Conditions for Processing Personal Data

Don’t forget to read the related document: General Business Terms and Conditions.

1. Dear customers, these Conditions for Processing Personal Data (hereinafter referred to as the “Conditions”) apply to your personal data and privacy. We kindly ask you to read them carefully.

BASIC INFORMATION

2. These Conditions stipulate, in a clear and rational manner, the principles and rules applicable to the processing of personal data of users of services provided by the company Shooos s.r.o., with its registered office at No. 44 Nábrežie arm. gen. L. Svobodu, 81102 Bratislava, Slovakia, registered with the Companies Register of the Bratislava I District Court, Section: Sro , Insert No.: 4409/B, Company ID No.: 31342965, VAT No.: SK2020801101 (hereinafter referred to as “Shooos” or the “Controller”), by means of the websites under Shooos domains (.hu/.ro/.at/.de etc) (hereinafter referred to as the “services”).

3. Shoos is processing personal data of users of services in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “Regulation”), Act No. 18/2018 Coll. on Personal Data Protection and on Amendments and Supplements to Certain Acts (hereinafter referred to as the “Act”) and other related generally binding legal regulations.

4. Personal data means, according to the relevant provisions of the Regulation and the Act, any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to a generally usable identifier, other identifier such as a name, surname, an identification number, location data, an online identifier or on the basis of one or more characteristics or features which create physical, physiological, genetic, psychological, mental, economic, cultural or social identity of that natural person.

5. Data subject according to the Regulation and the Act, i.e. the natural person whose personal data are being processed is every user of Shooos services, including you.

6. Controller means, according to the Regulation and the Act, the company Shooos which has determined the purposes of and the means for the processing of your personal data and is processing your personal data on its own behalf.

7. These Conditions for Processing Personal Data shall enter into force 25 May 2018 and shall be deemed to constitute compliance with the Controller’s duty to provide information relating to data subjects according to Article 13 of the Regulation and Section 19 of the Act.

WHAT IS THE LEGAL BASIS FOR AND PURPOSE OF PERSONAL DATA PROCESSING?

8. Upon active confirmation that you agree with the Conditions (by clicking the relevant box) and after you send your order or otherwise identified request for the delivery of particular service or goods:

a) you freely give the Controller your consent to the processing of your personal data for the purposes specified in the Conditions in compliance with the Regulation and the Act;

b) you confirm that the personal data you have completed are accurate and up-to-date;

c) you also confirm that if you are below the age of 16 years, your statutory representative (e.g. your parent) has given or authorised the consent to the processing of your personal data.

9. The purpose of processing of your personal data is the supply of the Controller’s goods or service or the entering into and performance of a contract which constitutes the legal basis for the use and continuation of the requested service.

Controller’s services include an e-shop, i.e. purchase of goods or services on the Shooos web address, including all domains which fall under the Controller.

10. In this regard, the Controller recommends that you familiarise yourself thoroughly with the conditions of the requested service which are described in detail in the relevant documents available on the Shooos website, specifically in the document “General Business Terms and Conditions”.

11. The disclosure and processing of your personal data is necessary for a dispatch of the Controller’s goods or provision of the Controller’s service you have requested, as well as for entering into and performance of the contract which constitutes the legal basis for the use of the requested service/goods.

12. The purpose closely connected with the use of services means sending of short e-mail messages about delivery, removal from storage or billing, or any other important or useful information relating to your service, which the Provider will be allowed to send to the e-mail address you have provided and registered. You can subscribe or unsubscribe to receive these short e-mail messages in the settings of your account/profile registered on the website www.shooos.sk.

13. The purpose closely connected with the use of services also means the analysis and statistics concerning the use of the services, allowing the Controller to improve the quality and optimise its services and website.

14. The processing of your personal data is necessary for the purposes of direct marketing, including profiling to the extent in which it relates to direct marketing which, in accordance with recital 47 of the Regulation, is also the legitimate interest of the Controller. That means that the Controller is also entitled to process the provided personal data for the purpose of direct marketing which means that the Controller is entitled to send you e-mail messages with commercial contents.

By giving your consent to the processing of personal data in accordance with these Conditions, you also consent to the processing of your personal data for the purposes of effective marketing communication, including profiling to the extent that it is related to such purpose, based on what it will be displayed to you on the Shooos website.

15. The processing of your personal data may also be necessary for the purpose of fulfilment of the Controller’s obligation resulting from the Regulation, Act or other generally binding legal regulations (for instance, Act No. 431/2002 Coll. on Accounting).

