Introduction > Protection Policy
 

Personal Data Processing and Protection Policy

I. Basic provisions

  1. The controller of personal data under Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“GDPR”) is EMMA SLOVAKIA s.r.o., Org. ID 36333034, with registered office in Trenčín, Slovakia (“controller”).

  2. The controller’s contact details are as follows:

    • Address: Liptovská 2719/3, 91108 Trenčín, Slovakia

    • Email: shop@drinkonline.eu

    • Phone: +421 907 772 378

  3. Personal data includes all information about an identified or identifiable natural person; an identifiable natural person is anyone who may be directly or indirectly identified, especially through a reference to a specific indicator, such as their name, identification number, location, network identifier or using one or more specific physiological, genetic, mental, economic, cultural or social factors.

  4. The controller has not specified a data protection officer.

II. Sources and categories of processed personal data

  1. The controller processes personal data provided to it or the personal data provided to it in the performance of your order.

  2. The controller processes your identification and contact data and other data necessary to fulfil the agreement.

III. Statutory reason and purpose of processing personal data

  1. The statutory reason for processing personal data is:

    • to fulfil the agreement between you and the controller under Article 6 (1)(b) GDPR,

    • the controller’s legitimate interest to provide direct marketing (to send business communications and newsletters) under Article (1)(f) GDPR,

    • Your consent to processing for the purposes of providing direct marketing materials (to send business communications and newsletters) under Article (1)(a) GDPR in connection with §7 (2) of Act No. 480/2004 Coll. on Specific Information Society Services if there has not been an order for goods or services.

  2. The purpose of processing personal data is:

    • to complete your order and exercise the rights and obligations under the contractual arrangement between you and the controller; personal data is required in an order to successfully execute the order (name and address, contact details). Providing personal data is a necessary requirement for concluding and executing the agreement, and no agreement may be concluded or fulfilled by the controller without such personal data being provided.

  3. The controller does not engage / engages in automatic individual decision-making activities pursuant to Article 22 GDPR. You have provided your specific consent to such processing.

IV. Data retention period

  1. The controller retains personal data:

    • or the period necessary to exercise the rights and obligations under the contractual arrangement between you and the controller and to exercise entitlements under such contractual arrangements (for a period of 15 years after dissolution of the contractual arrangement).

    • for the period until consent to process personal data for marketing purposes is revoked, or up to a maximum of 10 years if personal data is processed under consent.

  2. The controller shall delete all personal data after the lapse of the personal data retention period.

V. Recipients of personal data (the controller's subcontractors)

  1. Recipients of personal data are the following parties:

    • those involved in the delivery of goods, services and payments made under a valid agreement

    • assurance services for operating the e-shop and other services related to e-shop operations

    • providing marketing services

  2. The controller has no intent to provide personal data to third countries (outside the EU) or international organisations. The recipients of personal data in third countries are providers of cloud services.

VI. Your rights

  1. Under the conditions laid down in the GDPR, you have:

    • the right to access your personal data pursuant to Article 15 GDPR,

    • the right to correct your personal data pursuant to Article 16 GDPR, or to restrict processing pursuant to Article 18 GDPR,

    • the right to deletion of your personal data (right to be forgotten) pursuant to Article 17 GDPR,

    • the right to object to processing pursuant to Article 21 GDPR, and

    • the right to transportability of your data pursuant to Article 20 GDPR.

    • the right to revoke consent to processing in writing or electronically sent to the address or email of the controller as provided in Article III herein.

  2. Data Protection if you believe that your personal data protection rights have been violated.

VII. Conditions for securing personal data

  1. The controller declares that it has taken all technical and organisational measures to secure personal data.

  2. The controller has taken technical measures to secure data storage and personal data stored in written form.

  3. The controller declares that only authorised personnel have access to personal data.

VIII. Final provisions

  1. By sending an order using the Internet order form, you confirm that you are aware of the personal data protection conditions and agree with them in full.

  2. Please indicate your consent to these conditions by checking the consent field on the Internet form. By indicating your consent, you confirm that you are aware of the personal data protection conditions and accept them in full.

  3. The controller is authorised to amend these conditions. The new version of the personal data protection conditions shall be published on its website and you will be sent a new version of these conditions to the email address you provided to the controller.

 

These conditions take effect on 25 May 2018.