Legal

Privacy Policy

LukMatic s.r.o. · Effective from May 17, 2026

I. Basic Provisions

The controller of personal data pursuant to Art. 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR") is LukMatic s.r.o., Company ID: 210 25 835; VAT ID: CZ210 25 835, registered address: Praha – Dejvice, Nad Šárkou 1513/61, 160 00 (hereinafter "controller").

Contact details of the controller:

Address: Praha – Dejvice, Nad Šárkou 1513/61, 160 00 Prague, Czech Republic
Email: info@printmatic.eu
Phone: +420 725 330 101

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

The controller has not appointed a Data Protection Officer.

II. Sources and Categories of Personal Data Processed

The controller processes personal data that you have provided directly, or personal data that the controller has obtained in connection with the fulfilment of your order or enquiry.

The controller processes your identification and contact details and data necessary for the performance of the contract.

III. Legal Basis and Purpose of Processing

The legal basis for processing personal data is:

performance of a contract between you and the controller pursuant to Art. 6(1)(b) GDPR,
the controller's legitimate interest in providing direct marketing (in particular sending commercial communications and newsletters) pursuant to Art. 6(1)(f) GDPR,
your consent to processing for the purposes of direct marketing (in particular sending commercial communications and newsletters) pursuant to Art. 6(1)(a) GDPR, in cases where no order for goods or services has been placed.

The purposes of processing personal data are:

Processing your enquiry or order and exercising the rights and obligations arising from the contractual relationship between you and the controller. When submitting an enquiry or order, personal data necessary for its successful processing are required (name, company name, contact details). Providing personal data is a prerequisite for entering into and performing the contract; without it, the contract cannot be concluded or performed by the controller.
Sending commercial communications and carrying out other marketing activities.

The controller does not engage in automated individual decision-making within the meaning of Art. 22 GDPR.

IV. Data Retention Period

The controller retains personal data:

for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller and to assert claims arising from such contractual relationships (for a period of 15 years from the termination of the contractual relationship),
until the consent to the processing of personal data for marketing purposes is withdrawn, for a maximum of 15 years, where personal data are processed on the basis of consent.

After the retention period has expired, the controller will delete the personal data.

V. Recipients of Personal Data (Controller's Sub-processors)

Recipients of personal data are entities:

involved in the delivery of goods / services / processing of payments under the contract,
involved in the operation of services (hosting provider, form backend provider),
providing marketing services.

Specific processors to whom personal data may be transferred:

Netlify, Inc. (USA) — operator of the hosting infrastructure for printmatic.eu and the contact form backend
Google LLC (USA) — Google Analytics 4 service for anonymous website traffic statistics (only with cookie consent)

Transfers of personal data outside the EU are always carried out in accordance with GDPR, in particular on the basis of standard contractual clauses approved by the European Commission.

VI. Your Rights

Under the conditions set out in the GDPR, you have:

the right of access to your personal data pursuant to Art. 15 GDPR,
the right to rectification of personal data pursuant to Art. 16 GDPR, or restriction of processing pursuant to Art. 18 GDPR,
the right to erasure of personal data pursuant to Art. 17 GDPR,
the right to object to processing pursuant to Art. 21 GDPR,
the right to data portability pursuant to Art. 20 GDPR,
the right to withdraw consent to processing in writing or electronically to the address or email of the controller specified in Section I of these terms.

You also have the right to lodge a complaint with the Office for Personal Data Protection (uoou.cz) if you believe that your right to personal data protection has been violated.

VII. Personal Data Security

The controller declares that it has taken all appropriate technical and organisational measures to secure personal data.

The controller has implemented technical measures to secure data storage systems and paper-based personal data storage, including antivirus software, secure passwords, encrypted communications (HTTPS), and secured backups.

The controller declares that only authorised persons have access to personal data.

VIII. Final Provisions

By submitting an enquiry via the contact form, you confirm that you have read and fully accept these personal data protection terms.

The controller is entitled to amend these terms. The new version of the privacy policy will be published on the controller's website, or the controller may send the new version to the email address you have provided.

These terms take effect on May 17, 2026.