Welcome
Advertising is the way great brands get to be great brands.
We Are Awesome Folow Us
  • No products in the cart.
(0)
Menu
  • No products in the cart.

Personal data protection

PRINCIPLES OF PROCESSING OF PERSONAL DATA AND INFORMATION FOR THE DATA SUBJECT IN CONNECTION WITH THE OBTAINING AND PROCESSING OF PERSONAL DATA

 

/ PRINCIPLES AND INSTRUCTIONS ON THE PROTECTION OF PERSONAL DATA /

 

PROVIDED BY THE CONTROLLER TO THE DATA SUBJECT WHEN OBTAINING PERSONAL DATA FROM THE DATA SUBJECT OF THE ONLINE STORE NANUKCLOTHING.COM

 

The Controller hereby, in accordance with Article 13 para. 1 and 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 May 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter only the “Regulation”), provides the Data Subject, from whom the Controller obtains personal data relating to him/her, with the following information:

 

Identity and contact details of the Controller:

Business name: NANUKc s.r.o.

Registered office: Tŕnie 82, Tŕnie 962 34

Registered in the register of the District Court Banská Bystrica, Section: Sro, Insert number: 47682/S, Company ID (IČO): 55838294

Bank account: SK7109000000005167071452

Carrying out legal acts through: Ján Bezrouk

Email: info@nanukclothing.com

 

Processed personal data:

The Controller processes the following personal data: name, surname, domicile, email address, telephone number, data obtained from cookies, IP addresses.

 

Identity and contact details of the representative of the Controller:

A representative of the Controller is not appointed.

 

Contact details of the Data Protection Officer:

A Data Protection Officer is not appointed.

 

Purposes of the processing of personal data of the Data Subject:

The purposes of the processing of personal data of the Data Subject are:

  1. processing of accounting documents
  2. registration of contracts and clients for the purposes of concluding and fulfilling contracts
  3. archiving of documents in accordance with legal regulations
  4. marketing activities of the Controller

 

Legal basis of the processing of personal data of the Data Subject:

The legal basis of the processing of personal data of the Data Subject will be, depending on the specific personal data and the purpose of their processing, the consent of the Data Subject to the processing of personal data, the fulfilment of a legal obligation of the Controller, the fulfilment of a contract, of which the Data Subject is a contractual party.

 

Recipients or categories of recipients of personal data:

Recipients of personal data of the Data Subject will be or at least may be (i) statutory bodies or members of statutory bodies of the Controller and (ii) employees of the Controller, (iii) sales representatives of the Controller and other persons cooperating with the Controller in the performance of the Controller’s tasks. For the purposes of this document, all natural persons performing dependent work for the Controller on the basis of an employment contract or agreements on work performed outside employment shall be considered employees of the Controller.

 

Recipients of personal data of the Data Subject will also be collaborators of the Controller, its business partners, suppliers and contractual partners, in particular: an accounting company, a company providing services related to the creation and maintenance of software, a company providing legal services to the Controller, a company providing consultancy to the Controller.

Recipients of personal data will also be courts, law enforcement authorities, the tax office and other state authorities, in cases laid down by law.

 

Information on the intended transfer of personal data to a third country:

Not applicable – the Controller does not intend to transfer personal data to a third country.

 

Period of storage of personal data:

Personal data will, in accordance with legal regulations, be stored for the necessary period for which they will be needed for the purposes of performance of the contract and their subsequent archiving.

 

Instruction on the existence of relevant rights of the Data Subject:

The Data Subject has, among other things, the following rights:

 

a) the right of the Data Subject of access to data under Article 15 of the Regulation, the content of which is:

