1.1
We are a company PET & SON sro, with registered office: Nad Ostrovom 15, Bratislava - mestská časť Karlova Ves 841 04, IČO: 53 479 068, registration: Commercial Register of the District Court Bratislava I, section: Sro, file no .: 150851 / B, is a controller of personal data within the meaning of Article 24 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46 / EC (General Data Protection Regulation) (Text with EEA relevance) (hereinafter referred to as “GDPR”) and pursuant to § 5 letter o) of Act no. 18/2018 Z.z. on the protection of personal data and on the amendment of certain laws (hereinafter referred to as the "Operator") in the information systems in which the personal data of the Persons concerned are processed. We may use the word "We", "Our" and all modifications of these words in the text of the Document to indicate the Operator.
1.2
The affected persons are mainly Consumers who enter into a Purchase Agreement with the Operator, resp. The Contract for the provision of the Service, in accordance with the General Terms and Conditions of the Operator (hereinafter referred to as "GTC" or as "General Terms and Conditions") through an order of Goods and / or Services made on the Website or otherwise in accordance with the provisions of the General Terms and Conditions. The affected person is also other natural persons who have given us consent to the processing of personal data for the relevant purposes, such as persons who have subscribed to the newsletter via the appropriate form available on the Website. We may use the word "You", "Your" and all modifications of these words in the text of the Document to identify the Affected Person.
1.3
We have created this Privacy Policy (hereinafter referred to as the "Document") for Affected Persons in order to enhance sufficient transparency and clarification of the basic rules that we follow when protecting privacy and your personal data, as well as to comply with the information obligations under Articles 13 and 14 of the GDPR, while ensuring that you are informed of the content of this Document prior to the collection of personal data in which you provide us with personal data for the first time, or directly when granting your consent to the processing of personal data for specified purposes.
1.4
This Document deals with the processing of personal data and compliance with the basic principles of legal processing of personal data, which are based in particular on the fact that we carry out the necessary processing of personal data in a lawful manner, fairly to all parties involved and transparently to the data subjects. We continuously place great emphasis on the security of personal data processing, while minimizing data and processing operations to the minimum necessary for the proper conclusion and fulfillment of obligations under our mutual Agreement.
1.5
You make a declaration of acquaintance with this Document published on the Website, valid at the time of concluding the Contract, in the form of confirmation of your will to be bound by its provisions as well as the General Terms and Conditions, by sending an Order of Goods and / or Services using the electronic order form on our Website, or any other form of action in accordance with the General Terms and Conditions (for example by e-mail order) by which you express your wish to enter into an Agreement with Us.
2.1
The processing of your personal data takes place within the process of concluding the Purchase Agreement in several stages. In the first place, these are pre-contractual acts aimed at purchasing the Goods. We process your personal data for the purposes of ordering the Goods on the legal basis of performance of the contract pursuant to Art. 6 par. 1 letter (b) GDPR to the following extent:
name, surname, telephone number, e-mail address, delivery address, details of purchased goods and data related to payment for the goods (especially account number, amount paid, date of crediting payment to our account).
The provision of personal data within the meaning of this point constitutes compliance with a contract requirement, and you are not obliged to provide us with this data. However, the possible consequences of not providing the data represent the impossibility of executing a binding order of the Goods and the consequent impossibility of concluding the Purchase Agreement. The data retention period according to this point represents the time until the conclusion of the Purchase Agreement. In the event that the Purchase Agreement is concluded, the processing will continue to be governed by Section 2.2 of this Document and in the event that the Purchase Agreement is not concluded, the processing and storage of your personal data will be terminated.
2.2
After the order of the Goods has been executed, it is confirmed and the Purchase Agreement is subsequently concluded. For the purposes of concluding the Purchase Agreement, we process on the legal basis the performance of the Agreement pursuant to Art. 6 par. 1 letter b) GDPR Your personal data to the extent specified in section 2.1 of this Document. In this case, however, the purpose for processing your personal data changes, which is the conclusion of the Purchase Agreement and their provision represents compliance with the contractual requirement and in the absence of personal data will not be possible to conclude the Purchase Agreement. The period of processing personal data represents the period from the conclusion of the Purchase Agreement, during the fulfillment of mutual obligations, until the expiration of the period for exercising any rights and legal claims arising from the Purchase Agreement (for example
2.3
In the event that you perform acts on our Website leading to the conclusion of the Contract, the subject of which is to provide the Product Manufacturing Service in an individual, designed form, we process your personal data for the purposes of ordering the Service on the legal basis of the contract Art. 6 par. 1 letter (b) GDPR to the following extent:
name, surname, e-mail address, telephone number, or other personal data captured on files uploaded by you, e.g. photos.
