Personal Data Protection
Data Protection Declaration
(Pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "GDRP") and Act No. 18/2018 Coll. on Personal Data Protection as amended) (hereinafter referred to as "APDP")
Our company SHAPEN s.r.o. having its registered office at Kamenná 3851/10, 841 10 Bratislava, Company ID: 51 740 907, registered in the Commercial Register of the District Court of Bratislava I, Section: Sro, File No.: 128808/B (hereinafter referred to as a "Controller") takes the protection of your privacy and your personal data very seriously. These data protection principles describe how the Controller collects, keeps and further processes personal data in relation to the sale of products and provision of services.
These data protection principles describe how we collect, process and protect your personal data and they also contain information about your rights and their exercise.
Personal data are any data concerning an identified or unidentified natural person who can be identified either directly or indirectly by generally usable identifier or other identifier.
What kind of information and personal data is collected and its purpose
When you make a purchase or register in our eShop, we may generally request and collect your personal data such as your contact details (name, surname, email address and phone number).
When you receive our newsletter and business information by email, you can sign up without creating your own account. The only data we keep in such case is your email address. By creating an account, you do not sign up to receive our newsletter.
We link your ID cookies to your personal data submitted and collected in relation to your purchase only when you are logged into your SHAPEN account.
We do not collect any information about your payment cards when you shop at our online store. Your payment is made through the payment gateway that will send us information about the payment transaction and thus your order is carried out.
Purpose and lawful basis for personal data processing
We process your personal data for the purpose of:
- Shopping and registering in our eShop. Performance of contract including pre-contractual relationships represent the lawful basis. It is not mandatory to submit your personal data, however without providing them we cannot perform the contract.
- Sending newsletters. Your consent given by signing up for our newsletter is the lawful basis for sending newsletters. Marketing consent is voluntary. However, it is essential for us if we want to send you individual product and service offers. Without your consent we cannot send you individual service offers.
- Compliance with tax and financial regulations. The compliance with applicable regulations, in particular Act No. 595/2003 Coll. on Income Tax as amended and Act No. 431/2002 Coll. on Accounting as amended is the lawful basis for processing.
- Compliance with archiving regulations. The compliance with applicable regulations, in particular Act No. 395/2002 Coll. on Archives and Registries as amended represent the lawful basis for processing.
- Ensuring our eventual legal claims. Our legitimate interest is the lawful basis for processing.
- Organizing consumer contests. Your consent is the lawful basis for processing.
Source of your personal data
We receive the above-mentioned personal data directly from you as an individual. We collect personal data using electronic means such as Controller's website, forms, emails or during telephone conversations with you or you have provided your personal data in other documents.
Of course, it is up to you whether you will submit your personal data to us and will enable us to identify you. We may not be able to sell you the products from our eShop or provide services you request, if you decide not to submit the personal data we require.
How long we will process and keep your personal data
We keep your personal data and information as long as they are needed for intended purpose and / or as required by law. We regularly review the personal data to ensure that it is necessary to keep them.
The personal data are kept at least for the contract period and to the extent necessary until expiration of limitation periods for assertion of eventual legal claims and for the retention period arising out of applicable law, however at least until the termination of all claims proceedings.
Where the consent for data processing is needed, the personal data will be processed for this purpose only for the period for which the consent was granted. The consent may be withdrawn in compliance with information provided below.
Where the data are processed based on the Controller’s legitimate interest, they will be processed only for the period of justified objection to the processing of date in compliance with information provided below.
You can check or delete cookies at your discretion using your browser settings, for further information visit aboutcookies.org.
We also try to keep information that is accurate, current and relevant. If you think that your personal data we process are inaccurate, please use the available channels to contact us and we can take necessary steps to fix this problem.
Who can have access to your personal data
When we sell products from our eShop or provide some services, your data may be transferred to the third parties, if there is a particular and legitimate purpose for it complying with the generally binding regulations provided that all reasonable measures are taken to ensure that the third parties are bound by a duty of confidentiality and privacy with regard to the personal data protection.
The Controller may use your data for direct marketing in some particular cases based on your consent. The data shared with the third parties are used only to provide you the above services, for an analytical tool collecting statistical data to optimize our website and to provide you the relevant materials.
We do not share your personal data with the third parties with exception of:
- service and courier services providers,
- payment services providers,
- tax and financial consultants,
- legal consultants,
- IT services providers,
- Facebook Ireland Ltd. - company keeping the Controller's website on the Facebook and Instagram,
- processor Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for the purpose of saving information about consumer contests,
- Tax Office,
- Slovak Trade Inspection,
- courts, law enforcement agencies, bailiffs,
- other authorized entities under the applicable laws.
We guarantee that your personal data and information are processed in a manner that ensures appropriate security of your personal data and information, prevents their unauthorized use and unauthorized sharing and we have put material, technical and organizational procedures in places to ensure their protection.
