Privacy policy

PERSONAL DATA PROTECTION AND INFORMATION ON COOKIES

/Principles and information to be provided where personal data are collected from the data subject and information on cookies used by the www.malinnaproducts.com online establishment/

I. Establishment (hereinafter also referred to as Data controller or Controller)

1.1. Identity and contact details:

Business name: MALINNA PRODUCTS s. r. o.
Registered seat: Černyševského 10, Bratislava – Petržalka 851 01, Slovakia

Incorporated in the Business Register kept by the District Court in Bratislava I, Section Sro, Insert no. 129748/B

IČO / Company Identification Number: 51212820

DIČ / Tax Identification Number: 2120631513

IČ DPH / VAT Identification Number: SK2120631513

Bank account: SK91 7500 0000 0040 2524 8924

Controller is a VAT /Value Added Tax/ payer

1.2. E-mail and telephone contact:

E-mail: info@malinnaproducts.com

Tel. no.: +421948 911 719

1.3. Postal address:

MALINNA PRODUCTS s. r. o., Černyševského 10, 85101 Bratislava

1.4. In compliance with Article 13 (1) and (2) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “Regulation”, the Controller hereby provides the Data subject with the following information and explanations:  

II. Reference

2.1. These principles and information on the personal data protection form an integral part of the General Business Terms & Conditions published at the Controller’s online establishment (hereinafter also referred to as “e-shop”).

2.2. Pursuant to point (n) Article 3 (1) of the Act no. 102/2014 Coll., Controller hereby informs the consumer on the non-existence of any special relevant Codes of Conduct binding the Controller, while by a Code of Conduct we mean any agreement or set of rules, which restrict behaviour of the Controller who undertook to comply with such Code of Conduct in relation to one or more particular business practices or business industries, provided that these are not stipulated by law or any other legal regulation or measure of a public administration authority, which the Controller undertook to comply with, and on the manner how the consumer may get acquainted with them or obtain their wording.

III. Personal data protection and usage of cookies. Information and explanation of cookies.

3.1. Controller presents the following short explanation of the cookie file function:

3.1.1. Cookies are text files containing little amount of information downloaded to your computer, mobile phone or another electronic device upon your visit of a website.

Cookies enable Controller’s website domain to distinguish the user’s device and the user to access various functionalities of the website.

We recognize two basic types of cookies:

Permanent cookies – these files remain in the user’s device for the period specified in the cookie file. They are activated anytime the user visits the website domain which created the particular cookie file.

Relational cookies – these files enable the website domain keeper to interconnect the user’s activities when the user opens the browser window and finish when the window is closed. Relational cookies are created temporarily. Once the browser window is closed, all relational cookies are automatically erased.

3.2. Explanation of cookies

3.2.1. A cookie is a small text file created upon a visit to a website and stored in your computer or a mobile device. This file enables the website temporarily store some information on your steps and preferences (such as your login name, language, font size and other display settings), so when you next visit the website or browse its individual pages you do not need to restate them.

3.3. Usage of cookies

3.3.1. The Controller’s website uses cookies in order to keep the record that you:

3.3.1.1. have already participated in the survey displaying in a pop-up window where you can express your opinion on the contents of the website (it will not be displayed repeatedly);

3.3.1.2. have agreed (or disagreed) with using of the cookies at this website.

3.3.1.3. Marketing and remarketing

Similarly, some subpages, which form a part of the Controller’s website, use cookies for the anonymous collection of statistical data on the referring source of our domain and on how you got to our website.

Allowing the cookies is not fundamental for correct functioning of our website. However, it will provide you with a better user comfort when working with it. Cookies may be deleted or blocked at any time.  

The information stored in the cookie files will not be used for your personal identification and the structure of data is under our full control. The files are only used for the purposes stated herein.  Some of our pages or subpages may use additional or different cookies than those stated above. Shall that be the case, the particular subpage shall contain an announcement that such cookies are used, accompanied by a detailed description of their usage.

3.4. How to check and control cookies

3.4.1. . Cookies may be checked and/or deleted as needed – for detailed information visit aboutcookies.org. You may delete all cookie files stored in your computer and set most browsers to prevent their storage generally.

IV. Personal data processed

4.1. Controller processes the following personal data on the website: first name, surname, address, e-mail address, telephone number, the data obtained from cookies and the IP address.

V. Contact details of the person responsible for the personal data collection and processing (“Processor”), Controller’s representative

5.1. Controller has not appointed a person responsible for the collection and processing of personal data.

5.2. Controller has not appointed a representative in the matter of collection and processing of personal data.

5.3. Data Controller simultaneously represents the Seller, pursuant to the definitions stipulated in the General Business Terms & Conditions of this website.

