Privacy and Data Management Policy
The personal data controller, under Art. 4 point 7 of (EU) Regulation 2016/679 of the European Parliament and of the Council on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such Data (hereinafter referred to as “GDPR”) is Luxury Eyewear SK, s.r.o., registered office: Ulica 29. Augusta 36/A, 811 09 Bratislava, (hereinafter referred to as "the operator").
The contact details of the operator are: postal address: Ulica 29. Augusta 36/A, 811 09 Bratislava, email: firstname.lastname@example.org
Personal data are data relating to an identified natural person or identifiable natural person that can be identified directly or indirectly, in particular on the basis of a generic identifier, of another identifier, such as name, surname, identification number, location data, or online identifier, or based on one or more characteristics or signs that make up its physical identity, physiological identity, genetic identity, psychological identity, mental identity, economic identity, cultural identity, or social identity.
Sources of processed personal data, legitimate reason and purpose of the processing of personal data
The operator is processing personal data you have provided to him or personal data he has received on the basis of the performance of your order, these are necessary for the performance of the contract.
Legal reason for the processing of personal data is:
a) performance of the contract between you and the Operator under Article 6 Par. 1 Letter b) of the GDPR,
b) legitimate interest of the Operator in providing direct marketing (for sending business announcements and newsletters) under Article 6 Par. 1 Letter f) of the GDPR,
c) Your consent to processing for the purpose of providing direct marketing (for sending business announcements and newsletters) pursuant to Article 6 Par.1 Letter a) of the GDPR in the absence of ordering goods or services.
The purpose of processing your personal data is to manage and fulfil your order and to exercise the rights and obligations arising from the contractual relationship between you and the Operator; When ordering, the personal information required to successfully process the order (title, name, surname, permanent address / delivery address, email and telephone contact) is required. The provision of such personal data is a prerequisite for the conclusion and fulfilment of the contract, without the provision of personal data it is not possible to conclude the contract or to execute the contract by the Operator.
Time of processing and personal data storage
The Operator shall process and store the personal data:
- for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the Operator and to exercise the rights under these contractual relationships (for a period of 5 years from the termination of the contractual relationship);
- until the consent to the processing of personal data for marketing purposes is revoked, for a maximum of 10 years, if the personal data are processed by consent.
After the retention period of the personal data, the administrator will delete the personal data.
Recipients of personal data
The recipients of personal data are the persons involved in the delivery of goods, the execution of payments under the contract, the persons providing the services of the e-shop operation and other services in connection with the operation of the e-shop, the persons providing marketing services.
The operator does not intend to provide personal data to countries outside the European Union or to an international organization.
Rights of the concerned person - Your rights
Under the terms of the GDPR you have the following rights:
- the right to access your personal data,
- the right to correct your personal data,
- the right to restrict the processing of personal data,
- the right to delete personal data relating to you, provided that personal data are no longer required for purposes, for which they were obtained or otherwise processed; the concerned person shall withdraw the consent, under which the processing is carried out, the concerned person shall object to the processing of personal data pursuant to Article II. Par. 11, if personal data have been processed unlawfully, another reason for deletion is the obligation by law, special regulation or international treaty binding the Slovak Republic or if personal data were obtained in connection with the services of an information company about a person under 16 years of age,
- the right to delete personal data, provided that processing is necessary: to exercise the right to freedom of expression and to information; to fulfil an obligation under a law, a special regulation or an international treaty binding the Slovak Republic or to fulfil a public service task or the exercise of public authority entrusted to the Operator, on grounds of public interest in public health, for the purpose of archiving in the public interest, for the purpose of scientific or historical research or for statistical purposes, where it is likely that the right of deletion would hinder or seriously impair the attainment of the objectives of such processing or the demonstration and the defence of legal claims;
- the right to limit the processing of personal data if it asserts the correctness of personal data by an objection under Article II. Par. 11, during a period allowing the operator to verify the accuracy of personal data; processing is illegal and the concerned person requests a restriction of their use instead of the deletion of personal data; the operator no longer needs personal data for processing but needs the concerned person to prove, apply or defend legal claims; the concerned person has objected to the processing of personal data on the basis of the operator's legitimate right, even if the verification is pending if the legitimate reasons on the part of the Operator outweigh the legitimate reasons of the concerned person,
- the right to data portability (i.e. the obtaining of personal data provided to the Operator, with the right to transfer these data to another Operator in a user-friendly and machine-readable format, provided that the personal data were obtained with the consent of the data subject or under contract, and their processing takes place by automated means),
- the right to object at any time to the processing of personal data
- the right to withdraw at any time the consent to the processing of personal data, where the processing of personal data was based on this legal title;
- the right to file a complaint with the Office for the Protection of Personal Data, if you believe your personal data protection rights have been violated.
The Operator declares that he has taken all technical and organizational measures to ensure personal data security, in particular technical measures to secure data repositories and personal data repositories in written form.
The Operator declares that the personal data are accessed only by persons authorized to do so.