The provision of personal data within the meaning of this point constitutes compliance with a contract requirement and you are not obliged to provide this data to us. However, the possible consequences of not providing data represent the impossibility of executing a binding order for the Service and the consequent impossibility of concluding a Service Agreement. The data retention period according to this point represents the time until the conclusion of the Service Agreement. In the event that the Service Agreement is concluded, the processing will continue to be governed by Section 2.4 of this Document and in the event that the Service Agreement is not concluded, the processing and storage of your personal data will be terminated.
2.4
After the order of the Service has been executed, it is confirmed and the Service Agreement is concluded. For the purposes of concluding the Contract for the provision of the service, we process on the legal basis the performance of the contract pursuant to Art. 6 par. 1 letter b) GDPR Your personal data to the extent specified in point 2.3 of this Document, as well as data to the extent of:
address for delivery of the Goods and data related to the payment for the goods (in particular the account number, the amount paid, the date on which the payment was credited to our account).
In this case, however, the purpose for processing your personal data changes, which is the conclusion of the Service Agreement and their provision constitutes compliance with the contractual requirement. In the absence of personal data, it will not be possible to conclude the Service Agreement and provide the Service. The period of processing personal data represents the period from the conclusion of the Service Agreement, during the performance of mutual obligations, until the expiration of the period for exercising any rights and legal claims arising from the Service Agreement (for example
2.5
The provision of personal data in the sense of this point constitutes compliance with a legal requirement, which implies an obligation to provide data to us. The possible consequences of not providing this information represent the impossibility of fulfilling our obligations in accordance with the Contractual Obligations arising from both the contractual provisions and legal regulations. The retention period for personal data is the period from the date of claim arising from the Contractual Obligation until the end of the provision of Our Performance and any subsequent settlement of reciprocal performances (for example, until you pick up your repaired Goods or until the legal end of legal proceedings).
The provision of personal data in the sense of this point constitutes compliance with a legal requirement, which implies an obligation to provide data to us. The possible consequences of not providing this information represent the impossibility of fulfilling our obligations in accordance with the Contractual Obligations arising from both the contractual provisions and legal regulations. The retention period for personal data is the period from the date of claim arising from the Contractual Obligation until the end of the provision of Our Performance and any subsequent settlement of reciprocal performances (for example, until you pick up your repaired Goods or until the legal end of legal proceedings).
2.6
In addition to processing your personal data on the legal basis of a legal obligation, we also process your personal data for the purpose of exercising our claims only. These are, for example, cases where, due to non-compliance with the contractual conditions, we record a receivable from the Customer, or damage has been caused to Us. In such a case, we process on the legal basis of a legitimate interest pursuant to Art. 6 par. 1 letter f) GDPR Your personal data to the following extent:
data contained in the contract within the meaning of point 2.1 resp. according to point 2.3 of this Document, depending on which of the types of Contracts (Purchase Agreement or Service Agreement) the data subject has concluded, data processed within the complaint process according to point 2.5 of this Document and data kept by third parties ).
The purpose of processing your personal data under this section of this Document is Our legitimate interest, which is the protection of our property and protection against unjust enrichment, and you are obliged to tolerate such processing without your consent. The retention period for personal data represents the statutory limitation period for individual rights and the limitation period for the exercise of individual claims arising from the contractual relationship as well as from breaches of legal regulations in force at the time of the contractual relationship.
2.7
It is also in our interest that we stay in touch with you and be able to inform you about news and special and other offers of Goods and Services that we provide. For this purpose, we present you with the opportunity to express your consent to the processing of your personal data for marketing purposes and to subscribe to the Newsletter. For marketing purposes, we process on the legal basis of consent according to Art. 6 par. 1 letter a) GDPR Your personal data to the following extent:
name, surname, e-mail address.
The provision of this personal data does not constitute a contractual requirement, therefore you are not obliged to provide us with this personal data. You can revoke this consent at any time. Withdrawal of consent shall not affect the lawfulness of the processing resulting from the consent prior to its withdrawal. The retention period for personal data shall be for the entire period of validity of the consent, but for a maximum of three years.
2.8
Except in the event that you give Us consent to the processing of your personal data for marketing purposes (for example, by subscribing to the Newsletter or by expressing consent when executing the Order), we also process your personal data for marketing purposes on a legal basis of legitimate interest according to Art. 6 par. letter (f) GDPR to the extent of:
name, surname (in case of concluding the Purchase Agreement), e-mail address, order history.
In this case, it is a legitimate interest, which is the sale of Goods of the same, similar or follow-up goods that you have already purchased from us and therefore your special consent is not required. When processing this personal data, we also rely on the provisions of Act no. 351/2011 Coll. on electronic communications, which entitles us to do so. The duration of the processing and storage of personal data represents the duration of the legitimate interest, and you always have the option to refuse to send marketing materials and to express your disagreement with the processing of your personal data.
