UNIPAS
Personal data protection
Železničná 285/12, Koš 972 41
Services:
Igor Toma
Sales and Business Development:
Principles of personal data protection in the online shop and during work with personal data
This document describes the method and purpose of processing personal data of the controller and provides any other information required by law, including information about the rights of the data subject and how to exercise them.
The Act No. 18/2018 Z. z. [Collection of Laws of the Slovak Republic] on the Protection of Personal Data and on Alterations of and Additions to Certain Laws as well as the Regulation (EU) 2016/679 – the General Data Protection Regulation (hereinafter referred to as the "Regulation") constitute legislation for the protection of natural persons with regard to the processing of personal data and on the free movement of such data and protects basic rights and freedoms of natural persons, especially in relation to the right to the protection of personal data.
Under Article 4 (1) of the Regulation, the term "personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject").
"Processing" means an operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Article 4(2) of the Regulation).
Under Article 12 et seqq. of the Regulation, the data subject must also be provided with relevant information about the processing activities of the controller and the rights of the data subject.
CONTROLLER DATA
| Business name: | UNIPAS, spol. s r.o. |
| Registered office: | Železničná 285/12, 972 41 Koš |
| Organization ID No.: | 31576991 |
| TIN: | 2020467163 |
The proper processing of personal data is supervised by an authorized person, contact details:
e-mail: info@unipas.com
mailing address: the address of the registered office of the company
This information is effective from September 1, 2023; the controller is entitled to update it.
DEFINITIONS OF TERMS
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Data subject – any person whose personal data is processed.
E- shop – a web application with an offer of goods and services that can be ordered.
Shop – seller's establishment where goods or services can be purchased.
Personal data – any information relating to an identified natural person or an identifiable natural person.
Controller – is the natural person or legal entity who has determined the method and has defined the purpose of the processing of personal data.
ON WHAT BASIS WE CAN PROCESS YOUR PERSONAL DATA
The processing is lawful only if and only to the extent that at least one of the following applies:
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- The processing is necessary for compliance with a legal obligation.
- The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
PRINCIPLES OF THE PROCESSING OF PERSONAL DATA IN OUR ONLINE SHOP
Compliance with the principles of the processing of personal data of customers in accordance with Art. 5 of the Regulation.
- Lawfulness of the processing - every processing must be lawful, meaning that we have an adequate legal basis.
- PD processing limitation (necessity) - we only process your personal data to the extent necessary in relation to the purpose. We will always consider the scope of the processing of personal data.
- PD storage limitation (destruction) - we store in a form that allows identification of the DS as long as it is necessary for the purpose. Your personal data is carefully destroyed after the purpose of processing has been fulfilled.
- Integrity and confidentiality (security) – the controller has taken technical, organizational and personnel measures against loss, destruction, damage to PD.
WHAT IF PERSONAL DATA IS NOT PROVIDED
The controller, who determines the conditions and method of the processing of personal data, will not request any personal data from the data subject that (after careful consideration and assessment of the legal basis) is not necessary. Therefore, if personal data of data subjects are processed:
- on the basis of a legal obligation (point (c) of Article 6(1) of the GDPR Regulation), the data subject is obliged to disclose personal data to the controller. If, despite this, the data subject does not provide its personal data, the controller will not be able to fulfill his obligations arising from special legislation and the data subject will (may) commit a violation of the provisions of the relevant legal piece of legislation, which may cause a refusal to provide a service or sell goods.
- on the basis of a contract with the data subject (point (b) of Article 6(1)) of the GDPR Regulation), the disclosure of personal data is a contractual requirement. If the data subject does not disclose its personal data, the controller will not be able to enter into a contractual relationship with the data subject or will not be able, on the basis of its request, to take measures before concluding the contract.
- on the basis of a consent to the processing of personal data granted by the data subject (point (a) of Article 6(1) of the GDPR Regulation), the disclosure of personal data is voluntary and is an expression of the free will of the data subject. If the data subject does not disclose its personal data, the controller will not be authorized to process the data for the purposes defined in the specific consent and this may prevent him from providing the data subject with the activities or activities described by the consent. (The data subject is entitled to withdraw the granted consent at any time.)
