Information on the processing of personal data LACLEVER s.r.o. 

This Personal Data Processing Information of LaClever s.r.o. (hereinafter referred to as "GDPR Information") governs, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "GDPR Regulation"), and Act No. 110/2019 Coll., on the Processing of Personal Data, as amended (hereinafter referred to as the "Personal Data Processing Act"), the conditions for processing the personal data of individuals who purchase goods from the Seller through the Website or by other means: 

1. Definitions
1.1. For the purposes of the GDPR Regulation and the Personal Data Processing Act:
1.1.1. "Personal Data" means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (name, identification number, online identifier) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

1.1.2. "Controller" means any entity which determines the purposes and means of the processing of personal data, carries out the processing and is responsible for it; in this case, the Controller is the company LACLEVER s.r.o., with its registered office at Příkop 843/4, Zábrdovice, 602 00 Brno, ID No.: 264 57 539, registered in the Commercial Register maintained by the Regional Court in Brno under file No. C 143706;

1.1.3. "Processor" means an entity hired by the Controller to perform

processing operations with personal data for the Controller, i.e., to process personal data for the Controller based on the Controller's instructions; the Controller is under no obligation to hire a Processor, i.e., a Processor is not a mandatory element of processing;

1.1.4. "Processing of personal data" means any operation or set of operations     which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.2. The following terms shall have the following meanings within these GDPR Information:
1.2.1. "Cookies" means cookies and other similar technologies (such as pixel tags, web beacons, or device identifiers) that may automatically collect data when the Website is visited;
1.2.2. "Supervisory Authority" means the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Prague 7, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it., https://www.uoou.cz/;
1.2.3. "Buyer" or "Data Subject" means a natural person who provides their Personal Data to the Seller when purchasing goods through the Website or by other means, or any other natural person whose Personal Data is provided to the Seller in this connection;

1.2.4. "Personal Data" means the data specified in Article 3.1 of this GDPR Information, which the Buyer provided when purchasing goods through the Website or by other means;

1.2.5. "Seller" means the company Laclever  s.r.o., with its registered office at Příkop 843/4, Zábrdovice, 602 00 Brno, ID No.: 264 57 539, registered in the Commercial Register maintained by the Regional Court in Brno under file No. C 143706, which, in the position of a seller, sells goods through the Website or by other means;
1.2.6. "Contract" means the purchase contract concluded between a specific Buyer and the Seller through the Website;
1.2.7. "Contracting Parties" means the Seller and the Buyer;
1.2.8. "Website" means the Provider's website available at www.smartdentist.cz;

2. General Information
2.1. The Controller manages Personal Data for the purpose of providing and potentially improving its services, i.e., in particular for fulfilling the purposes of the Contract, and further for the purpose of exercising its rights in relation to the Buyer, or for the purpose of providing cooperation to public authorities in connection with ongoing investigations and other proceedings on their part. The processing of Personal Data is a necessary prerequisite for the fulfillment of obligations arising for the Controller from legal regulations, or for the purpose of protecting its legitimate interests.

2.2. The Controller is obliged to protect Personal Data and comply with the obligations arising from generally binding legal regulations concerning the protection of personal data, in particular, but not exclusively, the GDPR Regulation and the Personal Data Processing Act.

2.3. Any rights granted by legal regulations may be exercised, the fulfillment of obligations enforced, or any inquiries or requests raised in relation to the management or processing of Personal Data against the Controller at:
• delivery address: LACLEVER s.r.o., Křemencova 17, Praha 1
• e-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it.
• Data Box ID: hs8b5ip

2.4. The Controller is not obliged to appoint, and has not appointed, a Data Protection Officer.

3. Personal Data
3.1. Personal Data of Buyers means, in particular:
3.1.1. first name and surname;
3.1.2. e-mail address;
3.1.3. date of birth;
3.1.4. permanent residence address or billing address;
3.1.5. telephone number;
3.1.6. payment details;
3.1.7. IP address.

3.2. The Controller processes exclusively such personal data that the Buyer provides through the Website or by other means related to the purchase of the Seller's goods. Should the Buyer provides the Controller with Personal Data of third parties, they are entitled to do so only if such third party has consented to the provision for this purpose.

4. Transfer of Personal Data to Third Parties
4.1. The Controller is entitled to transfer the Buyer's Personal Data to third parties if such transfer is necessary for the fulfillment of any of the purposes of processing Personal Data within the meaning of Article 2.1 of the GDPR Information.

4.2. Personal Data are not transferred to any third country or outside the EU/EEA, unless expressly agreed otherwise between the Contracting Parties.

5. Automated Processing and Profiling
5.1. Within the processing of Personal Data, no operations are carried out that would be based solely on automated processing, including profiling, within the meaning of Article 22 of the GDPR Regulation.

5.2. Should the Controller decide to use automated processing functions or specifically profiling—which is understood as a form of automated processing of Personal Data used to predict the future behavior, interests, or business intentions of Buyers based on their previous behavior and actions within specific internet platforms—it may do so only if this form of Personal Data processing is a necessary prerequisite for the performance of a contract or based on the express consent of the Buyer. 