2.9
In order to provide you with the quality and trouble-free operation of our Website, as well as to facilitate the process of creating an Order and purchasing Goods, we use cookies on our Website, which you are aware of and invited to consent to when visiting the Website. for their use. Cookies used on our Website can be specified as cookies that allow you to use the primary functionality of the Website (for example, click one of the options offered) and cookies that extend the functionality of the Website, while storing information about your steps for a period of time and preferences (such as login name, language, or Goods added to the Cart), so you don't have to re-enter them the next time you visit the Website or browse individual subpages.
2.10
Cookies whose use is necessary for the proper functioning of the Website are used without your consent, and consent to the use of cookies that improve the functionality of the Website and store some of your data and information, you have the opportunity to grant or . not to grant immediately upon visiting the Website.
2.11
The use of cookies can cause individual files to be included in a chain of other data related to your person, as a result of which they will become personal data. In order to improve the functionalities of the Website, to facilitate the process of creating an Order and purchasing Goods, as well as to adapt the Website to your preferences, we process on the legal basis of consent pursuant to Art. 6 par. 1 letter a) GDPR and on the legal basis of legitimate interest according to Art. 6 par. 1 letter f) GDPR personal data in the form of cookies.
The legitimate interest in the processing of personal data under this point is the interest in the proper functioning of the Website, its protection, as well as the proper and performance of business activities operated through the Website. In the case of processing personal data on the legal basis of consent, you have the option to revoke your consent at any time, but this will not affect the lawfulness of the processing based on the consent prior to its revocation. The retention period of personal data represents the duration of the legitimate interest, resp. the duration of the consent, for a maximum of 48 hours.
2.12
All cookies that Our Website may store on your terminal can be checked and deleted. By appropriate settings of the internet browser, it is possible to effectively and completely prevent the use of cookies. In general, you need to turn on a feature in your web browser, which is commonly referred to as 'Watch Protection.'
2.13
After executing the Goods Order, you have the opportunity to choose the method of transport of the purchased Goods on our Website. In this case, your personal data is processed on the legal basis of consent according to Art. 6 par. 1 letter (a) GDPR to the extent of:
name, surname, telephone number, delivery address.
You can revoke this consent at any time. Withdrawal of consent shall not affect the lawfulness of the processing resulting from the consent prior to its withdrawal. Withdrawal of consent resp. failure to provide the data required for this purpose has possible consequences in the form of inability to deliver the goods you have purchased. The retention period for personal data is: for the duration of the consent.
2.14
During the delivery process, the personal data of the person concerned may be processed other than the person who concluded the Purchase Agreement. This situation may occur, for example, if you have the Goods you have purchased delivered to the address of a family member who promised to take delivery of the consignment, or, for example, if the Goods you purchased will be a gift to the consignee. In such a case, we process both the Buyer's personal data to the extent specified in points 2.1 to 2.2 and 2.5 to 2.13 of this Document, as well as the data of the Affected Person to whom the consignment will be delivered to the extent of:
name, surname, delivery address, telephone number.
The processing of personal data of the Data subject pursuant to this item shall be carried out for the purpose of delivery of the purchased Goods on the legal basis of a legitimate interest pursuant to Art. 6 par. 1 letter f) GDPR, which is our interest in fulfilling the provisions of the Purchase Agreement concluded between Us and the Buyer. In this case, the exemption from the information obligation under Art. 14 GDPR against the person to whom the consignment will be delivered and this will be fulfilled only at the moment of delivery of the consignment (Goods).
2.15
The use of our Goods is realized through the functionalities in our Attachtap Application. The affected person, other than the person of the buyer, has the opportunity to download the Application, register and use its functionality in connection with the purchased Goods for the purposes of using the Goods. In the case of Affected Persons who download Our Application, we process their personal data for the purpose of fulfilling the obligation to provide all the functionalities of the Application, on the legal basis of the performance of the contract pursuant to Art. 6 par. 1 letter (b) GDPR to the following extent:
e-mail address, password, license key delivered to the buyer of the Goods
The provision of this personal data constitutes compliance with a contractual requirement and in the event of non-provision of personal data, it will not be possible to enter into a contract for the use of the Application. The period of processing personal data represents the time from the conclusion of the contract, during the performance of mutual obligations, until the expiration of the period for exercising any rights and legal claims arising from the Purchase Agreement (for example, the period for claiming, claims for damages).
2.16
After successful registration within the Application, you have the opportunity to create your own profile, the content of which depends on your discretion. For the purposes of fulfilling the contract, consisting in providing specific functionalities of the Application, especially but not exclusively the possibility to supplement your account in the application with data and information about your person, we process on the legal basis of the contract performance according to Art. 6 par. 1 letter (b) GDPR personal data to the following extent:
photo, nick (username), data on employment / job position / function, profile data of the affected person established on the social network, IBAN, e-mail address, telephone number, other personal data about himself / herself The data subject shall voluntarily make them available to other users (eg age).
