Privacy policy

PRINCIPLES AND RULES OF PROTECTION OF PERSONAL DATA

(prepared in accordance with the Act of the NR SR No. 18/2018 Coll. on the protection of personal data and on the amendment and supplementation of certain laws)

Preamble

Ecommerce Service Company s.r.o., with registered office at Benadova 19, 040 22 Košice, registered in the commercial register of the District Court of Košice I., department: Sro, insert no. 48783/V, IČO: 53 045 416, VAT number: 2121 236 810, acting through: Michal Diňa, the company manager (contact person) is a company established under the laws of the Slovak Republic.

Ecommerce Service Company s.r.o. through a third party operates an ecommerce service (SaaS) on the krol.shop website (also referred to as the "ecommerce portal" below). Through this portal, a third unspecified natural or legal person (hereinafter referred to as the "Buyer") has the opportunity to view and select a service on the e-commerce portal page, and at the same time, under the conditions determined by the published Business Terms and Conditions (hereinafter referred to as OP), this person has the legal status the buyer the possibility to buy the goods selected by her and to pay the agreed purchase price for them.

The business conditions are drawn up in accordance with the relevant provisions of Act No. 102/2014 Coll. on consumer protection when selling goods or providing services on the basis of a contract concluded at a distance or a contract concluded outside the seller's premises and on the amendment of certain laws, while their goal is mainly to provide the consumer (buyer) with all information related to the purchase of services through the e-commerce portal krol .shop. OPs are published on the website krol.shop.

Ecommerce Service Company s.r.o., with registered office at Benadova 19, 040 22 Košice, registered in the commercial register of the District Court of Košice I., department: Sro, insert no. 48783/V, ID number: 53 045 416, VAT number: 2121 236 810, acting through: Michal Diňa, company manager (hereinafter also referred to as the "Seller") is, in accordance with the provisions of § 5 letter o) Act of the NR SR no. 18/2018 Coll. on the protection of personal data and on the amendment and supplementation of certain laws (hereinafter referred to as the "Act" or "Act on the Protection of Personal Data") by the controller of personal data entered or provided by the Buyer on the krol.shop portal during mutual communication in accordance with the Seller's requirements and generally binding legal regulations.

If the term "Concerned person" is used in these principles, it is a definition of a person to whom the principles of personal data protection apply according to generally binding legal regulations, while this person does not have to be only the Buyer, it can also be a visitor to the krol.shop website, as also a person who is voluntarily registered on the krol.shop website.

For the purposes of these principles, the Seller is an Operator within the meaning of § 5 letter l) of Act NR SR no. 18/2018 Coll. on the protection of personal data.

Article 1.

PRINCIPLES OF PERSONAL DATA PROCESSING

1. The Operator processes personal data based on the following principles:

  • Principle of Lawfulness and Minimization:
    • Personal data is collected and processed in a lawful and transparent manner that guarantees the protection of the individual rights of the data subjects, while respecting the principles of adequacy and necessary scope of processing.

  • Principle of Limitation to Specific Purposes:
    • Personal data is collected only for specified, explicit, and legitimate purposes, and cannot be further processed in a manner that is incompatible with these purposes.

  • Principle of Accuracy and Updates:
    • Personal data must be accurate and, if necessary, kept up to date. The controller shall take all reasonable measures to promptly correct or erase inaccuracies or errors.

  • Principle of Data Retention Minimization:
    • The controller processes and retains personal data only for the period necessary to fulfill the purpose of processing. The controller shall immediately erase personal data that are no longer necessary in relation to the purposes for which they were collected, or in the event of withdrawal of consent and the absence of any other legitimate grounds for data processing.

  • Principle of Data Security:
    • Personal data is processed in a secure manner. Appropriate technical and organizational measures are implemented based on the risk involved to prevent unauthorized processing, alteration, loss, or destruction, as well as unauthorized disclosure or access to personal data during transmission, storage, or other processing. The controller ensures the continuous integrity, availability, confidentiality, and authenticity of personal data.

