Protecting the privacy and personal data of our customers is very important to us. We process and protect personal data in accordance with applicable legislation, in particular the General Data Protection Regulation (GDPR) and Act no. 18/2018 Coll. on the protection of personal data. In the text below, we provide information on what personal data we obtain from customers on our website www.elpatron.sk (hereinafter referred to as the “website”), under what conditions we process this data and also what are the rights of customers in connection with this processing.
In addition to the personal information that customers provide to us directly, as well as most standard websites, we also obtain various technical information from visitors to our website, which is automatically recorded using various tools, such as cookies. We provide more information on the conditions of processing this data in the “Cookie rules” section.
1. Personal data, purpose and legal basis of the processing
1.1 Purchase contract We process the
personal data of the buyer, which he states in the purchase order on our website, specific name, surname, email address, telephone number, delivery address, ordered goods and data for payment, for the purpose of concluding and fulfilling the purchase contract, which includes in particular:
◦ order processing, payment processing and delivery of goods,
lanie sending notification of order status resp. on the status of delivery of goods,
◦ return of goods resp. return of payment in case of withdrawal of the buyer from the contract, and
◦ settlement of the complaint in case of claiming liability for defects of the goods by the buyer.
The provision of personal data for this purpose is mandatory; unless the buyer provides us with the necessary personal data, the purchase contract cannot be concluded.
1.2 Customer account
In order to simplify shopping, the buyer resp. a potential buyer (hereinafter referred to as the “customer”) can register on our website and create a customer account. When registering, he / she will state his / her name, surname, e-mail address, telephone number, delivery address and password. We process this personal data with the consent of the customer who gave us the registration, in order to create and manage the customer’s personal account, which includes in particular:
◦ storing the customer’s personal data on our website for possible further shopping data, just log in to the customer account),
◦ providing an overview of the customer’s order history on our website,
◦ the possibility of storing products in the shopping cart,
◦ the possibility of evaluating purchased products
◦ the possibility to subscribe to the newsletter and the possibility to choose a personalized newsletter.
The provision of personal data for this purpose is voluntary. We store personal data for the period of validity of the granted consent, ie for the duration of the customer’s registration or his customer account on our website. If the customer wishes to cancel the customer’s account, he may withdraw his consent at any time in accordance with Art. 2.2 below. The customer can also cancel his account directly on the website www.elpatron.sk in the section My profile.
The customer can subscribe to the newsletter on our website. When subscribing to the newsletter, they will provide their email address. We process this personal data with the consent of the customer, who gave us by subscribing to the newsletter, for marketing purposes – ie to send notifications about our news, exclusive promotions and discounts to customers in the form of email newsletters.
The provision of personal data for this purpose is voluntary. We store personal data for the period of validity of the granted consent, ie for the duration of its registration for the newsletter. If the customer wishes to stop sending the newsletter (marketing announcements), he can withdraw his consent at any time in accordance with Art. 2.2 below.
We can send a newsletter to a customer who has purchased goods on our website without a special login to the marketing system, as it is in our legitimate interest to inform him about our news, exclusive promotions and discounts on our products and services. The customer has the option to cancel the newsletter subscription at any time by clicking on the appropriate link in each email newsletter or by submitting an objection to the processing of personal data for direct marketing purposes (Article 4.4 below).
As we have a legitimate interest in providing the customer with such marketing communications that are relevant, interesting and personal to him, we also use his personal data for the following purposes:
◦ monitoring and analysis of customer activity (including purchases made) on our website,
◦ sending targeted advertising, offers and other marketing communication,
◦ measuring and evaluating the effectiveness of advertising.
1.4 Improving the website and our services, protection
We have a legitimate interest in improving our website, in particular in improving the design and optimizing its content and functions, as well as in protecting our customers and us. Therefore, we also use the obtained personal data for the following purposes:
◦ determining customer satisfaction with our services on the website,
◦ finding, preventing and addressing breaches of buyers’ obligations when purchasing goods on our website,
◦ preventing, detecting, investigating and prosecuting illegal purchases on our website, including use for investigative purposes by the competent authorities.
1.5 Contact form, customer line
In the event that the customer contacts us via the contact form on our website or on our customer line, we will use the provided personal data to process his question, process a complaint, or other inquired matter. We do not provide this personal data to other persons and we process it only for the time strictly necessary to resolve the issue or. matters.
2. Retention of personal data
2.1 Retention period
We store the personal data of unregistered buyers, which they entered during a one-time purchase on our website, for the time necessary to fulfill all rights and obligations under the purchase contract, max. for a period of 24 months from the delivery of the goods to the buyer (ie until the expiration of the warranty period for the goods).