- on the basis of the legitimate interests of the controller or the legitimate interests of a third party (point (f) of Article 6(1) of the GDPR Regulation), the personal data of the data subjects is processed even without their prior consent. The data subjects must be informed in advance about the legitimate interests of the controller. The data subjects have the right to object to processing. (The data subject has the right to object at any time to a processing of personal data concerning the data subject which is carried out on the basis of the legitimate interests of the Controller. The controller to whom an objection of the data subject has been addressed will not further process personal data, unless he proves the necessary legitimate reasons for the processing that prevail over the interests, rights and freedoms of the data subject, or reasons for proving, exercising or defending legal claims.)
WE COLLECT YOUR PERSONAL DATA
You will most often disclose your personal data to us:
- We collect primarily directly from you, for example from communicating with you via the contact form on our website, creating a customer account in our e-shop.
- If you are in the position of our customer, or a Person Interested in our goods or services.
- During the selection process to fill the vacant job position of the controller, or Record-keeping of personal data of job applicants without the intention of filling a specific job position.
- For the purposes of improving our services, personalization and marketing, we use cookies and similar tools. You can find more information in the Cookies section.
WHAT IS THE PURPOSE OF THE PROCESSING OF PERSONAL DATA, THE LEGAL BASIS FOR THE PROCESSING ACTIVITY, HOW LONG DO WE STORE YOURR PERSONAL DATA
The controller processes your personal data in the following manner for the following purposes:
| Name of processing operation | Purpose of personal data processing | Category of personal data | Legal title of processing | Data storage period | Other recipients |
| Processing of personal data based on an order in the e-shop | delivery of goods or provision of services | first name, last name, title, delivery address, billing address, e-mail, phone | contractual relationship - performance of the contract | till the end of the period during which it is possible to lodge a warranty claim for the goods, i.e. two years | transport companies providing the transport of goods |
| Issuance of invoices and their archiving | record-keeping prescribed by law | first name, last name, title, delivery address, billing address, e-mail, phone | obligation in accordance with applicable legislation | 10 years | tax office, municipal and city authorities, Slovak Post Office, other authorized entity |
| Registration of a customer account, | record-keeping of the customer's personal data for further orders, which can be carried out faster in this way | first name, last name, title, delivery address, billing address, e-mail, phone | consent of the data subject to the registration | 10 years | the data is not disclosed further |
| Sending of news by e-mail | sending of business announcements e-mail | consent of the data subject | 5 years, or until the consent is withdrawn | the data is not disclosed further | |
| Sending of news by a text (SMS) message | sending of business announcements by a text (SMS) message | phone number | consent of the data subject | 5 years, or until it is withdrawn | the date is not disclosed further |
| Record-keeping of contest customers | contact details of participants involved | first name, last name, title, delivery address, e-mail, phone | consent of the data subject | after the end of the contest, personal data will be destroyed | Facebook Inc., Soc. Sprinters |
| Record-keeping of business partners | information about the company's business partners | first name, last name, e-mail, phone | legitimate interest of the person's controller | store in a form that allows the identification of the DS as long as it is necessary for the purposes of the business transaction | contracting parties, partners in the implementation of project activities, state administration bodies, public authorities |
| Job applicant | information from the obtained CVs of job applicants | first name, last name, title, education, e-mail, phone, work experience | consent of the data subject | 1 year | the date is not disclosed further |
| Payroll and personnel agenda | complete information about employees required by law as well as information about wages, vacation, health | first name, last name, title , place of residence, number of a proof of identity, attendance, information for salary calculation, information on family members | legal reason | max. 50 years | in case of inspection Social Insurance Company, Tax Directorate of the Slovak Republic, health insurance companies |
| Registry records administration | is the providing for the keeping, creation, storage, protection of registry records, access to them and providing for their disposal | routine personal data | legal obligation of the controller | 10 years after termination of record-keeping | Ministry of the Interior of the Slovak Republic, other authorized entity |
| Record-keeping of warranty claims | information on the application of a warranty claim and its handling | title, first name, last name, address, IBAN, phone, e-mail | legal obligation of the controller | 5 years | by the trade inspection authority as part of consumer protection |
| Record-keeping of the rights of data subjects | handling of requests of natural persons aimed at exercising their rights | title, first name, last name, address and other personal data to which the exercised right of the data subject is related | legal obligation of the controller | 5 years from the date of processing the request | state administration, public and public administration authorities according to the relevant legislation |
