Welcome to Inès Store

Free shipping on orders over 250€

Free standard shipping and returns on all orders

Your cart

Your cart is empty

Continue shopping

Privacy policy

Effective date: 16 May 2026 | Last updated: 16 May 2026 | Version: 1.0

1. DATA CONTROLLER

The controller of your personal data is:

INES ATELIER s.r.o.
Školská 660/3, Nové Město, 110 00 Praha 1, Czech Republic
Company ID: 237 56 543
E-mail: info@ines.store
Website: ines.store

(hereinafter referred to as "the controller" or "we")

2. INTRODUCTION

The protection of your personal data is our priority. This Privacy Policy describes what personal data we collect, for what purposes we process it, to whom we disclose it, and what rights you have in this regard.

Processing is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, hereinafter "GDPR") and other applicable laws of the Czech Republic.

3. WHAT PERSONAL DATA WE PROCESS

3.1 Identification and contact data

  • First and last name

  • E-mail address

  • Phone number

  • Delivery and billing address

3.2 Login credentials

  • Username (e-mail address)

  • Encrypted password for the customer account

3.3 Payment data

  • Payment transactions are processed through Shopify Payments

  • We do not store card numbers or CVV codes on our servers — these are processed exclusively by the certified payment gateway provider

3.4 Technical and behavioural data

  • IP address

  • Browser type and version

  • Device and operating system information

  • Cookies and similar tracking technologies

  • On-site behaviour (viewed products, time spent on pages, click patterns)

4. PURPOSE AND LEGAL BASIS FOR PROCESSING

PURPOSE OF PROCESSING

DATA PROCESSED

LEGAL BASIS

Processing and fulfilment of orders

Identification, contact, payment, address data

Performance of a contract — Art. 6(1)(b) GDPR

Customer account management

Identification, login data

Performance of a contract — Art. 6(1)(b) GDPR

Customer support

Identification, contact data, order history

Performance of a contract / legitimate interest — Art. 6(1)(b) and (f) GDPR

Sending newsletters and marketing communications

E-mail address, name

Consent — Art. 6(1)(a) GDPR

Website analytics and improvement

Technical and behavioural data

Consent / legitimate interest — Art. 6(1)(a) and (f) GDPR

Advertising campaigns and performance measurement

Technical data, on-site behaviour

Consent — Art. 6(1)(a) GDPR

Compliance with legal obligations (accounting, taxes)

Identification, payment, billing data

Legal obligation — Art. 6(1)(c) GDPR

Security and fraud prevention

Technical data, IP address

Legitimate interest — Art. 6(1)(f) GDPR

5. RECIPIENTS OF PERSONAL DATA

We do not sell your personal data to third parties. We have entered into a data processing agreement in accordance with Art. 28 GDPR with all processors acting on our behalf. Personal data may be disclosed to the following categories of recipients to the extent necessary for the stated purposes:

5.1 E-commerce platform provider

Shopify International Limited
Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

The operator of the platform on which our online store runs. Shopify processes personal data in compliance with the GDPR and is certified under the EU-US Data Privacy Framework. More information: shopify.com/legal/privacy

5.2 Payment gateway provider

Shopify Payments
Payment data is transmitted solely for the purpose of securely completing payment transactions. Card numbers are not stored on our servers.

5.3 Analytics tools

Google Ireland Limited (Google Analytics)
Gordon House, Barrow Street, Dublin 4, Ireland

An analytics platform used to monitor website traffic and user behaviour. Data is anonymised and may be transferred to the USA (see section 6). More information: policies.google.com/privacy

5.4 Social networks and advertising platforms

Meta Platforms Ireland Limited (Facebook Pixel)
4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

A tool used to measure the effectiveness of advertising campaigns and for the targeting of advertisements. Data may be transferred to the USA (see section 6). More information: facebook.com/privacy/policy

5.5 Shipping and logistics companies

The following carriers handle the delivery of your orders, and receive your name, delivery address, and phone number:

  • PPL CZ s.r.o.

  • DPD CZ s.r.o.

5.6 Accounting and tax advisors

They process billing data for the purposes of bookkeeping and fulfilling tax obligations.

5.7 Public authorities

In cases required by law (e.g. financial administration bodies, courts, Czech Trade Inspection Authority).

6. TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES

Some of our technology partners (Shopify, Google, Meta) are based in or may process data in the United States of America, which is considered a third country outside the European Economic Area (EEA).

Such transfers take place exclusively on the basis of appropriate safeguards:

  • European Commission adequacy decision — the EU-US Data Privacy Framework (in effect since 10 July 2023), under which the above-mentioned partners are certified

  • Standard Contractual Clauses (SCC) approved by the European Commission

In the event that the relevant Commission decision ceases to be valid, we will ensure the transfer of personal data on the basis of Standard Contractual Clauses (SCC). This ensures an adequate level of protection for your personal data even when transferred outside the EEA.

