Privacy

These personal data protection policies contain information about the processing of personal data of the persons concerned by the operator of the site (hereinafter referred to as the “Operator“), namely on the website www.vitiligoliecba.sk or on the company’s profile on social networks (hereinafter referred to as the “website“) We process all personal data in accordance with Regulation of the European Parliament and the Council of the EU No. 2016/679 on the protection of natural persons in the processing of personal data and on the free movement of such data, which repeals Directive no. 95/46/EC (General Data Protection Regulation, hereinafter referred to as the “GDPR Regulation“) and in accordance with Act No. 18/2018 Z. z. on the protection of personal data and on the amendment of certain laws (hereinafter referred to as the “Law”) and other relevant regulations on the protection of personal data.

The aim of these principles is to provide you with answers to the purpose for which your personal data is processed, how it is processed and what your rights and obligations are in connection with the processing of personal data. These Principles also provide you with other relevant information about the processing of your personal data and thus represent the fulfillment of the information obligation of the Operator according to Art. 13, as well as according to Art. 14 GDPR regulations regarding the processing of personal data on the website. The conditions for the processing of personal data that occurs outside the website are regulated in the general principles of personal data protection of the Operator and in other internal regulations of the Operator on the protection of personal data.

Contact details of the responsible person:

E-mail: info@vitiligoliecba.sk

Tel. contakt: 0948 690 533

I. Principles of personal data processing

We process your personal data exclusively for a specified purpose, in a specified manner and by means, and only for a period of time that is necessary in view of the purpose of their processing. We process your personal data in such a way as to prevent unauthorized access to your personal data, unauthorized transfer, loss, destruction, or other unauthorized processing. When processing your personal data, we follow technical and organizational measures in order to guarantee the highest level of security with regard to all possible risks. All persons who are authorized to process your personal data are bound by confidentiality regarding the information obtained in connection with the processing of this personal data.

II. What personal data do we process?

The operator always processes your personal data in accordance with the principle of minimization in order to fulfill any contractual and legal requirements, to process personal data in the processing of which it has a legitimate interest, or to process your personal data in the event that you give your consent to their processing always only to the extent that the specified purpose of processing is fulfilled. This means that the Operator does not require personal data from you that are not necessary for the specific purpose of the processing.

The operator processes personal data about you in the scope of ordinary personal data in the scope of: name, surname, mobile phone number, e-mail, contact address, online identifiers (IP address, activity on the website) and other personal data that you provide.

III. The purpose and legal basis of processing your personal data

We process your personal data in accordance with Art. 6 par. 1 letter b) Regulations of the GDPR, i.e. the processing of your personal data is necessary for the fulfillment of the contract, or for taking measures before concluding the contract based on the request of the person concerned.

In accordance with the aforementioned legal basis, we proceed in the case of receiving and processing orders for services provided, in the event that you order services via a message sent through the contact form on our website, a message on a social network, a contact e-mail address or by telephone, which we provide. The period of storage of this personal data is until the full settlement of legal and other claims arising from the contractual relationship, at least 3 years from the date of termination of the contractual relationship.

We process your personal data in accordance with Art. 6 par. 1 letter a) GDPR Regulations, i.e. the processing of your personal data is based on your consent.

In accordance with the aforementioned legal basis, we proceed if you contact us with your request via a message sent via the contact form located on our website or via a message on a social network. The storage period for this personal data is 3 months from the date of delivery of the request or until it is processed, whichever occurs first.

We also need your consent to measure traffic to our website and to target advertising through analytical and marketing cookies. The period of storage of this personal data is until the consent is revoked by the person concerned, but for a maximum period of 2 years.

We also process your personal data in accordance with Art. 6 par. 1 letter c) GDPR regulations, i.e. the processing of your personal data is necessary to fulfill legal obligations.

In accordance with the aforementioned legal basis, we proceed in the event that you send us a request or exercise some of the rights of the data subject. The storage period for this personal data is until the request is processed.

IV. Who has access to your personal data

In certain cases, the operator is obliged to provide your personal data to public authorities or other recipients who are authorized to process your personal data. These recipients include courts or law enforcement agencies.

Other recipients of your personal data include companies operating social networks if you contact the Operator via a message on a social network (Facebook Inc) and Google, LLC, which is a provider of the Google Analytics service used to measure traffic on the Operator’s website.

In connection with ensuring proper operation, the operator has concluded cooperation agreements with Intermediaries. Intermediaries that come into contact with your personal data have been selected by the Operator so that your personal data is safe and that these Intermediaries meet the conditions for the protection of personal data required by the GDPR Regulation and the Law. We have concluded contracts with Intermediaries on the processing of personal data, including confidentiality.

Intermediaries are business companies and natural persons – entrepreneurs with whom the Operator cooperates and who provide services (web hosting services, accounting processing), a company providing online accounting and invoicing software, a company providing an online cloud storage service.

V. Where we transfer your personal data

When processing your personal data by the Operator, in some cases your personal data is transferred to third countries:

  1. if you give your consent to the storage of analytical cookies, your personal data will be transferred to the USA, to Google LLC, which is the provider of the Google Analytics service, which the Operator uses for the purpose of measuring traffic and activity on the Operator’s website,
  2. if you contact the Operator via a message on the social network, your personal data will be transferred to the USA, Facebook Inc., which is the operator of the Facebook social network.

The transfer of your personal data in all the above cases is ensured through standard contractual clauses which, in accordance with the terms of use of the above services, are part of the personal data processing authorization contracts concluded with the above specified entities.