| Handling of complaints of data subjects | the purpose of the processing is a filing by a natural person or legal entity seeking protection of its rights or interests protected by law which it believes have been violated | ordinary personal data, other data necessary for the verification of the initiative | legal obligation of the controller | 5 years after the end or termination of the obligation | state administration, public and public administration authorities according to relevant legal legislation |
| Record-keeping of withdrawals from a contract | information on the implementation of a withdrawal from the contract and the disposal thereof | title, first name, last name, address, IBAN, phone, e-mail | fulfillment of pre-contractual relations | 3 years | in case of an inspection by the Slovak Commerce Inspection |
| Handling of customer questions | providing information to customers | title, first name, last name, e-mail, phone | fulfillment of pre-contractual relations | 1 month | the data is not disclosed further |
| Transmission of data about viewed pages | improving the quality of the online shop | IP address of the e-shop visitor | legitimate interest of the controller | after objection filing, max. 3 years | |
| Transmission of information for payment | sending of data for the execution of a payment transaction | e-mail, order number, order value | for the purpose of contract performance | one-time provision | Banks |
| Wishlist | a registered customer has the opportunity to include selected goods in the so-called wishlist, | title, first name, last name, e-mail, phone | legitimate interest of the controller | 6 months | the data is not disclosed further |
| Abandoned basket | the registered customer has not completed his purchase, has not completed a payment and an e-mail with a warning and the contents of the basket is sent to him, | title, first name, last name, e-mail, phone | legitimate interest of the controller | 6 months | the data is not disclosed further |
| Customer holiday tracking | Offer for a discount for the customer's holiday | title, first name, last name, e-mail, phone | legitimate interest of the controller | as long as he does not cancel the customer account | transport companies providing the goods transport |
| Segmentation | depending on what the customer buys in the e-shop, the e-shop operator sends the customer newsletters with information about a good similar to that being bought by the customer in the e-shop | title, first name, last name, e-mail, phone | legitimate interest of the controller | 6 months | the data is not disclosed further |
| Upselling | based on the contents of the customer's basket/or on the basis of goods previously purchased by him in the e-shop, the goods recommended by the merchant for a further purchase will be displayed to the customer when completing the order (in its payment process) | title, first name, last name, e-mail, phone | legitimate interest of the controller | 6 months | the data is not disclosed further |
| Reactivation | the registered customer is no longer active in the e-shop ; the operator of the e-shop will send him a code with a discount for the next purchase, with the intention of motivating him to make another purchase | title, first name, last name, e-mail, phone | legitimate interest of the controller | 6 months | the data is not disclosed further |
| Loyalty program | provision of discounts, bonuses, loyalty program, product information | first name, last name, title, permanent residence, e-mail, phone | consent of the data subject | for the duration of the consent | the data is not disclosed further |
| Marketing communication with the data subject without a previous relationship | sales support, marketing offers, newsletter, information about products and news | first name, last name, title, permanent residence, e-mail, phone | consent of the data subject | we will process your personal data for this purpose until you cancel your participation in the marketing list or unsubscribe from sending messages for direct marketing purposes (newsletter). | transport companies providing the transport of goods |
| Marketing communication with the customer | sales support, marketing offers, newsletter , information about products and news | first name, last name, title, permanent residence, e-mail, phone | legitimate interest of the controller | we will process your personal data for this purpose until you cancel your participation in the marketing list or unsubscribe from sending messages for direct marketing purposes (newsletter) | transport companies providing the transport of goods |
| Contests on Facebook | promotion of the organization | for the winner, also his first name, last name, phone number, address and photo with the prize | consent of the data subject | after the end of the contest, the personal data will be destroyed | mail-order companies |
| "Reserve at the shop" service | pick up the goods for free on the date chosen by you | title, first name, last name, phone | legitimate interest of the controller | after taking over the goods, they are erased | the data is not disclosed further |
We request all personal data that we collect exclusively from you, not from other sources.
WHO ARE THE RECIPIENTS OF YOUR PERSONAL DATA
Category of recipients: state administration authorities, public administration authorities, local self-government entities, administrator of the controller's website, auditor, lawyer, intermediaries (accounting issues), companies managing and supporting information technology, information service providers in justified cases, courts and law enforcement authorities.
