to the basket. |
3.8. Providing personal data is voluntary. However, if you do not provide the personal data necessary to process an order (name, delivery address, contact details, payment details), we will not be able to conclude a purchase contract with you or perform it properly. In the case of data processed on the basis of a legal obligation (e.g. data stated on tax documents), its provision is mandatory by law.
4. Who we disclose your personal data to (recipients and processors)
4.1. We disclose personal data only to those persons and to the extent necessary for the fulfilment of the controller’s legal and contractual obligations, or in accordance with the controller’s overriding legitimate interest or with your consent. At the same time, we ensure that recipients are reliable entities that comply with their legal obligations.
4.2. We have concluded a written personal data processing agreement with each processor within the meaning of Article 28 GDPR, or the processing is governed by the conditions stated directly within the terms of the given service (data processing addendum).
4.3. We transfer your personal data in particular to the following categories of recipients:
| Recipient category | Specific processor | Purpose of transfer |
|---|---|---|
| E-shop platform and hosting provider | Shopify International Ltd. (Ireland), Shopify Inc. (Canada) | Operation of the e-shop, storage of orders, customer accounts, and related data |
| Payment service providers (payment gateways) | GoPay s.r.o.; ComGate Payments, a.s.; Stripe Payments Europe Ltd. (Ireland) | Processing payments by payment card, Apple Pay, Google Pay; fraud protection |
| Carriers | Zásilkovna s.r.o. (Packeta); PPL CZ s.r.o.; General Logistics Systems Czech Republic s.r.o. (GLS) | Delivery of goods to the address or collection point chosen by the buyer |
| E-mail marketing and automation tool | Klaviyo, Inc. (USA) | Sending newsletters, transactional e-mails, and marketing automation |
| Customer review management tool | Judge.me (EasyCommerce Inc. / Judge.me Ltd.) | Collecting and displaying reviews for specific products directly on the e-shop |
| Analytics tools | Google Ireland Limited (Google Analytics 4) | Traffic measurement, user behaviour analysis, website optimisation |
| Targeted advertising and remarketing tools | Google Ireland Limited (Google Ads); Meta Platforms Ireland Limited (Facebook / Instagram, Meta Pixel) | Targeted and remarketing advertising, conversion measurement, creation of custom audiences based on hashed identifiers |
| Accounting services provider | The controller’s contracted accounting firm | Bookkeeping, processing of tax documents |
| Legal services provider | The controller’s contracted law firm | Legal advice, representation in disputes, debt collection |
| Public authorities | Financial Office, Czech Trade Inspection Authority, Office for Personal Data Protection, courts, law enforcement authorities | Compliance with the controller’s legal obligations, or legitimate requests of these authorities |
4.4. We will provide you with an updated list of processors upon your request at the e-mail address info@nozono.com.
4.5. Please note that if you visit our social media profiles (especially Facebook and Instagram operated by Meta Platforms Ireland Limited, or YouTube operated by Google Ireland Limited), your personal data is also processed by these companies in accordance with their own personal data processing principles and your settings in those social networks and browsers. The controller has no influence over these circumstances. If you are interested in the information we publish on social media and at the same time do not wish your personal data to be processed in this way, please contact us directly and we will provide the content to you in another form.
5. To which countries we transfer your personal data
5.1. As part of our processing operations, we primarily use partners located in the European Economic Area (EEA, i.e. the EU, Iceland, Norway, and Liechtenstein). However, your personal data may be transferred to processors in third countries outside the EEA to a certain extent (especially e-mail address, device identifier, website behaviour data), specifically to the United States of America or Canada. This mainly concerns:
- Shopify Inc. (Canada) – operation of the e-shop platform; Canada is recognised by the European Commission as a country with an adequate level of personal data protection (adequacy decision under Art. 45 GDPR);
- Klaviyo, Inc. (USA) – e-mail marketing and marketing automation; transfers take place on the basis of the EU-U.S. Data Privacy Framework (European Commission adequacy decision of 10 July 2023), or standard contractual clauses;
- Google LLC / Meta Platforms, Inc. (USA) – analytics and advertising tools (GA4, Google Ads, Meta Pixel) operated by European subsidiaries (Google Ireland Limited, Meta Platforms Ireland Limited); any partial transfer to the USA takes place on the basis of the EU-U.S. Data Privacy Framework, under which both corporate groups are certified;
- Judge.me – global provider of the review tool; transfers are carried out on the basis of standard contractual clauses (SCC) adopted by the European Commission.
