Conditions of Personal Data Protection
1. The personal data controller pursuant to Section 5 point o) of Act No. 18/2018 Coll. concerning the Protection of Personal Data as amended (hereinafter only “the Act”) is gooseberry, s.r.o. company ID 44957521 with registered office at Jakubovo námestie 14, 811 02 Bratislava, Slovakia hereinafter only “the Controller”).
2. The Controller’s contact details are
address: Jakubovo námestie 14, 811 09 Bratislava, Slovakia
telephone: +421 905 484 035
3. Personal data means all information about an identified or identifiable natural person; an identifiable natural person is a natural person that can be identified directly or indirectly, in particular by reference to a particular identifier such as name, identification number, localization data, network identifier, or link to one or more specific physical, physiological, genetic, psychological, economic, cultural or social identity of that individual.
4. The Controller has not appointed a responsible person for the protection of personal data.
Sources and categories of processed personal data
1. The Controller processes personal information that you provide or personal information that the Controller obtained on the basis of processing your order.
2. The Controller processes your identification and contact information.
Legal reason and purpose of processing personal data
1. The legal reason for processing personal data is
- contract performance between you and the Controller pursuant to Section 13 (1) (b) of the Act,
- the legitimate interest of the Controller in the provision of direct marketing (in particular for the sending of commercial announcements and newsletters) pursuant to Section 13 (1) (f) of the Act,
- your consent to the processing for the purpose of the provision of direct marketing (in particular for the sending of commercial announcements and newsletters) pursuant to Section 13 (1) (a) of the Act in the absence of an order for goods or services.
2. The purpose of processing personal data is
- performance of your orders and the exercise of the rights and obligations arising from the contractual relationship between you and the Controller; personal data is necessary for the successful completion of the order (name, address, and contact), the provision of personal data is a necessary requirement for the conclusion and fulfilment of the contract, without the provision of personal data the Controller cannot conclude or perform the contract,
- sending commercial announcements and performing other marketing activities.
3. The Controller does not automatically make an individual decision pursuant to Section 28 of the Act.
Retention period of personal data
1. The Controller retains personal data
- for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the Controller and the exercise of rights under these contractual relationships (for 15 years from the termination of the contractual relationship).
- until the consent to the processing of personal data for marketing purposes is revoked, for a maximum of 15 years if the personal data are processed on the basis of consent.
2. After the retention period of the personal data has elapsed, the Controller will delete the personal data.
Recipients of personal data (subcontractors of the operator)
1. The recipients of personal data are persons
- contributing to the delivery of goods,
- providing e-shop services and other services related to the operation of the e-shop,
2. The Controller does not intend to transfer personal data to a third country (to a non-EU country) or an international organization.
1. Under the conditions set forth in the Act, you have the right to
- access your personal data pursuant to Section 21 of the Act,
- correct personal data pursuant to Section 22 of the Act, or limit processing pursuant to Section 24 of the Act,
- delete personal data pursuant to Section 23 of the Act,
- object to the processing pursuant to Section 27 of the Act,
- the right to data transmission pursuant to Section 26 of the Act,
- withdraw consent to processing in writing or electronically to the address or email of the Controller as referred to in Art. III of these conditions.
2. Furthermore, you have the right to file a complaint with the Personal Data Protection Authority in the case that you believe your privacy has been violated.
Conditions of personal data protection
1. The Controller declares that it has taken all appropriate technical and organizational measures to safeguard personal data.
2. The Controller declares that personal data can only be accessed by authorized persons.
These terms will become effective on 25 May 2018.