  • the right to obtain from the Controller confirmation as to whether or not personal data concerning the Data Subject are being processed;
  • in the case that personal data of the Data Subject are processed, the right to obtain access to the processed personal data and the right to obtain the following information:
  • information on the purposes of the processing;
  • information on the categories of personal data concerned;
  • information on the recipients or categories of recipients to whom the personal data have been or will be provided, in particular in the case of recipients in third countries or international organisations;
  • where possible, information on the envisaged period for which the personal data will be stored, or, if that is not possible, information on the criteria used to determine that period;
  • information on the existence of the right to request from the Controller rectification of personal data concerning the Data Subject or their erasure or restriction of processing and on the existence of the right to object to such processing;
  • information on the right to lodge a complaint with a supervisory authority;
  • where the personal data are not obtained from the Data Subject, any available information as to their source;
  • information on the existence of automated decision-making, including profiling, referred to in Article 22 para. 1 and 4 of the Regulation and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing of personal data for the Data Subject;
  • the right to be informed of appropriate safeguards under Article 46 of the Regulation relating to the transfer of personal data, where personal data are transferred to a third country or an international organisation;
  • the right to obtain a copy of the personal data which are being processed, under the condition that the right to obtain a copy of the processed personal data shall not have adverse consequences on the rights and freedoms of others;

 

b) the right of the Data Subject to rectification under Article 16 of the Regulation, the content of which is:

  • the right to have the Controller, without undue delay, rectify inaccurate personal data concerning the Data Subject;
  • the right to have incomplete personal data of the Data Subject completed, including by means of providing a supplementary statement of the Data Subject;

 

c) the right of the Data Subject to erasure of personal data (the so-called “right to be forgotten”) under Article 17 of the Regulation, the content of which is:

(i) the right to obtain from the Controller the erasure of personal data concerning the Data Subject without undue delay where one of the following grounds applies:

 

personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

  • the Data Subject withdraws consent on which the processing is based, and this under the condition that there is no other legal basis for the processing of personal data;
  • the Data Subject objects to the processing of personal data under Article 21 para. 1 of the Regulation and there are no overriding legitimate grounds for the processing of personal data, or the Data Subject objects to the processing of personal data under Article 21 para. 2 of the Regulation;
  • personal data have been unlawfully processed;
  • personal data have to be erased for compliance with a legal obligation under European Union law or the law of a Member State to which the Controller is subject;
  • personal data have been collected in relation to the offer of information society services under Article 8 para. 1 of the Regulation;
  • the right to have the Controller, who has made the personal data of the Data Subject public, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that the Data Subject has requested them to erase any links to those personal data, or copies or replications of those personal data;

 

At the same time it applies that the right to erasure of personal data with the content of the rights under Article 17 para. 1 and 2 of the Regulation [i.e. with the content of the rights under (i) and (ii) of this letter c) point J. of this document] shall not arise where the processing of personal data is necessary:

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing under European Union law or the law of a Member State to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  3. for reasons of public interest in the area of public health in accordance with Article 9 para. 2 letters h) and i) of the Regulation, as well as Article 9 para. 3 of the Regulation;
  4. for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes under Article 89 para. 1 of the Regulation, in so far as the right referred to in Article 17 para. 1 of the Regulation is likely to render impossible or seriously impair the achievement of the objectives of such processing of personal data; or
  5. for the establishment, exercise or defence of legal claims;

d) the right of the Data Subject to restriction of processing of personal data under Article 18 of the Regulation, the content of which is:

(i) the right to have the Controller restrict the processing of personal data where one of the following applies:

 

  • the Data Subject contests the accuracy of the personal data, for a period enabling the Controller to verify the accuracy of the personal data;
  • the processing of personal data is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the Controller no longer needs the personal data for the purposes of the processing, but the Data Subject needs them for the establishment, exercise or defence of legal claims;
  • the Data Subject has objected to processing under Article 21 para. 1 of the Regulation, pending the verification whether the legitimate grounds of the Controller override those of the Data Subject;

 

  • the right that, in the case that the processing of personal data has been restricted under point (i) of this letter d) point J. of this document, such restricted personal data shall, with the exception of storage, be processed only with the consent of the Data Subject or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State;
  • the right to be informed in advance of the lifting of the restriction of processing of personal data;

 

e) the right of the Data Subject to the fulfilment of the notification obligation towards recipients under Article 19 of the Regulation, the content of which is:

