Data Protection Declaration

(Pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "GDRP") and Act No. 18/2018 Coll. on Personal Data Protection as amended) (hereinafter referred to as "APDP")

Our company SHAPEN s.r.o. having its registered office at Kamenná 3851/10, 841 10 Bratislava, Company ID: 51 740 907, registered in the Commercial Register of the City Court of Bratislava III, Section: Sro, File No.: 128808/B takes the protection of your privacy and your personal data very seriously. These data protection principles describe how collect, keep and further process personal data in relation to the sale of products and provision of services.

These data protection principles describe how we collect, process and protect your personal data and they also contain information about your rights and their exercise.

Personal data are any data concerning an identified or unidentified natural person who can be identified either directly or indirectly by generally usable identifier or other identifier.

What kind of information and personal data is collected and its purpose

We only process data necessary to achieve the purpose of the processing.

When you make a purchase or register in our eShop, we may generally request and collect your personal data such as your contact details (name, surname, email address and phone number).

When you receive our newsletter and business information by email, you can sign up without creating your own account. The only data we keep in such case is your email address. By creating an account, you do not sign up to receive our newsletter.

We link your ID cookies to your personal data submitted and collected in relation to your purchase only when you are logged into your SHAPEN account.

We do not collect any information about your payment cards when you shop at our online store. Your payment is made through the payment gateway that will send us information about the payment transaction and thus your order is carried out.

There are video surveillance systems installed in our stores monitoring the entirety of the premises in order to protect our property. They produce video recordings.

Purpose and legal basis for personal data processing

We process your personal data for the purpose of:

  • Sale of our goods and provision of related services. Legal basis being Article 6(1)(b) of GDPR – performance of a contract and precontractual relationships; or Article 6(1)(f) of GDPR – our legitimate interest to deliver ordered goods if the data subject is not also a party to the contract.
  • Opening and managing your account in our e-shop. Legal basis being Article 6(1)(b) of GDPR – performance of a contract and precontractual relationships; or Article 6(1)(f) of GDPR – our legitimate interest to deliver ordered goods properly if the data subject is not also a party to the contract.
  • Marketing communication in the form of sending newsletters. Legal basis being Article 6(1)(f) of GDPR – our legitimate interest to conduct direct marketing towards our customers; or Article 6(1)(a) of GDPR – consent given by the data subject.
  • Performance of legal accounting and tax obligations. Legal basis being Article 6(1)(c) of GDPR in conjunction with Act No. 595/2003 Coll. on the income tax as amended, Act No. 431/2002 Coll. on the accounting as amended and other applicable legal regulations – performance of legal obligations.
  • Operation of our website and applications. Legal basis being Article 6(1)(f) of GDPR – our legitimate interest to improve operation and functionality of our website; or Article 6(1)(a) of GDPR – consent given by the data subject (when it comes to other than necessary cookies / monitoring technologies).
  • Management of our social media profiles. Legal basis being Article 6(1)(f) of GDPR – our legitimate interest to operate and improve functionality of our social media profiles; or Article 6(1)(a) of GDPR – consent given by the data subject.
  • Securing of our possible legal claims. Legal basis being Article 6(1)(f) of GDPR – our legitimate interest to secure and prosecute our possible legal claims.
  • Organizing consumer contests. Legal basis being Article 6(1)(b) of GDPR – performance of a contract.
  • Publication of reviews. Legal basis being Article 6(1)(a) of GDPR – consent given by the data subject.
  • Protection of our property through utilizing video surveillance system in our stores. Legal basis being Article 6(1)(f) of GDPR – our legitimate interest to protect our property. The recording may be later used to investigate a possible incident and secure our possible legal claims. If an incident occurs, the recording may also be handed over to law enforcement authorities that further process the recording in their own name in order to fulfil their legal obligation – investigating crimes.

      Source of your personal data

      We receive the above-mentioned personal data directly from you as an individual. We collect personal data using electronic means such as Controller's website, our website forms, emails or during telephone conversations with you or you have provided your personal data in other documents.

      Of course, it is up to you whether you will submit your personal data to us and will enable us to identify you. We may not be able to sell you the products from our eShop or provide services you request, if you decide not to submit the personal data we require.

      If we have not acquired personal data directly from you, we have probably collected it from our customers.

      Our role in processing personal data

      We process your personal data in our name, therefore we act as a controller.

      How long we will process and keep your personal data

      We keep your personal data and information as long as they are needed for intended purpose and / or as required by law. We regularly review the personal data to ensure that it is necessary to keep them.

      The personal data are kept at least for the contract period and to the extent necessary until the limitation periods to enforce possible legal claims expired and for the retention period determined by applicable law, however, always at least until all proceedings on legal claims are concluded.

      Where the consent for data processing is needed, the personal data will be processed for this purpose only for the period for which the consent was granted. The consent may be withdrawn in compliance with information provided below.

      Where the data are processed based on the Controller’s legitimate interest, they will be processed only for the period of justified objection to the processing of date in compliance with information provided below.

