Rules for processing personal data

The operator in case of personal data processing is MVDr. Zuzana Szabová, place of business: Maurerova 2, 040 22 Košice, IČO: 53 034 601, DIČ: 1045351197, registration: trade register of the District Office of Košice, trade register number: 820-91054, (hereinafter referred to as the “operator”).

The controller states that it processes all personal data exclusively in accordance with generally binding legal regulations (in particular pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to personal data processing and free movement of such data, repealing Directive 95/46 / EC (hereinafter referred to as the “GDPR Regulation”) and in accordance with Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Acts (hereinafter referred to as the “Act”), with the operator Appropriate measures of a technical, organizational and personnel nature have been taken so as not to jeopardize the security of the personal data processed. All entities that come into contact with personal data in the performance of their duties are bound by a legal or contractual duty of confidentiality.

Due to the fact that the protection of personal data is a constantly evolving process, there may be ongoing changes in the information provided to data subjects – in such cases the controller reserves the right to change the conditions of personal data processing, with the operator , or notifies changes by e-mail.

Purposes of personal data processing:

Your personal data may be processed for the following purposes:

  • processing of personal data for the purposes of concluding a contract (purchase contract), delivery of goods / services, making payment, fulfillment of other contractual obligations, related in particular to the exercise of rights under the guarantee;
    • legal basis: processing is necessary for the performance of a contract to which the data subject is a party or for action to be taken before the conclusion of the contract at the request of the data subject (Article 6 (1) (b) of the GDPR Regulation);
    • storage period: 10 years
  • processing of personal data for the purpose of settling the claimed rights from liability for defects;
    • legal basis: processing is necessary to fulfill the legal obligation of the controller under Act no. 250/2007 Coll. On consumer protection;
    • shelf life: 5 years
  • processing of personal data for the purposes of registry administration;
    • legal basis: Act no. 395/2002 Coll. on archives and registries and on the amendment of certain laws as amended;
    • shelf life: 5 years
  • processing of personal data for the purpose of proper bookkeeping;
    • legal basis: processing is necessary to fulfill the legal obligation of the controller under Art. 6 par. 1 letter c) Regulations of the GDPR and in accordance with Act no. 431/2002 Coll. On accounting as amended;
    • storage period: 10 years
  • processing of personal data for the purposes of proper tax records;
    • legal basis: processing is necessary to fulfill the legal obligation of the controller under Art. 6 par. 1 letter c) Regulations of the GDPR and in accordance with Act no. 595/2003 Coll. On income tax and in accordance with Act no. 222/2004 Coll. On value added tax, as amended;
    • storage period: 10 years
  • processing of personal data for the purposes of legal disputes arising from the subject of the operator’s activity, or to enforce and defend the legal claims of the operator;
    • legal basis: processing is necessary to fulfill the legal obligation of the controller under Art. 6 par. 1 letter (c) the GDPR Regulations and in accordance with the Code of Civil Procedure, the Code of Administrative Procedure, the Code of Enforcement and the Bankruptcy and Restructuring Act;
    • shelf life: 5 years
  • records of exercised rights of affected persons according to Act no. 18/2018 Coll. on the protection of personal data and on the amendment of certain laws, registration of the exercised rights of data subjects under Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
    • legal basis: processing is necessary to fulfill the legal obligation of the operator under the GDPR Regulation and Act no. 18/2018 Coll. On personal data protection;
    • shelf life: 5 years
  • processing of personal data for the purposes of direct marketing (marketing and advertising activities of the operator);
    • legal basis: the legitimate interest of the operator under Art. 6 par. 1 letter f) GDPR Regulations – the legitimate interest consists in improving the sales results of the operator by sending marketing offers, including information on existing discounts;
    • retention period: 5 years from the date of the last purchase of the person concerned by the operator

The data subject has the right to object to the processing of personal data for the purposes of direct marketing – in this case, the operator will stop processing your personal data for this purpose.

Recipients or categories of recipients of personal data:

We provide the personal data of the data subject to the necessary extent (especially for the purpose of processing the order and in order to fulfill our legal obligations) to the following categories of personal data recipients: Delivery and courier companies, Slovenská pošta, as, tax office, IT support providers, court, executor, other public authorities, provided that this is stipulated by a special law.

Request for personal data and possible consequences of not providing them:

In the event that the provision of personal data for any of the above purposes is necessary for the performance of the contract, the provision of personal data is a necessary part of the contractual relationship. Failure to provide personal data by the data subject will make it impossible to conclude the contract and fulfill the obligations arising from it.

If the provision of personal data by the data subject is subject to a legal requirement, the data subject is obliged to provide such personal data, as otherwise it will not be possible to properly fulfill the controller’s obligations arising from the relevant generally binding legal regulations.

In the case of the processing of personal data with the consent of the data subject, the provision of personal data by the data subject shall be voluntary, with the data subject having the right to withdraw his or her consent at any time without affecting the lawfulness of personal data processing based on prior consent.

Transfer of personal data to a third country or international organization: Not in progress.

Automated decision making, including profiling: Not performed.

Rights of data subjects:

In relation to the processing of personal data, the data subject shall in particular have the following rights:

  1. Right of data subject to access to data (Article 15 of the GDPR Regulation): The data subject has the right to confirm whether the controller processes his or her personal data, has the right to access this data, has the right to information about such processing and to provide copies personal data held by the controller on the data subject.
  2. The data subject’s right to rectification (Article 16 of the GDPR Regulation): The data subject has the right to have the operator correct incorrect personal data concerning him without undue delay. With regard to the purposes of processing, the data subject has the right to supplement incomplete personal data, including by providing a supplementary declaration.
  3. Right of the data subject to erasure (Article 17 of the GDPR Regulation): The data subject has the right to have the controller delete personal data concerning the data subject without undue delay if any of the reasons set out in Art. 17 GDPR Regulations.
  4. The data subject’s right to restrict the processing of personal data (Article 18 of the GDPR Regulation): The data subject has the right to have the controller stop using the data subject’s personal data in certain circumstances, as defined in Article 18 of the GDPR Regulation. 18 GDPR Regulations.
  5. The data subject’s right to data portability (Article 20 of the GDPR Regulation): The data subject has the right to obtain, in certain circumstances, personal data concerning him or her provided to the controller in a structured, commonly used and machine-readable format and to transfer such data to another controller without the operator to whom the personal data have been provided obstructing it.
  6. Right of the data subject to object to the processing of personal data (Article 21 of the GDPR Regulation): The data subject has the right to object to the processing of personal data if the legal basis for the processing of personal data is a legitimate interest of the controller.
  7. Automated individual decision-making, including profiling (Article 22 of the GDPR Regulation): The data subject has the right not to be subject in certain circumstances to a decision which is based exclusively on automated processing, including profiling, and which has legal effects concerning him or her. they affect it in a similar way.
  8. Right to withdraw consent (Article 7 of the GDPR Regulation): The data subject has the right to withdraw the consent at any time in the case of processing personal data on the legal basis of the data subject’s consent. Withdrawal of consent may be made in the same way as the consent was given as well as in the following way:
    • by e-mail sent to the address of the operator;
    • by sending a written request to the address of the operator’s registered office;

If the data subject considers that his or her personal data has been processed illegally or considers that some of his / her rights mentioned above have been violated, he / she has the opportunity to lodge a complaint with the Supervisory Authority – Office for Personal Data Protection of the Slovak Republic, Hraničná 12 , 820 07 Bratislava, tel .: +421/2/3231 3214, e-mail:  statny.dozor@pdp.gov.sk .

The text of this document is effective from 01.02.2021