Information on Obtaining and Processing of Personal Data pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter as the “Regulation”), and pursuant to the Act No. 18/2018 Coll. on Personal Data Protection (hereinafter as the “Act”) Introduction Dedoles, s. r. o., Košická 49, 821 08 Bratislava, Slovak Republic, ID No.: 46 706 305, registered with the Commercial Register of the City Court Bratislava III, section: Sro., insert no.: 81976/B as a Controller (hereinafter as the “Controller”) hereby notifies the visitors to this website about the process of obtaining and processing of their personal data. This information is intended in particular for our customers, business partners (buyers and suppliers), as well as for their employees authorized to communicate with us with regard to contractual delivery of products and services. Privacy Policy We only process your personal data in accordance with the statutory conditions stipulated in the Regulation and in the Act. As a controller we are responsible for the protection of your personal data which we have obtained or are obtaining from you in compliance with the Regulation and the Act within the scope and in the manner stipulated in this Policy. Your personal data will be stored and backed up during the time period stipulated below in a secure manner in compliance with our Security Policy and the security policies of our data processors. Your data will be accessible only to the recipients and authorized personnel who process such data based on our instructions and in compliance with our Security Policy. As a data controller we are obliged to backup the data in accordance with the security requirements of the Regulation and the Act. Sources of personal data Your personal data is primarily obtained directly from you when you provide them to us voluntarily in connection to a query or a request regarding our products, delivered to us in person, by phone, by post or in electronic form through our e-shop. If you are an employee of our business partner, who is a legal entity or an entrepreneur who has made you his authorized representative for individual areas of communication pertaining to the contractual delivery of products and services, we obtain your personal data from your employer; provision of data stipulated in this Policy shall not affect the information obligation of your employer as specified in Article 13 of the Directive or in Section 19 of the Act when obtaining and processing your personal data in connection to the labour-law relationship between an employee and an employer. We also obtain your personal data from our external contractors who carry out for us door-to-door sales and who offer you our products and services outside our business premises. We also obtain your personal data from our contractual partners or other authorized persons in connection to the performance of our contractual, pre-contractual or other obligations. Categories of personal data Data we normally process about customers and business partners (including the personal data of their employees): Identification and contact data: in particular name, surname, contact and postal address, phone numbers, e-mail addresses, and in case you are an entrepreneur - a natural person, also your business name, place of business or registered office, your identification number and tax identification number. Data regarding purchases and discounts: information about the orders you have placed in our on-line store (in particular the order number, the date of purchase, the type and quantity of the ordered goods, the purchase price of the ordered goods, the type of delivery and payment, information about automated purchase notifications sent to the e-mail address you have entered during the purchase, and the order status). Banking, financial and transaction data: credit card number, bank account information, and payment information. Information created by us due to entering into a specific contract: in particular the customer number, the date and number of the issued accounting and tax document, the type and quantity of the purchased goods or service, the purchase price of the purchased goods or service, the date and method of payment for the goods or service, the date and manner of delivery of the goods or service, the warranty period offered with the goods or service. Information regarding our mutual communication or other types of contact related to signing and performance of a contract: in particular the used communication channel, the date and contents of communication, and sound recordings if the customer hotline was involved. Information related to a possible withdrawal of contract concluded using means of remote communication (in particular the date of withdrawal, the method of settlement of any previous purchases). Information related to a claim you submitted. Such claims may relate to purchased goods or service (in particular the date of claim submission, the numbers of and the data from the claim related documents, the description of the defects subject to claim, the required and actual manner of handling the claim, the date of claim settlement). Information related to a complaint or appeal you lodged: in particular the identification and contact data of the complainant or person lodging an appeal, the reason of the complaint/appeal, the manner in which the complaint, appeal or dispute was processed/handled. Information for marketing purposes created by us based on your use of our services (in