Conditions for processing personal data

1. These personal data processing terms and conditions ("Terms") relate to your personal data and privacy. Please pay due attention to them.
BASIC INFORMATION
2. The Terms and Conditions clearly contain the principles and rules of processing personal data of users of the services of the company Divná pani, s. r. o., with the registered office Andreja Kmet'a 120/8, 969 01 Banská Štiavnica, 46 793 445 (hereinafter referred to as the "Operator") provided through the website divnapani.sk (hereinafter referred to as the "Services").

3. When processing the personal data of the users of the Services, the Controller is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "Regulation"), Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments and Additions to Certain Acts (hereinafter referred to as the "Act") and other related generally binding legislation.

4. Personal data means, according to the relevant provisions of the Regulation and the Act, any data relating to an identified natural person or an identifiable natural person who can be identified, directly or indirectly, in particular by reference to a generally applicable identifier, other than a name, surname, identification number, location data or online identifier, or on the basis of one or more characteristics or attributes which constitute his or her physical identity, physiological identity, genetic identity, psychological identity, mental identity, economic identity, cultural identity or social identity.

5. The data subject within the meaning of the Regulation and the Act, i.e. the natural person whose personal data is processed, is any user of the services of the Controller, including you.

6. The controller within the meaning of the Regulation and the Act is Divná pani, s. r. o., which has defined the purpose and means of processing your personal data and processes them on its own behalf.

7. These Terms and Conditions for the processing of personal data shall come into force on 25 May 2018 and shall be deemed to fulfil the information obligation of the Data Controller in relation to data subjects within the meaning of Article 13 of the Regulation and Section 19 of the Act.
WHAT IS THE LEGAL BASIS AND PURPOSE OF THE PROCESSING OF PERSONAL DATA?
8. By actively confirming acceptance of the Terms (by checking the appropriate box) and then submitting a registration or other marked request for delivery or access to a particular service:
(a) you freely consent to the Operator processing your personal data for the purposes set out in the Terms in accordance with the Regulation and the law,
b) you confirm that the personal data completed by you is correct and up to date,
c) at the same time, you confirm that, if you are under 16 years of age, your legal guardian (e.g. parent) has given or authorised consent to the processing of your personal data.

9.The purpose of the processing of your personal data is the use and duration of the specific service of the Controller that you request or to which you request access, or the conclusion and performance of a contract forming the legal basis for the use and duration of the requested service.

10. The provision and processing of your personal data is necessary for the use and duration of the specific service of the Controller that you request or to which you request access, as well as for the conclusion and performance of the contract forming the legal basis for the use of the requested service.

11. The purpose closely related to the use of the Services is to send you short email messages about news or other important or useful information related to your Service, which the Operator may send to the email address you have provided and registered. You can set up a subscription on the Service's website. You have the option to unsubscribe from these short email messages at any time by clicking on the link in any of these email messages.

12.The purpose closely related to the use of the services is also understood to be the analysis and statistics related to their use, which will enable the Operator to improve and optimize its services and website.

13. The processing of your personal data is necessary for the purpose of direct marketing, including profiling to the extent that it is related to direct marketing, which also constitutes a legitimate interest of the Controller in accordance with Article 47 of the Regulation. This means that the Controller is also entitled to process the personal data provided for the purpose of direct marketing, on the basis of which it will be able to send you email messages with commercial content. By consenting to the processing of personal data under these Terms, you also consent to the processing of your personal data for the purpose of effective marketing communications, including profiling to the extent that it is related to this purpose, on the basis of which you will be shown on the Service's website, in particular, advertising that is relevant to you and suits your preferences, depending on your online activities.

14. The processing of your personal data may also be necessary for the purpose of fulfilling the Controller's obligations arising from the Regulation, the Act and other generally binding legal regulations (e.g. Act No. 431/2002 Coll. on Accounting).

15. The processing of your personal data may also be necessary for the purpose of the legitimate interest of the Controller:
(a) the out-of-court and judicial application, proof and enforcement of the Controller's legal claims,
b) protection against crime, notification and proof of criminal activity and the provision of assistance to law enforcement authorities and the courts in the detection of criminal activity and its perpetrators,
c) protecting against misuse of the Operator's services and ensuring the security of the Operator's website and information infrastructure,
d) for the purpose of any other legitimate interest of the Operator or a third party in accordance with the Regulation and the law.

