Privacy policy

Privacy Policy (GDPR)

for the Luxury Humidors e‑shop (www.luxuryhumidors.eu)

Last updated: 22 Feb 2026

1. Controller and contact

Data controller:

· Cigars s.r.o.

· Registered office: Sadová 535, Dobšice, 671 82, Czech Republic

· Company ID: 10710710, VAT ID: CZ10710710

· GDPR/contact e‑mail: info@luxuryhumidors.eu

Data Protection Officer (DPO): We have not appointed a DPO as we are not legally required to do so.

To exercise your rights, please contact us using the e‑mail above.

2. When this policy applies

This policy applies to the processing of personal data when you use www.luxuryhumidors.eu, place and fulfil orders, communicate with us, and when cookies and similar technologies are used.

3. Personal data we process

We process the following categories of personal data (depending on how you use the website):

· Identification and contact details: name, e‑mail, phone number, billing and delivery address.

· Order and transaction data: ordered products, price, order date, order status, purchase history, returns and complaints.

· Payment data: payment information and confirmations (we typically do not process card numbers directly; payment providers do).

· Customer account data (if you create an account): login details and account settings.

· Communications: content of messages and customer support requests.

· Technical and online identifiers: IP address, device/browser identifiers, cookies and similar identifiers.

· Website usage data: information about how you navigate the website (e.g., pages visited, traffic sources, events).

4. Sources of data

We obtain personal data:

· Directly from you (orders, account registration, communications, newsletter sign‑up).

· Automatically when you use the website (cookies and similar technologies).

· From service providers supporting our e‑shop (Shopify and apps, payments, shipping, analytics and advertising).

5. Purposes and legal bases

We process personal data for the following purposes:

A) Performance of a contract (Art. 6(1)(b) GDPR)

· processing orders, delivery, returns and complaints

· order‑related communications (confirmation, status updates, delivery)

· setting up and managing a customer account (if applicable)

B) Compliance with legal obligations (Art. 6(1)(c) GDPR)

· accounting and tax obligations (invoices, records)

· handling statutory consumer rights

C) Legitimate interests (Art. 6(1)(f) GDPR)

· website and IT security, fraud and abuse prevention

· basic statistics and improvement of the e‑shop (to the extent consent for cookies is not required)

· establishing, exercising or defending legal claims and dispute resolution

D) Consent (Art. 6(1)(a) GDPR)

· sending marketing e‑mails (Shopify Email) where you have given consent; you can withdraw at any time via the unsubscribe link

· analytics and marketing cookies/technologies for measurement and ad targeting (e.g., Google Analytics 4, Google Ads, Meta Pixel) – only after you give consent via the cookie banner

6. Recipients

We share personal data only as necessary, mainly with the following categories of recipients:

· Shopify (e‑commerce platform and hosting) and any Shopify apps (processors).

· Payment providers (e.g., Shopify Payments and checkout methods) to process payments.

· Carriers and logistics partners for EU deliveries (e.g., Česká pošta and cooperating carriers depending on the destination country).

· Marketing e‑mail tool (Shopify Email).

· Analytics and advertising providers (e.g., Google Analytics 4, Google Ads, Meta) – only in line with your consent settings.

· IT and security providers (operations, backups, security).

· Public authorities where required by law.

Shopify note: certain enhanced Shopify features may mean Shopify processes some data as an independent controller (e.g., to improve its services). See Shopify’s privacy information at privacy.shopify.com.

7. Transfers outside the EU/EEA

Because we use global providers (especially Shopify and analytics/advertising platforms), some data may be transferred outside the European Economic Area. Where this happens, we rely on recognised transfer mechanisms, in particular Standard Contractual Clauses (SCC), or other mechanisms permitted by applicable law.

8. Retention periods

We keep personal data only for as long as necessary for the relevant purpose and to comply with legal obligations. Typically:

· Orders, invoices and accounting records: typically 10 years (tax/accounting requirements).

· Customer support communications: typically 3 years after completion (or longer if a dispute exists).

· Complaints/returns documentation: during the exercise of rights and then for limitation periods (typically 3–4 years).

· Customer account: for as long as the account exists; after deletion, we delete/restrict data unless we need it for legal reasons.

· Marketing e‑mails (Shopify Email): until consent is withdrawn or the purpose ends (e.g., long‑term inactivity).

· Technical and security logs: usually weeks to months (typically up to 6 months).

9. Cookies and similar technologies

We use cookies and similar technologies. Necessary cookies are required for the e‑shop to function. Analytics and marketing cookies (e.g., GA4, Google Ads, Meta Pixel) are used only after you provide consent via the cookie banner. You can change or withdraw your consent at any time in the cookie settings.

We use Shopify’s built‑in consent tool (Shopify Customer Privacy). It controls which cookie categories are enabled.

10. Your rights

Under the GDPR, you have the following rights in particular:

· Right of access (information and a copy).

· Right to rectification.

· Right to erasure (where conditions are met).

· Right to restriction of processing.

· Right to object to processing based on legitimate interests.

· Right to data portability (as provided by law).

· Right to withdraw consent at any time (withdrawal does not affect processing before it).

To exercise your rights, contact us at info@luxuryhumidors.eu. To protect your data, we may request identity verification.

11. Complaints and supervisory authority

If you believe the processing of your personal data is not compliant, please contact us first. You also have the right to lodge a complaint with the supervisory authority in the country of your habitual residence.

For the Czech Republic: Úřad pro ochranu osobních údajů (ÚOOÚ), www.uoou.cz.