5.2. In certain cases, the specific derogation set out in Art. 49(1)(b) and (c) GDPR may also apply, namely that the transfer is necessary for the performance of the contractual relationship between our company as controller and you as data subject, or that the transfer is necessary for the conclusion or performance of a contract concluded in your interest.
5.3. If you wish to prevent a specific processing operation involving a transfer to third countries, you may contact us by e-mail at info@nozono.com. In the case of cookies and similar technologies, you also have the option to set your preferences through the cookie management tool directly on the website.
6. How long we retain your personal data
6.1. We retain personal data only for as long as necessary for the purposes for which it is processed, unless the applicable legal regulations of the Czech Republic require us to retain it for longer (e.g. for archiving purposes or to comply with accounting obligations).
6.2. If we process your personal data on the basis of a legal obligation, we retain it for the period specified by the relevant legal regulations. For accounting records, this is generally 5 years; for tax documents, 10 years (Section 35 of the VAT Act).
6.3. If we process your personal data on the basis of a purchase contract, we retain it for the duration of the contractual relationship and subsequently for 10 years after the end of the contractual relationship (usually from completion of the final delivery), in case it is necessary to use it in court or other similar proceedings or for the purpose of resolving discrepancies in records. After this period, the personal data is deleted unless the law provides otherwise.
6.4. If we process your personal data solely on the basis of a legitimate interest (e.g. for targeted marketing to existing customers) and the law does not require a longer period, we retain it for no longer than 5 years from the last purchase, or until the moment when you successfully object to its processing.
6.5. If we process your personal data on the basis of consent (especially for sending the newsletter) or on the basis of the ISS Act, we retain it for no longer than 5 years from the granting of consent, or from the last purchase in the case of processing under the ISS Act. We will stop retaining this data earlier if you withdraw your consent or unsubscribe from the newsletter.
6.6. Data stored in cookies is retained for the period stated for the individual cookie categories in Article 10 (or in a separate document, the “Cookie Policy”).
7. How we obtain your personal data
7.1. We generally obtain personal data directly from you, through:
- completing the order form on the e-shop (even without registration),
- registering a customer account,
- subscribing to the newsletter,
- completing the contact form or communicating by e-mail or phone,
- submitting a product review through the Judge.me tool,
- visiting the website (cookies and similar technologies).
7.2. To a limited extent, we may obtain your personal data from third parties (e.g. from the carrier in connection with a shipment complaint, from the payment gateway provider in connection with a payment complaint).
7.3. We do not obtain personal data from publicly available sources or from other business partners for the purpose of expanding the customer database.
8. How we use your personal data
8.1. In accordance with the table in Article 3, we obtain only the personal data we need to handle your order, fulfil other contractual obligations, and reasonably develop our business activities. We protect your personal data and ensure that it is used exclusively for the purpose for which we obtained it. Our employees who are authorised to work with your personal data are instructed on the obligations arising from GDPR and on the need to maintain confidentiality.
8.2. The following applies:
- if we obtained your personal data for the purpose of concluding a contract or handling your pre-contractual requests, we use it precisely for that purpose and in a manner approved by law;
- if we obtained your personal data due to compliance with legal obligations (especially accounting, tax, and consumer protection obligations), we use and process it in the manner prescribed by the relevant law;
- if we process your personal data due to the controller’s overriding legitimate interest, we use it exclusively in an effort to ensure that legitimate interest (especially operation of the e-shop, fraud protection, contacting existing customers with a similar offer);
- if we process your personal data on the basis of consent, we process it for the purpose and in the manner stated therein, and only until you withdraw your consent or unsubscribe.
