When working with the personal data, the operator is governed by Act no. 18/2018 Coll. on the protection of the personal data and amending certain laws (hereinafter referred to as the „Personal Data Protection Act „) and Regulation of the European Parliament and the Council (EU) 2016/679 from 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data repealing Directive 95/46/ ES (General Data Protection Regulation) (hereinafter „ the Regulation”).
From the point of the view of the Regulation, the customer of the e.shop is the affected person, ie the natural person to whom the personal data processed by the e-shop operator relate. According to the Regulation, the affected person has his/ her rights, which he/ she can exercise against the e-shop operator at any time.
The operator in processing your personal data is:
swisscbdpower s. r. o., Vrakunská cesta 6 82104 Bratislava – mestská časť Ružinov, IČO: 53833210, DIČ: 2121503791
The person responsible for personal data protection is Denis Vigaš. If you have any questions about the following text or the use of your personal data or want to exercise your rights described in this document, you can contact the responsible person by e-mail at email@example.com or in writing at swisscbdpower s.r.o., Vrakunská cesta 6 82104 Bratislava- mestská časť Ružinov.
What personal data of the customer does the operator process:
Purchase data- during the purchase, the data required from you to process it is required from you. The obligatory data are therefore only those without which the purchase cannot be sent to you and your order can be processed:
customer´s e-mail address
address of residence, address of delivery of the goods, if different from the address of residence
the subject of the order itself
According to the valid legal regulation, the controller processes only such personal data that are necessary to achieve a specific purpose of processing (principle of data minimization).
Data when creating an account
If you decide to create a user account, the operator also collects all data related to it. The only required information is the customer´s login name, password, and e-mail address. Creating an account is voluntary and is not tied to ordering the goods. However, the customer is free to decide to provide other information such as name, surname, mobile contact.
News and customer competition
If the customer agrees, the operator keeps the customers´s e-mail address for the purpose of sending information about competitions and the news. In the event that the customer contacts the operator in another matter or participates in a consumer competition, data such as name, contact data, or message or information delivered or communicated by the customer shall be stored.
If the processing is carried out with the consent of the customer ( eg, loyalty program, consumer competition), the customer can revoke his consent to the processing at any time and the e-shop operator is obliged to stop processing personal data that have been processed by consent unless it has another legal basis.
The data obtained by the controller about the customer should be processed by the controller only for specifically defined, explicitly stated and legitimate purposes and further cannot be processed in a way that is incompatible with such a purpose (purpose limitation principle). Based on the data obtained from the customer, the operator is able to deliver the goods in accordance with the „ Business conditions”. The data obtained from the customer when creating the order are used to process it or to remind it if the order did not end with a binding order. This information is also required in the operator´s accounting and invoicing rules.
The customer´s contact details are used to send notifications related to the processing of the orders. Also, if the operator has to respond to the questions, inquiries, questions about the order by the customer, in the event of a change in delivery address, or other change in the data in the order or user account. Contact details, as well as details of the purchases, are processed by the operator in the event of a complaint about the delivered goods. Contact details are also used to send discount vouchers to which the customer is entitled in accordance with the business conditions of the operator.
If the customer has given his consent to the operator, or if the customer has not refused to send a communication in the purchasing process, commercial information about news and current offers will be sent to the customer by e-mail. The customer can easily cancel the sending of all emails by clicking on the option „Unsubscribe” from the subscription in the received e-mail.
Security and protection of rights
Customer data is also used to ensure the security of the services provided, to respond to claims against the operator in proceedings before state and other authorities that control the operator´s activities, and to enforce claims against the operator. The controller guarantees adequate security of the personal data processed (principle of integrity and confidentiality).
In order for the controller to be able to legally process personal data of customers for the purpose mentioned above, it must have an adequate LEGAL BASIS for the processing of personal data (principle of legality), which is:
processing is necessary for the performance of the contract to which the person concerned is a party, or in the framework of the pre-contractual relations- in the case of ordering the goods and setting up a user account, but also in participating in consumer competition and informing about a discounts to which the customer is entitled.
Consent of the data subject to the processing of personal data- especially in connection with the sending of commercial communications about news and current offers, or other forms of marketing. Any consent given is voluntary and may be revoked at any time but this does not affect the lawfulness of the processing prior to its revocation. Sending commercial communication about news and current offers can be canceled if you write to us at the e-mail address firstname.lastname@example.org.
Processing is necessary to fulfill the legal obligation of the operator- when storing data about the customer and his order in our accounting or when making data available to government and other authorities that supervise the activities of the operator or that resolve disputes or enforcement of decisions.
Legitimate interest concerns- sending information about news to an email obtained during the purchase process, if the customer has not refused, whether in connection with security and protection of rights, as described below. In these cases, the principle of proportionality is always carefully applied – so that the interference with the customers´s rights is not disproportionate.
Disclosure of information provided
Personal data are not published, made available, provided to any other entities.
The exception is disclosure for legal reasons and to prevent damage. The controller may also store or make personal data available to other persons in connection with an obligation arising from legal regulations, requirements of state and other authorities, and in the exercise of claims or defense in proceedings in the exercise of third party claims against the controller.
