Privacy policy

pursuant to Act 18/2018 Coll. on personal data protection (hereinafter referred to as the ‘Act’) and Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to personal data processing and on the free movement of such data (hereinafter referred to as the ‘GDPR’)

Article I

General provisions

In accordance with § 6 to §12 of the Act, the basic Personal data processing principles are:

Principle of lawfulness: Personal data may only be processed lawfully and in a way that does not violate the data subject’s fundamental rights.

Principle of purpose limitations: Personal data may only be collected for a specific, explicit and legitimate purpose and may not be further processed in a way incompatible with that purpose; further personal data processing for archiving purposes, for scientific purposes, for historical research purposes or for statistical purposes, if they comply with a specific regulation and if adequate safeguards for the protection of the data subject’s rights pursuant to § 78(8) of the Act, is not considered incompatible with the original purpose.

Principle of personal data minimisation: The processed personal data shall be adequate, relevant and limited to the extent necessary for the purpose that they are processed.

Principle of accuracy: The processed personal data must be accurate and updated as necessary; adequate and effective measures shall be taken to ensure that personal data which is inaccurate in relation to the purposes for which they are processed are erased or rectified without undue delay.

Principle of storage minimisation: Personal data shall be stored in a form which allows the data subject to be identified at the latest until it is necessary for the purpose for which the personal data is processed; personal data may be kept longer if it is to be processed solely for archiving purposes, scientific purposes, historical research purposes or for statistical purposes on the basis of a specific regulation and if adequate safeguards for protecting the data subject’s rights under § 78(8) of the Act are met.

Principle of integrity and confidentiality: Personal data shall be processed in a manner that ensures adequate personal data security by appropriate technical and organisational measures, including protection against unauthorised personal data processing, unlawful personal data processing, accidental loss of personal data, deletion of personal data or damage to personal data.

Principle of responsibility: The controller shall be responsible for adhering to the basic personal data processing principles, for the compliance of personal data processing with personal data processing principles and shall demonstrate such compliance with personal data processing principles at the request of the Slovak Republic Personal Data Protection Office.

 

Article II

Principle of responsibility: In accordance with § 12 of the Act, the controller shall be responsible for adhering to the basic principles for personal data processing, for compliance of personal data processing with the personal data processing principles and shall demonstrate such compliance with the personal data processing principles at the request of the Office.

 

Article III

Personal data controller and content of these principles

Your personal data controller is WOOWSTUDIO s. r. o., with its registered office at Černyševského 26, 851 01 Bratislava, Business ID: 50 449 192 (hereinafter referred to as the ‘Company’).

The Company endeavours to act lawfully and responsibly when acquiring, collecting, using and protecting personal data.

The Personal Data Protection Principles (hereinafter referred to as the ‘Principles’) were prepared to this end, which: 

  • determine the conditions for processing the personal data that the Company collects;
  • explain the scope, purpose, reason and method of processing personal data;
  • explain under what circumstances personal data are shared with other companies;
  • explain the rights of the data subjects;
  • provide for security measures;

if you use our services and we provide the services to you.

The use of our services and the provision of services by our Company shall mean:

  • placing an order with our Company and its acceptance by our Company;
  • assigning an order number;
  • entering into an agreement with our Company;
  • signing-up for a marketing programme;
  • shopping at our Company;
  • delivery of goods or services by our Company;
  • settlement of a given service – sending an invoice and paying the invoice;
  • complaint procedure.

These Principles also apply to security measures for the protection of personal data taken by our Company.

These Principles also apply to the functioning of the CCTV system in the building of our Company’s main office.

 

Article IV

Personal data source

Our Company processes personal data:

  • obtained from you as suppliers, customers, clients on the basis of the submitted papers, orders, documents, online communication;
  • obtained from you based on your written consent, which may be given to us in writing, by email or through a form on the website;
  • obtained from third parties;
  • obtained from publicly available sources.

 

Article V

Scope and reason for personal data processing

Our Company processes personal data solely to fulfil contractual and legal obligations.

In order to fulfil our contractual and legal obligations, we process the following personal data with respect to our suppliers:

  • name and surname, degree;
  • birth certificate number;
  • address;
  • email address;
  • telephone number;
  • other data necessary to fulfil legal obligations.

In order to fulfil our contractual and legal obligations, we process the following personal data with respect to our customers:

  • name and surname, degree;
  • date of birth;
  • birth certificate number;
  • address;
  • ID number;
  • email address;
  • telephone number;
  • other data necessary to fulfil legal obligations.