COURIER AND DELIVERY COMPANIES
The controller discloses personal data, for the purpose of delivering goods to the customer, also to third parties in the following scope: title, first name, last name, address (street, number, zip code, city), phone contact. Courier and delivery companies are considered as third parties, both those that provide their services on the basis of a special law (e.g. Act No. 324/2011 Z. z. on Postal Services and on the Alterations of and Additions to Certain Laws as amended (hereinafter the "Postal Services Act") and those that are not governed by this or another special law. However, in both cases, these are entities that deliver the goods ordered in the e-shop to the customer on their own behalf and under their own responsibility. For the processing of the personal data of the a data subject (e-shop customer) for the purpose of delivering goods or services via the selected delivery person there is no need of an additional separate consent to the processing of personal data.
A courier providing services under the Act No. 324/2011 Z. z. processes personal data of the consumer on the basis of:
- the performance of the contract under section 13(1)b) of the Act No. 18/2018 Z. z.
- or the purpose of legitimate interests under section 13(1)f) of the Act No. 18/2018 Z. z.
A courier not providing services under the Act No. 324/2011 Z. z. processes personal data of the consumer on the basis of:
- the performance of the contract under section 13(1)b) of the Act No. 18/2018 Z. z.
- or the purpose of legitimate interests under section 13(1)f) of the Act No. 18/2018 Z. z.
COOKIES ON OUR WEBSITE
We are authorized to collect and otherwise process data about visitors and users of our website through tools used for automated data collection, especially cookies, logs and other commonly used tools for obtaining information through a website.
A cookie is a small amount of data that is sent as a file to your computer (tablet, smartphone) from the website you are currently visiting. The data file is stored on the computer and every time you visit the same website, the computer sends information to our server.
Most websites, including ours, use cookies. The purpose of cookies is to make it easier and more pleasant for you to use our website. The cookie file will enable the website to recognize whether you have visited it in the past and which section you were interested in. At the same time, the cookies are the tool thanks to which you can save your user settings such as language recognition or remembering your login name. With the help of cookies, we store data, which we do not associate with your person, and we do not identify the customer through the obtained data. The use of cookies is not dangerous for you, cookies cannot transmit viruses or read data from the device's hard drive.
This procedure follows from section 109(8) of the Act No. 452/2021 Z. z. on electronic communications.
The use of cookies and their enabling in the web browser is up to the free will of each website user. You can freely delete cookies or set your internet browser in advance so that it either refuses to accept cookies or warns you when the server tries to send you a cookie . However, it may then happen that websites that depend on the support of cookies will not work as you would imagine, or that parts of the pages will not be available to you. We use permanent cookies that help us identify your device when you visit again Websites and thus enable us to provide services in accordance with your expectations.
UNSUBSCRIBE FROM NEWSLETTERS AND COMMERCIAL ANNOUNCEMENTS
We send you e-mails with inspiration, articles or product information and services if you are our customer based on our legitimate interest. If you are not yet a customer, we only send you e-mails based on your consent. In both cases, you can unsubscribe from our emails by clicking on the unsubscribe link in each email sent.
DISCLOSURE OF PERSONAL DATA
Publication of information materials on the website of the controller.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES AND AUTOMATED INDIVIDUAL DECISION-MAKING
No transfer of personal data to a third country or to an international organization takes place. Personal data will not be used for automated individual decision-making, including profiling.
- CONFIDENTIALITY
- We would like to assure you that our employees and collaborators who will process your personal data are obliged to keep personal data confidential. This confidentiality also lasts after the end of the obligation relationships with us.
SECURITY OF PERSONAL DATA
Your personal data is safe with us. In order to prevent unauthorized access and misuse of your personal data, we have implemented adequate technical and organizational measures. The protection of your personal data is very important to us. That's why we not only regularly check whether they are secured, but we continuously improve their protection. We try to use security measures that, taking into account the current state of technology, provide sufficient security. The security measures taken are then regularly updated.
DATA SUBJECT CATEGORIES
In terms of the processing of personal data, you are the data subject, i.e. the person about whom personal data relating to him/her are processed.
If you are in the position of our customer, or Person Interested in our goods or services.
- WE PROCESS PERSONAL DATA OF CHILDREN
- We consider the protection of your children's privacy to be particularly important. For this purpose, we knowingly do not collect any personal data of persons under the age of 16. If you are under 16 years of age, please do not send us any of your personal information, including your name, residential address, phone number or e-mail address. No person under the age of 16 is authorized to provide his/her personal data on the website. If we find that any personal data that we process relates to a person whose age has not reached 16 years and at the same time we have not been granted the consent of such a person's legal representative, we will delete such personal data without delay. If you suspect that we may be processing information from or about persons under the age of 16, please contact us.
