Privacy policy
STATEMENT ON PRINCIPLES OF PROCESSING AND PROTECTION OF PERSONAL DATA
1. BASIC PROVISIONS
1.1 The administrator of personal data according to Art. 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of
the Council on the protection of natural persons in the processing of personal data and on the free movement of such data
(hereinafter referred to as "GDPR") and § 5 letter o) Act no. 18/2018 Coll. on the protection of personal data and amendments to
certain laws, as amended, is ZLATO lux Košice s.r.o., with registered office at Obrody 23, 040 11 Košice (hereinafter referred to as
the "administrator").
1.2 Contact details of the administrator
Address: ZLATO lux Košice sro, Obrody 23, 040 11 Košice, Slovak Republic
E-mail: info@zlatolux.sk
Phone: +421 55 685 78 60
1.3 The Administrator has not appointed a responsible person for the protection of personal data. The
contact details of the responsible person are the details of the administrator of the online store located at
https://zlatolux.sk/.
2. DEFINITION OF TERMS
In this declaration on the protection of personal data, we use, among others, the following terms:
2.1 Personal data. Personal data is all information that refers to an identified or identifiable
natural person (hereinafter "data subject"). An identifiable natural person is considered to be a
natural person who can be directly or indirectly identified, in particular by reference to a certain
identifier, for example a name, identification number, location data, network identifier or to one
or more special features that are an expression of physical, physiological, genetic, psychological,
economic, cultural or social identity of this natural person.
2.2 Data subject.A data subject is any identified or identifiable natural person whose
personal data is processed by the person responsible for the processing.
2.3 Processing. Processing is any operation or set of operations relating to personal data
that is carried out with or without the aid of automated procedures, such as collection,
recording, organization, arrangement, storage, adaptation or alteration, retrieval,
inspection, use, disclosure by transmission, dissemination or any other disclosure,
sequencing or combination, restriction, erasure or destruction.
2.4 Limitation of processing. Limitation of processing is the designation of stored personal data with the
aim of limiting their future processing.
2.5 Profiling. Profiling is any form of automated processing of personal data consisting of
their use for the evaluation of some personal aspects related to a natural person, in
particular for the analysis or estimation of aspects related to his work performance,
economic situation, state of health, personal preferences, interests, reliability, behavior,
residence or change of residence.
2.6 Pseudonymization. Pseudonymization is the processing of personal data in such a way that the personal
data can no longer be assigned to a specific person without the use of additional information, as long as
this additional information is kept separately and subject to technical and organizational measures that
ensure that the personal data are not assigned to an identified or identifiable physical person.
2.7 Responsible person or person responsible for processing. The responsible person or the person responsible
for the processing is a natural or legal person, public authority, facility or other entity that alone or together with
others determines the purposes and means of personal data processing. If the purposes and means of this
processing are determined by the law of the Union or the law of the Member States, the responsible person or
special criteria for its determination may be determined by the law of the Union or the law of the Member States.
2.8 Processor. The processor is a natural or legal person, public authority, facility or other entity
that processes personal data on behalf of the responsible person.
2.9 Recipient. The recipient is a natural or legal person, public authority, facility or other entity to
which personal data is provided, regardless of whether it is a third party or not. However, public
authorities that may obtain personal data as part of a special investigative mandate under Union
law or under Member State law are not considered to be recipients.
2.10 Third Party. A third party is a natural or legal person, public authority, facility or other entity, except for
the person concerned, the responsible person, the processor and persons who are directly subordinate to
the responsible person or the processor, who is authorized to process personal data.
2.11 Consent. Consent is any free, informed and unequivocal expression of will by which the person
concerned gives his consent to the processing of his personal data by declaration or other unequivocal
confirmation.
3. SOURCES AND CATEGORIES OF PROCESSED PERSONAL DATA
3.1 The administrator processes personal data that you have provided to him/her or personal data that the administrator has
obtained based on the fulfillment of your order.
3.2 The administrator processes your identification and contact data and data necessary for the performance of the contract.
3.3 As part of joint marketing campaigns, we can also process your personal data for the purposes of
marketing campaigns, or for the purposes of proper fulfillment of the contract, and we can combine
them.
3.4 In the event that your personal data is sold to another entity, we will inform you about this in
advance, including indicating to whom we are selling the personal data. Also, if someone sells your
personal data to us, they must also inform you in advance.
3.5 If you provide us with personal data of third parties, it is your duty to inform the person concerned about this
and ensure their agreement with these terms of personal data protection.
