Ochrana osobných údajov
provided by the controller to the data subject when collecting personal data from the data subject and the cookie notice of the Internet shop www.wstore.sk /
The controller of
1.1.The identity and contact details of the Data Controller are:
Business name: Kubrica Grove, Ltd.
Registered office: Sládkovičova 15, Bojnice 972 01, Slovak Republic
Registered in the Register of the District Court Trenčín, Section Sro, Entry No. 11511/R
ID: 36 308 170
VAT ID: SK2020077400
Bank account: SK82 7500 0000 0000 0000 1145 0293
1.2 Email contact and telephone contact of the Operator is:
Tel: +421 919 111 111
1.3 Address of the Operator for sending documents:
Kubrica Grove, s.r.o., Sládkovičova 15, 972 01 Bojnice, Slovak Republic
1.4.The Controller hereby, in accordance with Article 13, paragraphs 1. and 2. 1. and 2. of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 May 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC GDPR (hereinafter referred to as the “Regulation”), the Controller ( Buyer ), from whom the Controller ( Seller ) obtains the personal data concerning him/her, provides to the Data Subject ( Buyer ) the following information, guidance and explanations:
2.2.Pursuant to §3, paragraph 1, letter n), Act No. 102/2014 Coll. The Seller informs the Consumer that there are no special relevant codes of conduct to which the Seller is committed to adhere, whereby a code of conduct is understood to be an agreement or a set of rules that define the Seller’s behaviour, which the seller has undertaken to comply with that code of conduct in relation to one or more specific commercial practices, or sectors of trade if these are not provided for by law or by other legislation or by action of a public authority) which the seller has undertaken to comply with and the manner in which the consumer may acquaint himself with them or obtain the text thereof.
3.1 The controller provides the following brief explanation of the function of cookies:
3.1.1.Cookies are text files containing small amounts of information that are downloaded to your computer, mobile or other electronic device that you use to browse the website domain when you visit the website.
Cookies not only allow the operator’s web domain to recognise the user’s device, but at the same time allow the user to access features on the site.
We divide cookies into two basic types, namely:
Persistent cookies – these cookies remain on the user’s device for the period of time specified in the cookie. They are activated whenever the user visits the web domain that created the cookie.
Session cookies – these cookies allow the operator of the web domain to link the user’s activities when the user opens a browser window and exits when the browser window is closed. Session cookies are created temporarily. When the browser is closed, all session cookies are deleted.
3.2.Explanation of cookies
3.2.1 A cookie is a small text file that a website stores on your computer or mobile device when you browse it. Thanks to this file, the website retains information about your actions and preferences (such as login name, language, font size and other display settings) for a certain period of time, so that you do not have to enter them again the next time you visit the website or browse its individual pages.
220.127.116.11.the fact that you have already responded to a survey displayed in a separate window (pop-up), through which you can express your opinion on the content of the site (it will not be redisplayed);
18.104.22.168.Marketing and remarketing
The information stored in cookies will not be used to identify you personally and the data structure is entirely under our control. Cookies are not used for purposes other than those stated in this text.
3.4.How to control cookies
3.4.1.You can control and/or delete cookies at your discretion – see aboutcookies.org for details. You can delete all cookies stored on your computer and you can set most browsers to prevent them from being stored.
Personal data processed
4.1.The operator processes the following personal data on its website: first name, surname, residence, email address, home telephone number, mobile phone number, billing address, delivery address, data obtained from cookies, IP addresses.
Contact details of the data protection supervisor
5.1 The controller has appointed a data protection supervisor in accordance with Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Contact: email@example.com
5.2.The Operator, is also the Seller within the meaning of the term set out in the General Terms and Conditions of this website.
Purposes of the processing of personal data of the Data Subject and duration of the processing of personal data
6.1.The purposes of the processing of the Data Subject’s personal data are in particular:
6.1.1.the registration, creation and processing of contracts and client data for the purpose of concluding contracts with third parties
6.1.2.processing of accounting documents and documents related to the business activity of the Controller
6.1.3.compliance with legal regulations in connection with archiving documents and documents, e.g. pursuant to Act No. 431/2002 Coll., the Accounting Act as amended and other relevant regulations
6.1.4.the activities of the Operator in connection with the fulfilment of the request, order, contract and similar institutes of the Concerned Person.