particular information about your purchases with us and your categorization in a specific customer group). Information about your assessment: of our e-shop and the purchased product/service. Video footage from a camera system if you personally visited one of our facilities where video monitoring is used to improve security and protect property. Obligation to provide personal data Your personal data is crucial to us, because without them we are unable to establish a contractual relationship between the supplier and the customer, whereas according to the Act of the NC SR No. 513/1991 Coll. the Commercial Code as amended (hereinafter as the “Commercial Code”) your identification as a contracting party is one of the main requisites of a contract. Should you decide not to provide to us your phone number or e-mail address, this shall not prevent us from establishing a contractual relationship, however, our mutual communication will not be as efficient. If you don’t provide your e-mail address we will not be able to send to you electronic reconciliation invoices issued based on the contract and we will only be able to send them by post. We only request the ID number from individuals who were authorized by a customer to take over an order. The purpose of collecting these data is the need of clear identification of an individual when handing over and taking over our products and the prevention of a possible interception of goods by a different person, as well as the successful settlement of claims (if any). If you fail to provide your personal data, contract performance and communication between the contracting parties may be considerably impeded or even impossible. Recipients of personal data All your personal data will be stored on our internal systems and will be provided to other parties cooperating with us. The following can be recipients of personal data: control, supervision and other state authorities performing their activities in compliance with special legislation (e.g. the Slovak Trade Inspection Office, the Office for Personal Data Protection, the Revenue Office and similar), courts of law and law enforcement authorities if they request such data, or when it is the legitimate interest of the controller to use such data in establishing, exercising or defending legal claims, contractual service providers who: distribute our business and advertising materials, provide for us administration, hosting and service the software applications we use, prepare for us customer satisfaction surveys, carry out for us delivery of the ordered goods (Slovak postal service, carriers, package delivery services), provide to us on-line payment services (payment gateway operators), are involved in the processing and settlement of your claims (manufacturers and suppliers of goods), provide to us legal services, in particular defend our legally protected interests and represent our company in establishing, defending and exercising our legal claims (lawyers, bailiffs) or provide to us services or operate technical solutions using which we are able to show you on our website and on other websites only contents and advertisements that are relevant to you. other recipients to whom the Controller is obligated to provide personal data in accordance with special legislation or based on their legitimate interests (such as auditors, legal counsels, tax and accounting counsels, insurance companies, banks, credit registers, third parties assessing utilization of services of our contracting partners, individuals who are employed by us or in a similar relationship with us) within the scope necessary for them to carry out their work or enforce their rights, who, at the same time, are obligated to maintain secrecy with regard to the personal data disclosed or otherwise made available to them in compliance with and within the scope of the terms of a written contract signed with us or as required by the generally binding legal regulations. In order to improve the user experience for those visiting our website we cooperate with the following companies: Google Slovakia, s. r. o., Facebook Ireland Ltd., Exponea s.r.o., Criteo Gmbh, Marketinger s.r.o., 2muse, s.r.o. We have entered into contracts with all these data processors, which (contracts) ensure protection of your personal data. We make sure that these data processors ensure an adequate level of data protection in compliance with the applicable legal regulations pertaining to personal data protection. Information about a specific business partner to whom your personal data can be disclosed in a specific case will be provided to you based on your request sent to the address of the registered office of our company or via e-mail to gdpr@dedoles.sk. Purpose and period of the processing of personal data We obtain and process your personal data for the following purposes: E-shop registration and operation To ensure registration of customers in our e-shop and e-shop operation. The legal basis of processing for this purpose is Article 6 (1) b) of the Regulation, i.e. to take steps at the request of the data subject prior to entering into a contract in accordance with the Act No. 22/2004 on E-commerce. Processing of personal data is necessary to ensure registration in our e-shop and operation of the e-shop. The personal data entered in our e-shop will be processed for the duration of your registration in the e-shop. You can cancel your account in your user account. Purchase of goods from our e-shop, delivery