Transmission of personal data
Your personal data are transmitted to the third countries only when the newsletter is sent by MailChimp / The Rocket Science Group LLC, having its headquarters in the United States. The Standard Data Protection Clause adopted by the European Commission ensures an adequate level of data protection. For more information please visit: https://mailchimp.com/legal/data-processing-addendum/
How we protect your personal data
It is our priority to keep your personal data safe. We have adopted necessary technical and organizational measures to ensure protection of your personal data. Personal data are processed on the computers that are protected by password and antivirus software. We have an SSL certificate installed to secure our eShop website.
Cookies are small text files stored on your computer or your mobile device and they are renewed every time you visit our website.
We use session cookies, for example when you use the product filtering function to check whether you signed in or put the goods in your shopping cart.
We use the first- and third-party cookies to collect statistical data and user data in aggregate or individual form in an analytical tool to optimize our website and to provide the relevant marketing materials.
Some services that are displayed on our web pages are set by the third-party cookies and they are outside of our control. They are set by the social media companies such as Facebook, Instagram, YouTube, Twitter and Vimeo referring to the users' ability to share the content on this website as it is suggested by their icon.
We also use the third-party cookies for website tracking to provide marketing on other websites / channels.
Your rights with regard to personal data processing
You may exercise your rights at firstname.lastname@example.org or in writing by sending your request to our company address. Please state your name, surname and address in your request so we can verify your identity and prevent submitting your data to an unauthorized person.
With regard to the processing of personal data you can exercise the following rights:
Right to access your personal data
You have a right to know whether your personal data are processed or not and when they are processed you have an access to information about their processing, categories of personal data affected, receivers or receiver categories, retention period of personal data as well as information about your rights, your right to lodge a complaint with the Office for Personal Data Protection, information about the source of personal data, information whether there is anonymized decision making and profiling, information and guarantees in case of transmission of personal data to the third countries or international organizations. You have a right to receive the copies of processed personal data.
Right to rectification
Are your personal data irrelevant or inaccurate? Have you for example changed your address? Please let us know and we will rectify your data.
Right to erasure (right to be forgotten)
We are obliged to erase your personal data if you instruct us to do so in some cases specified by law (mostly when the purpose of processing has ceased to exist, the consent has been withdrawn or unlawful processing takes place). However, such request is subject to individual review, since the Controller is obliged or has a legitimate interest to keep your personal data.
Right to restriction of processing
We are obliged to restrict the processing of your personal data in some cases specified by law (mostly when you object to the accuracy of your data or processing of personal data).
Right to data portability
If you want to have your personal data transferred to other company, we will transfer your personal data in an appropriate format to an entity specified by you, unless we are prevented from doing so by some legal or other significant obstacles.
Right to object to personal data processing
You have a right to object to the processing of your personal data at any time based on the Controller's legitimate interests. The Controller may not continue processing personal data unless demonstrating the necessary legitimate interests for processing of personal data that prevail over your rights or interests or reasons for asserting a legal claim. If you object to the processing of your personal data for direct marketing purposes, we will not process your personal data for such purpose anymore.
Right to lodge a complaint with the Office for Personal Data Protection
You may lodge your request or your complaint regarding the processing of your personal data with the Supervisory Authority – Office for Personal Data Protection of the Slovak Republic, having its headquarters at: Hraničná 12, 820 07 Bratislava 27 at any time.
Where to exercise your rights and information concerning fees
You can exercise your rights directly with the Controller by sending an email to: email@example.com, or by sending a written request to the company headquarters: SHAPEN s.r.o., Kamenná 3851 / 10, 841 10 Bratislava.
All information and replies concerning the rights you exercise are provided free of charge.
When to expect the Controller’s reply
We will send you replies and eventual information about measures adopted as soon as possible, within one month at latest. With regard to the complexity and number of requests we can extend this deadline by another month (two months in total) if necessary. We will keep you informed of extension of deadline and the reason for its extension.
How to withdraw your consent to personal data processing
The consent to the processing of personal data is given on a voluntary basis. It means that it can be withdrawn at any time.
What the withdrawal of consent should contain
- Who submits the withdrawal of consent? Please state your name, surname, address and email address so we can identify you.
- Whom do you submit the withdrawal to?
- Information that you do not want to have your personal data processed.
- Date and place of signing the withdrawal.
- Your handwritten signature.
How to send your withdrawal of consent
You have to send us the withdrawal of consent in writing, so we have an adequate record of your withdrawal. You can withdraw your consent by emailing us at firstname.lastname@example.org or by sending your request to the Controller's headquarters: SHAPEN s.r.o., Kamenná 3851 / 10, 841 10 Bratislava by post.
You can unsubscribe from our newsletter by following the instructions provided in the newsletter.
If you do not understand or you are not sure about something after reading this document on the processing of your personal data, we are ready to explain any term or any part of this document to you. Please email us at: email@example.com.