An exception is also disclosure of data at the request of the customer. The publication is made in cases where the customer requests the publication of review or comment, or if he agrees to such publication. Disclosure of data to third parties takes place in the case of the delivery service. For transport, the operator uses the following delivery company:
Zásielkovňa s.r.o., Kopčianska 3338 / 82A, 851 01 Bratislava, Slovak Republic
How personal data is protected
In accordance with the requirements of the applicable legislation, the operator performs all necessary security, technical and organizational measures in order to protect personal data. The database containing personal data is protected against damage, destruction, loss, and misuse.
How long personal data is kept
Personal data related to the user account is kept for as long as the account is set up, as it is necessary for the account to be operational. If the account is not created (for example – an order without account registration), personal data concerning the processed order are stored for the necessary period, which is usually 5 years from its delivery.
In case that personal data is used to deliver a commercial communication to an e-mail address or in other cases where consent has been given, this data shall be retained until the relevant consent has been revoked.
What are the customer ´s rights to the personal data protection
In the event that the customer exercises any of the rights listed below, the request will be processed within 30 days from the date of its delivery.
How to exercise your privacy rights
The customer can exercise his rights by sending an e-mail message or a written request to swisscbdpower s.r.o., Vrakunská cesta 6 821 04 Bratislava- mestská časť Ružinov.
The application must state the name, surname, e-mail address, or address of permanent residence. The information provided is necessary for correct identification, otherwise, it will not be possible to comply with the request. This information is necessary in order to be able to objectively verify the identity and also to prevent the personal data from being disclosed to an unauthorized person. According to the Regulation, the affected person has his/ her rights, which he/she can exercise against the e-shop operator at any time.
The data subject´s right of access to data- the data subject has the right to obtain confirmation from the controller as to whether personal data concerning him or her are being processed and, if so, to have access to such personal data as well as information on:
a) the purpose of the processing of personal data, b) the category of personal data processed, c) the identification of the recipient or categories of recipients to whom the personal data were or are to be provided, in particular data on the recipient in a third country or on an international organization the retention period of personal data; if this is not possible, information on criteria for its determination, e) just request he controller to correct personal data concerning the data subject, delete or restrict their processing, or the right to object to the processing of personal data, f) just to file a motion to initiate proceedings according to § 100 of the Personal Data Protection Act, g) sources of personal data, if personal data were not obtained from the data subject, h) existence of automated individual decision-making, including profiling according to § 28 par. 1 and 4 of the Personal Data Protection Act; in such cases, the controller shall provide the data subject with information in particular on the procedure used, as well as on the meaning and expected consequences of such processing of personal data for the data subject.
The right to rectification
The person concerned – the customer has the right to have the operator correct incorrect personal data concerning him/her without undue delay. With the regard to the purposes of the processing, the data subject has the right to supplement incomplete personal data, including by providing a supplementary declaration.
The right to deletion (right to be forgotten)
The customer has the right to delete his personal data that the operator processes about hím if the following conditions are met and legal exceptions do not apply:
the data are no longer needed for the purposes for which they were obtained
the customer withdraws his consent to the processing of his personal data and there is no other legal basis for their processing
the customer objects to the processing of his personal data, based on a legitimate interest, on the basis of a specific situation and does not outweigh the legitimate reasons for processing or object to processing for direct marketing purposes
the personal data has been processed illegally. In the event that the customer´s personal data has been disclosed and the customer´s personal data has been disclosed and the customer exercises the right to delete, the operator shall also delete such disclosed personal data. In the event that the customer cancels the account, the data will be deleted as soon as possible and the account will be canceled within 30 days.
In the event that the customer’s personal data has been disclosed and the customer exercises the right to delete, the operator shall also delete such disclosed personal data. In the event that the customer cancels the account, the data will be deleted as soon as possible and the account will be canceled within 30 days.
The right to restrict the processing of personal data of the customer
The data subject has the right to have the controller restrict the processing of personal data if:
(a) the data subject objects to the accuracy of the personal data during a period allowing the controller to verify the accuracy of the personal data; (b) the processing of the personal data is illegal and the data subject objects to the deletion of the personal data, but the data subject needs them to exercise a legal claim, or (d) the data subject objects to the processing of the personal data according to § 27 para. 1 f the Personal Data Protection Act, until it is verified whether the justified reasons on the part of the operator outweigh the legitimate reasons of the data subject.
The right to the transfer of the customer´s personal data
The customer has the right to obtain personal data that the operator processes about him on the basis of consent and/or contract and processes them by automated means, in any readable format. The operator processes correct and updated personal data (principle of accuracy).
The right to object from the customer
The operator informs its customers of their rights as a data subject (Article 15 to 22 of the Regulation), in particular of the right to object to processing for direct marketing purposes and of the right to withdraw consent to the processing. The customer has the right to object for reasons related to the customer´s specific situation of processing on the basis of the legitimate interest of the operator.
The customer´s right to lodge a complaint
If the customer believes that the processing of his personal data by the controller is in conflict with applicable legislation on personal data protection, the customer has the right to file a complaint to the competent supervisory authority- the Office for Personal Data Protection of the Slovak Republic.