1. Introduction

This Privacy Policy explains how Brimflexsun collects, uses, stores and processes personal data when customers visit www.brimflexsun.com or purchase products through the website.

Brimflexsun is committed to processing personal data in accordance with applicable data protection legislation, including the General Data Protection Regulation (GDPR), applicable laws of the Czech Republic, and other relevant European legal requirements.

By using this website, customers acknowledge the processing of personal data as described in this Privacy Policy.

  1. Data Controller

For the purposes of applicable data protection legislation, the Data Controller is:www.brimflexsun.com

Email: brimmed@brimflexsun.com

Telephone: +420 773664001

Business Address:

Mírové nám. 207/34

400 01 Ústí nad Labem-centrum

Czech Republic

References in this Privacy Policy to “Brimflexsun”, “we”, “our” or “us” refer to the Data Controller identified above.

  1. Personal Data We Collect

Depending on the customer’s interaction with the website, we may collect the following categories of personal data:

Identity Information
Full name;
Billing information;
Delivery information.
Contact Information
Email address;
Telephone number;
Delivery address.
Order Information
Products purchased;
Order value;
Order history;
Delivery status information.
Payment Information

When making a purchase, payment-related information is processed through Stripe.

Brimflexsun does not store complete payment card numbers.

Payment information is collected and processed by Stripe in accordance with its own legal and regulatory obligations and privacy practices.

Website Usage Information
Device information;
Browser information;
IP address;
Cookie-related information where
Website interaction information.

  1. Purposes of Processing

Personal data may be processed for the following purposes:

Processing and fulfilling orders;
Managing customer accounts and enquiries;
Providing order updates and delivery notifications;
Processing payments;
Managing returns and refunds;
Complying with legal and regulatory obligations;
Maintaining website functionality;
Detecting misuse of the website;
Establishing, exercising or defending legal claims where necessary.

  1. Legal Bases for Processing

Personal data is processed on one or more of the following legal bases:

Contract Performance

Where processing is necessary to fulfil an order or provide requested services.

Legal Obligations

Where processing is required by applicable laws, accounting requirements, taxation obligations or regulatory obligations.

Legitimate Interests

Where processing is reasonably necessary for business administration, fraud prevention, website operation or dispute management, provided such interests do not override the rights of individuals.

Consent

Where consent is required under applicable law, including certain cookie-related processing activities.

Consent may be withdrawn at any time without affecting the lawfulness of prior processing.

  1. Payment Processing

Payments made through www.brimflexsun.com are processed by Stripe.

Stripe may process payment information, transaction information and related data necessary for payment processing, fraud prevention, regulatory compliance and transaction administration.

Customers are encouraged to review Stripe’s privacy information for details regarding its processing of personal data.

Brimflexsun receives only the information reasonably necessary to confirm payment status and manage customer orders.

  1. Sharing of Personal Data

Personal data may be shared with the following categories of recipients where necessary:

Delivery Service Providers

Including carriers such as:

DHL;
FedEx;
UPS;

for the purpose of delivering purchased products.

Payment Processing Service Provider
Stripe

for payment processing and transaction administration.

Professional Advisers

Including legal, accounting and compliance advisers where reasonably necessary.

Competent Authorities

Where disclosure is required by law, court order or regulatory obligation.

Personal data is not sold to third parties.

  1. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), such transfers shall occur only where an appropriate legal mechanism exists under applicable data protection legislation.

Appropriate safeguards may include adequacy decisions, contractual safeguards or other legally recognised transfer mechanisms.

  1. Data Retention Periods

Personal data is retained only for as long as necessary to fulfil the purposes described in this Privacy Policy and to comply with applicable legal obligations.

Typical retention periods include:

Data Category Retention Period
Customer Orders Up to 10 years
Accounting and Tax Records Up to 10 years
Customer Service Communications Up to 3 years after the final communication
Delivery and Shipping Records Up to 5 years
Cookie Consent Records Up to 5 years
Website Analytics Information Up to 13 months unless a shorter period applies

Where required for legal claims, dispute resolution, regulatory compliance or statutory obligations, information may be retained for longer periods as permitted by applicable law.

At the end of the applicable retention period, personal data will be deleted, anonymised or otherwise disposed of in accordance with legal requirements.

  1. Customer Rights

Subject to applicable law, individuals may have the right to:

Request access to personal data;
Request correction of inaccurate personal data;
Request deletion of personal data;
Request restriction of processing;
Object to certain processing activities;
Request data portability where applicable;
Withdraw consent where processing is based on consent;
Lodge a complaint with a competent supervisory authority.

Requests may be submitted using the contact details provided in this Privacy Policy.

  1. Order Communications

Customers may receive communications relating to:

Order confirmation;
Payment confirmation;
Dispatch notifications;
Delivery updates;
Return and refund processing;
Customer service enquiries.

Such communications are necessary for the performance of the purchase contract and order administration.

  1. Cookies and Similar Technologies

The website uses cookies and similar technologies as described in the Cookie Policy.

Where required by applicable law, non-essential cookies are used only after the user has provided consent through the website’s Cookie Banner.

Users may modify or withdraw cookie preferences at any time.

  1. Data Protection Measures

Brimflexsun applies organisational and administrative measures appropriate to the nature of the personal data processed and the purposes of processing.

No provision of this Privacy Policy shall be interpreted as creating rights or obligations beyond those required under applicable law.

  1. Changes to This Privacy Policy

Brimflexsun may update this Privacy Policy where necessary to reflect legal, operational or regulatory developments.

The most current version will be published on www.brimflexsun.com and shall apply from the stated effective date.