Privacy policy

Last updated: March 4, 2026


This Privacy Policy explains how RattiShop (“we”, “us”, “our”) collects, uses, discloses, and otherwise processes personal data when you visit or use rattishop.com (the “Site”), make a purchase, or otherwise interact with us (together, the “Services”).

This Policy is intended to meet transparency requirements under the EU General Data Protection Regulation (“GDPR”) where applicable.

 

 

1) Data Controller (Who is responsible for your personal data)

 

Data Controller: Mirra Inozemtseva, OSVČ (sole trader)

Business address: Slévačská 752/36, 198 00, Praha 9 – Hloubětín, Czech Republic

IČO: 22380299

DIČ (VAT ID): CZ0261071393

Email (including privacy requests): rattisshop@gmail.com

 

2) Scope and customers we serve

Our Services are intended for customers in the Czech Republic. If you access the Site from outside the Czech Republic, your data may still be processed as described in this Policy.

 

 

3) Personal data we collect

We collect personal data in three main ways: (A) directly from you, (B) automatically from your device, and (C) from third parties involved in providing the Services.

A) Information you provide to us

Depending on how you use the Services, you may provide:

  • Contact details: name, email address, phone number.

  • Shipping and billing details: delivery address and billing address.

  • Order and transaction details: products purchased, order ID, order value, currency, delivery and return status, and related communications.

  • Customer support communications: messages you send us and information you share when requesting help or a return.

B) Information collected automatically

When you visit or use the Site, we may automatically collect:

  • Device and technical data: IP address, browser type, device identifiers, operating system, language settings.

  • Usage data: pages viewed, time spent on pages, clicks, interactions with products and cart, referrer URL.

  • Cookies and similar technologies: data stored via cookies and similar tools necessary for Site operation, security, preferences, and (if enabled) analytics/measurement.

C) Information from third parties

We may receive data from:

  • Shopify (platform provider) in connection with operating the Site and processing orders.

  • Mollie (payment provider) for payment status, confirmations, and fraud prevention signals.

  • Dropshipping suppliers, fulfillment partners, and carriers involved in preparing and delivering your order.

 

 

4) Why we process your personal data (purposes)

We process personal data for the following purposes:

A) Provide and operate the Services

  • Process and fulfill orders (including payment confirmation, delivery, and customer communications)

  • Provide order updates, handle returns, exchanges, cancellations, and complaints

  • Provide customer support and respond to inquiries

B) Security and fraud prevention

  • Protect the Site, customers, and our business against fraud, abuse, and security incidents

  • Maintain logs and perform security monitoring

C) Analytics and service improvement

  • Understand how the Site is used and improve performance and user experience

    (We use Shopify analytics/reports and use consent controls for non-essential cookies where required.)

D) Legal and compliance

  • Maintain records required by law (accounting/tax and consumer protection requirements)

  • Respond to lawful requests from authorities

  • Establish, exercise, or defend legal claims

E) Age-gating / compliance with age restrictions

  • Restrict access to the Site for persons under 18

  • Record the user’s confirmation where necessary to enforce age restrictions

 

 

5) Legal bases for processing (GDPR)

Where GDPR applies, we rely on the following legal bases:

  • Performance of a contract (GDPR Art. 6(1)(b))

    To process your order, accept payment, deliver goods, manage returns, and provide customer support related to your purchase.

  • Legal obligation (GDPR Art. 6(1)(c))

    To meet accounting, tax, and consumer protection obligations, and to comply with other applicable laws.

  • Legitimate interests (GDPR Art. 6(1)(f))

    To secure and operate the Site, prevent fraud, maintain service quality, and improve the Services, provided our interests are not overridden by your rights and freedoms.

  • Consent (GDPR Art. 6(1)(a))

    For non-essential cookies and similar technologies where consent is required, and for marketing communications where consent is required by applicable law. You can withdraw consent at any time (see Section 10).

 

 

6) Payments (Mollie)

We use Mollie to process payments. When you pay for an order, your payment data is processed by Mollie and/or the chosen payment method provider. We typically receive payment confirmation (e.g., status, transaction reference) and necessary transaction details, but we do not store full card details on our systems.

Mollie may process personal data for fraud prevention, security, and regulatory compliance in accordance with Mollie’s own privacy documentation.

 

 

7) Fulfillment, shipping, and dropshipping

We operate using a dropshipping model. This means your order may be fulfilled and shipped by a third-party supplier and delivered by a carrier chosen by the supplier or logistics partner.

