Privacy Policy

Last updated: 30 May 2025

This Privacy Policy explains how Zantris a.s. (“Afterglow”, “we”, “us”, “our”), Varšavská 715/36, 120 00 Praha 2 – Vinohrady, Czech Republic, Company ID 22482059, collects, uses, discloses and protects your personal data when you visit www.feelafterglow.com (the “Website”), create an account, purchase our products or otherwise interact with us.

We process personal data in accordance with:

Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)
Czech Act No. 110/2019 Sb. on Personal Data Processing
Any other local privacy laws where we sell and deliver our products.

If you have questions, please write to support@feelafterglow.com or to our postal address above.

1. Who is Responsible for Your Data?

Data Controller: Zantris a.s.
Registered address: Varšavská 715/36, 120 00 Praha 2 – Vinohrady, Czech Republic
Contact e‑mail: support@feelafterglow.com
EU representative (Art 27 GDPR): not required, because we are established in the EU.
Data Protection Officer: not appointed; our scale of processing does not make this mandatory. All privacy queries are handled at the e‑mail above.

2. What Personal Data Do We Collect?

We collect the following categories of data:

Identity data – your name, title and, if you provide it, date of birth.
Contact data – billing and delivery addresses, e‑mail address, telephone number.
Account data – username, encrypted password, language and marketing preferences.
Transaction data – the products you purchased, order numbers, prices, applicable VAT rate.
Payment data – masked card number or payment token and payment status. We do not receive your full card details; these stay with our payment providers.
Log and device data – IP address, browser type and version, operating system, the web page that referred you, and time‑stamp information collected automatically by our server.
Marketing data – your newsletter opt‑in or opt‑out status and your interaction with our campaigns.
Health‑related data – We do not collect health-related data unless you voluntarily include such information in product feedback or communication. We process this only with your explicit consent and delete it after the query is resolved.

We do not intentionally collect data from children under 18 or target them with our products.

3. Why Do We Use Your Data and on What Legal Basis?

To process and deliver your order – contract performance (Art 6 (1)(b) GDPR).
To create and manage your customer account – contract performance.
To provide customer service, returns and legal guarantees – contract performance and compliance with legal obligations (Art 6 (1)(b) and (c)).
To issue invoices and keep tax records – legal obligation under Czech accounting and tax law (Art 6 (1)(c)).
To prevent fraud and secure our Website – our legitimate interests in running a safe business (Art 6 (1)(f)).
To send transactional e‑mails such as order confirmations and shipping notifications – contract performance.
To send you newsletters and personalised offers – your consent (Art 6 (1)(a)). You can withdraw consent at any time.
To analyse Website traffic and improve user experience – our legitimate interests or, for non‑essential cookies, your consent.
To comply with product‑safety and recall duties – legal obligation (Art 6 (1)(c)).
To handle any health‑related feedback you voluntarily provide – your explicit consent (Art 6 (1)(a) and Art 9 (2)(a) for special‑category data).

Whenever we rely on legitimate interests, we ensure that our interests are not overridden by your fundamental rights and freedoms.

4. Cookies and Similar Technologies

We use three types of cookies and pixels:

Essential cookies – necessary for the Website to function (e.g., basket and login). These load automatically.
Analytics cookies – help us understand how the Website is used so we can improve it. We load them only if you consent via the cookie banner.
Marketing cookies – allow us to show you relevant ads. They are placed only after you give consent in the banner.

You can withdraw your consent at any time by reopening the cookie banner or changing your browser settings. A detailed list of cookies is available in our separate Cookie Policy.

5. With Whom Do We Share Your Data?

We disclose data only when necessary:

Payment service providers (e.g., Stripe, Apple Pay, Google Pay) to process your payment securely.
Fulfilment and logistics partners (e.g., DHL, GLS, Packeta) so your order can reach you.
Cloud hosting and IT service providers (e.g., AWS EU region, Vercel) that keep our Website and databases running.
E‑mail marketing platforms (e.g., Klaviyo, Mailchimp) to send newsletters if you opt in.
Analytics and advertising partners (e.g., Google Analytics, Meta) when you have consented to non‑essential cookies.

All third‑party processors are bound by GDPR‑compliant contracts and may use the data only on our instructions.