VI. How we will ensure the protection of your personal data

The security of your personal data is of primary importance to us. In order to ensure the protection of your personal data, we have adopted the necessary technical and organizational measures. As technologies improve, we also improve these security systems, we use virus checks, anti-virus programs and firewalls.

If by chance our systems are attacked by a hacker attack, or our system is otherwise attacked, or another security incident occurs and there is even a threat of data leakage and damage to your rights, you will be informed within 72 hours about the measures taken and at the same time we will within the same period, also inform the supervisory authority in the field of personal data protection in the Slovak Republic, which is the Personal Data Protection Office.

VII. Instruction on the rights of the person concerned

As a Data Subject whose personal data is processed by the Operator, you have the right to be informed of all the above-mentioned facts, as well as the fact that you have the following rights:

a) the right to request from the Operator access to the personal data it processes about you

If you want to know which personal data the Operator processes about you, we will be happy to provide it to you upon request. All you have to do is send us your request by email: info@vitiligoliecba.sk and we will deal with it without delay, but no later than within 30 days of receiving your request.

b) the right to correct your personal data

In the event that the data you have provided us is out of date, has been changed, contains any inaccuracies, or is incomplete, please let us know at our e-mail address info@vitiligoliecba.sk and we will we will fix it immediately. At the same time, we will inform all our Intermediaries who process your personal data about this change, so that they can also correct your personal data, and we will also give you feedback that this correction of your personal data has taken place.

c) the right to delete your personal data

If you are not satisfied with how we process your personal data, you have the right to delete your personal data. You also have the right to be forgotten – the right to delete the provided personal data after the purpose of their provision has been achieved, i.e. after providing the performance of the contract, or after the end of their mandatory storage period in accordance with the special regulations of the Slovak Republic. The right to delete your personal data is therefore not absolute. If we need your data to fulfill our legal obligations, we will have to process them further for the purpose of fulfilling our legal obligations. We no longer process or store personal data that has fulfilled its purpose. We will inform you about the deletion of your personal data.

d) the right to restrict the processing of your personal data

As a data subject, you have the right to request the restriction of the processing of your personal data, if you dispute the correctness of the personal data during the period of verification of the correctness of the data; or if the processing of personal data is illegal and instead of erasing the data, you will request the restriction of its processing; and also if the Operator does not need your personal data for the purpose he stated, but you need them for proof, or defending your legal claims. When restricting the processing of personal data, your data will remain in our systems, but we will no longer use it for our purposes. We will inform you that we have restricted the processing of your personal data.

e) the right to object to the processing of your personal data

As a data subject, you have the right to object to the processing of your personal data for a reason related to a specific situation carried out according to § 13 par. 1 letter e) or f) including profiling based on these provisions. In the event that your data is processed on the basis of a legitimate interest, the Operator is obliged to demonstrate that its legitimate interests in processing personal data outweigh the rights or interests of the person concerned, or the reasons for asserting a legal claim, otherwise it may not further process these personal data

f) the right to portability of your personal data

At the same time, you have the right to request the transfer of your personal data to another Operator, whose data you notify us in writing. Technically, it is possible for us to carry out such a transfer in the case of the transfer of an e-mail address, other data due to the difference in the purpose of their processing compared to the processing of an e-mail address (see above) will be provided to you depending on the circumstances of the case. The operator is entitled to refuse the request of the data subject for data transfer if the requested transfer could have adverse consequences on the rights and freedoms of others and the legal conditions for the realization of the right to transfer pursuant to the GDPR Regulation are not met.

VIII. If you are not satisfied

If you are not satisfied with the way we process your personal data, you can inform us about it by email info@vitiligoliecba.sk  You also have the option to file a complaint, or a proposal to initiate proceedings at the Office for Personal Data Protection if you believe that we are processing your personal data illegally. You can find a sample proposal on the website of the Office for Personal Data Protection. The contact information for the Personal Data Protection Office of the Slovak Republic is as follows: address Hraničná 12, 820 07 Bratislava 27; website: dataprotection.gov.sk, tel. number: 02 3231 3214; e-mail: statny.dozor@pdp.gov.sk.

IX. Does the Operator use profiling and automated decision-making?

When processing your personal data, the operator does not use profiling and does not process personal data in any form of automated individual decision-making, in which your personal aspects would be evaluated.

X. Operator as an intermediary processing personal data on behalf of another operator

When providing services for the Operator’s clients (hereinafter referred to as “clients“), personal data of affected persons may be processed by the Operator on behalf of its clients. When processing personal data of affected persons on behalf of clients, the Operator acts as an intermediary for the processing of personal data according to Art. 4 point 8. Regulations of the GDPR, while the operator who determines the purposes and means of processing personal data is always the client when personal data is processed by the Operator as an intermediary.

The Operator concludes an agreement with its clients on the authorization of personal data processing, which sets out the conditions for the processing of personal data of the affected persons by the Operator as an intermediary on behalf of its clients, and the obligations regarding ensuring an adequate level of protection of the processed personal data.

The purposes, legal bases, scope and range of recipients of personal data processed by the Operator as an intermediary on behalf of clients are determined by the clients, while the Operator in cases where it processes personal data of the affected persons on behalf of its clients proceeds exclusively according to the instructions of its clients and the relevant legal regulations, fulfills its obligations intermediary in accordance with the provisions of the GDPR Regulation and the Act and does not perform any other processing operations with personal data except those resulting from the signed contract of authorization for the processing of personal data and processing purposes specified by the client.

XI. Final provisions

This updated Privacy Policy is valid and effective from June 16, 2021. Considering that the information on the processing of personal data contained in this Personal Data Protection Policy may be required in the future, the Operator is entitled to change and update this Personal Data Protection Policy at any time. In such a case, the Operator will inform you accordingly.