GDPR
PRIVACY POLICY (GDPR)
Nibrooo SRO
Délnícká 776/5, 170 00 Prague Czech Republic (Represented by the brand Nibrooo – smoking merchandise & accessories launched by ElGrandeToto)
Last updated: 17/11/2025 1. Purpose of the policy This Privacy Policy explains how Nibrooo SRO (hereinafter “Nibrooo”, “we”, “us” or “our”) collects, uses, protects and shares the personal data of website users www.nibrooo.com (hereinafter "the Site"). Nibrooo strictly adheres to the General Data Protection Regulation (GDPR) and the applicable laws in Europe and internationally. 2. Data Controller Nibrooo SRO Address: Delnícká 776/5, 170 00 Prague, Czech Republic Contact email (DPO / GDPR): support@nibrooo.co m 3. Personal data collected We can collect the following data:
3.1 Data provided directly by the user
- Name, surname
- E-mail address
- Mailing address
- Phone number
- Payment information (processed by secure providers)
- Information needed for delivery (recipient, address, instructions)
3.2 Automatically collected data
- IP address
- Navigation information (pages viewed, duration, clicks)
- Device type, browser, operating system
- Approximate location data
3.3 Order-related data
- Purchase history
- Claims or returns
- Communications with customer service
3.4 Social Networks If the user connects via a social network (Instagram, Google, Facebook, etc.), certain public information may be collected in accordance with the account settings. 4. Purposes of processing We use the data to:
4.1 Orders & Customer Service
- order processing and delivery
- billing
- returns and refunds management
- customer support
4.2 Site Improvement
- performance analysis
- user experience personalization
4.3 Marketing
- sending promotional emails (newsletter)
- advertising retargeting (based on consent)
- personalized offers
4.4 Legal obligations
- fight against fraud
- compliance with accounting and tax obligations
- compliance with administrative or judicial requests
5. Legal basis for processing
Nibrooo processes data on the following basis:
- Contract execution (order)
- Consent (cookies, newsletter, marketing)
- Legitimate interest (site improvement, fraud prevention)
- Legal obligation (accounting, security)
6. Cookies & similar technologies
When browsing the Site, cookies may be placed on the user's device. These cookies are used to:
- measure audience (Google Analytics or equivalent)
- enable the basket to function
- personalize the experience
- to carry out targeted marketing
The Customer can accept or refuse cookies via a consent banner Compliant with the GDPR. 7. Sharing data with third parties Nibrooo only shares the necessary data with:
- secure payment providers (Stripe, PayPal, etc.)
- carriers (DHL, UPS, etc.)
- email marketing tools (Mailchimp, Klaviyo, etc.)
- website host
- Marketing partners (based on consent)
Nibrooo NEVER resells personal data. 8. Transfers outside the European Union Some data may be transferred outside the EU (e.g., servers, analytical tools). In this case, Nibrooo guarantees:
- countries recognized as adequate by the European Commission,
- Or
- standard contractual clauses (SCC),
- Or
- a legal framework ensuring a level of protection equivalent to the GDPR.
9. Shelf life Nibrooo retains the data:
- as long as the user account is active,
- 5 years for client files,
- 10 years for tax/accounting documents,
- until consent is withdrawn for the newsletter,
- 13 months for analytical cookies.
10. User Rights In accordance with the GDPR, the user has rights:
- Right of access : obtain a copy of the data
- Right of rectification : correct information
- Right to erasure permanently delete the data
- Right to object : refusing certain treatments
- Right to portability : receive your data in a usable format
- Right to limitation temporarily freeze use
- Right to withdraw consent at any time
To exercise these rights: 
Email: support@nibrooo.com We are committed to responding within 30 days . 11. Data Security Nibrooo is implementing:
Email: support@nibrooo.com We are committed to responding within 30 days . 11. Data Security Nibrooo is implementing:
- SSL encryption
- Server protection
- Access is limited to authorized employees.
- regular audits,
- Secure storage of sensitive data.
However, no technology is infallible. The user acknowledges the risks associated with the Internet.
12. Minor Accounts
Nibrooo does not sell products intended for minors. The Site is reserved for people who 18 years and older . No processing of minor data is voluntary. 13. Policy changes Nibrooo reserves the right to modify this Privacy Policy at any time. Users will be notified in the event of any major changes. 14. Contact To exercise your privacy rights or for any questions: Email: support@nibrooo.com 
Address: Delnícká 776/5, 170 00 Prague, Czech Republic
Email: support@nibrooo.com Address: Delnícká 776/5, 170 00 Prague, Czech Republic 