Please note that for possible investigative and evidentiary purposes, the necessary personal data of customers for the purposes specified in Art. 1.5 above is stored for 10 years.
2.2 Withdrawal of consent
We store personal data, the processing of which is based on the customer’s consent (Articles 1.2 and 1.3 above), for the period of validity of the granted consent. If the customer wishes to complete this processing, he can withdraw his consent at any time by sending an email via the contact form on our website. The customer can also revoke the consent granted for marketing purposes by clicking on the appropriate link in each email newsletter. In the event of withdrawal of consent, we will immediately terminate the processing of the relevant personal data of the customer and delete them, unless there is another legal basis for their further processing. Withdrawal of consent shall not affect the lawfulness of the processing resulting from the consent prior to its withdrawal.
3. Provision and transfer of personal data
We do not provide or make personal customer data available to any third party other than intermediaries who ensure the fulfillment of contractual obligations and related services for us. These persons perform certain activities on our behalf, namely delivery of ordered goods to customers, processing payments for purchases on the website, website and e-shop administration, customer database management, sending e-mail communications and text messages (sms), bookkeeping, providing cloud services , monitoring and analysis of customer activity on our website (Google AdWords, Facebook Ad, etc.). These companies will have access to the personal data necessary to carry out these activities, but may not use them for any other purpose and are obliged to process this personal data in accordance with applicable law.
Some of the suppliers we work with to operate our website also process personal data in third countries (outside the European Union), especially in the USA. These countries may not have the same personal data protection laws as in force in our country or in European Union. In such cases, however, we will ensure that any transfer of customers’ personal data is subject to appropriate security measures. When transferring personal data to the US, we use service providers who are certified and comply with the terms of the EU-US Privacy Shield framework, or we use standard contractual clauses that ensure a level of personal data protection equivalent to European Union law.
4. Customers’ rights in the processing of personal data
In connection with the personal data that we process, the customer has the following rights. The customer can exercise these rights by sending a request via the contact form on our website.
4.1 The right to access, correct and supplement
The customer has the right at any time to request confirmation of whether we process his personal data and, if so, he has the right to access this data (copy of personal data) and information about the conditions of their processing. We will generally provide this information within one month of receiving such a request.
In case of incorrect or incomplete data, the customer has the right to request their correction or addition. He can also update the data entered by the customer during registration by logging in to his customer account.
4.2 Right to delete and restrict processing
In addition to the withdrawal of consent (as set out in Article 2.2 above), the customer has the right to obtain the deletion of personal data if one of the following reasons is met:
◦ personal data are no longer needed for the above purposes,
◦ the customer objects to the processing of personal data which is carried out on a legal basis of legitimate interest and no legitimate grounds for processing prevail,
◦ the personal data have been processed illegally, or
◦ the personal data must be deleted to comply with a legal obligation,
◦ unless processing is necessary to fulfill a legal obligation or to prove, assert or defend legal claims.
Furthermore, the customer has the right to limit the processing of personal data if
◦ challenges the accuracy of personal data during the verification of their accuracy,
◦ personal data has been processed illegally (instead of requesting their deletion), or
◦ we no longer need personal data for the above purposes, but the customer needs them to prove, assert or defend legal claims,
◦ the customer objects to the processing of personal data, which is carried out on the legal basis of a legitimate interest, during the verification of whether there is a legitimate reason for their further processing.
4.3 Right of portability He may have the
customer’s personal data provided for the purpose of performing the contract or with the consent and which are processed by automated means, to another operator, if technically possible.
4.4 Right to object
The customer has the right to object for reasons related to his specific situation against the processing of personal data, which is carried out on the legal basis of a legitimate interest. In the event of such an objection, we will stop processing the relevant personal data unless there is a necessary legitimate reason for their further processing or reasons for proving, asserting or defending legal claims.
The customer has the right to object to the processing of personal data for direct marketing purposes, including profiling. In the event of such an objection, we will stop processing the relevant personal data for such purposes.
4.5 Right to file a complaint
The customer has the right to file a complaint to the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava (www.dataprotection.gov.sk), if he believes that the processing of his personal data is in conflict with the GDPR.
5. Security of personal data
We have taken the necessary technical and organizational measures to protect personal data from unauthorized access or manipulation. These measures include, for example, encryption of the collected data and secure transmission using an SSL certificate. These security measures are regularly adapted and continuously optimized to keep pace with technological progress.
6. Contact point
For the marketing system, we process personal data in a database common to customers of all websites www.bytommy.sk. The operator of the online store is:
EL PATRON, s.r.o.
010 01 Žilina
Contact point for the person concerned:
Email address: firstname.lastname@example.org
Telephone number: +421 910 124 261
7. Validity and updates