  • the right to have the Controller notify each recipient to whom personal data have been provided of any rectification or erasure of personal data or restriction of processing carried out under Article 16, Article 17 para. 1 and Article 18 of the Regulation, unless this proves impossible or involves disproportionate effort;
  • the right to have the Controller inform the Data Subject about such recipients if the Data Subject so requests;

 

f) the right of the Data Subject to data portability under Article 20 of the Regulation, the content of which is:

(i) the right to receive the personal data concerning the Data Subject, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the Controller, if:

 

  • the processing is based on consent of the Data Subject under Article 6 para. 1 letter a) of the Regulation or Article 9 para. 2 letter a) of the Regulation, or on a contract under Article 6 para. 1 letter b) of the Regulation, and at the same time
  • the processing is carried out by automated means, and at the same time
  • the right to receive personal data in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the Controller will not have adverse consequences on the rights and freedoms of others;

 

(ii) the right to have the personal data transmitted directly from one controller to another controller, where technically feasible;

 

g) the right of the Data Subject to object under Article 21 of the Regulation, the content of which is:

  • the right to object at any time, on grounds relating to the Data Subject’s particular situation, to processing of personal data concerning him or her which is carried out on the basis of Article 6 para. 1 letter e) or f) of the Regulation, including profiling based on those provisions of the Regulation;
  • [in the case of exercising the right to object at any time, on grounds relating to the Data Subject’s particular situation, to processing of personal data concerning him or her which is carried out on the basis of Article 6 para. 1 letter e) or f) of the Regulation, including profiling based on those provisions of the Regulation] the right to have the Controller no longer process the personal data of the Data Subject, unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject, or grounds for the establishment, exercise or defence of legal claims;
  • the right to object at any time to the processing of personal data concerning the Data Subject for direct marketing purposes, including profiling to the extent that it is related to such direct marketing; it applies that where the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data shall no longer be processed for such purposes;
  • (in connection with the use of information society services) the right to exercise the right to object to the processing of personal data by automated means using technical specifications;
  • the right to object, on grounds relating to the Data Subject’s particular situation, to processing of personal data concerning the Data Subject where the personal data are processed for scientific or historical research purposes or statistical purposes under Article 89 para. 1 of the Regulation, except where the processing is necessary for the performance of a task carried out for reasons of public interest;

 

h) the right of the Data Subject related to automated individual decision-making under Article 22 of the Regulation, the content of which is:

  • the right not to be subject to a decision which is based solely on automated processing of personal data, including profiling, and which produces legal effects concerning him or her or similarly significantly affects him or her, except in the cases under Article 22 para. 2 of the Regulation [i.e. except in the cases where the decision: (a) is necessary for entering into, or performance of, a contract between the Data Subject and the Controller, (b) is authorised by European Union law or the law of a Member State to which the Controller is subject and which also lays down suitable measures to safeguard the rights and freedoms and legitimate interests of the Data Subject, or (c) is based on the explicit consent of the Data Subject].

 

Instruction on the right of the Data Subject to withdraw consent to the processing of personal data:

The Data Subject is entitled at any time to withdraw his/her consent to the processing of personal data, without this affecting the lawfulness of the processing of personal data based on consent granted before its withdrawal.

The Data Subject is entitled at any time to withdraw his/her consent to the processing of personal data – in full or only in part. Partial withdrawal of consent to the processing of personal data may concern a certain type of processing operation / processing operations, while the lawfulness of the processing of personal data in the scope of the remaining processing operations shall remain unaffected. Partial withdrawal of consent to the processing of personal data may concern a certain specific purpose of processing of personal data / certain specific purposes of processing of personal data, while the lawfulness of the processing of personal data for other purposes shall remain unaffected.

The right to withdraw consent to the processing of personal data may be exercised by the Data Subject in written form at the address of the Controller registered as its registered office in the Commercial Register at the time of withdrawal of consent to the processing of personal data, or in electronic form by electronic means (by sending an email to the email address of the Controller stated in the identification of the Controller in this document, or by filling in an electronic form published on the website of the Controller).

