PRINCIPLES OF PERSONAL DATA PROTECTION
We do everything to make you feel safe with us. In this document, you will find all the necessary information about how we protect your privacy: what data we collect, how we use it, with whom we share it, how you can control processing, the measures we use to protect your data, and also the rights you have in relation to processing.
When processing, we not only respect and comply with all regulations that apply to the protection of your personal data, but we also try to do more.
Who we are and where you can contact us
Operators when processing your personal data:
851 10 Bratislava
IČO: 52 419 487
DIČ: 212 102 2607
Not a VAT payer
Bank connection: SLSP IBAN: SK39 0900 0000 0051 5951 9317
Registered in the Commercial Register of the Bratislava District Court I, section: Sro, insert number: 137885/B
Contact the authorized person for personal data protection
The Commissioner for Personal Data Protection is Peter Šuchtár, who can be contacted at the e-mail address: email@example.com.
By filling out an order, registering, subscribing to business announcements, or browsing our website, you enable our company to use your personal data.
What information we collect about you
When purchasing, we request from you data necessary for its processing, i.e. for the purpose of fulfilling the contract. The obligatory data are therefore only those without which we cannot send you the purchase and process your order, such as your name, e-mail address, delivery address, telephone number, and the subject of the order itself.
In our store, you do not enter any information that would be directly related to dealing with money in your accounts. All currently offered forms of electronic banking (payment for goods via the Internet) are implemented directly on the bank’s website, which will provide us only with information about the success or failure of the payment and your name or account number (so we can identify the payment and return if necessary).
In no case will we know any other information, such as your login details or your account balance. The only information we store in this regard is related to your card’s “remember” feature. However, this function is also provided by the bank, and only it can match your card number with the anonymized data under which our system remembered your card.
Data when creating an account
If you decide to create a user account with us, we also collect all related data. The only required information is your name and e-mail address, which we use to communicate with you.
However, you are free to decide to provide us with other information about you – date of birth, telephone number, save one or more addresses for delivery.
Storing personal data from your order will allow us to facilitate your next purchase and pre-fill the data previously used in the electronic cart. In order to facilitate the purchase, we process personal data on the basis of the legal title of legitimate interest and keep them in the database together with other data, i.e. for a period of 5 years after the execution of your last order.
We store personal data from user records for a period of 5 years from the last order placed.
How we use the data
We use the information we collect from you for the following purposes:
Providing our services
Based on the information we collect from you, we can deliver our services to you in accordance with our Terms and Conditions. We use the data we obtain from you when creating an order to process it, to secure transport and we pass on this personal data to transport companies. In the event of a reminder, if you have not completed the order with a binding order. We also need this information for our accounting and invoicing system.
The data and information we have obtained from you when providing our services and logging in to your account are used by us to ensure that your account and the information available in it are up to date.
Communication with you
We use your contact details to send our notifications related to order processing and service provision, or when we want to respond to your contact when you ask us what is happening with your order, you want to report to us e.g. a new delivery address, or you can ask us to make a different change to your information in your order or user account. We also process your contact details as well as details of your purchases in the event that you claim the delivered goods.
How we use the data for marketing purposes
If you have given us your consent, we will also send you commercial information by e-mail about news and current offers that may be of interest to you. You can easily manage the sending of these e-mails through the feature in your account or cancel by clicking “Unsubscribe” in the delivered e-mail from your inbox.
We use all personal data used in marketing for legal reasons of legitimate interest and store them for marketing purposes for a period of 5 years from the last order placed.
To whom do we make the data available
Your personal data is used exclusively for our internal needs, especially for the above reasons. However, we do not only provide all the necessary services regarding personal data on our own, we also use the services of third parties. We have a contract with third parties to whom we provide your personal data, on the basis of which we are able to secure and protect your rights in the area of personal data protection.
As part of the order, therefore, personal data can be passed on to transport companies:
- Slovenská pošta, a.s., with registered office: Partizánska cesta 9, Banská Bystrica, 975 99, Slovakia
- DHL Parcel Slovensko spol. s r.o. Na pántoch 18, Bratislava-Rača, 831 06, Slovakia
- 123Kurier, s. r. o., Vojtaššákova 616, 027 44 Tvrdošín
- accounting software Pohoda STORMWARE s.r.o. Matúšova 48, Bratislava, 811 04, Slovakia (accounting and warehousing software)
- Google Ireland Limited (GSuite – store information about consumer surveys and competitions) Gordon House, Barrow Street, Dublin 4, Ireland)
- MailChimp / The Rocket Science Group LL (sending newsletters)
How we protect your data
We work very hard to ensure that your personal information is safe. In accordance with the requirements of applicable legislation, we take all necessary safety, technical and organizational measures to protect your personal data.