The provision of personal data within the meaning of this section constitutes compliance with a contractual requirement, but you are not obliged to provide this data to us. However, the possible consequences of not providing the data represent the impossibility of containing the information you wish in your account set up in the Application. The data retention period according to this point represents the period until which the Affected Person does not delete the data from his Account, resp. for the entire duration of the contractual relationship, the length of which is characterized by the period of use of the Application.
2.17
The processing of personal data within the application is subject to the provisions on contractual obligations, marketing and cookies, as contained in sections 2.5 to 2.12 of this Document.
3.1
We care about maintaining the integrity and confidentiality of your personal data, and therefore we strive to ensure their strong security not only through individual, modern technical and organizational security measures, but also through the possibility to exercise the rights of the Data subject at any time through a written handwritten application. , from which the identity and right for the performance of which the Affected Person requests the Operator will be clear. You can send requests for the exercise of the right addressed to the Operator to our electronic address: info@attachtap.sk.
3.2
We hereby inform you that in cases where the legal basis for the processing of personal data is your consent, you are entitled to withdraw the consent at any time. You can revoke your consent to the processing of personal data at any time by contacting the Operator by sending a written request to the e-mail address info@attachtap.sk, while revoking your consent does not affect the lawfulness of the processing of your personal data before its revocation.
3.3
In cases where the legal basis for the processing of your personal data is the protection of the rights and legally protected interests of the Operator (Article 6 (1) (f) of the GDPR), we are entitled to process your related personal data without your consent. you are obliged to endure such processing. Nevertheless, in the case of the processing of your personal data, you have a legitimate interest in exercising your right to object to the processing of your personal data. In such a case, we will consider whether there are, in a particular case, the necessary legitimate reasons for processing which outweigh your interests, rights and freedoms (for example, grounds for proving, asserting or defending legal claims). In the case of direct marketing under this Document, the processing of your personal data for this purpose after your right to object will be terminated.
3.4
At the same time you have the right to access personal data (Article 15 GDPR), the right to rectify (Article 16 GDPR), the right to delete (Article 17), the right to restrict processing (Article 18 GDPR), the right to portability (Article 20 of the GDPR), the right to object to the processing (Article 21 of the GDPR), the right to request a review of an individual decision based on the automated processing of personal data (Article 22 of the GDPR).
3.5
We would like to draw your attention to the fact that when processing your request for the exercise of the right of the person concerned, we may ask you for a credible verification of identity, especially if you request the exercise of your right other than by a handwritten letter. signature, by e-mail with a trusted qualified electronic signature or in person at the registered office of our company (ie, for example, in the case of regular email requests or phone calls).
3.6
Each application received for the exercise of the right of the person concerned will be assessed individually and competently, and we will always inform you of the result no later than 30 (in words: thirty) days from the receipt of the application.
4.1
We do not disclose personal data without your consent and do not transfer them to any third country that does not ensure an adequate level of personal data protection. We guarantee the processing of personal data exclusively in the territory of the Member States of the European Union and countries which have adopted sufficient guarantees for the protection of personal data to the same extent or sufficient in terms of European legislation.
4.2
Personal data may only be disclosed on the basis of your individual consent or your informed conduct (eg publication of content in the form of a review of Our Goods and Services on our Website or an official profile established on social networks, which may, however, they may not be linked to the Website). In this context, we inform you that by publishing contributions, photos or carrying out any activity or activity that results in your identification on our official profile on the social network, your personal data is processed in the information systems of the social network and on our profile. By your actions in accordance with the previous sentence, you provide the so-called implied consent to the processing of your personal data for our marketing activities.
4.3
We regularly check and review not only the security measures taken to ensure the security of personal data processing, but also other procedures and rules designed to protect privacy and personal data, and we can work with a professional designated person (DPO - Data Protection Officer).
4.4
We use appropriate means of encrypting information protection for data transmission via a publicly accessible computer network between your terminal and our server. Likewise, all data and personal data are stored in designated data repositories, which are secured by appropriate means of encrypting information protection.
4.5
We guarantee that we will not make any consent to the processing of personal data conditional on the conclusion or performance of the Agreement.
4.6
We process and use your personal data only for the purpose defined in this Document. In the event that the purpose of processing your personal data ceases to exist (in whole or in part), we examine whether there is another purpose for the processing of specific personal data at that time and if not, the processing and storage of personal data will be terminated, and in relation to personal data in their entirety, or in relation to individual personal data for which the purpose of the processing has ceased to exist.
4.7
All entities that are legally involved in the personal data processing process apart from us are transparently identified in this Document together with their status under the GDPR. We will not carry out any processing operation with your personal data on a third party and / or the recipient unless it is transparently identified in this Document and at the same time we do not have the necessary legal basis under Article 6 of the GDPR.
The following persons are recipients of personal data:
4.8
All recipients of personal data access them exclusively on the basis of an authorization granted by us, and are legally bound by specific obligations and legal guarantees strengthening the protection of the personal data of the Data subjects.