of goods, processing of claims and handling of insurance claims In order to fulfil contractual obligations related to your e-shop order, based on which you, as our customer, will be delivered products, and in order to fulfil other obligations related to management of orders, receipt and hand-over of goods, handling of insurance claims, processing of claims and complaints, invoicing of the delivered goods and services and maintaining of the thereto related documentation, mutual communication of the contracting parties, and similar. The legal basis of processing for this purpose is Art. 6 (1) b) and c) of the Regulation, i.e. performance of contractual and legal obligations of the controller, in particular those stipulated by the Act of the NC SR No. 513/1991 Coll. the Commercial Code as amended. In this case, the provision of data by the data subject represents a contractual requirement. If the personal data is not provided, it will not be possible to enter into a contract with the data subject. We will process your personal data for a period which is necessary to achieve the purposes of processing, however no longer than the term of contractual relationship. Upon the termination of the contractual relationship your personal data will be stored for a period of 10 years from the date of contract termination, because the obligation to retain the contract and any thereto related accounting and tax documents containing your personal data is imposed on us by the generally binding legal regulations, in particular the Accounting act. Compliance with contractual obligations In order to fulfil contractual obligations or implement measures requested by you prior to entering into contract with you, in particular for purposes of processing and sending of price quotations, preparation of and entering into contracts, keeping records of contracts including all their amendments in our internal system, monitoring of contract performance and performance of obligations of the contractual parties, in particular obligations related to purchase and framework agreements, and in order to fulfil other obligations related to management of contracts, receipt and hand-over of goods, handling of insurance claims, processing of claims and complaints, invoicing of the delivered goods and services and maintaining of the thereto related documentation, mutual communication of the contracting parties, and similar. The legal basis of processing for this purpose is Art. 6 (1) b) and c) of the Regulation, i.e. performance of contractual and legal obligations of the controller, in particular those stipulated by the Act of the NC SR No. 513/1991 Coll. the Commercial Code as amended. In this case, the provision of data by the data subject represents a contractual requirement. If the personal data is not provided, it will not be possible to enter into a contract with the data subject. Upon the termination of the contractual relationship your personal data will be stored for a period of 10 years from the date of contract termination, because the obligation to retain the contract and any thereto related accounting and tax documents containing your personal data is imposed on us by the generally binding legal regulations, in particular the Accounting act. Providing phone and e-mail customer support For the purposes of providing phone and e-mail support, our company is processing in particular the following personal data: name, surname, phone number, e-mail address, order number and the voice call recordings in case you used our customer hotline. The legal basis of personal data processing is Article 6 (1) b) of the GDPR and in connection to the phone call recordings Article 6 (1) a) of the GDPR. Processing of personal data by the company is necessary to provide support, whereby in case of an audio recording the consent and therefore the processing of personal data in an audio recording are voluntary. Personal data obtained in connection to providing customer support via e-mail will be processed for the duration of the warranty period of the purchased goods (2 years) and in case of providing phone support the call centre audio recordings are kept for a period of 3 months. Handling of customer complaints In the process of handling of customer complaints, the company is processing the following personal data: name, surname, data specified in the complaint, and, depending on how the complaint was submitted, also the customer’s address, phone number or e-mail address. The legal basis of personal data processing is Article 6 (1) b) of the GDPR. Processing of personal data by the company is necessary to resolve customer complaints. Contests The company is processing the following personal data for purposes of organizing contests on its website and on Facebook: data specified in the contestant’s profile and the name, the first letter of the surname, and the alias of the contest winner. The legal basis of personal data processing is Article 6 (1) b) of the GDPR. Processing of personal data by the company is necessary for purposes of contest organization in accordance with the terms of such contest. Business information about products and various promotions In case of your consent, we will send you commercial information about products and various promotions by e-mail, SMS, notifications, or some other form. When registering in our e-shop or creating an order, you can choose whether you want to receive regular information about new products. We will only send