Privacy Policy
In accordance with the new legislation on the protection of personal data (GDPR), we have developed a new policy for the processing of personal data of the Company, which we present to you in this document in detail.
They are currently secured in accordance with the new requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and Act No. 18/2018 Coll. on the protection of personal data.
- We only approach the processing of your personal data in a lawful manner, professionally, sensitively and fairly
- your personal data is stored in a secure information system
- all persons who come into contact with your personal data on the part of the controller are duly instructed on the lawful treatment of your personal data and are bound by confidentiality
- we obtain (request) from you only the data necessary for the successful processing of your order
- you can ask us at any time to delete the history of our email communications, by email, in writing or in person
1. WEBSITE OPERATOR
Operator – Business name: Istia s.r.o.
Street and number: Address: Gorkého 3
Postal code and city: 811 01 Bratislava
ID NO: 51019051
VAT NUMBER: SK2120574346
Tel. contact: +421 902 768 452
E-mail: info@koloristika.eu
Supervisory authorities:
SOI Inspectorate for the Bratislava Region, Bajkalská 21/A, P. O. BOX No. 5, 820 07 Bratislava e-mail: ba@soi.sk, tel. no. 02/58 27 21 72, 02/58 27 21 04, fax no. 02/58 27 21 70
the controller obtains personal data via the website coloristika.eu
2. PURPOSE OF PROCESSING PERSONAL DATA
- the purpose of processing personal data is pre-contractual relations
- the purpose of the processing of personal data is the performance of a contract
- the purpose of processing personal data is to identify customers
- the purpose of the processing of personal data is to check the data filled in the order
- the purpose of processing personal data is to confirm interest in the goods by telephone or e-mail
- the purpose of processing personal data is for the marketing and promotional interests of the controller
- the purpose of processing personal data is to collect customer data and visitor behaviour for the purpose of profiling the website visitor
- the purpose of the processing of personal data is to monitor the consumer behaviour of customers
3. LIST OF PERSONAL DATA PROCESSED
- the controller processes your contact data for the purposes of pre-contractual relations, data for delivery
- contact data are first name, last name, telephone number (for the purpose of communication with the customer), e-mail address (for the purpose of communication with the customer)
- delivery data are the recipient’s first and last name, title, delivery address, telephone number,
- the data for sending newsletters is the e-mail address
- data processed for the purpose of profiling of the data subject are name, surname, e-mail, purchasing behaviour, address (city)
4. VOLUNTARY PROVISION OF PERSONAL DATA
- The controller only collects the personal data of customers that are necessary for the fulfilment of the obligations that the customer expects from the controller through the interest in the service or goods.
- The controller collects personal data from customers to the extent necessary to fulfil the obligations arising from the contract concluded between the controller and the customer.
- The controller collects personal data from customers for the purpose of contacting them again, for possible marketing and promotional activities.
- The provision of personal data by the data subject is a requirement of the seller, which is necessary for the conclusion of the contract. The data subject is not obliged to provide the Seller with the requested personal data, however, the consequence of not providing such personal data is that no contract will be concluded between the Seller and the Buyer.
5. PROCESSING OF PERSONAL DATA
The Seller does not disclose, make available or provide the personal data of the Buyers to any other entities, except for the organizations with which it ensures the performance of the contract.The database of the Buyers’ personal data is protected against damage, destruction, loss and misuse.
By submitting an order, or at the moment of registration of the buyer in the e-shop, the seller processes the personal data provided by the buyer in accordance with the Personal Data Protection Act. The information provided through the order or registration form is used for the purpose of providing the performance under the purchase contract. For the purpose of proper and timely delivery of the performance under the contract, the Seller cooperates with the transport company as the recipient of the personal data obtained by the Seller from the Buyer.
Such recipient of personal data is the company
Istia s.r.o., Gorkého 3, 811 01 Bratislava, ID No.: 51019051, VAT ID No.: SK2120574346, Tel. contact: +421 902 768 452, E-mail: info@koloristika.eu, company registered in the Commercial Register of the District Court Bratislava I, Section: Sro, Insert No. 121698/B
The Seller cooperates with its sales representatives, who are also recipients of personal data of the buyers. The sales representatives perform for the Seller the activity of selling the Seller’s products and services according to a special contract. At the request of a registered Buyer, the Seller shall delete the Buyer’s personal data from the database of registered users.
The personal data provided by the Buyer is collected, processed and stored for the purpose of fulfilling the business relationship between the Seller and the Buyer, which is an expression of the free will of both parties. The Operator does not disclose, transfer or otherwise provide personal data about the buyers to third parties. The personal data provided by the Buyer is processed by the Seller for the purposes of:
- registration of the Buyer’s orders,
- concluded purchase contracts,
- issuing invoices and other tax documents,
- marketing activities of the Seller (sending commercial notifications about promotions, news, discounts by e-mail), if the Buyer has given his/her specific consent,
- applying discounts to buyers,
- transporting the ordered goods to the Buyer to the designated place of delivery,
- the settlement of any complaints by the Buyer.
