Information on processing of personal data

1. Identification of the Controller:

The Company EUROPALT, spol. s r.o., seated: Tehla 117, 935 3, Id. No.: 34 118 641, registered in Business register of the District court, section: Sro, Insert No.: 1174/N (hereinafter referred to as the „Controller“), who processed personal data in accordance with the conditions laid down, is by Regulation EÚ 2016/679 of the European parliament and of the Council of 27. April 2016 on the protection of natural person in regard to the processing of personal data and free movement of such data (hereinafter referred to as the „Regulation“), as well as by the ACT. No. 18/2018 Coll. On the protection of personal data as amended (Hereinafter referred to as the „Act No. 18/2018“) controller of personal data, i. e. the legal person which determined the purpose and means of such personal data processing.

The personal data are defined in Art 4. of the Regulation as well as in § 2 of the Act No. 18/2018 and are understood as any information relating to an identified or identifiable natural person (hereinafter referred to as the „data subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing of personal data is defined in Art 4. of the Regulation as well as in § 5 letter f) of the Act No. 18/2018 any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, storage, adaptation or alteration, erasure or destruction.

Processing of the personal data is relating to the data subject, i. e. the subject whose personal data are processed. While processing personal data, we pay attention to the protection of privacy, we process personal data with due care and in accordance with our obligations under our applicable laws. Access to personal data will be granted only to authorized persons by the Controller to process personal data, who process personal data in accordance with the Controller’s instructions.

The Controller processes the personal data of each natural and legal person who has concluded the distance contract by means of online shop https://incinerating-toilets.com (hereinafter referred to as the „purchaser“ or „costumer“).

2. Processing personal data for individual purposes:

2.1. Purchase of goods through online shop, delivery of the goods, dealing with complaints
The controller processes the following customer personal data:
a) for the purpose of the purchase of goods by means of the online shop a goods delivery: name, surname, phone number, email address, address, data about the purchased good, data about the payment (bank account, paid amount, date of crediting the payment on Controller’s account),
b) for the purpose of the dealing with complaints in addition to the data specified in point a), also the data on the goods to which complaints relates and the data provided by the purchaser when making a complaint.

Legal basis of processing the abovementioned personal data is Art. 6 (1) letter b) and letter c) of the Regulation.

The processing of personal data by Controller is necessary for the performance of the purchase contract of goods or the contract concluded with the Controller business partner and for the purposes of fulfilling the Controller legal obligation.

The recipients of the personal data are following persons:
• Controller business partners,
• Accountant, or accounting company.

Personal data are processed during performance of the Purchase contract of goods and while warranty period for delivered goods is running.

2.2. Registration and Service of the online shop
The Controller processes following personal data: name, surname, phone number, email address, address.

Legal basis of processing the abovementioned personal data is Art. 6 (1) letter b) of the Regulation.

The processing of personal data by Controller is necessary for ensuring the registration and service of the online shop.

The recipients of the personal data are processors with whom the Controller has concluded contract and whose data will be sent to the purchaser on the basis of his/her written request.

Personal data are processed during registration in online shop.

2.3. Dealing with the customer complaints
The Controller processes the following personal data: name, surname, data contained in the complaint and depending on the method of filing the complaint as well as customer’s address, phone number or email address.

Legal basis of processing the abovementioned personal data is Art. 6 (1) letter b) of the Regulation.

The processing of personal data by Controller is necessary to resolve the customer’s complaint.

Personal data are processed until the customer’s complaint is resolved.

2.4. Enforcement of Controller’s rights
The Controller processes the following personal data: data contained in the contracts concluded ith customers, suppliers and business partners, data stated in the customer’s complaints, data required to file an action by the Controller, data stated in action against Controller, data stated in stated in the theft records, data kept in the accounts and other data necessary in connection with the possible assertion of rights or protection of the legitimate interests of the Controller.

The purpose of the processing of abovementioned personal data is legitimate interests of Controller and legal basis is Art 6 (1) letter f) of Regulation.

The legitimate interests of the Controller is the protection of his property as well as protection against unjustified enforcement of rights by customers.