4.9
We guarantee that we will not provide any information and personal data about the content of internal communication conducted through Our Website or through other means to any unauthorized natural or legal persons, except in cases of authorized state authorities of the Slovak Republic in the performance their powers in the intentions of the relevant special laws effective in the Slovak legal order.
4.10
We do not provide your personal data to any parties for commercial purposes without your prior individual consent. We also consider it necessary to inform you that part of the processing of personal data related to the use of functionalities integrated into the Website may be carried out independently and completely independent of us by third parties who are independent operators of our personal data information systems; in these cases it is mainly the operators of the so-called payment gateways designed to make non-cash payments over the Internet. You provide your personal information directly to these third parties without us interfering in or influencing this process in any way. This part of the processing of personal data is governed by the internal policies and security measures adopted by these third parties, and we have no influence on such processing of personal data, including the possibility to exercise the data subject's rights, which we inform you of under this Document.
4.11
We have carefully checked our business partners (so-called intermediaries) whom we have enabled to process your personal data in terms of their competence and practical ability to ensure the security and legality of the processing of your personal data.
4.12
In providing your personal data to third parties, however, we follow the rule to provide personal data only to the extent necessary to achieve the necessary purpose (for example, in the case of delivery of the name, surname, delivery address, or telephone number in case of delivery of the Goods using the courier service).
4.13
When processing personal data and communicating with Affected Persons, we use the communication options provided through our Website in addition to regular telephone and email communications.
4.14
We process personal data of minors only provided that they have been provided to us by their legal representative for the purpose of fulfilling the Contract, for the purpose of fulfilling our legal obligations, protecting rights and legally protected interests or for the purpose of processing them for purposes for which consent to the processing of personal data is required, provided that the legal representative has given such consent to the processing of children's personal data.
4.15
If, in our communication and addressing specific requirements on your own initiative, you include in addition to the information we require, information that we do not need and at the same time that could be sensitive or could result in a sensitive nature revealing data from special category of personal data, which we do not require or are not necessary to provide proper Contractual Performance, we will, if possible, ensure their immediate deletion or modification to a more neutral meaning that does not allow the creation of a special category of personal data from such additionally obtained additional information. At the same time, we would like to encourage you not to necessarily disclose any superfluous data and information of a private nature that is not directly related to our contractual performance and the conclusion of the given Purchase Agreement as part of our mutual communication when ordering Goods or Services.
5.1
If you do not agree or do not understand the content or meaning of any part of this Document, we welcome your material reservations and comments, which we will communicate with you in order to protect and promote your rights and prevent and create any risks for Your rights and freedoms, which could be caused or affected by the conclusion of the contract for the purchase of Goods and / or other processing of personal data in this Document.
5.2
We regularly review and update this Document, with the current version of the Document, which is published on the Website, always in force.
5.3
You can address your complaint related to the processing of personal data to the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic. Contact details of the supervisory authority:
Office for Personal Data Protection of the Slovak Republic
Hraničná 12
820 07 Bratislava
+421 /2/ 3231 3214
statny.dozor@pdp.gov.sk
This Privacy Policy (hereinafter as the “Policy”) contains information about the processing of your personal data by the PET&SON Group s.r.o, with registered seat Nad Ostrovom 15, 841 04 Bratislava, ID: 53 479 068, company registered in the Commercial Register of the Municipal Court Bratislava III, oddiel: Sro, vložka č. 150851/B (hereinafter only as “the Controller”).
The affected persons are mainly Consumers who enter into a Purchase Agreement with the Operator, resp. The Contract for the provision of the Service, in accordance with the General Terms and Conditions of the Operator (hereinafter referred to as "GTC" or as "General Terms and Conditions") through an order of Goods and / or Services made on the Website or otherwise in accordance with the provisions of the General Terms and Conditions. The affected person is also other natural persons who have given us consent to the processing of personal data for the relevant purposes, such as persons who have subscribed to the newsletter via the appropriate form available on the Website. We may use the word "You", "Your" and all modifications of these words in the text of the Document to identify the Affected Person.
The Controller provides you via this Policy information on why your personal data are processed, howthey are processed, how long they are stored, what are your rights in connection with the processing ofyour personal data and other relevant information about the processing of your personal data.
The Controller processes your personal data in accordance with Regulation (EU) 2016/679 of the EuropeanParliament and of the Council of 27. April 2016 on the protection of natural persons with regard to the processingof personal data and on the free movement of such data, and repealing Directive 95/46/EC (General DataProtection Regulation) (hereinafter referred to as the "Regulation"), relevant Slovak legislation, in particular ActNo. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Acts (hereinafter referred toas the "Act") and other regulations on the protection of personal data (Regulation, the Act and otherregulations on the protection of personal data, hereinafter collectively referred to as the "Personal DataProtection Regulations").
You can contact the Data Controller in matters related to the processing and protection of personal PET&SONGroup s.r.o, with registered seat Nad Ostrovom 15, 841 04 Bratislava or by e-mail to the e-mail addressgdpr@attachtap.sk.