RIGHTS OF THE PERSONS CONCERNED UNDER THE REGULATION AND THE PERSONAL DATA PROTECTION ACT
We consider it important that you understand that the personal data we process is your data and that rights are associated with its processing. In addition to the right to withdraw your consent to the processing of personal data, you also have other rights arising from the Regulation and Personal Data Protection Act, namely:
Right of access - you have the right to be provided with a copy of the personal data we hold about you, as well as information about how we use your personal data. In most cases, your personal data will be provided to you in written document form, unless otherwise requested by you. If you have requested the provision of this information by electronic means, it will be provided to you electronically if it is technically possible.
Right to rectification - we take reasonable measures to ensure the accuracy, completeness and timeliness of the information we have about you. If you believe that the data we hold is inaccurate, incomplete or out of date, please do not hesitate to ask us to adjust, update or supplement this information.
Right to erasure - under certain circumstances you have the right to ask us to erase your personal data, for example, if the personal data we have collected about you is no longer necessary to fulfill the original purpose of processing or if you withdraw your consent to processing. However, your right must be assessed in light of all the relevant circumstances. For example, we may have certain legal and regulatory obligations, meaning that we will not be able to comply with your request.
Right to restriction of processing - under certain circumstances, you are entitled to ask us to stop using your personal data. These are, for example, cases when you think that the personal data we have about you may be inaccurate or when you think that we no longer need to use your personal data.
The right to data portability - under certain circumstances, you have the right to ask us to transfer the personal data you have provided to us to another third party of your choice. However, the right to portability only applies to personal data that we have obtained from you on the basis of consent or on the basis of a contract to which you are a party.
Right to object - you have the right to object to data processing based on our legitimate legitimate interests (for example, we process personal data for the purpose of network and infrastructure security). If we do not have a compelling, legitimate reason for the processing and you file an objection, we will not process your personal data further.
Rights related to automated decision-making - you have the right to refuse automated decision-making, including profiling, which results in legal or similar significant consequences for you. The controller does not normally use automated decision-making or profiling in the context of employment.
The right to withdraw consent - in most cases, we do not process your personal data based on your consent. However, it may happen that in specific cases we ask for your consent. In cases where we do this, you have the right to withdraw your consent to further use of your personal data. (e.g. Photography)
The right to lodge a complaint - if you wish to lodge a complaint about the way your personal data is processed, including exercising the above rights, you can contact (the contact details are specified above). We will duly check all your suggestions and complaints.
If you are not satisfied with our answer, or if you believe that we process your personal data unfairly or illegally, you can file a complaint with the supervisory authority, which is the Personal Data Protection Office of the Slovak Republic, https://dataprotection.gov.sk, Hraničná 12 , 820 07 Bratislava 27; phone number: +421 /2/ 3231 3214; E-mail: statny.dozor@pdp.gov.sk. However, we will be happy if you resolve your objections with us first.
HOW TO EXERCISE YOUR RIGHTS
You always exercise your rights with the person who processes your personal data, i.e. with a specific controller. If the controller has a responsible person, you can also address your request to this person. The request can be oral, written, electronic, or submitted by other means (the General Data Protection Regulation does not prescribe a specific form). We recommend using mainly the written or electronic form.
Prepare identification data such as contract number, your ID with the controller, username or password, etc., that is, an identifier on the basis of which the controller will be able to identify you in his environment and thus provide you with data related to you.
We will respond to your request free of charge within 30 days. In case of complexity or a large number of requests, we are entitled to extend this period by another 60 days. If this happens, we will inform you about it and the reasons. In the event of a repeated request, we are entitled to charge a reasonable administrative fee to cover the costs associated with providing this service.
The right of the data subject to object to automated decision-making cannot be exercised, because the described processing activity does not include automated decision-making.
The right of the data subject to request, from the controller, information about the source of the personal data is irrelevant because the controller processes personal data collected from the data subject.
CONCLUSION
If you have questions about the protection of personal data, you can contact us at any time by e-mail or by post at the controller's registered office. If you exercise some of the rights of the data subject with us according to the legislation governing the protection of personal data and it is not possible to verify the identity of the requesting person from your request, or if we have legitimate doubts in connection with the identity of the person submitting the request, we reserve the right to ask this person to provide additional information necessary to confirm the identity of the person making the request.