Privacy Policy

PRIVACY POLICY

This Privacy Policy (hereinafter referred to as the "Privacy Policy") explains how personal data is collected, used, and managed through the web portals https://store.icybear.io/ and https://icybear.io/ (collectively referred to as the “Web Portal”).

This statement on the processing of personal data is made in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter "GDPR").

Company Information:
Name: IcyBear Czech Republic s.r.o.
Company ID: 21129258
VAT ID: CZ21129258
Address: Zámostní 1155/27, Slezská Ostrava, 710 00 Ostrava, Czech Republic
Registered in the Commercial Register maintained by the Regional Court in Ostrava, Section C, File 96878

Contact Information:
Business Address: Zámostní 1155/27, Slezská Ostrava, 710 00 Ostrava
Phone: +420 739 294 204
Email: support@icybear.io
Web Portals: https://icybear.io, https://store.icybear.io/products
as the controller of personal data according to Article 4(7) of the GDPR (hereinafter referred to as the “Controller”).

Your privacy is a priority for us. We encourage you to read this Privacy Policy carefully, as it contains essential information about how your personal data is processed, along with your rights and obligations.

---

I. Processing of Personal Data Based on the Fulfillment of a Sales and Services Contract

1.1. Personal data means any information relating to an identified or identifiable living individual. This includes various types of information that, when combined, can identify a specific person.

1.2. An identifiable individual is a person who can be directly or indirectly identified, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to that person’s physical, physiological, genetic, mental, economic, cultural, or social identity.

1.3. In connection with the sale of goods and provision of services, the Controller processes personal data provided by the Customer in their Order.

For individuals:

• Full name, title
• Date of birth or personal identification number
• Permanent address
• Mailing address
• Phone number
• Email address
• Bank account number
• Other data necessary for fulfilling the Contract

For sole traders and legal entities:

• Name / Company name
• Company ID
• VAT ID
• Business / Registered address
• Operational address
• Phone number
• Email address
• Fax number
• Other data necessary for fulfilling the Contract

1.4. Under Article 6(1) of the GDPR, the processing of personal data is necessary for the performance of the Contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract. This includes order processing, invoicing, returns, or complaints.

1.5. The Controller also processes personal data to maintain records of contracts and to assert or defend potential future legal claims arising from the Contract.

1.6. Personal data is stored and processed for the above purposes for a period of 10 years from the date of the contract’s fulfillment, or the last partial performance. If legal obligations require retaining contractual documents longer, data may be stored in accordance with Article 6(1)(c) and (f) of the GDPR.

1.7. In case the Customer cancels their Order, personal data will be retained for a maximum of 2 years.

---

II. Processing of Personal Data for Marketing Purposes

2.1. Personal data may be further processed and stored in accordance with § 7(3) of Act No. 480/2004 Coll., on certain Information Society Services, as amended, for the purpose of sending newsletters or commercial messages to the Customer’s email or phone number, unless they opted out during order creation.

2.2. Customers can unsubscribe from marketing emails at any time via the unsubscribe link in the message or by contacting the Controller at support@icybear.io.

2.3. If the Customer does not unsubscribe, the Controller may retain their data for marketing purposes for a maximum of 10 years from their last Order.

---

III. Recipients of Personal Data

3.1. Besides the Controller, the following parties may receive personal data:

• Service and product delivery: ICYBEAR TECHNOLOGIES LTD, Reg. No. 15786799
• Payment processing: Stripe Payments Europe, Limited
• E-commerce platform services: Ecwid
• Marketing services: GO MARKETING & PR s.r.o.
• Email services: SmartEmailing, a.s.

3.3. The Controller processes personal data within the European Union. However, personal data may be transferred to third countries or international organizations. Recipients outside the EU include cybersecurity service providers:
Check Point Software Technologies Ltd., Fortinet, Inc., and Trend Micro Incorporated

3.4. The Controller has not appointed a Data Protection Officer.

3.5. For any questions about personal data, contact the Controller at support@icybear.io.

---

IV. Use of Cookies

4.1. Cookies are small text files stored on your device when you start using a website.

4.2. They help remember your preferences, navigate between pages, tailor ads to your interests, and collect anonymous analytics.

4.3. The Controller uses the following types of cookies on https://store.icybear.io/products, based on its legitimate interest under Article 6(1)(f) of the GDPR:

• Necessary cookies (required for website operation)
• Analytics cookies (e.g., site traffic)
• Advertising cookies (for ad personalization)

4.4. Consent for cookies may be given via the checkbox on the Web Portal. Users can later modify or reject cookies via their browser settings.

4.5. Information about cookies, including a current list, can be found in your browser, usually under “Developer Tools.” Cookie settings can be managed as follows:

• Google Chrome
• Brave
• Microsoft Edge
• Mozilla Firefox
• Opera
• Safari

4.6. Third-party recipients listed in Section III may also use cookies or access cookie-related data collected via the Web Portal.

---

V. Security of Personal Data

5.1. The Controller declares that it has implemented appropriate technical and organizational measures to secure electronically processed personal data.

5.2. The Controller also declares that it has secured physical storage systems and data in paper format.

5.3. Access to personal data is limited to authorized personnel of the Controller and authorized personnel of the recipients listed in Section III.

---

VI. Rights of Data Subjects

6.1. Customers have the right to unsubscribe from newsletters and marketing communications at any time.

6.2. Customers may request information about their personal data, access the data for updates or corrections, request a copy, or request processing restrictions.

6.3. In some cases, Customers may request data portability or deletion, provided this does not conflict with legal obligations or the legitimate interests of the Controller.

6.4. Customers may object to processing based on the Controller’s legitimate interest.

6.5. If a Customer believes their data is being handled in violation of the GDPR, they have the right to file a complaint with the Data Protection Authority or seek judicial protection.

---

VII. Final Provisions

7.1. By creating and submitting an Order, the Customer confirms they have read and agree to this Privacy Policy in full via the web form.

7.2. The Controller reserves the right to update this Privacy Policy. Updated versions will be published on the Web Portal and sent to the Customer’s email address provided during the order process.

---

This Privacy Policy takes effect on January 1, 2025.