Privacy policy

1. Introduction and controller

This document explains how BARK AND FRAME s.r.o. collects, uses, stores and protects personal data obtained in the operation of our eshop and in the provision of our services. The data controller is:

BARK AND FRAME s.r.o.

Company ID (IČO): 23808926

Registered office: Příčná 1892/4, Nové Město, 110 00 Prague 1

A company incorporated and existing under the laws of the Czech Republic, registered in the Commercial Register under file no.: C 432302 maintained by the Municipal Court in Prague

Email: customercare@barkandframe.com

2. Contact person for data protection

If you have any questions regarding the processing of personal data, please contact us by email: customercare@barkandframe.com.

3. What data we process

We process the following categories of personal data:

  • Identification data: name and surname, residential/delivery address.
  • Contact data: email, telephone number.
  • Payment data: data necessary to process payments (e.g. bank account/IBAN; for payment cards we process only partial card data; complete card data is processed by the payment gateway).
  • Order data: information about ordered items, delivery address, purchase history.
  • Data obtained from communication with the customer: emails, complaint records, customer support correspondence.
  • Data for marketing and analytics: consents to receive marketing communications.
  • Files and photos uploaded by the customer (photos of animals and other materials) necessary for the production of personalized products.

4. Purposes of processing and legal bases

We process personal data for the following purposes and on the following legal bases:

A) Consent of the data subject
(Art. 6(1)(a) GDPR)

Processing of marketing communications (newsletter, personalized marketing) is carried out on the basis of consent where the user has given consent.

Processing of photos for marketing purposes (if the customer has given a specific consent at the time of order).

B) Performance of a contract
(Art. 6(1)(b) GDPR)

Processing of data for order processing, delivery of goods, issuing tax documents and providing complaint handling services.

C) Compliance with a legal obligation
(Art. 6(1)(c) GDPR)

Retention of accounting and tax documents for the period prescribed by law.

D) Legitimate interest of the controller
(Art. 6(1)(f) GDPR)

  • Protection against fraud and misuse of our services.
  • Ensuring the security and proper functioning of our e-shop.
  • Direct marketing towards existing customers (to the extent permitted by applicable law), limited to similar products and services. Customers may object to such processing at any time, free of charge, including via an unsubscribe link in each communication.

5. Recipients and processors of data (data sharing)

We may share your personal data with the following categories of recipients:

Providers of payment services and payment gateways.

  • Personal data category: payment data

Carriers and logistics companies handling delivery.

  • Personal data category: name and surname, delivery address, contact details (phone number, e-mail)

Subcontractors performing production (printers, manufacturers), to whom we provide photos and specifications for the purpose of manufacturing the product.

  • Personal data category: Files and photos uploaded by the customer

Public authorities where required by law (e.g. tax authorities, courts).

Legal and other advisors where necessary to defend rights or enforce claims. Note: Payment card data is often processed directly by the payment gateway provider; we usually do not store full payment card details.

6. Retention periods

We retain personal data for as long as necessary for the purposes for which they are processed. Specific retention periods are as follows:

  • Data relating to contracts and accounting: for 10 years.
  • Data relating to complaints: for 3 years from the settlement of the complaint.
  • Marketing data and consents: for as long as the consent has been granted, or until the data subject withdraws it, generally for 3 years.

Data from customer communication (e-mails, correspondence): for 3 years from the last communication.

  • Customer-uploaded files (photos and other materials): only for the time necessary to produce and deliver the product and are typically deleted within 90 days after order completion, unless further retention is required (e.g. for complaint handling or based on consent for marketing use).

7. International data transfers

Some of our service providers (e.g. analytics or marketing tools) may be located outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place, in particular standard contractual clauses approved by the European Commission (Art. 46 GDPR). For more information about the safeguards applied, please contact us at customercare@barkandframe.com.

8. Rights of data subjects

You have the following rights against the controller:

  • Right of access: to request confirmation whether we process your data and to obtain a copy of the processed data.
  • Right to rectification: to request correction of inaccurate or completion of incomplete data.
  • Right to erasure (“right to be forgotten”).
  • Right to restriction of processing in certain cases.
  • Right to data portability, where processing is based on consent or performance of a contract and processing is carried out by automated means.
  • Right to object to processing based on legitimate interest.
  • Right to withdraw consent at any time (withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal).
  • Right to lodge a complaint with the Office for Personal Data Protection (www.uoou.cz).
  • Right to information on automated decision-making: We do not carry out automated decision-making or profiling within the meaning of Art. 22 GDPR that would produce legal effects or similarly significantly affect you.

To exercise your rights, contact us by email: customercare@barkandframe.com. After receiving a request, we will verify the identity of the requester and respond without undue delay, no later than one month (extended by up to two further months in complex cases).

9. Data security

We protect your data using technical and organizational measures: encrypted transmission (HTTPS), access control, data backups, contracts with processors, regular updates and internal security policies. Nevertheless, it is also necessary that customers follow basic safe usage rules (e.g. do not share login credentials).

10. Changes to the policy

We may update this policy from time to time (e.g. due to changes in services or legislation). We will inform you of material changes on the website or by email. The current wording is always available on the website.

11. Contacts

If you have questions about the processing of personal data or wish to exercise your rights, contact us by email: customercare@barkandframe.com.

These Privacy Policy is effective from 1st of June 2026.