INFORMATION ON PROCESSING OPERATIONS (categories of personal data, purposes of processing,legal bases and retention periods) - GENERAL PURPOSES
The Controller processes your personal data exclusively in accordance with the principle of minimization,which means that the Controller does not require from you personal data that are not necessary for a specific andjustified purpose of processing. The controller processes personal data only if there is a legal basis for theirprocessing and thus they are processed in accordance with the principle of legality. The specific purposes,including the specified legal basis and the retention period for which the Controller processes your personal data,can be found in the table below.
| The processing purpose | Processing of accounting documents |
| The legal base | Article 6(1)(c) of the Regulation (processing of personal data is necessary for compliance with a legal obligation to which the Controller is subject) |
| Categories of personal data | Common personal data necessary for the fulfilment of legal obligations(name, surname, address of residence / place of business, service deliveryaddress, contact details, phone number, email address, bank details), otherpersonal data necessary for the processing of accounting agenda |
| Retention period | the 10 years following the year to which they relate |
| The processing purpose | Registry administration, registration and handling of received andoutgoing mail (including electronic communication with relevantinstitutions) |
| The legal base | Article 6(1)(c) of the Regulation (processing of personal data is necessary for compliance with a legal obligation to which the Controller is subject) |
| Categories of personal data | Common personal data |
| Retention period | Mail - 5 years following the year to which they relate, other records formingthe registry within the meaning of the relevant provisions of Act No. 395/2002Coll. on archives and registries and on the amendment of certain acts, asamended |
| The processing purpose | Conduct of judicial and administrative proceedings |
| The legal base | Article 6(1)(c) of the Regulation (processing of personal data is necessary for compliance with a legal obligation to which the Controller is subject) |
| Categories of personal data | Common personal data necessary to comply with legal obligations |
| Retention period | For the duration of the relevant proceedings and until the expiry of limitation periods (unless otherwise provided by applicable law) |
| The processing purpose | Data subjects rights handling |
| The legal base | Article 6(1)(c) of the Regulation (processing of personal data is necessary for compliance with a legal obligation to which the Controller is subject) |
| Categories of personal data | Common personal data necessary to comply with legal obligations |
| Retention period | Unit the processing of the exercised rights in accordance with the relevant provisions of the Regulation (maximum 120 days) |
| The processing purpose | Records of exercised rights of data subjects |
| The legal base | Art. 6(1)(f) of the Regulation (processing is necessary for the purposes of the legitimate interests pursued by the controller) |
| Categories of personal data | Common personal data as a part of the data subject's request and are necessary to comply with legal obligations |
| Retention period | 5 years following the date on which the right exercised or the request made by the data subject was dealt with |
| The processing purpose | Preparation and maintenance of supplier-customer relations with business partners. As part of the agenda, contractual relations, invoices and orders, records of deliveries and collections of goods are kept |
| The legal base | Article 6(1)(b) of the Regulation (processing is necessary for the performance of a contract to which the data subject is party |
| Categories of personal data | Common personal data |
| Retention period | 10 years after the termination of the contractual relationship due to registration within the accounting agenda |
| The processing purpose | Records of contact persons of employees, suppliers, customers andother business partners (their contact persons / representatives ifbusiness partners are legal entities) in contractual relations, provisionof application services for employees of clients - legal entities |
| The legal base | Article 6(1)(f) of the Regulation - the processing of personal data is carriedout on the basis of the legitimate interest of the Controller, which consists inthe necessity of records of contact persons of employees, representativesand contact persons of business partners in the position of legal entities forthe needs of bookkeeping, ensuring internal control activities, fulfilment ofcontractual obligations towards legal entities and for the enforcement of legaland other claims arising from concluded contracts |
| Categories of personal data | Name, surname, title, legal entity identifier (function or job position), contactdetails (phone number, e-mail address) |
| Retention period | During the duration of the contractual relationship with the legal entity andafter its termination until the expiry of the relevant limitation periods and untilthe full settlement of contractual and other claims arising from the contractualrelationship or until the termination of the position of a natural person as arepresentative or contact person of the partner - legal entity, if furtherprocessing of personal data after the termination of such status is notnecessary for the specified purpose |
| The processing purpose | Fulfilment of contractual obligations (based on contracts withcustomers, suppliers of goods and services, other business partners inthe position of natural and legal persons) and implementation of pre-contractual relations |
| The legal base | Article 6(1)(b) of the Regulation (processing is necessary for the performanceof a contract to which the data subject is party) |
| Categories of personal data | Name, surname, business name, address of the place of business, ID, VATID, VAT number, contact details (tel. no., e-mail), bank details |
| Retention period | During the contractual relationship and after its termination, until the fullsettlement of contractual and other claims arising from the contractualrelationship or until the expiry of the relevant limitation periods, whicheveroccurs first |