      Video recording produced by the video surveillance system will be retained for the period of 72 hours. After this period it is automatically erased and replaced by a new recording. Video recording will only be retained for a longer period if an incident is recorded, The recording will be retained until the incident is investigated, the limitation periods to enforce possible legal claims expired and for the retention period determined by applicable law, however, always at least until all proceedings on legal claims are concluded.

      You can check or delete cookies at your discretion using your browser settings, for further information visit aboutcookies.org.

      We also try to keep information that is accurate, current and relevant. If you think that your personal data we process are inaccurate, please use the available channels to contact us and we can take necessary steps to fix this problem.

      Who can have access to your personal data

      Your personal data may also be provided to third parties to a necessary extent, if there is a particular and legitimate purpose for it complying with the generally binding regulations provided that all reasonable measures are taken to ensure that the third parties are bound by a duty of confidentiality and privacy with regard to the personal data protection.

      Personal data may be shared with the following categories of recipients and with public authorities:

      • service and courier services providers, 
      • payment services providers,
      • storage services providers, 
      • tax and financial consultants, 
      • legal consultants, 
      • IT services providers, 
      • social networking services providers, 
      • providers of other services required for meeting the purposes of data processing, 
      • Tax Office, 
      • Slovak Trade Inspection, 
      • courts, law enforcement agencies, bailiffs,
      • other authorized entities under the applicable laws.

          We guarantee that your personal data and information are processed in a manner that ensures appropriate security of your personal data and information, prevents their unauthorized use and unauthorized sharing and we have put material, technical and organizational procedures in places to ensure their protection.

          Transfers of personal data

          Your personal data is transferred to third countries only when a newsletter is sent by MailChimp / The Rocket Science Group LLC, having its headquarters in the United States. The Standard Data Protection Clause adopted by the European Commission ensures an adequate level of data protection. For more information please visit: https://mailchimp.com/legal/data-processing-addendum/

          We do not plan on other cross-border transfers of your personal data to countries outside of the European Economic Area (EU, Iceland, Norway and Liechtenstein). If data transfer to third countries was about to happen, we would ensure an adequate level of protection of your personal data, of course. Transfer of personal data may occur in management our social media profiles. For further information on the processing of personal data for this purpose, please, see the section on social networks.

          How we protect your personal data

          It is our priority to keep your personal data safe. We process your personal data in accordance with applicable law, namely GDPR. We have adopted necessary technical and organizational measures to ensure protection of your personal data. Personal data are processed on the computers that are protected by password and antivirus software. We have an SSL certificate installed to secure our eShop website. We apply state-of-the-art technologies to ensure safe storage and transfer of data and work on professional expertise of our employees on regular basis.

          Cookies

          Cookies are small text files stored on your computer or your mobile device and they are renewed every time you visit our website.

          How we use cookies

          We use cookies for proper functioning of the website. The cookies may be also used to improve functioning of the website, to monitor traffic and for customized marketing purposes. Cookies can be categorized as session cookies or permanent cookies depending on how long they are used. Session cookies are erased after closing the browser, permanent cookies remain on the user´s device for a predetermined period of time. In certain cases we use third-party cookies.

          We only use cookies without your consent if it is necessary to secure proper functioning of the website. In the remaining cases, cookies are always used based on your consent that can be given through a cookie banner. Clicking on “Accept All” you give your consent to using all cookies including third party cookies. If you do not wish for all cookies to be used, you can click on “Settings” and select which cookies, apart from the necessary ones, are to be used.

          You can enable or reject cookies on the website you visit by changing your browser settings. Use the help tab on your browser and follow the instructions. Please, bear in mind that by disabling cookies using our website may become less convenient.

          Types of cookies we use:

          • Necessary cookies – Certain cookies are necessary to ensure basic functionalities of the website. Website would not function properly without these cookies; they are enabled by default setting and cannot be blocked.
          • Analytical cookies – Analytical cookies help us improve our website by collecting information and reporting on the use of the website.
          • Marketing cookies – Marketing cookies are used to monitor visitors across websites in order to display relevant and engaging advertisements.
          • Other cookies

          For further information on individual types of cookies and their retention periods see the cookie banner under “Settings“ and “Cookie Declaration“.

          Social media

          We are also present on social media using our profiles for communication. However, within these platforms we only have limited authority when processing your personal data. Therefore, you should consult the terms of personal data processing of the specific social media provider.

          Facebook and Instagram

          Personal data for social networks Facebook and Instagram are processed by Meta Platforms, Inc., or Meta Platforms Ireland Ltd. Their terms of personal data processing can be found at https://www.facebook.com/privacy/policy.

          Personal data may be processed for various purposes within our profiles at these social networks. And given the purpose of the data processing we may find ourselves in different positions in relation to this social networking services provider:

          • Management of our profile – in this case we act as a controller and the social networking services provider as an intermediary. In this scenario, we can use services of the social networking services provider such as “data file custom audiences” used for managing audiences in advertising campaigns or “measurement and analytics” used for measuring performance and reach of advertising campaigns. Such processing will occur when you interact with our profile or our campaigns. Following legal guarantees apply with the processing of personal data: https://www.facebook.com/legal/terms/dataprocessing
          • Statistical data – the social networking services provider shares with us anonymized statistical data for the purpose of analysing the operation of our social media profiles (website traffic statistics). In this scenario, we are joint controllers when it comes to data processing. For more information on data processing for this purpose see https://www.facebook.com/legal/terms/page_controller_addendum.

