Privacy policy

Quick links:
Terms of Service: Terms of Service
Shipping Policy: Shipping Policy
Refund Policy: Refund Policy

1) Short summary (not a substitute for the full policy)

Who we are: Posedla s.r.o. is the controller of personal data for customers and site visitors. For data-privacy enquiries contact gdpr@posedla.cz. For general queries use hello@posedla.com.

What we do with data: we collect the information needed to sell, make, deliver and support Joyseat and other products (including Smiling Butt Kit / SBK data used to manufacture a custom saddle). Production data and SBK outputs are stored only as necessary to manufacture and support your product.

Your rights: access, rectification, erasure, restriction, objection, portability and complaint to the supervisory authority. See section 8 for more detail.

We do not use automated decision making with legal or similarly significant effects. Our products and services are not intended for children under 16.

2) Who looks after and processes my personal data?

Controller:
Posedla s.r.o.
Národní 486, 407 47 Varnsdorf, Czech Republic
ID No.: 09648887

Correspondence & delivery address:
Pražská 2951, 407 47 Varnsdorf, Czech Republic

Contacts:
Data-privacy enquiries: gdpr@posedla.cz
General enquiries: hello@posedla.com

We are not required to appoint a Data Protection Officer under GDPR.

“Personal data” means any information relating to an identified or identifiable natural person (for example name, email, phone number, order details, location data, online identifiers or product-specific biometric inputs).

3) Which personal data we collect and why

We collect different kinds of data depending on how you interact with us. Below are the main categories and why we need them.

A — Data for ordering, payment and shipping

Examples: name, billing & shipping address, email, phone, payment details (tokenised by payment provider), order history.

Purpose: to process orders, accept payments, arrange shipping, issue invoices and handle returns/complaints.

Legal basis: contract performance and our legitimate interest in fraud prevention and order fulfilment.

B — Data for manufacturing your custom Joyseat (SBK / production data)

Examples: SBK photos and measurement outputs, configurator selections, production instructions, any professional inputs (bike-fit data, pressure mapping, CT scans if provided), and optional Ultra-Customization inputs.

Purpose: to design and manufacture your bespoke Joyseat and to provide fit support after delivery. Production data and SBK outputs are stored only as necessary to manufacture and support your product.

Legal basis: contract performance (we need this data to manufacture the item) and legitimate interest for post-sale support and product improvement where necessary.

C — Warranty, complaints and return handling

Examples: photos of defects, communications about complaints, shipping & tracking for returns.

Purpose: to handle claims, inspections, warranties and refunds.

Legal basis: contract performance and compliance with legal obligations, plus our legitimate interest to maintain product quality.

D — Marketing & communications

Examples: email address and marketing preferences.

Purpose: to send product updates, offers and newsletters (only if you have consented). You can opt out at any time.

Legal basis: consent for marketing emails (where required) and our legitimate interest for non-intrusive direct marketing where allowed. We always respect unsubscribe requests.

E — Analytics, cookies & site function

Examples: cookies, IP address, device and usage data, analytics identifiers.

Purpose: site analytics, A/B testing, performance, fraud detection and improving the customer experience. See section 7 on cookies.

Legal basis: consent for non-essential cookies; legitimate interest for strictly necessary cookies.

4) Who we share personal data with

We only share personal data where needed to perform a contract, comply with law, or with your consent. Typical recipients include:

• Payment providers & finance partners (e.g., Shopify Payments, PayPal, Klarna) — to authorise and capture payments and handle refunds.
• Shipping carriers and customs agents — to arrange deliveries and prepare commercial invoices for cross-border shipments.
• Service providers such as IT hosts, CRM systems, email providers, analytics and other processors working on our behalf.
• Professional service providers — legal advisors, accountants and auditors when necessary.
• Public authorities — where required by law (e.g., tax authorities or courts).

We put contracts in place with our processors and require that they process data only for the purposes we allow and with appropriate safeguards.

5) Cross-border transfers

When we (or our processors) transfer personal data outside the EEA (for example to the US for some analytics or payment processors), we ensure appropriate safeguards are in place — for example, Standard Contractual Clauses or transfers to entities that provide adequate protection. If you need details about a particular recipient or the safeguards we use, please contact gdpr@posedla.cz.

6) How long we keep your personal data

We keep personal data only as long as necessary for the relevant purpose. For example:

• Order & billing data: retained for the time required by accounting and tax rules (typically 5–10 years).
• SBK and production data: retained only while necessary to manufacture, support and service your product or to meet legal obligations.
• Warranty / complaints: retained for the duration of the warranty and for a reasonable period afterwards to process claims.
• Marketing & analytics: retained while you are subscribed or otherwise per consent and our retention rules, with analytics data stored in aggregated or pseudonymised form where possible.
• User accounts: typically deleted about 3 years after cancellation or prolonged inactivity.

If you request deletion (see section 8), we will delete or anonymise your data except where retention is required by law or a legitimate business need (for example unpaid invoices or mandatory tax records).

7) Cookies & similar technologies

We use cookies and similar technologies on our website:

• Essential cookies: required for the site and checkout to work (cart, authentication, payment flows). These are strictly necessary and do not require consent.
• Functional cookies: remember preferences and provide a better user experience.
• Analytics & advertising cookies: used for site statistics and marketing (e.g., Google Analytics, advertising platforms). These require consent.

We provide a cookie banner and a granular settings panel on the website where you can accept or refuse non-essential cookies.

8) Your rights

Under applicable law (including GDPR), you may have the following rights in relation to your personal data:

• Access – receive a copy of personal data we hold about you.
• Rectification – request correction of inaccurate or incomplete data.
• Erasure – ask us to delete your personal data (subject to legal exceptions).
• Restriction – ask us to stop or limit processing in certain circumstances.
• Object – object to processing based on our legitimate interests or to direct marketing.
• Portability – request a machine-readable copy of your data for transfer to another controller.
• Withdraw consent – where processing is based on consent, you may withdraw it at any time.
• Lodge a complaint – to the Czech supervisory authority (Office for Personal Data Protection) or your local data protection authority.

To exercise your rights, contact us at gdpr@posedla.cz. We will inform you how we will handle your request and may ask for proof of identity for security reasons.

9) Automated decisions & profiling

We do not use automated decision-making that has legal or similarly significant effects on customers (no credit scoring or profiling that would determine order acceptance). We may use analytics and segmentation to improve the customer experience; when such processing is significant, we will rely on appropriate legal bases and inform you.

10) Security

We use technical and organisational security measures to protect personal data (encryption, access controls, secure hosting, contractually bound processors). No system is completely secure — in the event of a data breach that is likely to result in high risk to your rights, we will notify affected individuals and the supervisory authority in accordance with applicable law.

11) Children

Our services are not intended for children under the age of 16. If we learn that we have collected personal data from a child under the applicable age without appropriate consent, we will delete that data.

12) Changes to this policy

We may update this Privacy Policy from time to time. Substantial changes will be posted with a new “last updated” date and, where required by law, we will obtain consent for material changes.

13) Contact and supervisory authority

Data-privacy contact: gdpr@posedla.cz
General enquiries: hello@posedla.com

If you are not satisfied with our response, you have the right to file a complaint with the Office for Personal Data Protection (Czech Republic) or the supervisory authority in your country.