commercial information to the extent and frequency that is not a nuisance to you. You can set and adjust the frequency and form of the information at any time in your user profile. You can also choose to receive information about products and various promotions via the aforementioned channels individually without registering in the e-shop on our website by entering your e-mail address. The legal basis of personal data processing for this purpose are provisions of Art. 6 (1) a) of the Regulation, i.e. consent of the data subject. You may withdraw your consent at any time by following the link directly in these emails or by sending an email stating your opposition to receiving commercial communications to the following email address: gdpr@dedoles.sk. You can also unsubscribe from newsletters easily and at any time in your user profile. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. In case you are our customer, we consider it our legitimate interest to occasionally inform you about various promotions and especially discounts by SMS message or in another form. You have the right to stop receiving our SMS messages at any time by sending an email stating that you do not wish to receive SMS notifications to the following email address: gdpr@dedoles.sk, by changing the subscription settings in your account, or by any other means specified directly in the SMS with the commercial information. The seller notifies the buyer via e-mail about the processing of the order and the availability or unavailability of the goods. From time to time (not more than several times a year), the seller may send important information related to the operation of the seller’s e-shop and use of the user account to all registered customers. Should you object to the processing of your personal data for purposes of direct marketing, we will no longer process your personal data for this purpose. Exercise of the rights of data subjects It is the controller’s legal obligation to duly process all data subjects’ requests through which they wish to exercise their rights in accordance with the Regulation. If you exercise your right as a data subject, your personal data processed for purposes of processing your requests may be processed for a period of 5 years. Enforcement of claims of the company The company is processing the following data for purposes of enforcement of its claims: data specified in contracts entered into with customers and suppliers, data specified in claims, data required to file a lawsuit by the company, data specified in a lawsuit against the company, data specified in records of theft, data included in accounting records and other data required in connection with the exercise or defence of company interests. The purpose of processing of such personal data is the legitimate interest of the data controller and the legal basis of the processing is Article 6 (1) f) of the GDPR. Processing of personal data by the company is necessary for purposes of the legitimate interests of the company. In this case, the legitimate interest of the company is protection of property and protection against unfounded claims against the company. Should we exercise legal claims against you or bring legal or administrative action against you, or should you exercise legal claims against us or bring legal or administrative action against us, the personal data will be processed for the establishment, exercise or defence of legal claims until such action has been lawfully completed. If you failed to meet an obligation against our company through your own fault, due to which we have suffered a damage, or if you make claims against our company using certain legal procedures, or if there’s an imminent threat that this could be the case in the future, we can process your personal data within the scope specified above on the basis of the legitimate interest of our company in recovering our receivables and/or protecting our rights and legally protected interest of our company (e.g. establishment, defence or exercise of legal claims before a court or another body of alternative resolution of consumer disputes). For this purpose, we retain your personal data until the end of the statutory limitation period. Protection of property and increase of security in our facilities using a camera system In some of its facilities the company uses CCTV based video monitoring and recording in order to increase the security and protect the property, to prevent crime and other types of antisocial behaviour, in particular burglary, theft and vandalism, as well as to protect the people in the controller’s facilities, their property and health. The legal basis is the controller’s legitimate interest (Art. 6 (1) f) of the GDPR). The camera system video footage is retained for 14 days from the date of recording. Compliance with the company’s legal obligations The company is processing personal data specified in paragraphs a) through m) for purposes of compliance with the company’s legal obligations. The legal basis of processing is Article 6 (1) c) of the GDPR (e.g. the Act on Accounting, the Act on Value Added Tax, the Act on Income Tax, the Act on Consumer Protection, and the Act on Archives and Registries). Processing of personal data by the company is necessary for purposes of compliance with legal obligations of the company. The video footage recorded in real time and the footage stored on our local server can only be accessed by authorized personnel of the company with remote