Information on the processing of personal data

In connection with the processing of personal data, we provide you with the following information in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Acts.
I.
BASIC PROVISIONS

1. The Controller who determines the purposes and means of processing your personal data is Jozef Pauk – HRD-Systém, with registered office at Hôrky 2091, 02302 Krásno nad Kysucou, Company ID: 36 942 472, VAT ID: 1039247231, registered in the Trade Register of the District Office Čadca, Trade Register Number: 502-12248.
2. Contact details:
Address: Hôrky 2091, 023 02 Krásno nad Kysucou, Slovakia
Email: info@secpelle.com
Phone: +421 41 421 11 93

II.
SCOPE OF PERSONAL DATA

We minimize the extent of personal data we process to meet the quality requirements of the services you expect from us, fulfill our legal obligations, and protect our legitimate interests. We process the following categories of personal data of our customers:
• Basic data, including your name and address of residence
• Contact details, including your email, telephone number, or contact address
• Registration data (name, password) and account settings if you registered before making a purchase
• Records of email and chat communication or any other communication with you in electronic or written form.
• Transaction data, primarily information about your payments and payment methods.
• Personal data processed automatically: When visiting the secpelle.com website, we may collect certain information about you, such as your IP address, date and time of access to our website, information about your internet browser, operating system, or language settings. We may also process information about your behavior on our websites, such as which links on our websites you visit and which products are displayed to you.
• Automatically, cookies are processed. These are small text files that are created when visiting a website. They serve to store information about how our website is used. We distinguish (but do not identify) individual users from each other and customize the content to specific preferences. Learn more here.

III.
PURPOSES AND LEGAL BASIS OF PROCESSING

We process your personal data in order to enable you to make convenient purchases and to deliver the ordered goods to you. We process your personal data in accordance with the law, based on the following legal bases:

1. Processing based on the performance of a contract pursuant to Art. 6(1)(b) of the GDPR
• For the purposes of ordering and delivering goods (preparation and execution of remote purchase contracts)
• For the purposes of business communication, in the preparation and execution of business contracts, when ordering goods, delivering them, and providing related information
• For the purposes of registration on the e-shop as a step preceding the conclusion of a contract based on your decision and enabling you to make more convenient repeated purchases
• For the purposes of providing data for the delivery of goods by a courier. The companies we use provide services in accordance with Act No. 324/2011 Coll. on Postal Services. Your data will subsequently be processed by these third-party companies for the time necessary to deliver the shipments.

2. Processing based on legal obligation pursuant to Art. 6(1)(c) of the GDPR
• For the purposes of handling complaints in accordance with Act No. 250/2007 Coll. on Consumer Protection and Act No. 102/2014 Coll. on Consumer Protection in Distance Selling or Off-Premises Sales
• For the purposes of maintaining accounting and tax records in accordance with Act No. 431/2002 on Accounting, Act No. 222/2004 Coll. on Value Added Tax, and Act No. 595/2003 on Income Tax
• For the purposes of network and information system security in accordance with Act No. 69/2018 Coll. on Cybersecurity and Article 32 of the GDPR
• For the purposes of handling requests from data subjects related to the exercise of rights within the framework of personal data protection under the GDPR

3. Processing based on legitimate interest pursued by the Controller pursuant to Art. 6(1)(f) of the GDPR
• For the purposes of sending informational newsletters to customers in connection with registration or purchases. You can unsubscribe from the newsletter at any time.
• For the purposes of managing legal matters related to the verification, defense, and enforcement of legal claims.

IV.
RETENTION PERIOD OF PERSONAL DATA

If we process your data based on the performance of a contract, we will process them for the duration of the contract and for 5 years after its termination.
If we process your data based on your consent, we will process them for the duration of your consent, but not exceeding 3 years. After this period, we will dispose of them.

If we process your data based on a legal obligation, we will process them for the duration specified by the relevant legislative regulation.

• In the case of accounting, this period is 10 years.
• In the case of complaints, this period is 2 years from the date of the complaint.
• In the case of cybersecurity, this period is 12 months.

If we process your data based on a legitimate interest pursued by the Controller, we will process them for the period necessary to achieve the processing purpose.

• In the case of sending newsletters, the retention period is 24 months from the last opening.
• In the case of verifying, defending, and enforcing legal claims, the retention period is until the expiration of the statute of limitations (3 years for civil law disputes).

V.
CATEGORIES OF RECIPIENTS

Your personal data may be disclosed to the following categories of recipients:

• Slovenská pošta, a.s., with registered office at Partizánska cesta 9, 975 99 Banská Bystrica, ID number: 36 631 124 – Delivery of ordered goods.
• Geis Parcel SK s.r.o., with registered office at Trňanská 6, 960 01 Zvolen, ID number: 46 489 592 – Delivery of ordered goods.
• WebSupport s.r.o., with registered office at Karadžičova 12, 821 08 Bratislava, ID number: 36 421 928 – Operation of e-shop servers.
• Public authorities, in cases where the Controller is obliged to provide personal data based on a generally binding legal regulation or a decision of a public authority.
• 24Pay

VI.
YOUR RIGHTS RELATED TO PERSONAL DATA PROTECTION

In the processing of your personal data, we are ready to respect your rights.

• You have the right to access your personal data and to know the purpose of their processing, the recipients of your personal data, and the retention period.
• You have the right to rectify your personal data if they are inaccurate or have changed. Contact us, and we will correct them.
• You have the right to erasure of personal data if they are inaccurate or processed unlawfully.
• If your personal data are processed based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal.
• You have the right to restrict the processing if you wish. We will only process the data for essential legal reasons or not at all.
• You have the right to data portability if you wish to transfer them to another controller. We will provide them to you in a suitable format unless there are other technical or legal obstacles.
• You have the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, with its registered office at Hraničná 12, 820 07 Bratislava 27, Slovak Republic, ID number: 36 064 220, tel. no.: +421 2 3231 3220, https://dataprotection.gov.sk/uoou/.