  • Principle of Accountability:
    • For all personal data processing activities, responsibility for compliance with the basic principles of personal data processing is defined. The controller can demonstrate compliance with the principles of personal data processing upon request.

    Article 2.

    IDENTIFICATION OF THE CONTROLLER ACCORDING TO THE PERSONAL DATA PROTECTION ACT

    1. The Seller is the operator of the personal data information system according to Section 5, Letter l) of Act No. 18/2018 Coll. on the Protection of Personal Data and on the Amendment and Supplement to Certain Acts.

    2. The identification data and contact details of the Operator are as follows:

    Business name: Ecommerce Service Company s s.r.o.

    Headquarters: Benadova 19, 040 22 Kosice

    Registration: entered in the Commercial Register of the District Court of Košice I., Department: Sro, Insert number: 48783/V

    ID: 53 045 416

    TIN: 2121 236 810

    acting through: Michal Diňa, company manager

    e-mail address of the operator's contact person: michal.dina@krol.shop

    telephone contact for the operator: 00421 944 172 337

    Article 3.

    SCOPE OF PERSONAL DATA PROCESSING

    1. The Buyer provides the Seller with personal data, and the Seller, as the operator, processes personal data to the following extent:

  • Name and Surname, for the purpose of identifying the buyer for contractual purposes

  • Buyer's Address, which serves for the purpose of delivering the order and invoicing (delivery address)

  • Email Address, which is used to confirm the order and for further communication with the buyer regarding the contract conclusion and conditions of delivery of goods

  • Buyer's Phone Number, which serves as an alternative means to confirm the order and for further communication with the buyer, such as handling complaints

    • Article 4.

    PURPOSE OF PERSONAL DATA PROCESSING

    1. The purpose of processing personal data is:

  • Purchase of goods through the eshop krol.shop, where the purpose is to identify the buyer as a contractual partner for the fulfillment of the contract executed through the shopping portal, proper delivery of documents and goods, implementation and establishment of pre-contractual relationships, and legal relationships arising in connection with the implementation of the business case (e.g., complaint proceedings, asserting claims from the purchase contract, asserting claims for product returns, etc.) and fulfilling obligations stipulated by law and generally binding legal regulations of the Slovak Republic, especially the Value Added Tax Act and the Income Tax Act

  • Registration of the Buyer on a voluntary basis

  • Registration of the Buyer for a competition

  • Registration of a business partner into the commission system on a voluntary basis

    • Article 5.

    LEGAL BASIS FOR PERSONAL DATA PROCESSING

    1. 1. The legal basis for the processing of Buyers' personal data for the purpose of concluding the aforementioned purchase contract is the provision of § 13.ods. 1 letter b) Act no. 18/20018 on the protection of personal data, while the contract is, in the sense of the cited provision, a contract for the purchase of goods (purchase contract), while for the purpose of processing the order, the indicated data are necessary for the conclusion of the contract and the realization of the business case. The mentioned personal data are processed without the consent of the person concerned. Without providing this data, it is not possible to make a purchase, to deliver the goods, and it is not possible to issue or deliver a purchase receipt. The Buyer gives consent and the Seller informs the Buyer that the provided personal data may be:

  • provided to third parties to the necessary extent for the purpose of preparation, fulfillment, and control of the contract, fulfillment of rights and obligations, and service delivery

  • made accessible to recipients involved in the preparation and execution of the purchase order, and in the preparation and execution of informational messages based on the consent provided by the Buyer

    • 2. Personal data is processed during the period of performance of the contract for the purchase of goods and during the warranty period for the delivered goods.