electronic access and only within the scope required to fulfil their duties. In case of suspected offences and crimes and in case of criminal proceedings the camera system footage is provided to the police or to the law enforcement authorities, as part of administrative or offence proceeding and in legal matters for purposes of solving, investigation, verification or police investigation of the matters to which such footage pertains. The data can also be temporarily accessed by our contractual partner responsible for servicing and maintenance of the camera system when necessary. For this purpose, we retain your personal data for the periods of time stipulated by the law and pertaining to the company, in particular in accordance with the Act on Accounting and the Act on Archives and Registries. Transfer of personal data to third countries or international organisations Some of the technical solutions we use to assess the performance of our websites, analyse behaviour of the website visitors and ensure that the website only shows advertisements that are relevant to you, are provided by companies headquartered outside the European Union. Therefore, when processing certain data, in particular data obtained using cookies, such data may be transferred to servers of such service providers located outside the EU as described on our website https://www.dedoles.sk/subory-cookies. Withdrawal of consent If we process your personal data based on your consent, you have the right to withdraw your consent to the processing of personal data at any time. The withdrawal of the consent shall not affect the lawfulness of personal data processing based on consent prior to its withdrawal. The granted consent can be withdrawn in the same way in which it was granted. Tracking, custom design, personalized Dedoles e-shop account support We use tracking technologies (so-called tracking technologies) to ensure that the design and ongoing optimization of our website is tailored to your needs. We also use tracking technologies to statistically record the use of our website and to evaluate it in order to optimize our offer for you. Statistical technologies that collect information anonymously help us understand which pages are attractive to you and which products you are most interested in, so that we can show you relevant content on our website and continuously optimize our offer. If you have registered for a Dedoles e-shop account, we use the information we collect about you to further customize and personalize your Dedoles e-shop account and to provide you with commercial information that may be of interest to you. We only use these technologies if you give us your consent. You can set up cookies and other technologies in your browser for personalization and analysis purposes. Privacy on our websites Voluntarily provided data On our websites you can voluntarily provide certain data for specific purposes, e.g. the information you provide when requesting we get in touch with you. Such data may contain personal contact information, such as the name, company name, address, phone number, e-mail address, position or demographic information and any other information you provide. We use such gathered data to contact you. Because of this we can share the data with an external partner if this is necessary to answer your questions. Cookies, usage data and similar tools When you visit our websites, we collect certain information using automated means of processing, such as cookies, pixel tags, browser analysis tools, etc. For more information regarding the cookies, usage data and similar tools we use, please visit https://www.dedoles.sk/subory-cookies. Linked websites On our websites we can provide links to third party websites (hereinafter as “linked websites”). The linked websites do not necessarily need to be inspected or examined by us. Every linked website has its own Terms of Use and Privacy Policy. We are not responsible for the Terms of Use and Privacy Policies of any linked websites or any therein contained links, therefore we would like to ask the users to kindly read the Terms of Use and the Privacy Policies of such linked websites prior to using them. Our website uses, for example, buttons of the following social networks: Facebook, Instagram. The buttons show the logos of the individual social networks. The buttons, however, are not the standard plug-ins, i.e. plug-ins provided by the social networks, rather icon buttons with links. These buttons can only be activated by intentionally clicking them. Unless you click the buttons, no data will be transferred to the social networks. By clicking the buttons you activate them and create a connection and accept that data will be transferred to the social network servers. If you don’t want the social networks to receive any of your data, do not click the button. Children Our websites don’t focus on children and we don’t use them to knowingly collect personal data of children or offer products to children. If we learn that a child has provided personal data through one of our websites, we will delete such data from our systems. Your other personal data protection related rights In connection to processing your personal data you have the rights specified above and also the following rights: the right to access to personal data (Art. 15 of the Regulation); you have the right to obtain from us a confirmation, whether or not your personal data are being processed, and if so, obtain access to such