Access to systems
Access to the systems mediating the personal data of our customers is allowed only to a limited number of internal users, as it is necessary for their workload. These may include employees working in the customer support department, order processing, etc. Individual workers always have access only to the amount of personal data that they necessarily need for their work. Access to all critical systems processing our customers’ personal data is limited only within the internal network and the above-mentioned persons will automatically lose access to your personal data in the event of termination of their legal relationship with us.
What rights does the GDPR give you and how can you exercise them here
The right to make information available and the right to correct it
If we process your personal data about you incorrectly, you can notify us of this fact by sending a message to the e-mail address firstname.lastname@example.org, we will then correct the incorrect personal data without undue delay. After registering on our website, you will be able to correct your personal data yourself by editing your profile. In the event that you would like to add some personal data that you have not previously provided to us, and this personal data is necessary to ensure the services we provide, just fill them in again in the appropriate place to edit the profile. By a written request to our customer centre, it is possible to request the deletion of your user account and personal data, which are not necessary for further processing.
The right to object to the processing of personal data
Even if we process your personal data on the basis of our legitimate interest, you have the right to object to such processing, including objections to the processing of personal data that we process for direct marketing purposes. You can do this by sending a message to the e-mail address email@example.com. If you file such an objection, we will evaluate without undue delay to what extent we may, in accordance with the law, claim the legitimacy of our reasons for processing your personal data through your objections and how we will handle your personal data in the meantime. Unless we provide you with our legitimate reasons for processing, we will not further process your personal data.
The right to restrict work with personal data
You have the right to request that we limit any processing of your personal data, including their deletion, i.e. that we stop handling it:
- if you let us know that the personal information we collect is inaccurate, until we verify its accuracy.
- if the processing of your personal data is illegal and you, instead of deleting it, will request a restriction of their use by sending a message to the e-mail address firstname.lastname@example.org.
- unless we no longer need your personal data to provide our services, but you will need it to exercise your rights.
- if you object to the processing under paragraph above, until we verify that our reasons for processing outweigh your interests.
The right to be forgotten (right to erase personal data)
If you find that we are processing your personal data:
- despite the fact that their processing is no longer necessary for the purposes for which we obtained them.
- if you object to the paragraph above and we are unable to provide you with legitimate reasons for processing them that outweigh your interests, your rights and freedoms, or the exercise or defense of legal claims, and / or
you have the right to request that we delete the personal data processed in this way without undue delay from your notification of such facts by sending a message to the e-mail address email@example.com. However, we may not delete data at your request, as long as their processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of any of our legal obligations or for performing a task performed in the public interest, or for determining, enforcing or defending our legal claims.
Right to provide data
If you ask us to send you the personal data processed by us by sending a message to the e-mail address firstname.lastname@example.org, we will send it to you in a structured, commonly used and machine-readable format (eg in *.xls, *.csv format or in similar format). If you ask us to send your personal data to another personal data controller, we will of course comply with your request.
The right to unsubscribe from receiving commercial notifications at any time
If you no longer wish to receive business announcements from us, you can prevent them from being sent either by clicking on the link included in each business announcement or by editing the subscription in your profile created by registering on our website.
The right to withdraw consent to the sending of commercial notifications at any time
In the event that we want your consent to the processing of personal data from you as part of our special events, you can withdraw this consent at any time without giving a reason. You can withdraw your consent either in the manner more precisely described in the rules of the consumer competition, or always by sending a revocation of consent to the e-mail address email@example.com.
The right to lodge a complaint with the Office for Personal Data Protection
If, in your opinion, we do not fulfil all of our legal obligations arising from the processing of your personal data, please contact our customer support centre. If you believe our colleagues do not help you, of course you have the right to contact the Office for Personal Data Protection, either at the address of the office at Hraničná 4826/12, Bratislava, 820 07, Slovakia, by e-mail firstname.lastname@example.org, or by any other means accepted by the Office for Personal Data Protection.
More information about the office can be found on the website www.uoou.sk.