    3. The legal basis for the processing of Buyers' personal data for the purpose of registering the Buyer on a voluntary basis is his consent in accordance with the provisions of § 13 paragraph 1 letter a) of Act no. 18/20018 Coll. on the protection of personal data, while customer registration automatically simplifies and speeds up the process of implementing a business case in the case of a purchase of services, as the registered customer does not have to fill in the data necessary to conclude a contract. Customer registration:

  • is not a condition for purchasing services from the e-commerce portal krol.shop

  • the registration itself does not obligate the buyer to make a purchase of services

  • registration is not possible without the processing of personal data
    • and for the stated reason, the buyer gives consent to the processing of personal data in the following wording before registration: As a visitor to this site, I confirm that I have reached the age of 18 and: I expressly agree to the operator of the krol.shop website processing my personal data to the extent stated in the registration form for the purpose stated and specified in these Terms of Personal Data Protection.

    4. The legal basis for the processing of Buyers' personal data for the purpose of customer registration in the commission system is the provision of § 13.ods. 1 letter b) Act no. 18/20018 on the protection of personal data, since the commission system represents a contract on mediation of sales, while for the purpose of providing commissions, the given data are necessary for concluding a contract and implementing a business case for the purpose of obtaining a commission. The mentioned personal data are processed without the consent of the person concerned. Without providing this data, it is not possible to:

    5. Personal data is processed during the period of registration in the commission system.

    6. The legal basis for the processing of Buyers' personal data for the purpose of entering into a purchase contract is the provision of § 13.ods. 1 letter b) Act no. 18/20018 on the protection of personal data, while the contract is, in the sense of the cited provision, a contract for the purchase of goods (purchase contract), while for the purpose of processing the order, the indicated data are necessary for the conclusion of the contract and the realization of the business case. The mentioned personal data are processed without the consent of the person concerned. Without providing this data, it is not possible to make a purchase, to deliver the goods, and it is not possible to issue or deliver a purchase receipt. The Buyer gives consent and the Seller informs the Buyer that the provided personal data may be:

  • provided to third parties to the necessary extent for the purpose of preparation, fulfillment, and control of the contract, fulfillment of rights and obligations, and service delivery

  • made accessible to recipients involved in the preparation and execution of the purchase order, and in the preparation and execution of informational messages based on the consent provided by the Buyer.

    • 7. Personal data is processed during the period of performance of the contract for the purchase of services and during the warranty period for the delivered goods.

    8. The legal basis for the processing of Buyers' personal data for the purpose of the participation of the affected person in the competition published and organized by the Seller via the krol.shop website or social networks, such as Facebook, is the provision of § 13.ods. 1 letter b) Act no. 18/20018 on the protection of personal data, while the win in the competition represents a legally enforceable contractual obligation of the Seller, and without the provision of personal data, it will not be possible to hand over and deliver any winnings to the participant of the competition, and it will not be possible to ensure the rights of the winners in connection with the exercise of their consumer rights. The mentioned personal data are processed without the consent of the person concerned. Without providing this data, it is not possible to deliver the goods as a prize in the competition and it is not possible to issue or deliver a document about the goods for the purpose of, for example, claim rights.

    Article 6.

    PROCESSING OF PERSONAL DATA THROUGH COOKIES

    1. The seller uses the terms cookies and cookie on the krol.shop website, which represent cookies and other similar technologies that are covered by the EU Directive on the protection of privacy in electronic communications.

    2. The term Cookies refers to small text files that are created by the visited website and their basic purpose is to improve and facilitate the use of krol.shop pages.

    3. The legal basis for the processing of personal data through cookies is the provision of § 13.ods. 1 letter f) Act no. 18/20018 on the protection of personal data.

    4. The seller uses temporary and permanent cookies on the krol.shop website, which are temporarily stored in the computer's memory while the visitor browses the company's website.

    5. Cookies are deleted when the user closes the web browser or after a certain period of time. Persistent cookies remain on the visitor's computer (hereinafter referred to as the data subject) until they are deleted.

    6. The seller uses cookies exclusively for internal needs, primarily for the purpose of creating traffic statistics and how the krol.shop website is used, and they serve to improve the use of the company's website.