16. The Controller is entitled to process your personal data for a purpose other than the purpose indicated in the Terms and Conditions only if you have specifically given it your consent to do so or the processing of personal data for another purpose is compatible with the purpose for which the personal data was originally collected. The processing of personal data for archiving or statistical purposes shall be deemed to be compatible with the original purpose within the meaning of the law. In the case of processing for the purposes in question, the controller shall have appropriate and effective technical and organisational measures in place to ensure, in particular, the minimisation of personal data and also pseudonymisation, on the basis of which the personal data processed cannot be attributed to a specific data subject without the use of additional information stored separately.
WHAT IS THE SCOPE OF THE PERSONAL DATA PROCESSED?
17. The controller shall process your personal data only to the extent necessary to achieve the purpose of processing as follows:
IP address,
first and last name,
phone number,
adress,
IP adress,
cookie data;
sending email messages:
email address,
first and last name - only if you enter them in the settings so that we can send you personalized messages,
IP address,
cookie data;
booking and purchase of products and services:
email address,
first and last name,
phone number,
address - if required for delivery,
date of birth - to claim the discount and if required by the nature of the products and services sold,
website visit and browsing data,
IP address,
cookie data;
job search:
email address,
first and last name,
phone number,
Address,
the information you provide on your CV - in particular your educational qualifications and experience,
Photo,
IP address,
cookie data;
displaying relevant advertising:
email address,
first and last name,
phone number,
Address,
IP address,
cookie data;
18. Cookies
In accordance with Section 55(5) of Act No. 351/2011 Coll. on Electronic Communications, as amended, we would like to inform you about the use of cookies and draw your attention to the possibility of changing the settings of your internet browser in case the current setting of the use of cookies does not suit you.

What are cookies? Cookies are small text files that can be sent to your browser when you visit a website and stored on your device (computer or other internet-enabled device, such as a smartphone or tablet). Cookies are stored in the file folder of your internet browser. Cookies usually contain the name of the website from which they originate and the date they were created. The next time you visit the site, your web browser will reload the cookies and send this information back to the website that originally created the cookie. The cookies we use do not harm your computer.

We use several types of cookies on our website:
Essential cookies - these cookies form the basis for the operation of our website and enable the use of basic features such as secure areas or online payments. For example, basic cookies remember logins, allow access to secure areas without having to log in again, pre-populate forms, etc. Without these cookies, we cannot provide the services that form the basis of our site. If you disable these cookies, we will not be able to guarantee the error-free operation of the site.

Traffic cookies - We use traffic cookies to collect statistical information about how you use our website. This technical information tells us, for example, which parts of the website you clicked on, which page you visited last, etc. These cookies are used to help us analyse and improve our website in terms of content, performance and design. If you disable these cookies, we cannot guarantee the error-free operation of our website.

Third party cookies - the pages of the Service contain links and integrated content from other websites. Therefore, cookies may be created during the use of our website, which are not subject to the control of the Operator. This is the case, for example, if the viewed website uses an analysis or marketing automation tool from a third party (for example, tools from Google) or displays content from third party websites, such as YouTube or Facebook. This results in the acceptance of cookies from these third-party services. The operator cannot have control over the storage of or access to these cookies. If you want to know how these third parties use cookies, please read the privacy and cookie policies of these services.

Use of cookies - by using the pages operated by the Operator, you consent to the use of cookies in accordance with your browser settings. If you visit our website, your browser is enabled to accept cookies, you do not change your internet browser settings and you continue to visit our website, we consider this to be acceptance of our terms and conditions for the use of cookies.

Why do we use cookies? We use cookies in order to optimally create and continuously improve our services, to adapt them to your interests and needs, and to improve their structure and content. The controller does not use the data obtained through the use of cookies to contact you by post, e-mail or telephone.

How can you change your cookie settings? Most web browsers are initially set to automatically accept cookies. You can change this setting by blocking cookies or by notifying us if cookies are to be sent to your device. Instructions on how to change cookies can be found in the "help" option of each browser. If you use different devices to access the site (e.g. computer, smartphone, tablet), we recommend that you adapt each browser on each device to your cookie preferences.
Why keep your cookie settings? The use of cookies and their permission in your web browser is at your discretion. However, if their settings are changed, some of our websites may have limited functionality and a reduced user experience.
HOW LONG IS PERSONAL DATA RETAINED?
19. The personal data processed shall be stored to the extent necessary and in a form that allows your identification at the latest for as long as it is necessary for the fulfilment of the purpose for which they are processed (e.g. the fulfilment of an obligation imposed on the Controller by a general binding legal regulation or the achievement of one of the Controller's legitimate interests, etc.). Subsequently, the Controller shall ensure without undue delay the destruction (erasure or anonymisation) of your personal data in accordance with the Regulation and the law.
IS THE PERSONAL DATA PROCESSED PROTECTED? TO WHOM CAN THEY BE PROVIDED?
20. Your personal data is secure because its processing is carried out automatically through the Controller's information system and through appropriate technical and organisational measures guaranteeing the security of personal data, including protection against unauthorised processing of personal data, unlawful processing of personal data, accidental loss of personal data, erasure of personal data or damage to personal data. In this context, the Controller is entitled to entrust the processing of your personal data on the basis of a written contract to a third party with adequate personal, technical, organisational and professional competence, who will process your personal data as a processor in accordance with the Regulation and the law on behalf of the Controller.