6.2.The Data Subject’s personal data shall be kept by the Controller only for the strictly necessary period of time required for the purposes of the performance of the contract and their subsequent archiving within the meaning of the statutory time limits imposed on the Controller by law.
VII. Legal basis for the processing of the data subject’s personal data
7.1 The legal basis for the processing of personal data of Data Subjects is, depending on the specific personal data processed and the purpose of the processing, the consent of the Data Subjects to the processing of their personal data.
7.2 If the Controller carries out the processing of personal data based on the Data Subject’s consent, such processing shall only be initiated after the Data Subject has given his or her consent.
7.3 Where the Controller processes the Data Subject’s personal data for the purposes of negotiating pre-contractual relations and the conclusion and performance of a sales contract and the related delivery of goods, products or services. The data subject is obliged to provide personal data for the proper performance of the purchase contract, otherwise the performance cannot be ensured. Personal data for this purpose is processed without the consent of the data subject.
VIII. Recipients or categories of recipients of personal data
8.1.The recipients of the Data Subject’s personal data will be, or at least may be:
8.1.1.the statutory bodies or their members of the Controller
8.1.2.persons performing work activity in an employment or similar relationship for the Controller.
8.1.3.business representatives of the Operator and other persons cooperating with the Operator in the performance of the Operator’s tasks. For the purposes of this document, all natural persons performing dependent work for the Operator on the basis of an employment contract or agreements for work performed outside the employment relationship shall be considered to be employees of the Operator.
8.1.4.The recipient of the Data Subject’s personal data will also be the Controller’s collaborators, business partners, suppliers and contractors, in particular: an accounting company, a company providing services related to the creation and maintenance of software, a company providing legal services to the Controller, a company providing consultancy services to the Controller, companies providing transport and delivery of products to buyers and third parties, marketing companies, companies operating social networks, companies providing payment gateways and other payment methods.
8.1.5.The recipient of personal data will also be courts, law enforcement authorities, tax authorities and other state authorities, if so provided by law. Whereby personal data will be provided by the Data Controller to the authorities and state institutions concerned on the basis of and in accordance with the legislation of the Slovak Republic
8.1.6.List of third party processors and recipients who process the personal data of the Data Subject:
Slovenská pošta, a.s., Partizánska cesta 9, 975 99 Banská Bystrica, ID No.: 36631124
Direct Parcel Distribution SK, s.r.o., with registered office at Technická 7, 82104 Bratislava, ID No.: 35834498 – third party providing transport services
Packeta Slovakia s.r.o., with registered office at Kopčianska 3338/82A, 851 01 Bratislava, ID No: 48136999 – third party providing transport services
Slovak Parcel Service s.r.o., with registered office at Senecká cesta 1, 900 28 Ivanka pri Dunaji
ID No: 31329217 – third party providing transport services
Pay Solutions, a. s., Líščie údolie 119, 841 04 Bratislava – third party providing a payment gateway
LUCRA team spol. s.r.o., Kalinčiakova 10658/27 831 04 Bratislava – third entity providing accounting services
Information on the provision of personal data to third countries and the period of their storage:
9.1.Not applicable. The controller does not transfer personal data of persons to third countries.
Instruction on the existence of relevant rights of the Data Subject:
10.1.The data subject has the following rights, among others, whereby:
10.1.1.Clause 10.1 is without prejudice to the other rights of Data Subjects.
10.1.2.The right of the Data Subject to access to data pursuant to Article 15 of the Regulation, which includes:
The right to obtain confirmation from the Data Controller as to whether it is processing the Data Subject’s personal data and, if so, to what extent. At the same time, if they are processed, he has the right to find out their content and to request information from the Data Controller about the reason for processing them, in particular information on: The reason for their processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations, the envisaged period of retention of the personal data or, if this is not possible, information on the criteria for determining it, 1. a 4. Regulation and, in such cases, at least meaningful information about the process used as well as the significance and the envisaged consequences of such processing of personal data for the Data Subject, about the adequate safeguards pursuant to Article 46 of the Regulation relating to the transfer of personal data where personal data are transferred to a third country or an international organisation.
10.1.3.the right to be provided with a copy of the personal data being processed, provided, however, that the right to be provided with a copy of the personal data being processed shall not adversely affect the rights and freedoms of others.
