Spring 2026 arrives in colors of energy, freshness, and elegance – discover a collection that will brighten your style.

Footwear+420 728 454 872Clothing+420 728 454 872Mon–Fri: 9–18 | Sat: 10-13NavigateBrick-and-mortar stores:FootwearClothing

Personal data protection

Privacy Policy
COLETTE Top s.r.o. – Your Leda | www.yourleda.com
Effective from 1 June 2026
Field    Details
Controller (Art. 4(7) GDPR)    COLETTE Top s.r.o., Jaltská 968/17, 360 01 Karlovy Vary, Czech Republic
Company Reg. / VAT No.    26373912 | CZ26373912 (Commercial Register, Regional Court Pilsen, Section C, File 16258)
E-mail    eshop@yourleda.com
Phone    +420 728 454 872 (Mon–Fri 09:00–17:00 CET)
Website    www.yourleda.com
Data Protection Officer (DPO)    The Controller has not appointed a DPO – no obligation to do so arises under Art. 37 GDPR.
Lead Supervisory Authority    Office for Personal Data Protection (UOOU), Pplk. Sochora 27, 170 00 Prague 7, Czech Republic (www.uoou.cz)
Your local supervisory authority   You may also lodge a complaint with the supervisory authority of your EU Member State of habitual residence (Art. 77(1) GDPR).


I. General Provisions
This Privacy Policy („Policy“) informs data subjects (customers and users) about how COLETTE Top s.r.o. („Controller“) processes personal data in connection with the operation of the online shop www.yourleda.com and associated services. The Controller processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR) and Act No. 110/2019 Coll. on the Processing of Personal Data (Czech Republic).
This Policy applies to all visitors, customers and other persons who interact with the Controller through the website, e-mail, telephone or any other channel. Where consumers reside in individual EU Member States, the mandatory consumer-protection provisions of the law of their country of habitual residence apply in addition (Regulation (EC) No 593/2008 – Rome I, Art. 6).

II. Personal Data We Process and Sources
The Controller processes the following categories of personal data:

Identification and contact data
•    first and last name,
•    e-mail address,
•    telephone number,
•    delivery and billing address.

Purchase and transaction data
•    order number and details of ordered goods (description, size, price),
•    payment method and payment status,
•    delivery and return status,
•    communications relating to the order (complaints, customer service enquiries).

Technical and operational data
•    IP address (anonymised at the end of the session),
•    browser type and device,
•    cookies and similar technologies (see Art. VIII),
•    date and time of access.

Data sources
Data are collected directly from you (at registration, order placement, contact), automatically when you visit our website, and from third parties (payment service providers, carriers, analytics tools).

III. Legal Bases and Purposes of Processing
The Controller processes personal data on the following legal bases:

a) Performance of a contract – Art. 6(1)(b) GDPR
Processing is necessary for:
•    accepting and fulfilling orders (including dispatch, payment processing and handling of complaints),
•    managing the customer account and providing customer service,
•    communications related to the order.

b) Compliance with a legal obligation – Art. 6(1)(c) GDPR
Processing is necessary for:
•    bookkeeping and tax records (Act No. 563/1991 Coll. on Accounting; Act No. 235/2004 Coll. on Value Added Tax – Czech Republic),
•    fulfilment of obligations towards public authorities.

c) Legitimate interests – Art. 6(1)(f) GDPR
Processing is necessary in pursuit of the following legitimate interests:
•    protection against fraudulent orders and misuse of services,
•    analysis of website traffic and improvement of the website (pseudonymised data),
•    direct marketing to existing customers (similar goods, see below),
•    establishment, exercise and defence of legal claims.

d) Consent – Art. 6(1)(a) GDPR
On the basis of your consent, we process data for:
•    sending commercial communications (newsletter) to persons who are not existing customers,
•    remarketing and personalised advertising on third-party platforms (Google, Meta), where your consent is required.
Consent is voluntary and may be withdrawn at any time (see Art. VII) without affecting the lawfulness of processing carried out prior to withdrawal.

IV. Direct Marketing to Existing Customers
The Controller is entitled to send commercial communications to existing customers concerning similar goods or services on the basis of its legitimate interest (Art. 6(1)(f) GDPR) in accordance with the applicable national transposition of Art. 13(2) of Directive 2002/58/EC (ePrivacy Directive) as implemented in the law of the customer’s Member State. You have the right to object to such processing free of charge at any time by clicking the unsubscribe link in any newsletter or by sending a message to eshop@yourleda.com.

V. Retention Periods for Personal Data
Category of data    Retention period
Accounting documents and tax records    10 years from the end of the tax period (s. 35 Act No. 235/2004 Coll.)
Accounting records (incl. orders)    5 years (s. 31 Act No. 563/1991 Coll. on Accounting)
Contracts of sale, complaints    4 years from the end of the contractual relationship (limitation periods under Act No. 89/2012 Coll. – Czech Civil Code)
Customer account (active)    For the duration of the account + 3 years after last activity
Marketing consent    Until withdrawal, max. 3 years
Server logs (IP addresses)    90 days, then anonymisation or erasure

Retention periods are governed by Czech law as the law of the Controller’s establishment. Where a customer’s national law imposes longer mandatory periods, those periods apply to data processed on the basis of a legal obligation under Art. 6(1)(c) GDPR.

