booking@firesburning.com

SLOVENSKY

PRIVACY POLICY

 

Basic Information

We approach your personal data responsibly. Therefore, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the „GDPR Regulation“) and Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Acts (hereinafter referred to as the „Act„), we provide you, as the data subject (the natural person whose personal data are processed), with our identification and contact details, the contact details of the responsible person, and other necessary information available in the tabs on the left.

 

In accordance with Art. 24 of the GDPR Regulation and Section 31 of the Act, the Controller has adopted appropriate technical, organizational, personnel, and security measures and guarantees, taking into account in particular:

 

  • Principles of personal data processing: legality, fairness, and transparency; limitation and compatibility of processing purposes; data minimization; pseudonymization and encryption; as well as integrity, confidentiality, and availability.

  • Principles of necessity and proportionality: (pertaining to the scope and amount of processed personal data, storage period, and access to the data subject’s personal data) regarding the purpose of the processing operation.

  • Adoption of measures for the immediate detection of personal data breaches and prompt notification of the supervisory authority and the responsible person.

  • The nature, scope, context, and purpose of the processing operation.

  • The resilience and recovery of personal data processing systems.

  • Instructions for authorized persons of the Controller.

  • Adoption of measures to ensure the correction or deletion of incorrect data or the exercise of other rights of the data subject.

  • Risks of varying probability and severity for the rights and freedoms of natural persons (especially accidental or unlawful destruction, loss, or alteration of personal data, misuse – unauthorized access or disclosure; risk assessment with regard to the origin, nature, probability, and severity of the risk in connection with processing and identification of best practices for risk mitigation).

 

 

Processing Activities of the Controller

 

Accounting Documents

  • Purpose of processing: Processing of orders, incoming and outgoing invoices, banking relations, cash management, ensuring cash receipts and expenditures, warehouse management, records of investment assets (including automatic depreciation) and small assets, management of simple/double-entry bookkeeping of the organization.

  • Categories of personal data: Title, first name, last name, address, phone number, email address, date of birth, type and number of identity document, vehicle registration number (EČV), signature, bank account number, or others if required by a specific legal regulation or other legal basis.

  • Special categories of personal data: No special categories of personal data are processed.

  • Categories of data subjects: Employees of the controller, former employees, cooperating entities (e.g., suppliers or subcontractors).

  • Provision of data to third parties: Courts, law enforcement agencies, health insurance companies, Social Insurance Agency, tax office, inspectors of the Office for Personal Data Protection of the Slovak Republic, other authorized entities in accordance with the Act or other specific legal regulations.

  • Retention periods (Deletion):

    • Invoice books, Invoices, Cash agenda, Accounting documents, Bank statements, Tax returns: 10 years

    • General ledgers: 20 years

  • Legal basis: Act No. 431/2002 Coll. on Accounting, Act No. 222/2004 Coll. on VAT, Act No. 18/2018 Coll. on Personal Data Protection, Labor Code (311/2001 Coll.), Commercial Code (513/1991 Coll.), and related tax and administrative legislation.

E-SHOP

  • Purpose of processing: Purchase and sale of goods via the internet, including delivery to the client.

  • Categories of personal data: Name, surname, title, residence, delivery address, email, phone number, date of birth, IP address, cookies, account number.

  • Categories of data subjects: E-SHOP customers.

  • Retention periods: Accounting/Tax documents (10 years), Claims/Complaints (5 years), Correspondence (3 years), Contracts (10 years).

  • Legal basis: Act No. 102/2014 Coll. on Consumer Protection in distance selling, Art. 6 (1)(b) of GDPR (performance of a contract).

  • Note: We send notification emails regarding order status. Employees access data for processing, payment pairing, and troubleshooting. Shipping is handled via Zásielkovňa (Packeta) or personal pickup at Beauty Factory. We use an online payment gateway.

Photographs and Videos

  • Purpose of processing: Creating an image for the purpose of transferring it to paper or other media.

  • Categories of personal data: Physical identity characteristics and other data specifying the person in the photo.

  • Retention periods: 5 years.

  • Legal basis: Civil Code (Sections 11–16), Act No. 18/2018 Coll.

Incoming and Outgoing Mail (Paper or Email)

  • Purpose of processing: Registration of mail (letters, suggestions, complaints) in paper or electronic form.

  • Retention periods: Correspondence – 3 years.

  • Legal basis: e-Government Act, Trust Services Act, Art. 6 (1)(f) of GDPR (legitimate interest).

Claims and Complaints Records

  • Purpose of processing: Management of claims/complaints.

  • Categories of data subjects: Consumers claiming goods or services.

  • Retention periods: Claims/Complaints – 5 years, Correspondence – 3 years.

  • Legal basis: Civil Code, Consumer Protection Act, Act No. 18/2018 Coll.

Marketing

  • Purpose of processing: Sales support – marketing offers, newsletters, product info.

  • Retention periods: Correspondence (3 years), Contracts (10 years).

  • Legal basis: Act No. 18/2018 Coll.

Consumer Competitions

  • Purpose of processing: Registration of participants in consumer competitions.

  • Retention periods: Participation in competition – 3 years.

  • Legal basis: Act No. 18/2018 Coll., Civil Code, Income Tax Act.

CCTV System (Camera Information System)

  • Purpose of processing: Protection of property and other legitimate interests of the controller.

  • Categories of personal data: Audio-visual recordings from cameras.

  • Retention periods: Maximum 72 hours.

  • Legal basis: Art. 6 (1)(f) of GDPR (legitimate interest).

 

Cross-border transfer of personal data does not take place in any of the categories.

 

Potrebujete k tomuto prekladu pripraviť aj verziu v PDF alebo pomôcť s úpravou inej časti vašich obchodných podmienok?

© FIRES BURNING