10.1.4.the right of the Data Subject to rectification pursuant to Article 16 of the Regulation, which includes the right: for the Data Controller to correct incorrect personal data concerning the Data Subject without undue delay; the right to supplement incomplete personal data of the Data Subject, including by providing a supplementary statement of the Data Subject; the right of the Data Subject to erasure of personal data (the so-called “right to be forgotten”) pursuant to Article 17 of the Regulation, which includes:
10.1.5.the right to obtain from the Data Controller, without undue delay, the erasure of personal data concerning the Data Subject if one of the following grounds is met:
the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, the Data Subject withdraws the consent on the basis of which the processing is carried out, provided that there is no other legal basis for the processing of the personal data, the Data Subject objects to the processing of the personal data pursuant to Article 21(1). Regulation and there are no overriding legitimate grounds for the processing of personal data or the Data Subject objects to the processing of personal data pursuant to Article 21(2). Regulations, the personal data has been unlawfully processed, the personal data must be erased in order to comply with a legal obligation under European Union law or the law of a Member State to which the Data Controller is subject, the personal data has been collected in connection with the offer of information society services pursuant to Article 8(1). of the Regulation;
10.1.6.the right for the Controller who has disclosed the personal data of the Data Subject to take reasonable measures, including technical measures, having regard to the technology available and the cost of implementing the measures, to inform other controllers who carry out the processing of personal data that the Data Subject has requested them to erase all references to such personal data, a copy or replicas thereof, it being understood that the right to erasure of personal data containing the rights under Article 17(1) and (2) of the Regulation. Regulation shall not arise if the processing of the personal data is necessary:
10.1.7.to exercise the right to freedom of expression and information.
10.1.8.for the performance of a legal obligation which requires processing under European Union law or the law of a Member State to which the Data Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
10.1.9.for reasons of public interest in the field of public health in accordance with Article 9(2)(h) and (i) of the Regulation as well as Article 9(3). Regulation.
10.1.10.for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1). Regulation, in so far as the right referred to in Article 17(1) is likely to of the Regulation will prevent or seriously impede the achievement of the purposes of such processing of personal data; or for the establishment, exercise or defence of legal claims;
10.1.11.the right of the Data Subject to restrict the processing of personal data pursuant to Article 18 of the Regulation, which right includes:
10.1.12. the right to have the Controller restrict the processing of personal data in respect of one of the following cases: The Data Subject contests the accuracy of the personal data during a period allowing the Controller to verify the accuracy of the personal data, the processing of the personal data is unlawful and the Data Subject objects to the erasure of the personal data and requests instead the restriction of its use, the Controller no longer needs the personal data for the purposes of the processing, but the Data Subject needs it to establish, exercise or defend legal claims, the Data Subject has objected to the processing pursuant to Article 21 para. 1. Regulation, pending verification whether the legitimate grounds on the part of the Controller outweigh the legitimate grounds of the Data Subject;
10.1.13.the right, where the processing of personal data has been restricted, to have such restricted personal data processed only with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State, with the exception of storage;
10.1.14.the right to be informed in advance of the lifting of the restriction on the processing of personal data;
10.1.15.the right of the Data Subject to comply with the obligation to notify recipients pursuant to Article 19 of the Regulation, which includes: the right for the Controller to notify each recipient to whom personal data have been disclosed of any rectification or erasure of personal data or restriction of processing carried out pursuant to Article 16, Article 17 para. 1. and Article 18 of the Regulation, unless this proves impossible or requires a disproportionate effort, the right for the Controller to inform the Data Subject about these recipients, if the Data Subject so requests;
10.1.16. the Data Subject’s right to data portability under Article 20 of the Regulation, which includes: the right to obtain the personal data relating to the Data Subject which he or she has provided to the Controller in a structured, commonly used and machine-readable format and the right to transfer that data to another controller without hindrance from the Controller if:
a/ the processing is based on the Data Subject’s consent pursuant to Article 6(1)(a) of the Regulation or Article 9(2)(a) of the Regulation, or on a contract pursuant to Article 6(1)(b) of the Regulation, and at the same time
b/ the processing is carried out by automated means, and at the same time:
10.1.17.the right to obtain personal data in a structured, commonly used and machine-readable format and the right to transmit such data to another controller without hindrance by the Controller will not have adverse effects on the rights and freedoms of others;