| The processing purpose | Processing of personal data within the scope of the contact form on theController's website |
| The legal base | Article 6(1)(a) of the Regulation (the data subject has given consent to the processing of his or her personal data |
| Categories of personal data | Common personal data in the scope: name, surname, contact details (e-mail, telephone), including other additional data in the scope of the form |
| Retention period | No longer than 1 year from the date of consent or until its withdrawal, whichever occurs first |
| The processing purpose | No longer than 1 year from the date of consent or until its withdrawal, whichever occurs first |
| The legal base | Handling of complaints |
| Categories of personal data | Article 6(1)(c) Regulations - the processing of personal data is carried out in compliance with legal obligations |
| Retention period | 4 years following the date of the complaint, in the case of natural persons - non-entrepreneurs 3 years following the date of the complaint |
| The processing purpose | Newsletter subscription (newsletter subscribers) |
| The legal base | Article 6(1)(a) Regulations - the processing of personal data is carried out on the basis of consent to the processing of personal data |
| Categories of personal data | Name, surname, e-mail |
| Retention period | For a period of 3 years from the date of consent or until its withdrawal, whichever occurs first |
| The processing purpose | Marketing activities performance (existing clients) |
| The legal base | Art. 6(1)(f) Regulations - the processing of personal data is carried out on the basis of the legitimate interest of the Controller, which is the implementation of marketing activities, sending marketing information by the Controller to existing clients (direct marketing) |
| Categories of personal data | Name, surname, e-mail, order history of the client |
| Retention period | From the date of conclusion of the contract for the provision of services for the duration of the contractual relationship with the client, no later than 6 months from the execution of the last order or until the newsletter unsubscribe, whichever comes first |
| The processing purpose | Delivery of ordered and purchased goods and services |
| The legal base | Article 6(1)(b) Regulations - the processing of personal data is carried out in the performance of the contract and the implementation of pre-contractual relations |
| Categories of personal data | Name, surname, telephone number, delivery address |
| Retention period | For the time necessary to achieve the purpose, resp. until the delivery of the ordered and purchased goods |
| The processing purpose | Using the Attachtap app - registration |
| The legal base | Article 6(1)(b) Regulations - the processing of personal data is carried out in the performance of the contract and the implementation of pre-contractual relations |
| Categories of personal data | Email, password, license key |
| Retention period | For the time necessary to achieve the purpose, resp. until the use of the application |
| The processing purpose | Using Attachtap - creating a profile |
| The legal base | Article 6(1)(b) Regulations - the processing of personal data is carried out in the performance of the contract and the implementation of pre-contractual relations |
| Categories of personal data | Photo, name, surname, job position, company name, work email, address, phone number, website, IČO, VAT ID, IBAN, respectively other data within the scope of the custom data field |
| Retention period | For the time necessary to achieve the purpose, resp. until the use of the application |
| The processing purpose | Responding to messages and handling queries / requests from messages delivered to the Controller through the published contact on the website, e-mail communication or by phone |
| The legal base | Article 6(1)(f) Regulations - the processing of personal data is carried out on the basis of the legitimate interest of the Controller, which is to respond to received messages for the proper conduct of business communication, improving the quality of services provided and attracting new clientele |
| Categories of personal data | Name, surname, e-mail, phone number, other data contained in the report |
| Retention period | 60 days from the date of receipt of the request or until the request is processed (fulfilment of the purpose), whichever occurs first |
| The processing purpose | Making video, video-audio recordings of the person concerned and publishing them on the websites of the Controller and on other communication channels and/or social networks of the Controller, including publication in brochures, presentations and noticeboards in the Controller's company |
| The legal base | Article 6(1)(a) of the Regulation (the data subject has given consent to the processing of his or her personal data) |
| Categories of personal data | Photo/video |
| Retention period | Maximum 5 years from the date of consent or until its withdrawal, whichever occurs first |
| The processing purpose | Measuring website traffic and targeting the Controller's advertising through the use of cookies |
| The legal base | Article 6(1)(a) of the Regulation (the data subject has given consent to the processing of his or her personal data) |
| Categories of personal data | Common personal data - data about website activity and preferences in the online environment |
| Retention period | Maximum 2 years from the date of consent or until its withdrawal, whichever occurs first |
In order to ensure the protection of your personal data, the Controller has taken appropriate security measures, which it has documented, both at the organizational and technical level.
The Controller obtained personal data directly from you as the data subject. If the services of the Operator's application were ordered by a legal entity of which you are an employee or member, the Operator may obtain your personal data from this legal entity.
In certain cases, the Controller is obliged to provide your personal data to public authorities authorized to processyour personal data, e. g. courts, law enforcement authorities as well as supervisory and supervisory authorities (e.g. the Office for Personal Data Protection in case of inspection) (third parties).