21. The controller is entitled to provide your personal data to the following recipients to the extent necessary:

a) persons who, on behalf of the Operator, out of court and in court, assert and enforce legal claims of the Operator, for the purpose of asserting and enforcing legal claims of the Operator,
b) courts, bailiffs, law enforcement authorities or other public authorities for the purpose of asserting and enforcing the Operator's legal claims or fulfilling the Operator's obligations under generally binding legal regulations,
c) persons who ensure the technical operation of its services, website and information infrastructure for the Operator, exclusively for this purpose,
d) persons who ensure the security and protection of the Operator's services, website and information infrastructure and who also regularly monitor and test this security and protection, solely for this purpose,
e) persons who provide analytical and statistical services to the Operator for the purpose of improving and optimising its services and website,
f) to persons who provide marketing services to the Operator, and only for the purpose of effective and relevant marketing communication of the Operator (for the avoidance of any doubt, we add that the category of persons in question will not be able to use your personal data for their own marketing or for the marketing activities of any other person other than the Operator).
WHAT ARE YOUR RIGHTS RELATING TO THE PROCESSING OF PERSONAL DATA?
22. We hereby inform you of the rights and legally relevant facts relating to the protection of your personal data arising from the relevant provisions of the Regulation and the Act:

a) you have the right to request access to your personal data from the Controller (detailed in Article 15 of the Regulation and Article 21 of the Act),
b) you have the right to request from the Data Controller the rectification of personal data (detailed in Article 16 of the Regulation and Article 22 of the Act),
c) you have the right to request from the Data Controller the erasure of your personal data, the so-called "erasure". the right to be forgotten (detailed in Article 17 of the Regulation and Article 23 of the Act),
d) you have the right to request the Controller to restrict the processing of your personal data (detailed in Article 18 of the Regulation and Article 24 of the Act),
e) you have the right to the portability of your personal data to another controller (detailed in Article 20 of the Regulation and Article 26 of the Act),
f) you have the right to object to the processing of personal data with the Data Controller (detailed in Article 21 of the Regulation and Article 27 of the Act),
g) you have the right to file a petition for initiation of personal data protection proceedings addressed to the Office for Personal Data Protection of the Slovak Republic (detailed in Sections 99 to 103 of the Act),
h) you have the right to withdraw your consent to the processing of your personal data at any time,
i) the provision of personal data is a requirement which, in the case of services, is necessary for the conclusion of a contract and, in the absence of the provision of personal data, the conclusion and performance of the contract forming the legal basis for the use and duration of the service requested by you will not be possible.

23. We would like to draw your attention in particular to the right to object to the processing of personal data, under which you have the possibility to:
(a) object to the processing of personal data in the performance of a task carried out in the public interest, in the exercise of official authority or on the basis of the legitimate interest of the Controller or a third party, including profiling based on these legal bases,
b) object to the processing of personal data for direct marketing purposes on the basis of the legitimate interest of the Controller, including profiling to the extent that it is related to direct marketing.

24. We also draw your particular attention to the fact that you have the right to withdraw your consent to the processing of your personal data at any time. Withdrawal of consent does not affect the lawfulness of the processing of personal data based on consent prior to its withdrawal. If you have withdrawn your consent to the processing of your personal data and there is no other legal basis for the processing of your personal data, the Data Controller shall ensure without undue delay the destruction (erasure or anonymisation) of your personal data in accordance with the Regulation and the law.
HOW CAN I EXERCISE MY RIGHTS RELATING TO THE PROCESSING OF PERSONAL DATA?
25. You may exercise your rights or ask questions regarding the processing of personal data by submitting a request directly to the Controller or to the responsible person appointed by the Controller, through one of the contacts listed below or in any other way you choose.
Controller
Postal address: Divná pani, s. r. o., Andreja Kmet'a 120/8, 969 01 Banská Štiavnica
Email address: gdpr@divnapani.sk
Responsible person

26. By consenting to the processing of your personal data under these Terms, you acknowledge that if your request under clause 25. Conditions manifestly unfounded or unreasonable, in particular because of its repetitive nature, the Operator may, taking into account the content of the request:
(a) require a reasonable fee, taking into account the administrative costs of providing the information, or a reasonable fee, taking into account the administrative costs of notification, or a reasonable fee, taking into account the administrative costs of taking the action requested; or
(b) refuse to act on the request.

27. You also acknowledge that prior to the processing of an application under point 25. Under the Terms and Conditions, the Operator must first of all reliably verify your identity so that your rights cannot be abused. For this reason, the Data Controller may request the provision of additional information or documents necessary to verify the identity of the data subject (your identity) if it has legitimate doubts about the identity of the applicant. If, even with the procedure according to the previous sentence, the Data Controller is not able to verifiably verify the identity of the data subject (your identity), it will inform the applicant accordingly, if possible, and refuse to act on the request.

28. If the Controller does not comply with your request, you may contact the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07, Bratislava 27, Slovak Republic, as a supervisory authority. You can also contact the Data Protection Authority directly.