3.6 When you visit our website, we may automatically collect certain information about you,
such as IP address, date and time of access to our website, information about your internet
browser, operating system or language settings. We can also process information about
your behavior on our website, i.e. e.g. which links on our website you visit and which goods
are shown to you. However, information about your behavior on the web is from
for the sake of your maximum privacy, anonymized, and therefore even we cannot assign them
to a specific user, i.e. a specific person.
3.7 If you access our website from a mobile phone or similar device, we can also process
information about your mobile device (e.g. data about your mobile phone, etc.).
3.8 We automatically process so-called cookies. They are small text files that are exchanged
between the online store server and the visitor's browser. When visiting websites, these files are
stored by the respective devices used (PC, laptop, tablet, smartphone, etc.) and do not cause
damage to the devices used. In particular, they do not contain any viruses or other malicious
software. Cookies store information that always results in connection with the specifically used
end device.
4. LEGAL REASON AND PURPOSE OF PERSONAL DATA PROCESSING
4.1 The legal reason for processing personal data is:
- performance of the contract between you and the administrator according to Art. 6 par. 1 letter b) GDPR,
- the administrator's legitimate interest in providing direct marketing (for sending business
announcements and newsletters) according to Art. 6 par. 1 letter f) GDPR,
- Your consent to processing for the purposes of providing direct marketing (for sending business
announcements and newsletters) according to Art. 6 par. 1 letter a) GDPR in connection with § 7
par. 2 of Act no. 480/2004 Coll., on some information society services in the event that there was no
order for goods or services.
4.2 The purpose of personal data processing is:
- fulfillment of your order and performance of rights and obligations arising from the contractual relationship between
you and the administrator; when placing an order, personal data are required, which are necessary for the successful
processing of the order (name and address, contact). The provision of personal data is a necessary requirement for the
conclusion and fulfillment of the contract, without the provision of personal data, the contract cannot be concluded or
fulfilled by the administrator.
4.3 The administrator does not/does not make automatic individual decisions in accordance with Art. 22
GDPR. You have given your express consent to such processing.
5. PERSONAL DATA STORAGE PERIOD
5.1 The administrator stores personal data:
- for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the
administrator and to exercise claims from these contractual relationships (for a period of 15 years from the termination of the
contractual relationship),
- for as long as consent to the processing of personal data for marketing purposes is revoked, if
personal data is processed on the basis of consent.
5.2 After the personal data storage period has expired, the administrator will delete the personal data.
6. PERSONAL DATA RECIPIENTS (ADMINISTRATOR'S SUBCONTRACTORS)
6.1 Recipients of personal data are persons:
- participating in the delivery of goods/services/realization of payments based on the contract,
- providing the services of an online store administrator and other services in connection with the
operation of the online store,
- ensuring marketing services.
6.2 The administrator does not intend to provide personal data to a third country (outside the EU) or an
international organization. Recipients of personal data in third countries are cloud service providers.
7. YOUR RIGHTS AS A DATA DATA PERSON
7.1 Under the conditions set out in the GDPR, you have:
- the right to access your personal data according to Art. 15 GDPR,
- the right to correct personal data according to Art. 16 GDPR, or restriction of processing according
to Art. 18 GDPR,
- the right to erasure of personal data according to Art. 17 GDPR,
- the right to file an objection against processing according to Art. 21 GDPR,
- the right to data portability according to Art. 20 GDPR,
- the right to withdraw consent to processing in writing or electronically to the administrator's address or
email specified in art. III of these conditions.
7.2 You also have the right to file a complaint with the Office for Personal Data Protection if you
believe that your right to personal data protection has been violated.
8. PERSONAL DATA SECURITY CONDITIONS
8.1 The administrator declares that he has taken all technical and organizational measures to secure personal
data.
8.2 The administrator has adopted technical measures to secure data storage and personal data storage in
written form.
8.3 The administrator declares that only authorized persons have access to personal data.
9. FINAL PROVISIONS
9.1 By submitting an order from the online order form, you confirm that you are familiar with the terms of
personal data protection and that you accept them in their entirety.
9.2 You agree to these terms and conditions by ticking the agreement via the internet form. By checking
consent, you confirm that you are familiar with the terms of personal data protection and that you accept
them in their entirety.
9.3 The administrator is authorized to change these conditions. It will publish the new version of the personal data
protection conditions on its website and at the same time send you the new version of these conditions to your e-mail
address that you provided to the administrator.
10. STATUS AND UPDATE OF THIS STATEMENT ON THE PRINCIPLES OF PROCESSING AND PROTECTION OF
PERSONAL DATA
10.1 This statement on the principles of processing and protection of personal data enters into force and
becomes effective on July 1, 2022. We reserve the right to update the statement on the principles of
processing and protection of personal data in order to improve data protection and/or adapt it to changed
official practice or jurisprudence.