VI. Purposes of the personal data processing

6.1. Personal data are collected and processed mainly in order to:

6.1.1. keep the records, create and process contracts and client’s data in order to conclude a contract with third parties;

6.1.2. process accounting materials and documents related to Controller’s business activities;

6.1.3.spracovanie účtovných dokladov a dokladov súvisiacich s obchodnou činnosťou Prevádzkovateľa

6.1.3. comply with the legal code relating to the archiving of documents pursuant to Act no. 431/2002 Coll., on the Accounting as amended and other respective regulations;

6.1.4. conduct marketing and similar promotional activities;  

6.1.5. conduct activities related to Controller’s activities on the social media, such as Facebook, Instagram, Twitter and similar;

6.1.6. conduct Controller’s online activities such as directing advertising via Facebook Ads, Google Ads and similar;

6.1.7. conduct any activities related to the fulfilment of a request, order, contract or similar institutes.

VII. Legal basis for the personal data processing

7.1. Depending on the particular data processed and the purpose of their processing, the consent of Data subjects to the personal data processing forms the legal basis for the processing of personal data of the Data subjects.

VIII. Recipients or category of recipients of the personal data

8.1. Recipient of the personal data shall or at least may be:

8.1.1. Controller’s statutory bodies or their members;

8.1.2. persons working for the Controller as employees or similar;

8.1.3. Controller’s sales representatives and other persons participating in the fulfilment of the Controller’s tasks. For the purposes of this document, the employees are understood to be any individuals carrying out work for the Controller based on an employment contract or contract for work outside employment.

8.1.4. Recipients may also include Controller’s co-workers, business partners, suppliers, contractors, mainly: the companies providing accounting services, the services related to development and maintenance of software, legal assistance, consultancy, delivery of products to buyers and third parties, marketing companies and companies managing social media.

8.1.5. Recipients shall also include police and judiciary, tax office and other public authorities, if stipulated by law. Any personal data provided by the Controller to the authorities and state institutions specified herein will be provided based on and in accordance with the legal code of the Slovak republic.

IX. Information on the provision of personal data to third countries and the storing period

9.1. Does not apply. Controller does not transfer any personal data to third countries.

9.2. In accordance with the legal code, personal data will be stored for the time inevitable for the performance of the contract and their subsequent archiving.

X. Information on the existence of relevant rights

10.1. Data subject has the following rights (but not limited to), whereas:

10.1.1. Point 10.1 does not affect other rights of the Data subject.

10.1.2. The right of the Data subject to access his or her personal data pursuant to Article 15 of the Regulation, which contains the following:

  • the right to receive a confirmation in which the Controller explicitly states whether the personal data of the Data subject are processed and in what scope;

Simultaneously, shall such information be processed, the Data subject shall be entitled to know the contents of the data and request the information on the reason for the processing, mainly the information on:

  • the reason for data processing;
  • the categories of personal data;
  • the recipients or the category of recipients to whom the data have been or shall be provided, mainly in case of the recipients from third countries or international organisations;
  • the estimated period during which the personal data will be kept or, shall this not be possible, at least the information on the criteria used for determination of such period;
  • the existence of the right to request rectification of the personal data related to the Data subject, erasure or processing restriction and the existence of the right to object to such processing;
  • the right to lodge a complaint with a supervisory authority shall the personal data have not been obtained from the Data subject;
  • any information available, as for its source;
  • the existence of automated decision-making, including profiling, stipulated in Article 22 (1) and (4) of the Regulation, and in such cases at least meaningful information on the used procedure, as well as the meaning and envisaged consequences of such processing of personal data for the Data subject;
  • adequate warranties pursuant to Article 46 of the Regulation related to the transfer of personal data shall these be transferred to third countries or international organisations.

10.1.3. the right to be provided with a copy of the personal data processed shall the execution of such right not have a negative impact on the rights and freedoms of others;

10.1.4.

the right of the Data subject for rectification pursuant  to Article 16 of the Regulation, based on which:

  • Controller is obliged to, without any unnecessary delay, rectify any inaccurate personal data of the Data subject;
  • Data subject is entitled to complete the incomplete personal details, possibly in the form of an additional declaration;
  • Data subject is entitled to have his or her personal data erased (i.e. “the right to be forgotten”) pursuant to Article 17 of the Regulation, which contains the following:

10.1.5. the right to have the personal data related to the Data subject erased without any unnecessary delay, provided that any of the following reasons is met:

  • personal data are no longer needed for the purposes for which they have been collected or otherwise processed;
  • Data subject withdraws his or her consent based on which the personal data have been processed provided that there is no other legal basis based on which the personal data would have to be processed;
  • Data subject objects to the processing of personal data pursuant to Article 21 (1) of the Regulation and there are no superior legitimate reasons for the processing;
  • Data subject objects to the processing of personal data pursuant to Article 21 (2) of the Regulation;
  • personal data have been processed illegally;
  • personal data have to be erased in order to meet a legal obligation pursuant to the EU legislation or the legislation of a Member State to which the Controller is a subject;
  • personal data have been obtained in relation to the information society service offer pursuant to Article 8 (1) of the Regulation;

10.1.6. the right to have the Controller who published the personal data of the Data subject, with regard to available technology and the costs of performance of the measures, to:

  • take adequate measures including the technical measures;
  • inform other entities participating in the personal data processing that the Data subject requests erasure of any reference to his or her personal data, their copies or replicas, following the rule that the right for erasure of the personal data with the contents of rights pursuant to Article 17 (1) and (2) of the Regulation will not arise shall the processing of personal data be needed for any of the following:

10.1.7. exercise of the right for freedom of speech and information;

10.1.8. fulfilment of a legal obligation which requires processing of the data pursuant to the legislation of the European Union or its Member State, to which the Controller is a subject, or fulfilment of a task performed in the public interest or as execution of public authority entrusted to the Controller.

10.1.9. public interest in the realm of public health in compliance with points (h) and (i) of Article 9 (2) of the Regulation, as well as Article 9 (3) thereof.

10.1.10. archiving purposes in the public interest, scientific or historical research or statistical purposes pursuant to Article 89 (1) of the Regulation, shall it be probable that the right stipulated in Article 17 (1) thereof makes it impossible or severely difficult to achieve the goals of such personal data processing; or for establishment, execution or justification of legal claims;

10.1.11. the right of the Data subject to restrict the processing of personal data pursuant to Article 18 of the Regulation, which contains:

10.1.12.

the right to have the Controller restrict the processing of personal data shall any of the following apply:

  • Data subject challenges the accuracy of the personal data during the period when the Controller may verify the accuracy of the personal data;
  • Processing of the personal data is illegal and the Data subject objects to the erasure of the personal data and requests a restricted usage instead;
  • Controller no longer needs the personal data for processing, however, the data are needed by the Data subject in order to establish, exercise or justify any legal claims;
  • Data subject objects to the processing pursuant to Article 21 (1) of the Regulation, until it may be verified whether justified reasons on the side of Controller override the justified reasons of the Data subject;

10.1.13.

the right that in case the processing of personal data has been restricted, such partly processed personal data with the exception of storing, shall only be processed:

  • based on a consent granted by the Data subject, or
  • in order to establish, exercise or justify any legal claims, or
  • to protect the rights of another natural person or corporate body, or
  • due to important public interest of the European Union or its Member State;

10.1.14. the right to be informed in advance on the cancellation of the restriction of the personal data processing;

10.1.15. the right of the Data subject to fulfil his or her obligation towards the recipients pursuant to Article 19 of the Regulation, which obliges the Controller to inform:

  • all recipients of the personal data of the Data subject on any rectification, erasure or restriction of the personal data processing performed pursuant to Article 16, Article 17 (1) and Article 18 of the Regulation, shall this not be proven impossible or needing  undue effort;
  • the Data subject on such recipients, shall the Data subject request so;

10.1.16. the right of the Data subject for portability of data pursuant to Article 20 of the Regulation, which contains:

  • the right to gain the personal data related to the Data subject and which the Data subject provided to the Controller, in a structured, commonly used and machine-readable format, and
  • the right for the transfer of such data to another seller without the Controller impeding such action, shall the processing: 

a/ be based on a consent of the Data subject pursuant to point (a) of Article 6 (1) of the Regulation or point (a) of Article 9 (2) thereof or based on a contract pursuant to point (b) of Article 6 (1) thereof, and simultaneously  

b/ be performed by automated means, and simultaneously:  

10.1.17. the right for obtaining personal data in a structured, commonly used and machine-readable format and the right to transfer such data to another seller without the Controller impeding such action shall not have unfavourable consequences for the rights and freedoms of others;

10.1.18. the right for the transfer of personal data directly from one seller to another, shall this be technically possible;

10.1.19. the right of the Data subject to object pursuant to Article 21 of the Regulation, which contains:  

10.1.20. the right to object, at any time and for the reasons related to a particular situation of the Data subject, to the processing of the personal data which relate to the Data subject and which is performed  pursuant to points (e) or (f) of Article 6 section (1) of the Regulation, including the objection to the profiling based on these provisions of the Regulation;