To fulfill and deliver your order, we may share the following data with suppliers/fulfillment partners/carriers:

  • name

  • delivery address

  • phone number and/or email address (where required for delivery notifications and carrier operations)

  • order details necessary to prepare and ship the parcel (e.g., items, quantity)

 

Returns: Customer support for returns is handled via email. Customers can contact us at rattisshop@gmail.com to request return instructions and assistance.

Returns address (if applicable for your return):

Slévačská 752/36, 198 00, Praha 9 – Hloubětín, Czech Republic

(We may provide different instructions depending on the product/supplier and applicable consumer law.)

 

 

8) Cookies and similar technologies

We use cookies and similar technologies to operate the Site. This may include:

  • Strictly necessary cookies (required for Site functionality, checkout, security)

  • Preference cookies (remember settings)

  • Analytics cookies (measurement and reports, where enabled)

  • Marketing cookies (if enabled)

Consent and controls

We use Shopify Customer Privacy / GDPR tools to manage cookie consent. Where consent is required for non-essential cookies (e.g., analytics/marketing), those cookies are set only after you consent. You can change your cookie preferences at any time using the cookie settings available on the Site (if displayed) and/or your browser settings.

Please note that blocking strictly necessary cookies may impact Site functionality (e.g., cart and checkout).

 

 

9) Age restriction (18+)

Our Services are restricted to users aged 18 and over. We use an age verification popup that requires users to confirm they are 18+ before accessing the website. If you are under 18, you must not use the Services.

If we become aware that we have collected personal data from someone under 18, we will take steps to delete such data unless we have a legal basis to retain it.

 

 

10) Your rights and choices

Depending on your location and applicable law (including GDPR), you may have the right to:

  • Access your personal data

  • Rectify (correct) inaccurate or incomplete data

  • Erase your personal data (subject to legal exceptions)

  • Restrict processing in certain circumstances

  • Object to processing based on legitimate interests

  • Data portability (receive your data in a structured, commonly used format)

  • Withdraw consent at any time (where processing is based on consent)

 

How to exercise your rights

To make a request, email us at rattisshop@gmail.com with the subject line “Privacy Request”.

We may request reasonable information to verify your identity and to understand and respond to your request. We will respond within the time limits required by applicable law.

Marketing preferences

We currently do not send newsletters and do not run SMS marketing. If this changes, we will provide opt-out/withdrawal options in those communications and update this Policy.

 

 

11) Sharing and disclosures of personal data

We share personal data only as necessary for the purposes described in this Policy, including with:

  • Shopify (e-commerce platform hosting and operations)

  • Mollie (payment processing and related security/fraud prevention)

  • Dropshipping suppliers/fulfillment partners and carriers (to prepare, ship, and deliver orders)

  • Service providers who help us run the Site and provide the Services (e.g., IT and security services), acting under our instructions where applicable

  • Authorities or advisors where required by law, or to protect our rights and safety (e.g., legal claims, fraud investigations)

 

 

12) International data transfers

Some of our service providers (including Shopify and certain partners) may process personal data outside the Czech Republic, including outside the European Economic Area (“EEA”). Where GDPR applies and international transfers occur, we rely on appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms to protect your data.

 

 

13) Data retention (how long we keep data)

We keep personal data only as long as necessary for the purposes described in this Policy, including legal and accounting obligations:

  • Accounting and tax records: retained for up to 10 years

  • Customer support messages: retained for up to 24 months for service quality, dispute resolution, and record-keeping

  • Security logs: retained for up to 12 months

  • Marketing data: retained until you unsubscribe or withdraw consent (note: we do not currently send newsletters)

We may retain data longer if required by law or to establish, exercise, or defend legal claims.

 

 

14) Security

We implement reasonable technical and organizational measures intended to protect personal data. However, no method of transmission over the internet or storage is completely secure, and we cannot guarantee absolute security.

 

15) Third-party links

The Site may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. Please review their privacy policies before providing them with personal data.

 

16) Complaints and supervisory authority

If you have concerns about how we process your personal data, please contact us at rattisshop@gmail.com.

If GDPR applies, you also have the right to lodge a complaint with a supervisory authority. In the Czech Republic, the supervisory authority is:

Office for Personal Data Protection (Úřad pro ochranu osobních údajů — UOOU).

 

 

17) Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will post the updated Policy on the Site and update the “Last updated” date.

 

 

18) Contact

Mirra Inozemtseva, OSVČ

Slévačská 752/36, 198 00, Praha 9 – Hloubětín, Czech Republic

IČO: 22380299

DIČ: CZ0261071393

Email: rattisshop@gmail.com