 

Instruction on the right of the Data Subject to lodge a complaint with a supervisory authority:

The Data Subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if he or she considers that the processing of personal data concerning him or her is in breach of the Regulation, all this without prejudice to any other administrative or judicial remedies.

The Data Subject has the right to have the supervisory authority to which the complaint has been lodged inform him or her, as the complainant, of the progress and the outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the Regulation.

The supervisory authority in the Slovak Republic is the Office for Personal Data Protection of the Slovak Republic.

 

Information on the existence / non-existence of the obligation of the Data Subject to provide personal data:

The Controller informs the Data Subject that the provision of personal data of the Data Subject is necessary for the conclusion of the purchase contract and for its performance. The Controller informs the Data Subject that the Data Subject is not obliged to provide personal data and is not obliged to grant consent to their processing. The consequence of not providing personal data and/or the consequence of not granting consent to the processing of personal data will be that the Controller will not be able to conclude and perform the purchase contract.

 

Information related to automated decision-making including profiling:

Not applicable. – Since, in the case of the Controller, this is not the processing of personal data of the Data Subject in the form of automated decision-making including profiling referred to in Article 22 para. 1 and 4 of the Regulation, the Controller is not obliged to provide information under Article 13 para. 2 letter f) of the Regulation, i.e. information on automated decision-making including profiling and on the procedure used, as well as on the significance and the envisaged consequences of such processing of personal data for the Data Subject.

 

Personal data protection and the use of cookies – What is a cookie file?

In connection with the EU directive on privacy in electronic communications, we offer a brief explanation of the function of cookies. Cookie files are text files which contain a small amount of information which, when you visit a website, are loaded into your computer, mobile phone or other device. Cookie files are useful, because they allow the website not only to recognise the user’s device, but at the same time allow the user to access functions on the site.

As a rule, we divide cookies into two types.

Persistent cookie files – these cookie files remain in the user’s device for the period stated in the cookie file. They are activated whenever the user visits the website which created the given cookie file.

Session cookie files – these files allow the operator of the website to link the activities of the user when the user opens the browser window and ends when the browser window is closed. Session cookie files are created temporarily. After closing the browser, all session cookie files are deleted.

 

What are cookie files?

A cookie file is a small text file which a website stores on your computer or mobile device when you browse it. Thanks to this file, the website retains information about your actions and preferences (such as login name, language, font size and other display settings) for a certain time, so that you do not have to enter them again when you next visit the site or browse its individual pages.

 

How do we use cookie files?

Our Online Store uses cookie files so that we retain:

  • your display preferences, such as colour contrast settings or font size;
  • the fact that you have already replied to a survey displayed in a separate window (pop-up), through which you can express your opinion on the content of the page (it will not be displayed again);
  • the fact whether you have agreed (or not agreed) that we may use cookie files on this website;
  • remarketing.

 

Likewise, some subpages which are part of our pages use cookie files for the anonymous collection of statistical data about how you reached them and which video clips you watched.

Allowing the use of cookie files is not strictly necessary for the correct functioning of the website, but it will provide you with a better user experience when working with it. You can delete or block cookie files. In such a case, however, it may happen that certain functionalities of the website will not work as they should.

The information stored in cookie files is not used for your personal identification and the structure of the data is fully under our control. Cookie files are not used for purposes other than those stated in this text.

 

Do we use other cookie files?

Some of our pages or sub-sites may use additional or different cookie files than those mentioned in the previous text. In such a case, detailed information on their use will be provided on the relevant page in a separate cookie notice.

 

How to control cookie files

You can control and/or delete cookie files at your discretion – see details at the page aboutcookies.org. You can delete all cookie files stored on your computer and most browsers can be set so that they prevent the storage of cookie files. In such a case, however, you will probably have to manually adjust some settings every time you visit the website and some services and functions will not work.

 

Final provisions

These Principles and instructions on the protection of personal data form an inseparable part of the General Terms and Conditions and the Complaint Procedure. The documents – General Terms and Conditions and Complaint Procedure of this online store – are published on the domain of the Seller’s Online Store.

These personal data protection principles become valid and effective by their publication in the Seller’s Online Store on 12.09.2019.