Privacy and Cookie Policy
Last updated: 16 July 2026
This Policy explains how personal data is processed when you visit thefalsearchive.com, create an account, place an order, contact us, exercise a right, or otherwise interact with The False Archive.
1. Controller
Marek Hovorka, trading as The False Archive
Business registration number: 17399408
Registered address: Stavařská 735, 686 05 Uherské Hradiště, Czech Republic
Email: hovorka.marek@email.cz
The Seller is registered in the Czech Republic as a VAT-identified person for specific cross-border transactions and is not a Czech VAT payer for domestic supplies.
2. Personal data we may process
- Identity and contact data: name, billing address, delivery address, email address, and telephone number only where you voluntarily provide it or a carrier requires it.
- Order and contract data: products, variants, size, colour, personalisation, price, currency, tax, shipping method, order status, policy version, withdrawal, return, complaint, and refund history.
- Payment data: transaction identifier, payment method type, payment status, fraud signals, dispute and refund information, and limited card metadata supplied by Stripe. We do not intentionally store complete payment-card numbers or security codes.
- Account data: login details, saved addresses, preferences, account activity, and password data handled in protected form by the Website platform.
- Communications: emails, forms, support requests, reviews, complaints, evidence, and legal notices.
- Device and usage data: IP address, browser, device, operating system, timestamps, pages viewed, referrer, security events, cookie identifiers, and interaction data, depending on your consent and the Website configuration.
- Personalisation content: customer-supplied names, text, dates, numbers, photographs, images, or instructions. Do not submit special-category data, identity documents, payment credentials, children’s unnecessary data, or other sensitive material unless strictly necessary and expressly requested.
- Compliance and evidence data: consent records, fraud indicators, sanctions or export screening, delivery evidence, chargeback records, intellectual-property notices, product-safety reports, and data needed for legal claims.
3. Purposes and legal bases
| Purpose | Typical legal basis |
|---|---|
| Taking payment, accepting and fulfilling orders, producing products, delivery, account administration, withdrawal, returns, complaints, and customer support | Performance of a contract or steps requested before entering a contract |
| Invoices, accounting, tax, customs, statutory complaints, product traceability, recalls, and cooperation with authorities | Compliance with legal obligations |
| Fraud prevention, network and account security, service integrity, evidence, chargeback defence, enforcing rights, and proportionate service improvement | Legitimate interests, balanced against your rights |
| Non-essential analytics, advertising, retargeting, profiling, external-media storage, and similar technologies | Your consent where required |
| Direct email marketing | Your consent or a lawful existing-customer exception where available, always with an opt-out |
| Safety warnings and recalls | Legal obligation, public interest, vital interests, contract, or legitimate interests as applicable |
Where processing is based on consent, you may withdraw consent at any time without affecting earlier lawful processing. Where data is necessary for a contract or legal obligation, failure to provide it may prevent us from accepting or fulfilling an order.
4. Service providers and recipients
We may disclose relevant data to the following recipients only to the extent reasonably necessary:
- Hostinger and related hosting, infrastructure, security, logging, backup, and content-delivery providers;
- WordPress, WooCommerce, Bricks, and active Website plug-in providers supporting the store, account, forms, security, consent, and technical operation;
- Stripe, banks, card networks, payment-method providers, and fraud-prevention providers for payment authorisation, legal compliance, refunds, and disputes. Stripe may act as our processor for some activities and as an independent controller for its own fraud, financial, legal, security, and service purposes;
- Printful and its group companies, subcontractors, fulfilment facilities, quality-control providers, warehouses, and return facilities for manufacturing, packaging, delivery, reprints, complaints, and returns;
- carriers, postal operators, customs agents, customs authorities, and local delivery partners;
- email, customer-support, consent-management, analytics, advertising, and embedded-media providers according to the actual Website configuration and your consent;
- accountants, tax advisers, lawyers, insurers, auditors, and debt-recovery providers under appropriate duties;
- courts, regulators, police, consumer-protection, customs, tax, sanctions, product-safety, and data-protection authorities where disclosure is lawfully required;
- a buyer or successor in a lawful sale, merger, reorganisation, or transfer of the business, subject to appropriate safeguards.
5. Printful fulfilment
To fulfil an order, we normally transmit to Printful the recipient’s name, delivery address, email or telephone details where required for delivery, product and variant, personalisation, and order reference. Printful processes customer data on our instructions for fulfilment and may also process limited information for its own mandatory legal, security, or operational purposes. Printful uses facilities and subprocessors in multiple countries.
6. Stripe payments
Stripe receives transaction, device, payer, fraud, payment-method, and related data needed to process and secure payments, issue refunds, and manage disputes. Payment details entered into Stripe-controlled fields are transmitted directly to Stripe. Stripe’s own privacy information applies to processing for which Stripe determines the purpose and means.