The recipients of the personal data are following subjects:
• Courts, Public authorities,
• Legal representatives and tax advisers and
• Other professional advisers as controllers.

The personal data are processed during the lawsuit and while limitation period is running.

2.5. Fulfillment of the Controller legal obligation
The Controller processes the personal data mentioned in the 2.1 a 2.4 for the purpose of his legal obligations.

The legal basis is Art 6 (1( letter c) of the regulation (for examples: Accounting Act, Value Added Tax Act, Income Tax Act, Consumer Protection Act, Archives and Registries Act, Civil Code, Commercial Code).

The recipients of the personal data are following subjects:
• tax advisers, auditors,
• Courts, public authorities as cotrollers,
• Advocates or legal representatives.

The personal data are processed during the period required by the relevant legislation.

3. Data subject rights

3.1. Right to information:
The data subject has the right to be informed about the purposes of the processing of personal data, the categories of personal data processed, the recipients of such personal data, the retention period of personal data, the rights of the data subject, the origin of personal data as well as automated decision-making.

3.2. Right of access of personal data:
The data subject has the right to provide copies of the personal data we have about him/her, as well as information on how we use personal data. Personal data will be provided to the data subject in writing, provided that the data subject does not request another method of providing. In the case the data subject requested to provide such data in electronic form, we will provide this data electronically.

3.3. Right of correction and addition:
As the Controller, we take appropriate technical and organizational measures to ensure the accuracy, completeness and timeliness of the data we process. In case you think that the data we process is inaccurate, incomplete or out of date, you have the right to modify, supplement or update them.

3.4. Right of erasure (right of oblivion):
The data subject has the right to request the deletion of personal data in the case the personal data we have processed have no longer been necessary for the mainly purpose. This right is not absolute and needs to be assessed in the light of the relevant circumstances. In the event we still have legal and regulatory obligations to retain personal data, we will not be able to comply with the request.

3.5. Right to restrict processing:
In certain circumstances, the data subject is entitled to require us to stop processing his or her personal data, for example if you think that the personal data processed by the Controller may be incorrect, inaccurate or no longer need to be processed.

3.6. Right to data portability:
The data subject has the right to request the transfer of provided personal data to the third party of his/her choice. This right applies only to personal data that we have processed on the basis of customer consent or on the basis of a contract.

3.7. Right to object the processing:
The data subject has the right to object to the processing of personal data. If you think that we have no legitimate reason to process personal data and you object to the processing, we will not further process your personal data unless there are compelling reasons that outweigh your interests, rights and freedoms, or in the case the processing of personal data serves to assert, enforce or defend legal claims.

3.8. Right to file a complaint to the supervisory authority (personal data protection):
In case, you believe that your rights regarding the protection of personal data have been violated, you can file a complaint to the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, with its registered office at Hraničná 12, 820 07 Bratislava 27, phone number: +421/2/3231 3214, e-mail: statny.dozor@pdp.gov.sk, https://dataprotection.gov.sk.

3.9. Right to withdraw the consent:
In cases where we process personal data on the basis of consent, the data subject has the right to revoke such consent anytime. The consent may be revoked electronically by e-mail address, in writing by notice of consent revocation or in another manner equivalent to that consent.

3.10. Right to compensation:
In the event that you think that our action is in violation of the Act and therefore you have suffered material or non-material damage, you have the right to compensation for damages against the Controller in accordance with the provisions of the Civil Procedure Code.

The data subject may enforce these rights by contacting the Controller
a) in writing by sending a letter to the address of the Controller’s registered office,
b) electronically by sending an email to the email address: info@incinerating-toilets.com or
c) by phone at: _+ 421/366350503.

4. Relevant legislation
The relevant legal acts are Regulation, Act 18/2018 Coll. as amended and other applicable generally binding legal act and regulations.

In accordance with the principle of minimizing the personal data retention within the meaning of § 10 of the Act 18/2018, all provided personal data are a necessary legal or contractual requirement to fulfill the purpose of their processing. Failure to provide the mandatory data necessary to conclude the contract with the Controller may result in the non-conclusion of the contractual relationship.