10.1.21. in case of the execution of the right to object at any time and for the reasons related to a particular situation of the Data subject to the processing of the personal data which relate to the Data subject, which is performed  pursuant to points (e) or (f) of Article 6 (1) of the Regulation, including the objection to the profiling based on these provisions of the Regulation, the right for no further processing of the personal data of the Data subject, unless the Controller justifies fundamental legitimate reasons for the processing which override the interests, rights and freedoms of the Data subject or the reasons for establishment, execution or justification of any legal claims;  

10.1.22. the right to, at any time, object to the processing of the personal data, which relate to the Data subject,  for direct marketing purposes, including the profiling in the scope of direct marketing; whereas, shall the Data subject object to the processing of the personal data for direct marketing purposes, the personal data shall no longer be used for such purposes;

10.1.23. in connection with the usage of information society services, the right to exercise the right to object to the processing of personal data by automated means using technical specifications;

10.1.24. the right to object from the reasons related to a particular situation of the Data subject to the processing of the personal data related to the Data subject, shall the personal data be processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) of the Regulation, however, with the exception of the cases when the processing is fundamental for the fulfilment of a task due to a public interest;

10.1.25. the right of the Data subject related to the automated individual decision-making pursuant to Article 22 of the Regulation, which contains the following:

10.1.26. the right that no decision based solely on the automated processing of personal data, including profiling, and which has legal effects which relate to or significantly influence the Data subject shall apply to the Data subject, with the exception of the cases pursuant to Article 22 (2) of the Regulation [i.e. with the exception of the cases when the decision is: (a) fundamental for the conclusion or performance of the contract between the Data subject and the Controller,

10.1.27. (b)  allowed by the legislation of the European Union or the Member State, to which the Controller is a subject, and which simultaneously stipulates appropriate measures which guarantee protection of the rights and freedoms and justified interests of the Data subject or (c) based on the explicit consent of the Data subject].

XI. Information on the right to withdraw the consent to the processing of personal data

11.1. Data subject is at any time entitled to withdraw his or her consent to the processing of personal data, without this affecting the lawfulness of the personal data processing based on the consent granted prior to the withdrawal.

Data subject is at any time entitled to withdraw his or her consent to the processing of personal data – wholly or partly. A partial withdrawal of the consent to the processing of personal data may refer to a certain type of processing operation / processing operations, whereas the lawfulness of the processing of personal data in the extent of the remaining processing operation remains unaffected. Partial withdrawal of the consent to processing of personal data may apply to a certain purpose of the personal data processing / certain purposes of the processing of personal data, whereas the lawfulness of the processing of personal data for other purposes remains unaffected.

Data subject may exercise the right to withdraw the consent to the processing of personal data in a written form sent to the Controller’s address entered as the registered seat in the Business Register at the time of the withdrawal of the consent to the processing of personal data or electronically (sending an e-mail to the e-mail address of the Controller stated in the identification section herein or filling up the electronic form published at the Controller’s website).

XII. Information on the right to lodge a complaint with a supervisory authority

12.1. Data subject is entitled to lodge a complaint with a supervisory authority, mainly in the Member State of his or her usual stay, workplace or where the breach allegedly occurred, shall the Data subject assume that the processing of the personal data related to him or her is contrary to the Regulation, and all this without any other administrative or judiciary remedies being affected.

Data subject is entitled to be informed by the supervisory authority, which received the complaint, on the progress and result of the complaint, including the possibility to file for a judicial remedy pursuant to Article 78 of the Regulation.

12.2. Supervisory authority in the Slovak republic shall be The Office for Personal Data Protection of the Slovak Republic.

XIII. Information on the existence / non-existence of the obligation to provide personal data and Information related to the automated decision-making including profiling

13.1. The Controller hereby informs the Data subject that the provision of personal data is necessary for the conclusion and performance of the purchase contract. The Controller hereby informs the Data subject that the Data subject is under no obligation to provide the personal data or agree to their processing.  As a consequence of the non-provision and / or non-granting of the consent to the processing of personal data, the Controller shall not be able to conclude and perform the contract.

13.2. Since the Controller does not process the personal data related to the Data subject in the form of automated decision-making, including the profiling, pursuant to Article 22 (1) and (4) of the Regulation, the Controller is under no obligation to provide the information pursuant to point (f) of Article 13 (2) thereof, i.e. the information on the automated decision-making, including the profiling, and the procedure used, nor on the significance and envisaged consequences of such processing of personal data for the Data subject. Does not apply.

XIV. Final provisions

14.1. These principles and information on the protection of personal data and the information on cookies form an integral part of the General Business Terms & Conditions and the Warranty Policy. The General Business Terms & Conditions and the Warranty Policy applied are published at the Controller’s e-shop domain.

14.2. These principles of the personal data protection come into effect as of the date they are published at the Controller’s e-shop, i.e. 17 November 2020.