8.3. Automated decision-making and profiling with legal effects: Our company does not use automated individual decision-making within the meaning of Art. 22 GDPR, i.e. decision-making without human intervention that would have legal effects on you or significantly affect you. We only carry out limited profiling for direct marketing purposes based on purchased goods (e.g. the type of food supplements you prefer), the number / value / timing of orders, and interaction with our newsletter. This form of profiling has no legal effects on you and does not significantly affect you in a similar way. You have the right to object to this processing at any time (see Article 9.6).
9. What rights you have as a data subject
In connection with the processing of your personal data, you have the rights listed below. You may exercise your request by sending it to the controller’s registered office address or by e-mail to info@nozono.com. The controller will usually handle your request within 30 days of receiving it; in justified cases (especially due to complexity or the number of requests), this period may be extended by another two months, about which the controller will inform you. Handling of the request is generally free of charge; in the case of manifestly unfounded or excessive requests (especially repeated ones), the controller may charge a reasonable fee or refuse the request.
9.1 Right of access to data
You have the right to obtain confirmation from the controller as to whether it processes your personal data, and if so, you have the right to access that data and information about its processing (especially purposes, categories of data, recipients, retention period). Upon request, we will also provide you with a copy of the personal data being processed. In your request, please do not forget to state the contact details to which we may send the response.
9.2 Right to rectification
If you believe that some of the personal data we process about you is inaccurate or incomplete, you may request that it be corrected or supplemented. In such a case, please clearly state what you believe is inaccurate or incomplete, how you wish the correction to be made, and, where appropriate, provide evidence.
9.3 Right to erasure (“right to be forgotten”)
You have the right to request the deletion of the personal data we process about you if:
- the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- you withdraw consent and there is no other legal basis for the processing;
- you object to the processing and there are no overriding legitimate grounds for the processing;
- the personal data has been processed unlawfully;
- erasure is necessary for compliance with a legal obligation.
In some cases, GDPR allows a request for erasure to be refused, for example if processing is necessary for compliance with a legal obligation, for archiving purposes in the public interest, or for the establishment, exercise, or defence of legal claims.
9.4 Right to restriction of processing
You have the right to restrict the extent to which we process your personal data if:
- you contest the accuracy of the personal data, for a period enabling us to verify your claim;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
- we no longer need the personal data, but you require it for the establishment, exercise, or defence of legal claims;
- you have objected to the processing, pending verification whether the controller’s legitimate grounds override yours.
9.5 Right to data portability
You have the right to obtain from the controller the personal data concerning you which you have provided to it, in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. However, this right applies only to data the processing of which is based on your consent or on a contractual relationship, and which is processed by automated means. The right may only be exercised where its exercise does not adversely affect the rights and freedoms of others.
9.6 Right to object
In certain cases, you have the right to object at any time to the processing of your personal data. In the case of processing operations under these Principles, this concerns in particular processing on the legal basis of the controller’s overriding legitimate interests (Art. 6(1)(f) GDPR), or direct marketing on the basis of the ISS Act. You have the right to object at any time to processing for direct marketing purposes, and the controller will stop this processing upon receipt of the objection.
Please send objections to info@nozono.com. Please provide a clear and understandable description of the circumstances on the basis of which you believe the given processing disproportionately interferes with your rights and freedoms.
9.7 Right to withdraw consent
If processing is based on your consent, you have the right to withdraw that consent at any time, in the same easy manner in which you gave it. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can unsubscribe from the newsletter via the “Unsubscribe” link included in every marketing e-mail, or by sending a request to info@nozono.com.
9.8 Rights relating to automated decision-making
As stated in Article 8.3, our company does not carry out automated individual decision-making within the meaning of Art. 22 GDPR. Profiling for direct marketing purposes has no legal effects on you and does not significantly affect you. You have the right to object to this processing.