7. RETENTION PERIODS

CATEGORY OF DATA

RETENTION PERIOD

Order and purchase contract data

10 years from the date of the transaction (Act No. 563/1991 Coll., on Accounting)

Tax documents and invoices

10 years (Act No. 235/2004 Coll., on Value Added Tax)

Customer account

For the duration of the account + 3 years from last activity

Newsletter / marketing consent

Until consent is withdrawn, then without undue delay

Customer support records

3 years from the resolution of the request

Analytics data (Google Analytics)

14 months (default GA4 setting)

Cookies

By type — see section 8

Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised.

8. COOKIES

8.1 What are cookies?

Cookies are small text files stored on your device when you visit our website. They serve to ensure the basic functionality of the online store, improve the user experience, and for statistical and marketing purposes.

8.2 Types of cookies we use

TYPE

PURPOSE

LEGAL BASIS

DURATION

Necessary (functional)

Ensure basic website functions — login, shopping cart, session security

Legitimate interest / necessity for the provision of the service (§ 89(3) of Act No. 127/2005 Coll.)

Session / up to 2 years

Analytical

Monitoring website traffic and user behaviour via Google Analytics

Consent

Up to 14 months

Marketing / advertising

Measuring advertising effectiveness and campaign targeting (Facebook Pixel)

Consent

Up to 90 days

8.3 Managing cookie consent

On your first visit to the website, we will display a cookie management banner where you can choose which types of cookies to allow. You may change or withdraw your consent at any time through the same banner.

Cookies can also be managed or blocked directly in your browser settings. Please note that disabling necessary cookies may affect the functionality of the website.

9. YOUR DATA PROTECTION RIGHTS

As a data subject, you have the following rights, which you may exercise free of charge — by e-mail at info@ines.store or in writing to the controller's registered address. Your request must include sufficient identification details to verify your identity.

9.1 Right of access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether we process your personal data and, if so, to request a copy of that data and information about its processing.

9.2 Right to rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate personal data or the completion of incomplete personal data.

9.3 Right to erasure – "right to be forgotten" (Art. 17 GDPR)

You have the right to request the erasure of your personal data, in particular where:

  • the data is no longer necessary for the original purpose of processing,

  • you withdraw your consent and there is no other legal basis for processing,

  • you raise a legitimate objection and there are no overriding grounds for processing.

This right does not apply where processing is necessary for compliance with a legal obligation or for the establishment, exercise, or defence of legal claims.

9.4 Right to restriction of processing (Art. 18 GDPR)

Under certain conditions (e.g. where the accuracy of data is contested or the processing is unlawful), you have the right to request a temporary restriction on the processing of your data.

9.5 Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller, where processing is based on consent or a contract and is carried out by automated means.

9.6 Right to object (Art. 21 GDPR)

You have the right to object at any time to the processing of your personal data carried out on the basis of legitimate interest, including profiling. An objection to processing for direct marketing purposes may be raised at any time and without giving reasons.

9.7 Right to withdraw consent

Where processing is based on your consent (e.g. newsletter, marketing cookies), you have the right to withdraw that consent at any time — for example by clicking the "unsubscribe" link in any marketing e-mail or through your cookie settings. Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.

9.8 Right to lodge a complaint with a supervisory authority

If you believe that the processing of your personal data violates the GDPR or other applicable legislation, you have the right to lodge a complaint with the competent supervisory authority:

Office for Personal Data Protection (ÚOOÚ)
Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
Tel.: +420 234 514 111
E-mail: posta@uoou.cz
Website: uoou.cz

10. SECURITY OF PERSONAL DATA

Your personal data is processed on the Shopify platform, which implements technical and organisational measures of the highest standard, including:

  • SSL/TLS encryption of all data communications

  • PCI DSS certification for secure processing of payment transactions

  • Encryption of data stored on servers

  • Regular security audits and penetration testing

  • Access controls and multi-factor authentication

Access to your personal data is restricted to authorised persons only, to the extent necessary for the performance of their duties, and subject to a confidentiality obligation.

11. AUTOMATED DECISION-MAKING AND PROFILING

We do not carry out automated decision-making or profiling that would have legal effects or that would otherwise significantly affect you within the meaning of Art. 22 GDPR.

12. CHANGES TO THIS POLICY

This Privacy Policy may be updated periodically in response to legislative changes or changes in our data processing practices. We will notify you of any material changes by e-mail or via a notice posted on our website. The current version is always available at ines.store/privacy-policy.

13. CONTACT DETAILS

If you have any questions regarding the processing of your personal data or wish to exercise your rights, please contact us:

INES ATELIER s.r.o.
Školská 660/3, Nové Město, 110 00 Praha 1, Czech Republic
E-mail: info@ines.store
Website: ines.store

We will respond to your request without undue delay, and at the latest within 30 days of receipt. In exceptionally complex cases, this period may be extended by a further 60 days, of which you will be informed no later than the expiry of the original 30-day period.

 

Easy Returns

Your exchange ships out as soon as you email us.

Free Shipping

For orders over 250€

Atelier Grade

Made with love, using high-quality premium materials