6. PROCESSING CONDITIONS
The controller shall take appropriate technical, organisational and personnel measures corresponding to the manner in which the personal data are processed, taking into account in particular the technical means to be used, the confidentiality and importance of the personal data processed, as well as the extent of the possible risks which are likely to undermine the security or functionality of its information systems.
The controller undertakes to treat and handle the personal data of the data subject in accordance with the applicable Slovak and EU legislation.
By sending an order or registering in the following scope: name, surname, home address, e-mail address, telephone number and date of birth, the Buyer declares that his/her PII is accurate and true and gives his/her consent within the meaning of the PII Act to the collection, storage and processing of personal data by the Provider and their use for registration and billing purposes and other actions related to the ordered product or service, including later communication with the user (complaint, withdrawal from the contract, etc.). The buyer is fully liable for damages caused by the incorrectness or outdatedness of the personal data provided. the buyer provides the seller with this consent for a period of 10 years, from the date of registration or completion of the order. the buyer has the right to revoke this consent at any time.
The Buyer agrees that the Controller as a provider of personal data is entitled to provide personal data to cooperating third parties – intermediaries (in particular, sales representatives carrying out the activity of selling products and services on the basis of a sales representation agreement), insofar as it is necessary to provide the products ordered by the Buyer from the Seller. Consent is granted until the time of the mandatory registration of the Buyer’s accounting data.
7. INFORMATION ON THE RIGHTS OF THE DATA SUBJECT
When processing personal data, the Seller uses/does not use automated individual decision-making, including profiling pursuant to Section 28(2) of the OPLA. The Seller processes the personal data of the Buyers for the period necessary to fulfil the purpose of the contract. After the contract has been fulfilled, the Seller no longer processes the Buyers’ personal data for the purpose of fulfilling the contract, but further stores them for the purpose of invoicing payments, recording and collecting and assigning claims for the service provided, for the purpose of handling the Buyer’s submissions, for exercising rights or for fulfilling other obligations imposed by generally binding legal regulations, for a maximum period of 10 years within the meaning of a special regulation (Act on Accounting).If the Buyer does not have the capacity to perform legal acts to the full extent, his rights may be exercised by his legal representative. If the purchaser is not alive, his rights which he had under the OOA Act may be exercised by a close person.
The buyer as a data subject has the right to request from the seller as a controller access to personal data relating to the buyer (§ 21 of the Personal Data Protection Act), the right to rectification of personal data (§ 22 of the Personal Data Protection Act), the right to erasure of personal data (§ 23 of the Personal Data Protection Act), the right to restriction of the processing of personal data (§ 24 of the Personal Data Protection Act), the right to portability of personal data (§ 26 of the Personal Data Protection Act), as well as the right to object to the processing of the personal data obtained (§ 27 of the Personal Data Protection Act).
The purchaser as the data subject may exercise all rights under the provisions of § 19 to § 28 of the Data Protection Act directly with the seller as the controller in writing. If the Buyer suspects that his personal data are being processed unlawfully, he has the right to object to the processing of his personal data pursuant to § 99 et seq. ZOOÚ has the right to file a petition for initiation of proceedings for the protection of personal data with the Office for Personal Data Protection of the Slovak Republic, with its registered office at Hraničná 12, 820 07 Bratislava 27.
In addition to the processing of personal data of buyers for the purposes of contract performance, the seller also processes such personal data for marketing purposes, in particular for the subscription and sending of news about the seller’s products (newsletter). Such processing of personal data is carried out by the Seller solely on the basis of the Buyer’s express prior consent. If the Buyer is no longer interested in receiving the Seller’s product newsletters after having given his consent, he may withdraw his consent given to the Seller for this purpose at any time simply by sending an email to the Seller’s email address info@koloristika.eu . Upon receipt of the revocation of consent to the processing of the data subject’s personal data, the Seller shall ensure that the data is blocked and destroyed without delay. It is added that the Seller is entitled to process the personal data of the data subject even after the termination of the original legal basis for the processing of personal data, but only to the extent necessary for the purposes of statistics, accounting and research, or to provide third parties or the public with aggregated statistical information on customers, traffic, turnover and other data, but in an anonymised form so that our customers cannot be identified in any way on the basis of the data, subject to appropriate safeguards for the protection of the rights of the data subject pursuant to Section 78(8) of the Personal Data Protection Act.
8. PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF PROCESSING COOKIES
For the processing of personal data for the purpose of processing cookies, the general information on the processing of personal data set out above applies, as well as:
1. Purposes of the processing of personal data: for example: provision of services, personalisation of advertisements, traffic analysis, Google Analytics (Google Ireland Limited., Gordon House, Barrow Street, Dublin 4, Ireland). Cookies are small amounts of data that servers send to the browser. The latter stores them on the user’s computer. The browser then sends this data back to the server each time the user visits the site.
2. Legal basis for the processing of personal data: article 6(1)(a) GDPR – the data subject has consented to the processing of his or her personal data for one or more specific purposes
3. Retention period of personal data – The cookies used on our website can be divided into two basic types in terms of their durability. Short term “session cookies” which are only temporary and remain stored on your browser only until you close your browser, and long term “persistent cookies” which remain stored on your device for a longer period of time or until you manually delete them, where the length of time the cookie remains on your device depends on the setting of the cookie itself and your browser settings.
4. The provision of personal data is necessary to achieve the purpose.
Conditions and method of processing of personal data of data subjects The controller processes personal data of data subjects in its information systems by automated and non-automated means of processing. The controller shall not disclose the personal data processed, except where required by a specific legal provision or by a decision of a court or other public authority. The controller will not process your personal data without your explicit consent or any other lawful legal basis for any other purpose or to a greater extent than is specified in this information and the record sheets of the controller’s individual information systems.
Automated individual decision-making, including profiling Cookies
The operator uses an analytics tool to monitor its website, which compiles a data chain and tracks how visitors use the site on the Internet. When someone browses the site, the system generates cookies to record information related to the visit (pages visited, time spent on our site, browsing data, leaving the site, etc.), but this data must not be linked to the visitor’s person. This tool is a tool to improve the ergonomic design of the website, to create a user-friendly website and to enhance the online experience of visitors. Most internet browsers accept cookies, but visitors have the option to delete or automatically reject them. Because each browser is different, visitors can set their cookie preferences individually using the browser toolbar. If you choose not to accept cookies, you may not be able to use some features on our website.
Cookie type Usage Validity of cookies
Strictly necessary/essential
- For the most important necessary/essential functions of the website, enabling the website to function properly
- remembers your username to provide you with a quick login the next time you visit the site
- these cookies do not collect any information about you that could be used for marketing purposes
- valid for 1 year
Functional
- used to improve the service for the user, customise the user interface
- preference information is recorded according to content selection
- cookies may remember items you have placed in the e-shop shopping cart or errors you have encountered
- deleted when you leave the website
Performance cookies and targeting cookies – analytics cookies
- third party analytics tools (google analytics) are used to improve quality
- content analytics cookies for site visitors
- statistical data is collected such as the number of visits to a web page view and links to our site page and the number of visits
- to help understand how site visitors behave
- using cookies to improve website performance
- these cookies do not collect any personally identifiable information
- they are anonymous
- deleted automatically 2 years after the last visit to the website
Sharing on – use of social networking sites
- Use of third party social media sites that allow you to share content on social media from our site,
- using the “like” and “share” buttons since your last
- cookies are required to facilitate the use of their services
- record data about your activity on the internet and on the websites you use
- deleted automatically 2 years after the last visit to the website
Quality display
- Built-in cookies that improve performance for faster loading
- content and aid compatibility
- deleted when you close your browser
Owner of the page according to the given page settings
- can only be “read” by the website (number of visitors to the site, where they come from and which parts of the site they have visited)
- 1 year
The operator uses the Google AdWords advertising programme, through which it is able to create online advertisements and reach people at the time when they are interested in the products and services provided by the operator. The Remarketing or Similaraudiences functions in AdWords allow us to reach people who have visited your website in the past. It allows you to display ads in search, on YouTube and in emails. Dynamic remarketing allows users to see ads for products or services they have viewed in the past. Cookies that provide remarketing codes can be disabled by visitors to the website by adjusting the appropriate settings on the browser in question. The operator can also be contacted via Facebook. The purpose of the data management is to share the content of the website operator and the presentation of the operator. Through the Facebook page, guests can learn about news, current special offers at the operator and also view photos of selected orders of the operator. By clicking “like” on the operator’s Facebook page, subjects agree to allow the operator to post their news and offers on their Facebook board. The operator also publishes photos/videos of various events on its Facebook page.
The controller publishes this data of natural persons only if their written consent has been obtained beforehand. For further information on the management of data from the Facebook page, please refer to the privacy policy and guide on facebook.com. For the purpose of presentation, the operator also has a profile on the social network Instagram, where it presents photos of selected orders together with a description. By clicking on “follow”, you agree to the display of photos published by the operator.