E-shop info:

info@goldenchristmas.sk

+421 905 688 824

Golden Christmas

Privacy Policy

INFORMATION FOR THE DATA SUBJECT REGARDING THE COLLECTION AND PROCESSING OF PERSONAL DATA
provided by the controller to the data subject when obtaining personal data from the data subject

The Controller hereby in accordance with Article 13 par. 1. 1 and 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “Regulation“) provides the Data Subject, from whom the Controller obtains personal data concerning them, with the following information:

Identity and contact details of the Controller:
The Controller is BOMAD, s.r.o., with registered office at Lukáčovce 230, Postal Code: 951 23, Company ID: 53 333 888, registered in the Commercial Register of the District Court Nitra, Section: Sro, File No.: 52538/N, statutory body: Martina Borbélyová, email: matka.borbelyova@gmail.com, phone number: 0905 688 824.

Contact details of the responsible person:
Martina Borbélyová

Processed personal data:
The Controller processes the following personal data: name, surname, address, phone number, email address, IP address, cookies.

Purposes of processing the Data Subject’s personal data:

  1. processing of accounting documents
  2. fulfillment and recording of contracts,
  3. recording of clients and contractual partners for the purpose of concluding and fulfilling contracts
  4. archiving of documents in accordance with legal regulations
  5. marketing activities of the controller
  6. correspondence and communication

Legal basis for processing the Data Subject’s personal data:
The legal basis for processing the Data Subject’s personal data will be, depending on the specific personal data and the purpose of their processing, the Data Subject’s consent to the processing of personal data, fulfillment of the controller’s legal obligation, or fulfillment of a contract to which the data subject is a party.

Specification of legitimate interests pursued by the Controller or by a third party: Not applicable.

Recipients or categories of recipients of personal data:
The recipients of the Data Subject’s personal data may be employees and collaborators of the controller, the body and members of the Controller’s bodies, its business partners, suppliers and contractual partners, namely: accounting company, company providing legal services to the controller, company providing services related to software creation and maintenance, courier company.

The recipients of personal data will also be the tax office and other state authorities, in cases stipulated by law.

Information about the intended transfer of personal data to a third country: Not carried out.

Period of retention of personal data:
Personal data will be stored in accordance with legal regulations for the necessary time for which they will be needed for the purposes of fulfilling the contract and their subsequent archiving.

Instruction on the existence of relevant rights of the Data Subject:
The Data Subject has, among others, the following rights:

  1. the right of the Data Subject to access data according to Article 15 of the Regulation, the content of which is:
    1. the right to obtain from the Controller confirmation as to whether or not personal data concerning the Data Subject are being processed;
    2. if the Data Subject’s personal data are being processed, the right to access the processed personal data and the right to obtain the following information:
      1. information on the purposes of processing;
      2. information on the categories of personal data concerned;
      3. information on the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
      4. where possible, information on the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
      5. information on the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the Data Subject or to object to such processing;
      6. information on the right to lodge a complaint with a supervisory authority;
      7. where the personal data are not collected from the Data Subject, any available information as to their source;
      8. information on the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the Regulation and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject; 1. and 4 of the Regulation and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject;
    3. the right to be informed of the appropriate safeguards pursuant to Article 46 of the Regulation relating to the transfer where personal data are transferred to a third country or to an international organization;
    4. the right to be provided with a copy of the personal data undergoing processing, provided that this right to obtain a copy of the processed personal data does not adversely affect the rights and freedoms of others;
  2. the right of the Data Subject to rectification according to Article 16 of the Regulation, the content of which is:
    1. the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning the Data Subject;
    2. the right to have incomplete personal data of the Data Subject completed, including by means of providing a supplementary statement by the Data Subject;
  3. the right of the Data Subject to erasure of personal data (so-called right “to be forgotten”) according to Article 17

of the Regulation, the content of which is:

  1. the right to obtain from the Controller the erasure of personal data concerning the Data Subject without undue delay where one of the following grounds applies:
    1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    2. the Data Subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing of personal data;
    3. the Data Subject objects to the processing of personal data pursuant to Article 21(1) of the Regulation and there are no overriding legitimate grounds for the processing, or the Data Subject objects to the processing of personal data pursuant to Article 21(2) of the Regulation;
    4. the personal data have been unlawfully processed;
    5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
    6. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the Regulation; 1. of the Regulation;
  2. the right that the Controller, who has made the personal data of the Data Subject public, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that the Data Subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data;

it being understood that the right to erasure of personal data with the content of rights under Article 17(1) and (2) of the Regulation 1. and 2 of the Regulation [i.e. with the content of rights under (i) and (ii) of this letter c) of point J. of this document] shall not arise, if processing is necessary:

for exercising the right of freedom of expression and information;

  1. for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  2. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the Regulation;
  3. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the Regulation in so far as the right referred to in Article 17(1) of the Regulation 1. of the Regulation in so far as the right referred to in Article 17(1) of the Regulation 1. of the Regulation is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  4. for the establishment, exercise or defense of legal claims;

d) the right of the Data Subject to restriction of processing according to Article 18 of the Regulation,

the content of which is:

  1. the right to obtain from the Controller restriction of processing where one of the following applies:
    1. the accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the personal data;
    2. the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
    3. the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defense of legal claims;
    4. the Data Subject has objected to processing pursuant to Article 21(1) of the Regulation pending the verification whether the legitimate grounds of the 1. of the Regulation pending the verification whether the legitimate grounds of the
  2. Controller override those of the Data Subject;
  3. the right that where processing has been restricted under point (i) of this letter d) of point J. of this document, such personal data shall, with the exception of storage, only be processed with the Data Subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State;
  4. the right to be informed in advance of the lifting of the restriction of processing of personal data;

e) the right of the Data Subject to fulfill the notification obligation to recipients according to Article 19 of the Regulation, the content of which is:

  • the right that the Controller communicates any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 of the Regulation to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort; 1. and Article 18 of the Regulation to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort;
  • the right that the Controller informs the Data Subject about those recipients if the Data Subject requests it;

f) the right of the Data Subject to data portability according to Article 20 of the Regulation, the content of which is:

  1. the right to receive the personal data concerning the Data Subject, which they have provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller to which the personal data have been provided, where:
    1. the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the Regulation or on a contract pursuant to point (b) of Article 6(1) of the Regulation; and
    2. the processing is carried out by automated means; and
    3. the right to receive personal data in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the Controller shall not adversely affect the rights and freedoms of others;
  2. the right to have the personal data transmitted directly from one controller to another, where technically feasible;

g) the right of the Data Subject to object according to Article 21 of the Regulation, the content of which is:

  1. the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on point (e) or (f) of Article 6(1) of the Regulation, including profiling based on those provisions; 1. (e) or (f) of Article 6(1) of the Regulation, including profiling based on those provisions;
  2. [in case of exercising the right to object at any time on grounds relating to their particular situation to processing of personal data concerning them which is based on point (e) or (f) of Article 6(1) of the Regulation, including profiling based on those provisions] the right that the Controller no longer processes the personal data of the Data Subject unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims 1. (e) or (f) of Article 6(1) of the Regulation, including profiling based on those provisions] the right that the Controller no longer processes the personal data of the Data Subject unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims
  3. the right to object at any time to processing of personal data concerning the Data Subject for direct marketing purposes, including profiling to the extent that it is related to such direct marketing; it being understood that where the Data Subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes;
  4. (in relation to the use of information society services) the right to exercise the right to object to processing of personal data by automated means using technical specifications;
  5. the right to object on grounds relating to their particular situation to processing of personal data concerning the Data Subject where the personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the Regulation, unless the processing is necessary for the performance of a task carried out for reasons of public interest; 1. of the Regulation, unless the processing is necessary for the performance of a task carried out for reasons of public interest;

h) the right of the Data Subject related to automated individual decision-making according to Article 22 of the Regulation, the content of which is:

  1. the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, except for the cases according to Article 22(2) of the Regulation [i.e. except for cases where the decision is: (a) necessary for entering into, or performance of, a contract between the Data Subject and the Controller, (b) authorized by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests or (c) based on the Data Subject’s explicit consent]. 2. of the Regulation [i.e. except for cases where the decision is: (a) necessary for entering into, or performance of, a contract between the Data Subject and the Controller, (b) authorized by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests or (c) based on the Data Subject’s explicit consent].

Instruction on the right of the Data Subject to withdraw consent to the processing of personal data:

The data subject has the right to withdraw their consent to the processing of personal data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

The data subject has the right to withdraw their consent to the processing of personal data at any time – in full or in part. Partial withdrawal of consent may concern a specific type of processing operation(s), while the lawfulness of personal data processing for the remaining operations remains unaffected. Partial withdrawal of consent may also concern a specific purpose or purposes of personal data processing, while the lawfulness of processing for other purposes remains unaffected.

The data subject can exercise their right to withdraw consent to the processing of personal data in paper form by sending it to the Controller’s address registered as its headquarters in the commercial register at the time of withdrawal, or electronically via email to the Controller’s email address provided in this document, or by filling out an electronic form published on the Controller’s website.

Information on the data subject’s right to file a complaint with the supervisory authority:

The data subject has the right to file a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or place of the alleged infringement if they consider that the processing of personal data relating to them violates the Regulation. This is without prejudice to any other administrative or judicial remedies. The supervisory authority in the Slovak Republic is the Office for Personal Data Protection of the Slovak Republic, located at Hraničná 12, 820 07 Bratislava, ID: 36 064 220, email: statny.dozor@pdp.gov.sk, phone: 02/3231 3214.

Information on the existence / non-existence of the data subject’s obligation to provide personal data:

The Controller informs the data subject that providing personal data is necessary for concluding and fulfilling the contract. The Controller informs the data subject that they are not obliged to provide personal data or to give consent for their processing. The consequence of not providing personal data and/or not giving consent to process personal data will be that the Controller will not be able to conclude and fulfill the contract.

Information related to automated decision-making including profiling: Not applicable

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

Analytics

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Powered by  GDPR Cookie Compliance