    7. Cookies can store information about how site visitors use the sharing function.

    8. The krol.shop website uses Google Analytics, Google Tag Manager, Google Retargeting, Google Search Console and Facebook Pixel, which uses cookies.

    9. Cookies store information mainly about:

  • Methods of website usage

  • Number of visits to the website

    • 10. The types of cookies used are as follows:

  • Temporary cookie files - temporarily stored on the computer or device during the session and are deleted after its completion

  • Permanent cookie files that are stored on the computer for a longer period. These permanent cookie files can be deleted by the user.

    • 11. The menu of the majority of Internet browsers includes options for configuring settings, i.e. the browser usually includes options such as allow cookies, view cookies, disable all or selected cookies, etc.

    12. When you visit our website, we also automatically collect technical and statistical data about the use of the krol.shop online store by setting cookies. This is the following data:

  • IP address

  • Browser type and version

  • Website from which you visited us

  • Operating system used

  • Date and time of your visits to individual web pages

  • Information regarding the connection of your visit with your identification through any of the marketing communication channels
    • This data is used to improve the functionality of the krol.shop online store and the quality of services and is evaluated exclusively anonymously and used only as statistical data.

    13. The seller does not use cookies to collect identifiable information about visitors to the krol.shop site.

    14. Cookies set by the Seller or websites of third parties can be rejected and blocked by changing the browser settings via the links below:

  • Chrome https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=sk https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=sk

  • Firefox https://support.mozilla.org/sk/kb/odstranenie-cookies

  • Internet Explorer https://support.microsoft.com/cs-cz/search?query=inernet%20explorer%20cookies

  • Safari https://support.apple.com/kb/ph21411?locale=sk_SK

  • Opera http://help.opera.com/Windows/9.64/cs/cookies.html

  • Android https://support.google.com/chrome/answer/2392709?hl=sk&co=GENIE.Platform=Android

  • Microsoft Edge https://support.microsoft.com/en-us/help/4027947/windows-delete-cookies https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy

    • 15. The seller, in the position of the operator, informs the buyer as well as the visitor of the krol.shop website about their use before starting the processing of personal data.

    Article 7.

    INFORMATION SYSTEMS OF THE CONTROLLER

    1. The operator operates information systems in which it processes the personal data of the persons concerned, as follows:

  • Information system ESHOP, within which individual business cases are conducted at the level of the legal relationship between the seller and the buyer.

  • Information system Commission, through which the Operator processes personal data of individuals who are included in the commission program based on explicit consent.

  • Information system Competition, through which the Operator processes personal data of individuals who participate in a consumer competition based on explicit consent.

    • Article 8.

    METHOD OF PERSONAL DATA PROCESSING AND THEIR SECURITY

    1. Personal data is processed by the operator in the information system, which is protected by passwords and access codes in order to protect it from misuse by unauthorized persons.

    2. The display units of the information system are placed in such a way that the displayed data cannot be misused by eavesdropping.

    3. Data carriers are protected by encryption, while access to information systems is subject to authorized identification and authorization of authorized persons.

    4. The operator creates secure backups with the selected periodicity.

    5. The operator's information systems are protected by detecting the presence of malicious code in incoming e-mail and other files received from a publicly accessible computer network or from data carriers.

    6. In addition to the measures mentioned above, the operator ensures the security of personal data by specifying and instructing in writing the persons who are authorized to work with the information systems.

    Article 9.

    RIGHTS OF THE BUYER REGARDING DATA PROTECTION

    1. The person concerned has the right to access personal data in the form of obtaining confirmation as to whether his personal data relating to him are processed in the operator's information system.

    2. The affected person has the right to obtain information about:

  • Purposes of personal data processing

  • Categories of personal data processing

  • Identification of the recipient or category of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations, if possible.

  • Retention period of personal data; if not possible, information about the criteria used to determine this period.

    • 3. The person concerned has the right to:

  • Request from the controller for the correction, erasure, or restriction of processing of personal data concerning the data subject, or the right to object to the processing of personal data.