The Controller also provides your personal data to its processors, i. e. external entities that process your personaldata on behalf of the Controller. Intermediaries process personal data on the basis of a contract concluded withthe Controller, in which they undertake to take appropriate technical and security measures in order to safelyprocess your personal data. The Controller's processors include:
company providing accounting services, company providing hosting services (including mail hosting services), and company providing the cloud services (application).
As part of marketing and advertising support, you will find links to various social networks on the Controller'swebsite, such as. Facebook, Instagram, Youtube or Linkedin. The Controller hereby warns you that after clickingon the plugin on the website and going to the social network, the privacy policy of the Controller of the socialnetwork will apply, except when you contact the Controller via a message on the social network (in this case, theprocessing of your personal data is also governed by this policy and your personal data processed by theController in accordance with the information above).
You can find more information about the processing of your personal data by social networks at the followinglinks:
(I) Facebook: https://sk-sk.facebook.com/policy.php ,(II) Instagram: https://sk-sk.facebook.com/help/instagram/155833707900388/,(III) You Tube: https://support.google.com/youtube/answer/10364219?hl=sk ,(IV) Linkedin: https://www.linkedin.com/legal/privacy-policy.
The Controller does not transfer your personal data to third countries and/or international organizations.The Controller does not use profiling when processing your personal data and does not process personal data inany form of automated individual decision-making that would evaluate your personal aspects.
In connection with the processing of your personal data, you as the data subject have the following rights:
| Right of access - as the data subject, youhave the right to obtain from the Controllerconfirmation as to whether it processes yourpersonal data and, if so, you have the right toaccess such personal data and informationpursuant to Article 15 of the Regulation. TheController will provide you with a copy of thepersonal data being processed. If you submit arequest by electronic means, the Controller willprovide you with the information in a commonlyused electronic form, unless you requestanother method. | Right to rectification - the Controller has takenappropriate measures to ensure the accuracy,completeness and timeliness of your personal data. As thedata subject, you have the right to have the Controllercorrect your incorrect personal data or complete yourincomplete personal data without undue delay. |
| RIGHT TO OBJECT - You have the right to object to the processing of personal data, for example if the Controller processes yourpersonal data on the basis of a legitimate interest or in processing in which profiling takes place. If youobject to such processing of personal data, the Controller will no longer process your personal data unless itdemonstrates compelling legitimate reasons for further processing of your personal data. | |
| Right to erasure ("right to be forgotten") -You also have the right to obtain from theController the deletion of your personal datawithout undue delay if certain conditions aremet, for example if personal data are no longernecessary for the purposes for which theController obtained or processed them.However, this right of yours must be assessedindividually, as there may be a situation whereother circumstances prevent the Controller fromdeleting personal data (for example, a legalobligation of the Controller). This means that insuch a case, the Controller will not be able tocomply with your request for deletion ofpersonal data. | Right to data portability - under certain circumstances,you have the right to transfer personal data to anotherController you designate. However, the right to portabilityapplies only to personal data that the Controller processeson the basis of the consent you have given to the Controlleron the basis of a contract to which you are one of theparties or if the Controller processes personal data byautomated means. |
| RIGHT TO WITHDRAW CONSENT - If the Controller processes your personal data on the basis of your consent, you have the right to withdraw yourconsent at any time in the same form as you gave it. The withdrawal of consent does not affect the lawfulnessof processing carried out prior to the withdrawal of consent. | |
| Right to restriction of processing - You also have the right to have the Controller restrict theprocessing of your personal data. This will bethe case, for example, if you contest theaccuracy of the personal data or if theprocessing is unlawful and you request therestriction of processing, or if the Controller nolonger needs your personal data for processingpurposes, but you need them for theestablishment, exercise or defence of legalclaims. The Controller will restrict theprocessing of your personal data if you requestit. | Right to file a complaint or suggestion - If you feel that your personal data are processed in violation of applicablelaw, you may contact the supervisory authority, which isthe Office for Personal Data Protection of the SlovakRepublic, with its registered office Hraničná 12, 820 07Bratislava 27; Website: dataprotection.gov.sk, Phonenumber: 02 3231 3214; e-mail: statny.dozor@pdp.gov.sk |
You can exercise your rights listed in the table above at the contact addresses of the Controller listed at thebeginning of this document. The Controller will provide you with an answer to exercising your rights free ofcharge. In case of repeated, unjustified or excessive request to exercise your rights, the Controller is entitled tocharge a reasonable fee for providing information. The Controller will provide you with an answer within 1 monthfrom the day on which you exercised your rights. In certain cases, the Controller is entitled to extend this period,in case of a high number and complexity of requests from data subjects, but not more than 2 months. TheController will always inform you about the extension of the period.
This updated Policy is valid and effective from its publication on the Controller's website. Due to the fact that anupdate of information on the processing of personal data contained in this Policy may be required in the future,the Controller is entitled to update this Policy at any time. In such a case, however, the Controller will inform youaccordingly in advance.