6. International Transfers

Some partners are located outside the European Economic Area. When personal data leaves the EEA, we ensure that at least one of the following is in place:

An adequacy decision by the European Commission, or
Standard Contractual Clauses (SCCs) supplemented by additional safeguards where necessary.

Copies of SCCs can be requested at support@feelafterglow.com.

7. How Long Do We Keep Your Data?

Accounting and transaction records – 10 years after the end of the fiscal year, as required by Czech law.
Customer‑account data – for as long as your account is active. If you do not log in for 24 months, we delete the account unless the data must be kept for legal reasons.
Newsletter subscription data – until you unsubscribe or after 24 months of no engagement.
Server log files – 30 days unless they are needed to investigate security incidents.
Health‑related feedback – deleted once your query is resolved, and in any case within 12 months.

When a retention period expires, we erase or irrevocably anonymise the data.

8. Your Rights Under the GDPR

You can, at any time:

Access the personal data we hold about you.
Rectify inaccurate or incomplete data.
Erase data (“right to be forgotten”) where legal grounds permit.
Restrict processing of your data.
Port your data to another controller.
Object to processing based on legitimate interests or to direct marketing.
Withdraw consent where processing relies on it; withdrawal does not affect processing already performed.
Avoid automated decisions with legal or similarly significant effects – we do not perform such profiling.

To exercise any of these rights, e‑mail us at support@feelafterglow.com. We will reply within one month.

9. Complaints

If you believe we misuse your data, you can lodge a complaint with the Czech Data Protection Authority (ÚOOÚ), Pplk. Sochora 27, 170 00 Praha 7 (www.uoou.cz), or with your local supervisory authority in the EEA or the UK.

10. How We Protect Your Data

We implement appropriate technical and organisational measures, including:

HTTPS/TLS encryption of all traffic
Two‑factor authentication and role‑based access for staff
Regular security audits and vulnerability scans
Secure off‑site back‑ups and disaster‑recovery plans
Data minimisation and, where possible, pseudonymisation

11. Children’s Privacy

Our Website and products are intended for adults aged 18 years and over. We do not knowingly collect personal data from children. If we discover that a minor has provided personal data, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version is always available on the Website and supersedes previous versions. We will notify registered customers by e‑mail if changes materially affect their rights.

13. Contact

Questions, requests or complaints about privacy can be sent to: support@feelafterglow.com
Zantris a.s., Varšavská 715/36, 120 00 Praha 2 – Vinohrady, Czech Republic

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	The website's WordPress theme uses this cookie. It allows the website owner to implement or change the website's content in real-time.
fb_event_id_atc	30 minutes	Used to match client and server events for Meta Conversion API deduplication. Contains only anonymous technical IDs; no personal data stored.
fb_event_id_ic	30 minutes	Used to match client and server events for Meta Conversion API deduplication. Contains only anonymous technical IDs; no personal data stored.
fb_event_id_pur	30 minutes	Used to match client and server events for Meta Conversion API deduplication. Contains only anonymous technical IDs; no personal data stored.
fb_event_id_vc	30 minutes	Used to match client and server events for Meta Conversion API deduplication. Contains only anonymous technical IDs; no personal data stored.
rc::a	never	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::c	session	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
sib_cuid	6 months	SendinBlue sets this cookie to store unique visits.
VISITOR_INFO1_LIVE	6 months	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
yt-remote-cast-available	session	The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Cookie	Duration	Description
_clck	1 year	Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID.
_clsk	1 day	Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording.
_fbp	3 months	Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_hjSession_*	1 hour	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
_hjSessionUser_*	1 year	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
_hjTLDTest	session	To determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails.
CLID	1 year	Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited.
MR	7 days	This cookie, set by Bing, is used to collect user information for analytics purposes.
sbjs_current	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_current_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_migrations	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_session	1 hour	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_udata	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
SM	session	Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.

Cookie	Duration	Description
_rdt_uuid	3 months	Reddit sets this cookie to build a profile of your interests and show you relevant ads.
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and verify ads' clicks on the Bing search engine. The cookie helps in reporting and personalization as well.
MUID	1 year 24 days	Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
__Secure-ROLLOUT_TOKEN	6 months	Description is currently not available.
__Secure-YEC	past	Description is currently not available.

Content