  • Submit a proposal to initiate proceedings for the protection of personal data.

  • Request information about the source of personal data if the personal data were not obtained from the data subject.

  • Obtain information about the existence of automated individual decision-making, including profiling, and in these cases, provide the data subject with information about the procedure used, as well as the significance and anticipated consequences of such processing of personal data for the data subject.

    • 4. The data subject has the right to be informed of adequate safeguards regarding the transfer if personal data is transferred to a third country or international organization.

    5. The operator is obliged to provide the person concerned with his/her personal data, which he processes. For the repeated provision of personal data requested by the data subject, the operator may charge a reasonable fee corresponding to the administrative costs. The operator is obliged to provide personal data to the person concerned in a manner according to his request.

    6. The person concerned exercises his rights through the contact person and contact e-mail of the operator, which is listed in Article 2 of these policies.

    7. The person concerned has the right to have the operator correct incorrect personal data concerning him without undue delay. Taking into account the purpose of personal data processing, the data subject has the right to supplement incomplete personal data.

    8. The person concerned has the right to have the operator delete personal data concerning him without undue delay.

    9. The operator is obliged to delete personal data without undue delay if the person concerned has exercised the right to deletion according to paragraph 8, if:

  • Personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

  • The data subject withdraws consent under Section 13 § a) or Section 16 § a), on the basis of which the processing of personal data is carried out, and there is no other legal basis for the processing of personal data.

  • The data subject objects to the processing of personal data under Section 27 § and there are no overriding legitimate grounds for the processing of personal data, or the data subject objects to the processing of personal data under Section 27§.

  • Personal data are processed unlawfully.

  • The reason for erasure is the fulfillment of an obligation under this Act, a special regulation, or an international agreement to which the Slovak Republic is bound.

  • Personal data were obtained in connection with the offer of information society services under Section 15§.

    • 10. If the operator has published personal data and is obliged to delete them according to paragraph 1, he is also obliged to take appropriate security measures, including technical measures, taking into account the available technology and the costs of their implementation, for the purpose of informing other operators who process the personal data of the person concerned about his request. that these operators delete links to her personal data and their copies or write-offs.

    11. The affected person is entitled to exercise his right to correct or delete personal data by sending a request in the form of an e-mail to the operator's contact person, which is listed in Article 2 of these policies. After processing the request, the operator will confirm to the affected person without undue delay the method of dealing with the request of the affected person.

    12. The person concerned has the right to have the operator limit the processing of personal data if

  • The data subject disputes the accuracy of personal data, for a period enabling the controller to verify the accuracy of the personal data.

  • The processing of personal data is unlawful, and the data subject objects to the erasure of personal data and requests the restriction of their use instead.

  • The controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the establishment, exercise, or defense of legal claims.

  • The data subject objects to the processing of personal data under Section 27§ until it is verified whether the legitimate reasons on the part of the controller override the data subject's legitimate reasons.

    • 13. If the processing of personal data has been limited according to paragraph 12, in addition to storage, the operator may process personal data only with the consent of the person concerned or for the purpose of asserting a legal claim, for the protection of persons or for reasons of public interest.

    14. The operator is obliged to inform the affected person whose processing of personal data will be restricted according to paragraph 12 before the restriction of personal data processing is cancelled.

    Article 10.

    FINAL PROVISIONS

    1. Personal data is processed by the operator in the information system, which is protected by passwords and access codes in order to protect it from misuse by unauthorized persons.

    2. The display units of the information system are placed in such a way that the displayed data cannot be misused by eavesdropping.

    3. Data carriers are protected by encryption, while access to information systems is subject to authorized identification and authorization of authorized persons.

    4. The operator creates secure backups with the selected periodicity.

    5. The operator's information systems are protected by detecting the presence of malicious code in incoming e-mail and other files received from a publicly accessible computer network or from data carriers.

    6. In addition to the measures mentioned above, the operator ensures the security of personal data by specifying and instructing in writing the persons who are authorized to work with the information systems.