VI. Recipients and Processors
Personal data may be disclosed to the following categories of recipients:

Processors (processing exclusively on the Controller’s instructions)
•    parcel and courier services (DHL) – for the purpose of delivery,
•    payment service providers (GoPay s.r.o.) – for the purpose of payment processing,
•    e-commerce platform operator (BSshop/BSadmin) – technical operation of the shop,
•    e-mail service providers (e.g. Mailkit) – for the purpose of sending newsletters,
•    RETINO (processing of returns and complaints),
•    accountants, tax advisers, auditors – for the purpose of fulfilling statutory obligations.

Independent controllers (processing under their own privacy policies)
•    Google LLC (Google Analytics, Google Ads) – traffic analysis and advertising,
•    Meta Platforms Ireland Ltd. (Facebook/Instagram Ads) – remarketing,
•    public authorities – on the basis of a legal obligation or official decision.

Transfers to third countries
Personal data may be transferred to countries outside the European Economic Area (EEA), e.g. to Google LLC based in the United States. In such cases, the transfer is safeguarded by:
•    Standard Contractual Clauses adopted by the European Commission (Art. 46(2)(c) GDPR),
•    the EU–U.S. Data Privacy Framework (where the recipient is certified),
•    other appropriate safeguards within the meaning of the GDPR.

VII. Rights of Data Subjects
You have the following rights in relation to the Controller:

•    Right of access (Art. 15 GDPR): you may obtain confirmation as to whether we process your personal data and request a copy thereof.
•    Right to rectification (Art. 16 GDPR): you may request the correction of inaccurate or the completion of incomplete data.
•    Right to erasure – ‘right to be forgotten’ (Art. 17 GDPR): you may request the erasure of your data where the statutory conditions are met (e.g. the processing purpose has ceased and no retention obligation exists).
•    Right to restriction of processing (Art. 18 GDPR): you may request restriction of processing, e.g. while the accuracy of data is being verified or after lodging an objection.
•    Right to data portability (Art. 20 GDPR): you may receive your data processed automatically on the basis of a contract or consent in a structured, commonly used, machine-readable format.
•    Right to object (Art. 21 GDPR): you may object at any time to processing based on legitimate interests, including direct marketing. Upon objection to direct marketing, the Controller shall cease processing without delay.
•    Right to withdraw consent (Art. 7(3) GDPR): you may withdraw a previously given consent at any time; this does not affect the lawfulness of processing carried out prior to withdrawal.
•    Right to lodge a complaint (Art. 77 GDPR): you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement (Art. 77(1) GDPR). The lead supervisory authority for the Controller is the Czech Office for Personal Data Protection (UOOU, www.uoou.cz).

Please submit requests by e-mail to eshop@yourleda.com or in writing to the Controller’s registered address. The Controller will respond without undue delay and in any event within one month (in complex cases up to three months, Art. 12(3) GDPR). To verify your identity, we may request appropriate evidence.

VIII. Cookies and Tracking Technologies
Our website uses cookies and similar technologies. We distinguish the following categories:
•    Strictly necessary cookies: required for the proper operation of the website (shopping cart, login, security). No consent required.
•    Analytical cookies: anonymised measurement of website traffic (Google Analytics). Require your consent in accordance with Art. 5(3) of Directive 2002/58/EC (ePrivacy Directive) as transposed in your Member State.
•    Marketing cookies: remarketing and personalised advertising (Google, Meta). Require your consent in accordance with Art. 5(3) of Directive 2002/58/EC.

You give your consent to non-essential cookies through the cookie consent banner on your first visit to the website. Consent may be withdrawn at any time in the cookie settings at www.yourleda.com or in your browser settings.

IX. Automated Decision-Making and Profiling
The Controller does not carry out automated decision-making or profiling within the meaning of Art. 22 GDPR that produces legal effects or similarly significantly affects you. Analytics tools use pseudonymised or anonymised data.

X. Security of Personal Data
The Controller has implemented appropriate technical and organisational measures (Art. 32 GDPR) commensurate with the risk of processing:
•    encrypted data transmission (SSL/TLS),
•    access to personal data restricted to authorised persons only,
•    regular data backups and system updates,
•    physical security of paper documents,
•    use of verifiable processors contractually bound to ensure security.
Absolute security cannot be guaranteed; in the event of a personal data breach, the Controller shall act in accordance with Art. 33–34 GDPR (notification to the supervisory authority and, where required, to the affected data subjects).

XI. ODR Platform
In accordance with Art. 14(1) of Regulation (EU) No 524/2013 on online dispute resolution for consumer disputes, the Controller provides the following link to the European Commission’s online dispute resolution (ODR) platform: https://ec.europa.eu/consumers/odr. The Controller’s e-mail address for ODR purposes is eshop@yourleda.com.

XII. Final Provisions
This Policy enters into force on 1 June 2026. The Controller reserves the right to amend this Policy unilaterally; you will be notified of material changes in advance (e.g. by e-mail or a notice on the website).
The current version of this Policy is always available at www.yourleda.com.
This Policy has been prepared in accordance with Regulation (EU) 2016/679 (GDPR), Act No. 110/2019 Coll. (Czech Republic), and the applicable provisions of Directive 2002/58/EC (ePrivacy Directive) and Rome I Regulation (EC) No 593/2008.
Your privacy matters to us

This online store uses cookies that help ensure its proper functioning. By using our services, you agree to their use.

Allow everythingDetailed settings