CORDOGY® Privacy Policy (Personal Data Protection Policy)

CORDOGY® Privacy Policy

At CORDOGY®, we take the protection of your personal data very seriously. This Privacy Policy explains how we collect, use, and protect your information in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

1. Data Controller

Company: TEODORO GROUP S.R.O.
Registered office: Tržiště 372/1, Malá Strana, 118 00 Prague 1
Company ID: 23569727
VAT: CZ23569727
Contact email (GDPR): privacy@cordogy.com
Data Protection Officer: Not appointed

2. What Data We Collect and When

We collect different categories of personal data depending on how you interact with us:

A. When Making a Purchase (Order Processing)

  • Categories: Name, delivery address, billing address, email, phone, order details (Products, price).
  • Legal Basis: Contract performance (Art. 6(1)(b) GDPR).
  • Purpose: Processing and delivery of orders, communication regarding order status.

B. When Registering an Account

  • Categories: Name, email, encrypted password, purchase history.
  • Legal Basis: Contract performance / Legitimate interest.
  • Purpose: Account management and personalization of shopping experience.

C. For Marketing (Newsletters)

  • Categories: Email address.
  • Legal Basis: Consent (Art. 6(1)(a) GDPR).
  • Purpose: To send newsletters, updates, and offers.

D. When Using AI Tools (CORDOGY® DECODE)

  • Categories: Data entered into tools (skin type, anti-aging preferences, ingredient inquiries).
  • Legal Basis: Consent / Legitimate interest.
  • Purpose: To provide personalized routines or ingredient explanations. Data are not stored long-term unless explicit consent for saving is provided.

E. Technical and Analytical Data

  • Categories: IP address, browser/device info, site preferences, behavior (clicks, pages viewed).
  • Legal Basis: Legitimate interest (analytics, fraud prevention).
  • Purpose: Improve site performance, analyze traffic, evaluate marketing.

3. Data Retention

Your personal data are stored only for as long as necessary to fulfill the intended purpose and comply with legal obligations.

  • Purchase Data: Retained for contract fulfillment and 4 years after completion for potential disputes or accounting duties.
  • Account Data: Retained until the customer deletes their account.
  • Marketing Consent: Retained until consent is withdrawn.

4. Data Sharing and Processors

We do not sell or share your data with unauthorized third parties. Data may be shared only in the following cases:

  • Carriers and Logistics: For order delivery (e.g., FedEx, UPS, PPL).
  • Payment Gateways: For secure payments (e.g., banks, card providers, PayPal).
  • IT Service Providers: For maintenance, hosting, and analytics (e.g., Google Analytics).
  • Generative AI (CORDOGY® DECODE): Data processed through Gemini API. Protected and not used for model training unless otherwise stated.

Transfers outside the EEA occur only under GDPR-approved conditions (e.g., EU Standard Contractual Clauses).

5. Your Rights as a Data Subject

You can exercise these rights by contacting us at privacy@cordogy.com:

  • Access: Confirm and access your data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion if the purpose no longer applies or consent is withdrawn.
  • Restriction: Limit data processing in certain cases.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interest.
  • Withdraw Consent: Withdraw at any time without affecting prior lawful processing.
  • Complaint: File with the Czech Data Protection Authority (ÚOOÚ).

6. Data Security

CORDOGY® applies industry-standard security measures such as SSL/TLS encryption for data transmission and regular system updates to protect your data from unauthorized access, loss, or destruction.