9.9 Right to lodge a complaint with a supervisory authority
If you have any questions or concerns regarding the processing of your personal data, please contact us directly first. We will always seek to resolve your questions to your satisfaction. However, if you are not satisfied with our approach, you have the right to lodge a complaint with the supervisory authority:
Office for Personal Data ProtectionPplk. Sochora 27, 170 00 Prague 7
tel.: +420 234 665 111
website: www.uoou.cz
e-mail: posta@uoou.cz
10. Cookies and similar technologies
10.1. In order to ensure the proper functioning of the e-shop, evaluate its performance, and support marketing activities, we store small data files, known as cookies, on your device and use similar technologies (pixels, browser local storage). In some cases, cookies may also contain personal data (especially a pseudonymised identifier and IP address).
10.2. What are cookies? A cookie is a small text file that a website stores on your computer or mobile device while you browse it. Thanks to this file, the website remembers information about your steps and preferences for a certain period of time (such as language, basket contents, identification of a non-logged-in user), so you do not have to re-enter them when you return.
10.3. What types of cookies do we use?
- Technical (essential) cookies – these are necessary for the proper functioning of the website (logging into an account, basket contents, security). We process these cookies on the basis of the controller’s legitimate interest under Art. 6(1)(f) GDPR and they cannot be refused without limiting the functionality of the website.
- Functional (preference) cookies – these allow your choices to be remembered (e.g. language, region) and provide a more convenient user experience. We process these cookies on the basis of your consent.
- Analytics cookies – we mainly use Google Analytics 4 (Google Ireland Limited) to measure traffic, analyse user behaviour, and optimise the e-shop. We process these cookies on the basis of your consent.
- Marketing cookies – these enable personalised and remarketing advertising on partner platforms. We mainly use Google Ads (Google Ireland Limited) and Meta Pixel (Meta Platforms Ireland Limited) for advertising on Facebook and Instagram. We process these cookies exclusively on the basis of your consent.
10.4. How to control cookies? On your first visit to the e-shop, we will show you a cookie banner where you can set which categories of cookies you consent to. You can change your preferences at any time later via the “Cookie settings” link in the footer of the website.
10.5. You can also control or delete cookies at your own discretion – details are available, for example, at www.aboutcookies.org. You can delete all cookies stored on your device, and most browsers can be set to prevent cookies from being stored. In that case, however, you will probably have to manually adjust some settings each time you visit, and some services and functions may not work properly.
10.6. Cookie settings in individual browsers:
11. Social media plugins and embedded third-party content
11.1. The website may contain links to the controller’s social media profiles or buttons allowing content to be shared on third-party social networks. If you click such a button or link, or if third-party content is embedded on the page (e.g. a YouTube video), your personal data may also be processed by the operator of the relevant social network or service, in accordance with its own personal data processing principles and your settings. This mainly concerns:
- the Facebook and Instagram plugin, managed by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
- the YouTube plugin, managed by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
11.2. These plugins are not managed by our company, and therefore we are not responsible for any processing of personal data by the above operators, nor for their functionality or any damage they may cause. If you do not wish these entities to process your personal data, please refrain from clicking the relevant links and buttons or from giving consent to marketing cookies in the cookie banner.
12. Security of personal data
12.1. The controller has adopted and maintains appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing personal data, in particular:
- communication between your browser and the e-shop is secured by HTTPS (TLS) encryption;
- payment data is processed exclusively by payment gateway providers in accordance with the PCI DSS standard; the controller has no access to payment card details and does not store them;
- access to the e-shop administration is protected by strong passwords and multi-factor authentication;
- the number of persons with access to personal data is minimised; these persons are instructed regarding their duty of confidentiality;
- we regularly update the systems we use and monitor security threats.
12.2. In the event of a breach of the security of your personal data that is likely to result in a high risk to your rights and freedoms, we will inform you without undue delay in accordance with Art. 34 GDPR.
13. Changes to the personal data protection principles
13.1. Personal data protection is not a one-off matter for us. The information that we are required to provide to you in connection with the processing of your personal data may change over time or cease to be current. For this reason, we reserve the right to amend and change these Principles at any time and to any extent.
13.2. If we make material changes to these Principles, we will notify you of the change in an appropriate manner on the website and/or by e-mail sent to your electronic address.
13.3. The current version of these Principles is always available at www.nozono.cz in the “Personal Data Protection” section.