6. Information on the Rights of Buyers
6.1. In connection with the provision of Personal Data to the Controller, the Buyer is entitled in particular:
6.1.1. to request from the Controller access to Personal Data concerning their person and related information, specifically for what purpose, to what extent, for how long they will be stored, from what source they were obtained, and whether the processing of Personal Data involves automated processing, including potential profiling;
6.1.2. to request from the Controller the restriction of processing of Personal Data, their potential rectification or erasure, and also to object to further processing addressed to the Controller;

6.1.3. the right to withdraw consent to the processing of Personal Data, if such consent was granted by the Data Subject;
6.1.4. to request the provision of their Personal Data (in the most structured and comprehensive form possible) for the purpose of transferring it to another personal data controller;
6.1.5. to lodge a complaint with the Supervisory Authority.

7. Personal Data Retention Period
7.1. The Controller retains Personal Data for the period necessary to fulfill the purpose of processing Personal Data, but at least for the duration of the Contract, or for the period necessary to fulfill archiving obligations under applicable legal regulations, but no longer than 10 years from the termination of the purchase contract. Simultaneously, the Controller processes and/or retains Personal Data that it is obliged to process and/or retain for reasons arising from the law or from a decision of a public authority, for the period specified by the relevant legal regulations or the relevant decision of the public authority.

7.2. After the expiry of the specified processing and/or retention period, the Controller shall erase the Buyer's personal data without undue delay.

8. Right to Erasure (“Right to be Forgotten”)
8.1. Pursuant to Article 18(1) of the GDPR Regulation, the Controller shall erase all Personal Data of the Buyer it manages in the event that:
8.1.1. the Personal Data are no longer necessary in relation to the purpose of processing Personal Data for which they were collected or otherwise processed (see Article 2.1 of this GDPR Information);
8.1.2. the Buyer withdraws the consent on which the processing was based, and there is no other legal ground for the processing of Personal Data;
8.1.3. the Buyer objects to the processing pursuant to the GDPR Regulation, the Personal Data Processing Act, and other related legal regulations, and there are no overriding legitimate grounds for the processing;

8.1.4. the Personal Data have been unlawfully processed; or
8.1.5. the Controller is required to do so by a relevant legal regulation.

8.2. Pursuant to Article 18(3) of the GDPR Regulation, the Controller shall not erase the Buyer's Personal Data if the processing is necessary:

8.2.1. for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
8.2.2. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR Regulation; or
8.2.3. for the establishment, exercise or defence of legal claims.

9. Right to Object to Processing
9.1. In cases where the Controller does not legitimately demonstrate the existence of a legal ground for the processing of Personal Data, the Buyer may object for the purpose of terminating the processing of their Personal Data, in which case the Controller is obliged to cease such processing without undue delay.

9.2. The Buyer has the right to object at any time in the event that the Controller uses their Personal Data for direct marketing purposes (including profiling), unless such use is based on the Buyer's consent.

10. Right of Access to Information (Portability)
10.1. The Buyer is entitled to request from the Controller a summary of their Personal Data processed on the basis of this GDPR Information, in a structured, machine-readable format, and at the same time to request the Controller to transfer such structured Personal Data to another person.

11. Newsletter
11.1. In the event that the Buyer has granted consent, the Controller may process Personal Data, in particular the e-mail address, for the purpose of sending commercial communications.
11.2. The Buyer has the option to terminate the sending of commercial communications at any time, either by sending an e-mail to the Controller's address or by clicking on the relevant link included in each commercial communication.

12. Cookies
12.1. When the Buyer visits the Website, Cookies are processed automatically. The Controller uses Cookies primarily for the purpose of obtaining information on how the Website is used by Buyers, as well as for personalizing advertisements and analyzing Website traffic.

12.2. The Buyer is entitled to reject Cookies in their internet browser settings or to set the use of only some of them. However, if the use of Cookies is not permitted on the Website, some functions may not work, or may not work to their full extent. The Buyer can also influence the processing of Cookies by using the anonymous browsing feature within their chosen internet browser.

12.3. Cookie settings, where the use of Cookies can be rejected or disabled, can be found by the Buyer in the Website bar under the "Cookie Settings" icon.

13. Final Provisions
13.1. The Controller is committed to the fully transparent and legitimate processing of Buyers' Personal Data. In the event that the Buyer does not find this GDPR Information sufficiently clear, they may contact the Controller directly at their e-mail address.

13.2. Any personal data breach shall be reported by the Controller to the Supervisory Authority without undue delay and, where feasible, not later than seventy-two (72) hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

13.3. In the event of a personal data breach that is likely to result in a high risk to the rights and freedoms of natural persons, the Controller shall inform the Data Subject without undue delay.

14. Amendment of the GDPR Information
14.1. The Controller reserves the right (in particular, but not exclusively, in connection with a change in legal regulations, in the interest of improving services, or due to a change in market conditions) to unilaterally amend this GDPR Information to a reasonable extent. In such a case, the Controller shall publish the new wording of the GDPR information on the Website, always at least fifteen (15) days before the new wording becomes effective.

15. Effectiveness
15.1. This GDPR Information shall enter into force and effect on 23.01.2026.