16. The processing of your personal data may also be necessary for the purpose of a legitimate interest of the Controller:

a) exercise, establishment and enforcement of the Controller’s legal claims out of court and in court;

b) protection against criminal activities, notification and demonstration of criminal activities and cooperation with law-enforcement authorities and courts in identification of criminal activities and their perpetrators;

c) protection against misuse of the Controller’s services and ensuring security of the Controller’s website and information infrastructure;

d) for the purpose of any other legitimate interest of the Controller or a third party in compliance with the Regulation and the Act.

17. The Controller is entitled to process your personal data for any purpose other than the purposes indicated herein only if you have specifically granted the Controller your consent or if the processing of personal data for that other purpose is compatible with the purpose for which the personal data were initially collected. According to the Act, the processing of personal data for the purpose of archiving or for statistical purposes is deemed processing compatible with the initial purpose. In the case of processing for these purposes, the Controller has put in place appropriate and effective technical and organisational measures to ensure, in particular, minimising of personal data and also pseudonymising based on what the personal data that are being processed cannot be attributed to a specific data subject without the use of additional information which is kept separately.

WHAT IS THE SCOPE OF THE PERSONAL DATA SUBJECT TO PROCESSING?

18. The Controller is processing your personal data to the extent strictly necessary to achieve the purpose of their processing, namely as follows:

  • e-mail address;

  • name and surname;

  • postal address (street, orientation number, municipality, postal code, country);

  • phone number;

  • data about login to your registered account (only if you register yourself);

  • data about visits to and browsing through the website;

  • IP address;

  • data from cookies.

 

19. Cookies. The Controller uses cookies on the website Shooos. You can give your consent to the use of cookies by clicking the relevant box in the pop-out bar which appears automatically when you visit the website.

What are cookies?

Cookies are small text files that are stored by the website www.shooos.sk on your computer, mobile phone or other device. Cookies used by the Controller allow the website to recognise you and then make the requested service available to you. The website may also use cookies to record the settings of your internet browser, your language preferences and the like, making your future visits to the website faster and more comfortable. Browsing through the website without cookies would be more complicated and the website might not work properly. Cookies help the Controller to constantly improve and develop the offer and settings of its services and tailor them to your preferences and needs. Based on cookies, we can analyse and statistically evaluate the use of services and advertising on the website and subsequently improve its contents, functions or design, as well as target marketing communication in a more effective and relevant manner.

How to control and delete cookies?

Internet browsers usually accept cookies automatically in the default settings. You can set your browser to block all cookies or selectively accept some cookies and you may also delete the cookies stored on your computer, mobile phone or other device. If you do not wish to have cookies used in your browser by the Controller, you can set your browser to block cookies or inform you about attempts to store cookies on your device every time the website attempts to do that. However, if you block all cookies, you will still be able to visit the website, but some of its features might not work correctly. The Controller therefore recommends that you keep cookies activated. Information about individual internet browsers and the way of setting cookies is available at the following websites:

Chrome: https://support.google.com

Firefox: https://support.mozilla.org

Internet Explorer: https://support.microsoft.com

Safari: https://www.apple.com

http://www.allaboutcookies.org/

HOW LONG ARE PERSONAL DATA RETAINED?

20. The personal data subject to processing are retained to the extent necessary and in the form allowing your identification, however, only until necessary to achieve the purpose for which they are being processed. The Controller will then secure destruction (erasure or anonymising) of your personal data without undue delay and in accordance with the Regulation and the Act.

ARE THE PERSONAL DATA WHICH ARE SUBJECT TO PROCESSING PROTECTED? TO WHOM MAY THEY BE DISCLOSED?

21. Your personal data are secure, because their processing is automated by means of the Controller’s information system and by means of appropriate technical and organisational measures to ensure security of personal data, including protection against unauthorised processing of personal data, unlawful processing of personal data, accidental loss of personal data, deletion or damage of personal data. In this context, the Controller is entitled to authorise, on the basis of a written agreement, a third party which has suitable personnel, technical, organisational and professional capacities to process your personal data. The third party will process your personal data as a processor on behalf of the Controller in compliance with the Regulation and the Act.