10.1.18.the right to transfer personal data directly from one Controller to another Controller, insofar as this is technically feasible;
10.1.19.the right of the Data Subject to object under Article 21 of the Regulation, which includes:
10.1.20.the right to object at any time, on grounds relating to the particular situation of the Data Subject, to processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(e) or (f) of the Regulation, including to object to profiling based on those provisions of the Regulation;
10.1.21.in the case of the exercise of the right to object at any time, on grounds relating to the particular situation of the Data Subject, to processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(a)(1)(b) of the Regulation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(a)(i) of the Regulation. (e) or (f) of the Regulation, including the right to object to profiling based on these provisions of the Regulation, the right not to have the Data Subject’s personal data further processed by the Controller unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject, or grounds for establishing, exercising or defending legal claims
10.1.22. the right to object at any time to the processing of personal data concerning the Data Subject for direct marketing purposes, including profiling to the extent that it is related to direct marketing; provided that if the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for such purposes;
10.1.23.in relation to the use of information society services, the right to object to the processing of personal data by automated means using technical specifications;
10.1.24.the right to object, on grounds relating to the particular situation of the Data Subject, to the processing of personal data concerning the Data Subject where the personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1). Regulation, except where the processing is necessary for the performance of a task carried out for reasons of public interest;
10.1.25.the right of the Data Subject relating to automated individual decision-making under Article 22 of the Regulation, which includes:
10.1.26.the right not to be subject to a decision which is based solely on automated processing of personal data, including profiling, and which has legal effects concerning him or her or similarly significantly affects him or her, except pursuant to Article 22(2). Regulation [i.e. except where the decision is: (a) necessary for entering into, or performance of, a contract between the Data Subject and the Data Controller,
10.1.27.permitted by European Union law or the law of a Member State to which the Controller is subject and which also provides for appropriate measures guaranteeing the protection of the rights and freedoms and legitimate interests of the Data Subject; or (c) based on the Data Subject’s explicit consent.
Instructions on the right of the Data Subject to withdraw consent to the processing of personal data:
11.1.The data subject is entitled to withdraw his or her consent to the processing of personal data at any time, without prejudice to the lawfulness of the processing of personal data based on the consent given prior to its withdrawal.
The data subject shall be entitled to withdraw his or her consent to the processing of personal data at any time, in whole or in part. A partial withdrawal of consent to the processing of personal data may relate to a specific type of processing operation(s), while the lawfulness of the processing of personal data to the extent of the remaining processing operations remains unaffected. A partial withdrawal of consent to the processing of personal data may relate to a particular specific processing purpose(s), while the lawfulness of the processing of personal data for the remaining purposes remains unaffected.
The right to withdraw consent to the processing of personal data may be exercised by the Data Subject in paper form to the address of the Controller registered as its registered office in the commercial register at the time of withdrawal of consent to the processing of personal data or in electronic form by electronic means (by sending an e-mail to the e-mail address of the Controller indicated in the identification of the Controller in this document).
XII. Instructions on the right of the Data Subject to lodge a complaint with the supervisory authority:
12.1.The Data Subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of alleged infringement, if he or she considers that the processing of personal data concerning him or her is in breach of the Regulation, all without prejudice to any other administrative or judicial remedies.
The data subject shall have the right to be informed by the supervisory authority to which the complaint has been lodged of the progress and outcome of the complaint, including the possibility of seeking judicial redress pursuant to Article 78 of the Regulation.
12.2 The supervisory authority in the Slovak Republic is the Office for Personal Data Protection of the Slovak Republic.
XIII. Information relating to automated decision-making, including profiling:
13.1.As the processing of the Data Subject’s personal data in the form of automated decision-making, including profiling referred to in Article 22(1) and (4) of the GDPR is not involved in the case of the Controller, the Data Subject shall not be subject to any automated decision-making, including profiling. 2(2)(f) of the Regulation, the Controller is not obliged to provide information pursuant to Article 13(2)(f) of the Regulation, i.e. information on automated decision-making, including profiling, and on the procedure used, as well as on the significance and foreseeable consequences of such processing of personal data for the Data Subject. Not applicable.
XIV. Final provisions
This eshop is certified by http://www.pravoeshopov.sk