information (their copies), as well as the right to additional information within the scope stipulated in Article 15 of the Regulation. In most cases, the copies of your personal data and the additional information will be provided to you in written form, unless you request that they be provided in a different form. If you requested such information using means of electronic communication, the data will be provided in electronic form, if technically possible. If your image was captured by the camera system, you also have the right to request a copy of your personal data from the footage. Based on your written request containing specification of the requested footage – date, time, and location – we can provide you with the footage in justified cases. If other persons are visible on the footage, it will be first modified, e.g. by blurring the faces. the right to the rectification of personal data (Art. 16 of the Regulation); we use reasonable efforts to ensure that the information about you is accurate, complete and up to date. This gives you the right to request that we immediately correct any incorrect personal data or amend any of your personal data if they are inaccurate, incomplete or outdated. Please, be aware that you are obliged to provide to us only complete and correct personal data and that you are responsible for the accuracy of the provided personal data. the right to the erasure of personal data (the right “to be forgotten”) (art. 17 of the Regulation), without an undue delay after exercising this right, for example, when your personal data are no longer necessary for the purpose for which they were collected or processed, if you withdrew your consent to process personal data based on which we process your personal data, and where there is no other legal ground for the processing (e.g a Contract (or other contracts), we have entered into with you), if you object to processing of personal data pursuant to Art. 21 (1) of the Regulation or if our processing of your personal data infringes the Regulation and the Act. This right, however, will need to be reviewed with regard to all relevant circumstances. For example, we may have certain legal and regulatory obligations, which means that we may not be able to comply with your request. the right to restriction of processing of personal data (Art. 18 of the Regulation), in cases stipulated by the law you have the right to request that we stop processing your personal data, e.g. if you contest the accuracy of the personal data we are processing about you, however, only for the period allowing us to verify the accuracy of your personal data, if you object to processing of data by means of automated decision-making or the processing of your personal data infringes the Regulation or the Act and you oppose the erasure of the personal data and request the restriction of their use instead, or you oppose the erasure of your personal data which we, as a supplier, no longer need and want to erase them, however, you need them, e.g. in an ongoing litigation. the right to the portability of personal data (Art. 20 of the Regulation), i.e. the right to obtain from us your personal data which you have previously provided to us, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller subject to fulfilment of legal conditions; the exercise of this right shall be without prejudice to your right to erasure of personal data by the supplier. The right to data portability, however, only pertains to personal data, which we have obtained on the basis of your consent or by virtue of a contract to which you are a party. the right to object to processing of personal data (Art. 21 of the Regulation), if the processing of your personal data is based on our legitimate interest or if we process your personal data for purposes of direct marketing of our services and products, including profiling, during such processing. Should you lodge an objection and we don’t have a convincing legitimate ground to process your personal data, or if you object to the processing of your personal data for purposes of direct marketing of our services and products, we will not continue to process your personal data for these purposes. the right not to be subject to a decision based solely on automated processing of personal data, including profiling, if such automated decision-making and profiling produces legal effects concerning you or similarly significantly affecting you (Art. 22 of the Regulation); the right to lodge a complaint with a supervisory authority (Art. 77 of the Regulation); if you consider that the processing of personal data relating to you infringes the Regulation or the Act, you can file a motion with the Office for Personal Data Protection of the Slovak Republic https://dataprotection.gov.sk, Hraničná 12, 820 07 Bratislava 27; phone number: +421 /2/ 3231 3214; E-mail: statny.dozor@pdp.gov.sk. (request to start proceeding with regard to personal data protection under Section 100 of the Act). You can also exercise your rights here. Final Provisions Should you have any questions concerning the processing of your personal data, you can directly contact our Data Protection Officer: gdpr@dedoles.sk, or you can write to or visit us at the address of our registered office. This information is up-to-date and valid from 3/2/2023. We reserve the right to change, amend and update this Privacy Policy at any time. Please check back to see whether you have read the most recent version of our Privacy Policy.