22. The Controller is entitled to disclose your personal data to the extent necessary to the following recipients:

a) to persons who exercise and enforce the Controller’s legal claims on behalf of the Controller out of court and in court for the purpose of exercise and enforcement of the Controller’s legal claims;

b) to courts, court enforcement officers, law-enforcement authorities or other public authorities for the purpose of exercise and enforcement of the Controller’s legal claims or compliance with the Controller’s obligations according to the generally binding legal regulations;

c) to logistics companies which deliver goods you have purchased in our e-shop for the purpose of performance of the contract which creates the legal basis for the service;

d) to persons who secure for the Controller the technical operation of its services, website and information infrastructure, namely solely for this purpose;

e) to person who ensure for the Controller the security and protection of its services, website and information infrastructure and who also monitor and perform testing of security and protection on a regular basis, namely solely for this purpose;

f) to persons who provide the Controller with analytical and statistical services for the purpose of improving the quality and optimizing the Controller’s services and website;

g) to persons who provide the Controller with marketing services and that solely for the purpose of effective and relevant marketing communication of the Controller (to avoid any doubts, these persons will not be allowed to use your personal data for their own marketing or for marketing activities of any person other than the Controller).

WHAT ARE YOUR RIGHTS IN RELATION TO PERSONAL DATA PROCESSING?

23. We hereby inform you of the rights and legally significant facts related to the protection of your personal data which follow from the relevant provisions of the Regulation and the Act:

a) you have the right to request from the Controller access to personal data (in more detail in Article 15 of the Regulation and in Section 21 of the Act);

b) you have the right to request from the Controller rectification of personal data (in more detail in Article 16 of the Regulation and in Section 22 of the Act);

c) you have the right to request from the Controller erasure of personal data, the so-called right to be forgotten (in more detail in Article 17 of the Regulation and in Section 23 of the Act);

d) you have the right to request from the Controller restriction of personal data processing (in more detail in Article 18 of the Regulation and in Section 24 of the Act);

e) you have the right to personal data portability to another controller (in more detail in Article 20 of the Regulation and in Section 26 of the Act);

f) you have the right to object to personal data processing by filing your objection with the Controller (in more detail in Article 21 of the Regulation and in Section 27 of the Act);

g) you have the right to submit a petition initiating the procedure of personal data protection addressed to the Office for Personal Data Protection of the Slovak Republic (in more detail in Sections 99 through 103 of the Act);

h) you have the right to withdraw your consent to personal data processing at any time;

i) the provision of personal data is a requirement necessary to enter into a contract and in the case of failure to provide personal data, it will not be possible to enter into and fulfil the contract which constitutes the legal basis for the supply of the service you have requested.

24. We, specifically, point out the right to object to personal data processing according to which you can:

a) to object to personal data processing within the performance of a task carried out in the public interest, in the exercise of official authority and on the basis of a legitimate interest of the Controller or a third party, including profiling based on these legal grounds;

b) to object to personal data processing for the purposes of direct marketing on the basis of a legitimate interest of the Controller, including profiling to the extent that it is related to such direct marketing.

25. Particular attention is also drawn to your right to withdraw your consent to personal data processing at any time.

The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. If you have withdrawn your consent to personal data processing and there is no other legal ground for the processing of personal data, the Controller will ensure destruction (erasure and anonymization) of your personal data without undue delay in accordance with the Regulation and the Act.

HOW TO EXERCISE THE RIGHTS RELATING TO PERSONAL DATA PROCESSING?

26. You can exercise your rights or raise questions concerning the processing of personal data on the basis of a request sent directly to the Controller or the Data Protection Officer designated by the Controller by using any of the below-mentioned contact details or in any other way of your choice.

The Controller

Data Protection Officer

Postal address:

Shooos s.r.o., Nábr. L. Svobodu 44, 81102 Bratislava, Slovakia, EÚ

E-mail address:

Phone No.:

[email protected]

00421-910-950650

27. By granting your consent to the processing of personal data according to these Conditions, you acknowledge that in the case that your request according to Section 26 hereof is manifestly unfounded or excessive, in particular because of its repetitive character, the Controller, taking into account the contents of the request, may:

a) charge a reasonable fee taking into account the administrative costs of providing the information or a reasonable fee taking into account the administrative costs of communication or a reasonable fee taking into account the administrative costs of taking the action requested; or

b) refuse to act on the request.

28. You further acknowledge that prior to the handling of your request according to Section 26 hereof, the Controller must, primarily, reliably verify your identity in order to prevent any abuse of your rights. For that reason, the Controller may request the provision of additional information or documents necessary to verify the identity of the data subject (your identity), where the Controller has reasonable doubts concerning the identity of the person making the request. Where, after applying the procedure referred to in the previous sentence, the Controller is not able to provably verify the identity of the data subject (your identity), the Controller will inform the person making the request accordingly, if possible, and will refuse to act on the request.

29. If the Controller dismisses your request, you may apply to the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07, Bratislava 27, Slovak Republic, acting as the supervisory authority. You may also contact the Office for Personal Data Protection directly.

© SHOOOS