          Our website includes Facebook as well as Instagram share buttons. If you click on them while being logged in to your Facebook or Instagram account, the social networking services provider may link your visit to your user account. The social networking services provider collects information about you and uses it for its own advertising purposes, market research and/or optimizing its services and tools. We advise you to always log out after using social media. For further information on the processing of personal data by the social networking services provider and your rights see the terms of the processing (see above).

          YouTube

          We also have a YouTube channel and we can share our YouTube videos on our website as well. Our website also includes a YouTube share button. YouTube services are provided by Google LLC or Google Ireland Ltd. Upon your visiting of our website, playing a video or clicking on the share button the social networking service provider may collect information about you and use it for its own advertising purposes, market research and/or optimizing its services and tools. If you have a YouTube account and do not wish to be linked to your account, you need to log out before clicking on the YouTube share button. For further information on the processing of personal data by the social networking service provider and your rights see its terms of the processing at https://policies.google.com/privacy.

          Your rights with regard to personal data processing

          You may exercise your rights at info@shapenbarefoot.com or in writing by sending your request to our company address. Please state your name, surname and address in your request so we can verify your identity and prevent submitting your data to an unauthorized person.

          With regard to the processing of personal data you can exercise the following rights:

          Right to access your personal data

          You have a right to know whether your personal data are processed or not and when they are processed you have an access to information about their processing, categories of personal data affected, receivers or receiver categories, retention period of personal data as well as information about your rights, your right to lodge a complaint with the Office for Personal Data Protection, information about the source of personal data, information whether there is anonymized decision making and profiling, information and guarantees in case of transmission of personal data to the third countries or international organizations. You have a right to receive the copies of processed personal data.

          Right to rectification

          Are your personal data irrelevant or inaccurate? Have you for example changed your address? Please let us know and we will rectify your data.

          Right to erasure (right to be forgotten)

          We are obliged to erase your personal data if you instruct us to do so in some cases specified by law (mostly when the purpose of processing has ceased to exist, the consent has been withdrawn or unlawful processing takes place). However, such request is subject to individual review, since the Controller is obliged or has a legitimate interest to keep your personal data.

          Right to restriction of processing

          We are obliged to restrict the processing of your personal data in some cases specified by law (mostly when you object to the accuracy of your data or processing of personal data).

          Right to data portability

          If you want to have your personal data transferred to other company, we will transfer your personal data in an appropriate format to an entity specified by you, unless we are prevented from doing so by some legal or other significant obstacles.

          Right to object to personal data processing

          You have a right to object to the processing of your personal data at any time based on our legitimate interests. In such event we may not continue processing personal data unless demonstrating the necessary legitimate interests for processing of personal data that prevail over your rights or interests or reasons for asserting a legal claim. If you object to the processing of your personal data for direct marketing purposes, we will not process your personal data for such purpose anymore.

          Right to lodge a complaint with the Office for Personal Data Protection

          You may lodge your request or your complaint regarding the processing of your personal data with the Supervisory Authority – Office for Personal Data Protection of the Slovak Republic, having its headquarters at: Hraničná 12, 820 07 Bratislava 27 at any time.

          Where to exercise your rights and information concerning fees

          You can exercise your rights directly with us by sending an email to: info@shapenbarefoot.com, or by sending a written request to the company headquarters: SHAPEN s.r.o., Kamenná 3851 / 10, 841 10 Bratislava.

          All information and replies concerning the rights you exercise are provided free of charge.

          When to expect the Controller’s reply

          We will send you replies and eventual information about measures adopted as soon as possible, within one month at latest. With regard to the complexity and number of requests we can extend this deadline by another month (two months in total) if necessary. We will keep you informed of extension of deadline and the reason for its extension.

          How to withdraw your consent to personal data processing

          The consent to the processing of personal data is given on a voluntary basis. It means that it can be withdrawn at any time.

          What the withdrawal of consent should contain

          • Who submits the withdrawal of consent? Please state your name, surname, address and email address so we can identify you. 
          • Whom do you submit the withdrawal to? 
          • Information that you do not want to have your personal data processed. 
          • Date and place of signing the withdrawal. 
          • Your handwritten signature.

              How to send your withdrawal of consent

              You have to send us the withdrawal of consent in writing, so we have an adequate record of your withdrawal. You can withdraw your consent by emailing us at info@shapenbarefoot.com or by sending your request to the Controller's headquarters: SHAPEN s.r.o., Kamenná 3851 / 10, 841 10 Bratislava by post.

              You can unsubscribe from our newsletter by following the instructions provided in the newsletter.

              If you do not understand or you are not sure about something after reading this document on the processing of your personal data, we are ready to explain any term or any part of this document to you. Please email us at: info@shapenbarefoot.com.