Privacy policy

The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”) is NextForce, a.s., Company ID: 28855523, with its registered office at Pardubická 528, 537 01 Chrudim, registered in the Commercial Register maintained by the Regional Court in Hradec Králové under file no. B 3121 (hereinafter the “controller”).

The controller’s contact details for the www.uxitol.cz website are:

• Address: Pardubická 528, 537 01 Chrudim,
• Email: objednavky@uxitol.cz.

The controller processes the personal data you have provided in order to fulfil your order on the www.uxitol.cz website.

The controller processes your identification and contact data (first name, surname, delivery and billing address, telephone number, email) and data necessary for the performance of the contract (order history, payment data).

The legal basis for the processing of personal data is:

• the performance of the contract between you and the controller pursuant to Article 6(1)(b) of the GDPR,
• compliance with the controller’s legal obligations (in particular accounting and tax regulations) pursuant to Article 6(1)(c) of the GDPR,
• the controller’s legitimate interest in providing direct marketing (in particular for sending commercial communications to existing customers) pursuant to Article 6(1)(f) of the GDPR; we rely on the legitimate interest for customers who have placed an order with the controller within the last 2 years,
• your consent to processing for the purpose of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(a) of the GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services, if you opt in to receive news during checkout; this processing includes simple segmentation (selecting suitable offers based on previous dermocosmetic orders and identified preferences).

The purpose of processing personal data is:

• handling your order and exercising the rights and obligations arising from the contractual relationship between you and the controller; without the provision of personal data it is not possible to complete the dermocosmetic order or perform the contract,
• sending commercial communications (information about news in dermocosmetics, promotions and discounts) and carrying out simple segmentation in order to offer relevant products; you can unsubscribe from commercial communications at any time by clicking the link in the footer of every email.

We retain your personal data only for the period strictly necessary to fulfil the purpose for which they were collected.

We retain personal data processed for the performance of the contract for the period necessary to exercise the rights and obligations arising from the contractual relationship and to assert claims arising from it (usually for the duration of statutory limitation periods, no longer than 5 years after its termination). We retain accounting and tax documents for 10 years from the end of the relevant tax period in accordance with law.

If you have given us voluntary consent to the processing of personal data for marketing purposes (newsletter subscription), we retain such data for the duration of that consent, i.e. until it is withdrawn.

After the retention period has elapsed, your personal data will be securely and irretrievably deleted or destroyed.

We provide your personal data to our employees and to vetted subcontractors solely for the purpose of fulfilling obligations arising from the contract, ensuring the operation of the e-shop and marketing.

We transfer your personal data to the following categories of recipients:

• persons involved in the delivery of goods (e.g. transport and shipping companies arranging the delivery of dermocosmetics),
• persons involved in processing payments (payment gateway providers and banking institutions),
• persons providing the technical operation of the www.uxitol.cz e-shop and related cloud or IT services,
• the company providing accounting services and the accounting information system (Abra),
• persons providing marketing services, e-shop analytics and advertising personalisation (Meta Platforms, Google LLC),
• competent public authorities on the basis of a legal obligation or their justified request.

Cookies are text files containing a small amount of information that are downloaded to your device when you visit our website. Cookies are then sent back to the website that recognises them on each subsequent visit.

Cookies serve various purposes, for example they enable efficient navigation between web pages, remember your preferences and generally improve the user experience. They can also ensure that the ads displayed online are better tailored to you and your interests.

We use the following categories of cookies on our e-shop:

• necessary cookies: required for the technical operation of the website and the shopping cart; this category of cookies cannot be disabled and does not require consent,
• analytical/statistical cookies: allow us to measure traffic and track how visitors use the website; we set these files only with your prior consent,
• marketing cookies: used to track preferences and to display advertising that best matches your interests; we set these files only with your prior consent.

You can set or change your consent or refusal of individual types of cookies at any time via the cookie bar on our website. You can also refuse cookies in the settings of your internet browser.

Further information on managing cookies in individual browsers can be found at the following links:

• Internet Explorer – https://support.microsoft.com/cs-cz/help/17442/windows-internet-explorer-delete-manage-cookies
• Google Chrome – https://support.google.com/chrome/answer/95647
• Firefox – https://support.mozilla.org/cs/kb/povoleni-zakazani-cookies
• Safari – https://support.apple.com/cs-cz/guide/safari/sfri11471/mac
• Opera – https://help.opera.com/cs/latest/security-and-privacy/
• Microsoft Edge – https://docs.microsoft.com/cs-cz/sccm/compliance/deploy-use/browser-profiles

Right of access: under Article 15 of the GDPR you have the right to obtain information about what personal data we process about you and to receive a copy of such data.

Right to rectification: you have the right to have the controller, without undue delay, correct inaccurate personal data or complete incomplete personal data concerning you.

Right to erasure (the “right to be forgotten”): you have the right to request the deletion of your data if the purpose of their processing has ceased, you have withdrawn your consent, or the controller processes the data unlawfully. The right does not apply to data we must retain by law.

Right to restriction of processing: you have the right to require the controller to restrict the processing (e.g. for the period during which we verify the accuracy of the data following your objection).

Right to data portability: you have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another controller.

Right to object: you have the right at any time to object to processing carried out on the basis of the controller’s legitimate interest. If you object to marketing, we will immediately cease processing your data for those purposes.

You can exercise your rights through our Data Protection Officer at dpo@nextforce.cz, +420 736 612 171.

Automated decision-making: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you. We assure you that we do not carry out such automated decision-making.

Right to lodge a complaint: you have the right to lodge a complaint with the Office for Personal Data Protection (Pplk. Sochora 27, 170 00 Praha 7, www.uoou.cz) if you believe that the processing of your personal data has infringed the GDPR.

The controller declares that it has adopted all appropriate technical and organisational measures to secure personal data with regard to the risks associated with their processing.

The controller has taken technical measures to secure data storage (encryption of data transmission via SSL certificates, securing access passwords to systems) and the storage of personal data in paper form (lockable premises).

The controller declares that only persons authorised and trained by it have access to personal data.

By submitting an order through the online order form on the www.uxitol.cz website you confirm that you have read these privacy policy terms.

By ticking the optional checkbox in the order form you give your voluntary consent to receive newsletters and marketing communications under the conditions set out in Article 3 of these principles.

The controller is entitled to amend these terms where necessary (e.g. due to changes in legislation or website functionality). The new wording of the privacy policy will be published on the controller’s website.

These terms become effective on 25 May 2026.