Terms of Personal Data Protection
The manager of personal data, pursuant to Art. Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“GDPR”), is Hourglass, s.r.o. Business ID 53107497 with its registered office at Pácerová cesta 972 / 11d, 931 01 Šamorín, Slovakia entered in the Commercial Register kept by…., Section…., Insert…. / hereinafter only: “administrator”).
The contact details of the administrator are:
address: Pácerová cesta 972 / 11d, 931 01 Šamorín, Slovakia
The personal data is any information relating to an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as name, identification number, location data, network identifier or by one or more specific elements of physical, physiological, genetic, mental, economic, cultural, or the social identity of that natural person.
The administrator has not appointed any person responsible for data protection.
Sources and Categories of Personal Data Processing
- The administrator processes personal data that you have provided to him or personal data that the administrator has obtained on the basis of fulfillment of your order:
name and surname
delivery postal address
- The administrator processes your identification and contact data and the data necessary for the performance of the contract.
Legal Reason and Purpose of Personal Data Processing
- The legal reason for processing personal data are:
performance of the contract between you and the processor according to Art. 6 par. 1 letter b) GDPR,
fulfillment of the legal obligation of the administrator according to Art. 6 1 letter c) GDPR
the legitimate interest of the administrator in the provision of direct marketing (especially for sending business messages and newsletters) according to Art. 6 par. 1 letter. f) GDPR,
your consent to processing for the purposes of providing direct marketing (especially for sending business messages and newsletters) according to Art. 6 par. 1 letter a) GDPR in connection with § 7 par. 2 of Act no. 480/2004 Coll., on certain services of information society in the event that no products or services have been ordered.
- The purpose of processing similar data is
processing your order and exercising the rights and obligations arising from the contractual relationship between you and the administrator; personal data is required when ordering, that are necessary for successful processing of the order (name and address, contact), providing personal data is a necessary requirement for concluding and fulfilling the contract, without providing personal data it is not possible to conclude the contract and also fulfill by the administrator .
fulfillment of legal obligations towards the state,
sending of business announcements and performing other marketing activities.
- On the part of the administrator, there is an automatic individual decision-making within the meaning of Art. 22 GDPR. You have given your express consent to such processing.
Data Retention Period
- The controller shall store personal data
for the time necessary to exercise the rights and obligations arising from the contractual relationship between you and the administrator and to pay claims from these contractual relationships (for a period of 15 years from termination of the contractual relationship).
as long as the consent to the processing of personal data for marketing purposes is revoked, for a maximum of 5 years, if the personal consent is processed on the basis of the consent.
- At the end of the retention period of personal data, the administrator shall delete the personal data.
Recipients of Personal Data (administrator’s subcontractors)
- The recipients of personal data are persons
involved in the delivery of products / services / execution of payment on the basis of contract,
providing e-shop operation services (kreatura.sk) and other services in connection with e-shop operation,
providing marketing services
- The administrator intends to provide personal data to third countries (non-EU countries) or to international organizations. Recipients of personal data in third countries are providers of mailing services.
Processors of Personal Data
The processing of personal data shall be carried out by the administrator, but personal data may also be processed for him by the following entities:
service provider Mailchimp
service provider Facebook Messenger
service provider Google Analytics
possibly another provider of processing software services and applications, which, however is not currently used by the administrator.
Under the conditions set out in the GDPR you have
a) right to access your personal data,
b) right to correct personal data, or restrictions on processing,
c) right to delete personal data,
d) right to object to the processing,
e) right to data portability; and
f) right to withdraw the consent to processing in writing or electronically to the address, or e-mail of the administrator referred to in Art. III of these Terms.
You also have the right to file a complaint with the Personal Data Protection Office if you believe that your right to personal data protection has been violated, or to approach the court.
Terms of Personal Data Security
The administrator declares that he has taken all appropriate technical and organizational measures to secure personal data.
The administrator has implemented technical measures to secure data repositories and personal data repositories in paper form, in particular passwords, encryption Let’s Encrypt, and the backups.
The administrator declares that only authorized persons have access to personal data.
By sending an order via the online order form, you confirm that you are familiar with the Terms of Personal Data Protection and that you accept them in full.
You agree to these Terms by checking your consent using the online form. By checking the consent, you confirm that you are familiar with the Terms of Personal Data Protection and that you accept them in full.
The administrator is entitled to modify these Terms. It will publish a new version of the Terms of Personal Data Protection on its website and at the same time send you a new version of these Terms to your e-mail address provided to the administrator.
These Terms take effect on 15.03.2021