We process personal data for customer care purposes based on the controller’s legitimate interest, which is customer care and protection.

In order to ensure customer safety and protect Company assets, we process personal data based on legitimate interest. In this case, we can use the building operator’s CCTV records at the building’s entrance.

For purposes of legal claims, we process personal data as described above.

 

Article VI

Sharing personal data

We do not share your personal data with third parties.

We may share personal data with other companies for the following reasons:

  • if we are legally obliged to share personal data, or if it is required by a public authority, or when necessary to exercise justice;
  • if it is necessary to share personal data to assert our legal claims as well as to prevent fraud;
  • in the event of restructuring or selling our Company to a third party.

 

Article VII

Personal data provision

We only disclose your personal data to authorised persons, and persons with whom we have a valid contract on personal data processing, these are:

  • accounting company;
  • state authority in the case of legal obligations fulfilment.

 

Article VIII

The data subject’s rights

Your fundamental right as a data subject is the right to access personal data – the right to see the personal data we process and store. In order to obtain a copy of the personal data that we process, please send us ‘a request for the data subject’s access to personal data’ in writing to the Company’s address or by email. In this case, you will need to prove that you are the data subject.

Other rights related to personal data:

  • Right to inaccurate data rectification; please contact us if the personal data we process and store is inaccurate or incomplete and we will rectify it. 
  • Right to object to the use of your personal data.Upon receipt of your objection, we will evaluate its content and consider the next step in using your personal data. You will be informed of the manner of addressing your objection. If we evaluate your objection as justified, we will either limit the scope of our use of your personal data or remove them based on your request.
  • If you object to direct marketing, when you object to this, we will immediately stop using your personal data for direct marketing purposes.
  • Right to limit personal data processing upon your request.If you ask us to limit personal data processing for the following reasons:
    • we processed some of your data illegally;
    • we no longer need to store some of your personal data;
    • your objection has been found to be justified;
    • you have withdrawn your consent in part (the withdrawal of consent is possible in the same way as it was given, stating the data you are requesting to limit);

your personal data will be limited in our databases. In other cases, we will review your request/objection and decide what to do next.

  • Right to remove your personal data upon your request.If you ask us to remove your personal data for the following reasons:
    • we processed some of your data illegally;
    • we no longer need to store some of your personal data;
    • your objection has been found to be justified;
    • you have withdrawn your consent in part (the withdrawal of consent is possible in the same way as it was given, stating the data you are requesting to limit);

your personal data will be erased from our databases. In other cases, we will review your request/objection and decide what to do next.

  • Right to request the moving or transfer of a copy of such data.This right allows a change in service providers. Send us a request to move or transfer your data in writing to the Company’s address or by email. In this case, you will need to prove that you are the data subject.
  • Lodging a complaint with a supervisory authority for personal data protection. Naturally, we prefer to solve your problem without prompting the Personal Data Protection Office, but you also have the right to contact the Personal Data Protection Office, Hraničná 12, 820 07 Bratislava, email: dozor@pdp.gov.sk.

 

Article IX

Personal data storage periods

We store your personal data while performing our contractual obligations solely for the period of fulfilling an order or an agreement and for the period necessary to complete a complaint procedure.

Based on your consent, we will only store your personal data for the duration of the consent or the termination of a given service.

Based on the legitimate interest, we store your personal data only for the duration of the legitimate interest.

We will not keep your personal data longer than necessary.

 

Article X

Personal data security and protection

The security of your personal data is extremely important to us, so we have taken the necessary security measures, including mechanical, technical and organisational.

Our Company’s main office premises are monitored by the building owner’s CCTV system.

The Company’s main office has a controlled entrance, is protected by alarm and mechanical means.

The data in computers are password protected.

Documents with personal data are placed in cabinets at the Company’s main office.

In connection with the personal data collection, storage and disclosure, we require compliance with all security measures in accordance with the Personal Data Protection Directive approved by our Company.

However, please note that despite the necessary technical and organisational measures to protect your personal data, we cannot guarantee the security of personal data that you transmit to us over the Internet. 

 

Article XI

Contact

Any questions, complaints or suggestions regarding your personal data can be sent by email, to the Company’s address (Černyševského 26, 851 01 Bratislava), or by calling 00421 905 678 663.

 

Article XII

Final provisions

The Personal Data Protection Principles become effective on the date of their publication on the Company’s website.

The Company reserves the right to change the personal data processing principles in our Company changes. New or changed Principles will be posted on the Company’s website.