7. International transfers
Some providers, subprocessors, fulfilment facilities, carriers, or technical systems may be located outside the European Economic Area. Where required, transfers rely on an adequacy decision, approved standard contractual clauses, supplementary measures, a statutory derogation, or another lawful transfer mechanism.
8. Retention
We retain personal data only for as long as reasonably necessary for the relevant purpose, including:
- orders, invoices, accounting, and tax records for the statutory period, which may be up to 10 years;
- contract, delivery, complaint, withdrawal, refund, fraud, and evidence records for the applicable limitation period and any active dispute;
- account data while the account remains active and for a limited period after closure, while retaining legally required transaction records separately;
- marketing data until consent is withdrawn, an objection is upheld, or the list is discontinued; a minimal suppression record may be retained to honour the opt-out;
- security logs for a proportionate period based on risk and investigation needs;
- cookie data for the period displayed in the live Cookie Settings panel;
- personalisation files only as long as needed for fulfilment, quality control, reprint, dispute evidence, or legal obligations.
9. Security
We use proportionate organisational and technical measures such as encrypted connections, access controls, software updates, backups, security logging, provider due diligence, and limited access. No internet service is completely secure. Customers must protect their account credentials and report suspected misuse promptly.
10. Your rights
Subject to conditions and exemptions, you may request access, correction, erasure, restriction, portability, or information about your data; object to processing based on legitimate interests or direct marketing; and withdraw consent.
Send requests to hovorka.marek@email.cz. We may verify identity in a proportionate manner. Do not send a passport, identity card, complete payment-card details, or other sensitive document unless specifically requested through a secure method. We normally respond within one month, subject to any lawful extension.
You may lodge a complaint with the Czech Office for Personal Data Protection:
Úřad pro ochranu osobních údajů
Pplk. Sochora 27
170 00 Praha 7
Czech Republic
Website: https://uoou.gov.cz
11. Children
The Website is not directed to children who cannot lawfully enter into a purchase contract. We do not knowingly solicit children’s personal data for marketing. A parent or guardian placing an order must avoid supplying unnecessary data about a child.
12. Cookies and similar technologies
Cookies, local storage, pixels, tags, and similar technologies may store or access information on your device. The exact current provider, name, purpose, category, and duration of each active technology is displayed in the Website’s Cookie Settings panel. That live panel forms part of this Policy and must be kept synchronised with the Website’s actual configuration.
Strictly necessary technologies
These support essential functions such as WordPress and WooCommerce sessions, cart contents, checkout, account login, security, load balancing, fraud prevention, Stripe payment operation, and storage of consent choices. Common examples may include WooCommerce cart and session cookies, WordPress login or settings cookies, Stripe fraud-prevention cookies, and the consent platform’s own preference record. They are used without consent only where the legal exemption for strictly necessary storage applies.
Preference technologies
These may remember language, currency, region, display, recently viewed products, or optional convenience settings. They are activated only with consent where required.
Analytics technologies
Where actually enabled, analytics services such as Google Analytics, Google Tag Manager configured for analytics, Microsoft Clarity, Matomo, or comparable measurement tools may help us understand Website use, performance, errors, traffic sources, and product interaction. Analytics technologies are blocked until consent where consent is required.
Advertising technologies
Where actually enabled, services such as Google Ads, Meta Pixel, Microsoft Advertising, Pinterest, TikTok, or comparable advertising platforms may measure campaigns, limit repetition, build audiences, perform attribution, or personalise advertising. They are not activated before valid consent where consent is required.
External media and social content
Embedded YouTube or other video, social, map, review, or third-party content may place or read technologies. Such content should remain blocked until the relevant consent unless the storage is strictly necessary.
13. Cookie choices
The first layer of the cookie banner provides an equally accessible choice to Accept all, Reject non-essential, or Manage settings. Non-essential categories are not pre-selected and are not activated merely because you close or ignore the banner.
You may change or withdraw your choice at any time through the persistent Cookie Settings link. Withdrawal is as easy as giving consent. Blocking strictly necessary technologies may prevent the cart, checkout, account, payment, or security functions from working.
14. Marketing
Marketing consent is separate from acceptance of the Terms and is not required to purchase. Every marketing email includes an unsubscribe method. Operational messages concerning an order, security issue, legal notice, complaint, safety warning, or recall are not marketing.
15. Automated fraud checks
Stripe, security providers, and payment networks may use automated signals to identify fraud, abuse, or payment risk. Where a decision producing legal or similarly significant effects is made solely by automated processing and applicable law grants a right to review, you may contact us to request appropriate human consideration.
16. Changes
We may update this Policy when law, providers, Website configuration, or processing changes. The date at the top identifies the current version. Material changes will be communicated where required.