Protection of personal data and cookies

Operator

1.1. The identity and contact details of the operator are:

Business Name: ELMEC, s.r.o.
Registered Office: Zuzany Chalupovej 4004/12A, 851 07 Bratislava, Slovak Republic
Registered in the Business Register of the Bratislava III District Court, Section Sro, File No. 45934/B
Company Registration Number (IČO): 36776921
VAT ID: SK2022379513
Tax ID: 2022379513
Bank Account:
The seller is a VAT payer.

1.2. The email and telephone contact for the operator is:

Email: info@elmec.sk
Phone: +421 915 794 803

1.3. The address for sending written documents to the operator is:

Zuzany Chalupovej 4004/12A, 851 07 Bratislava, Slovak Republic

1.4. The operator, in accordance with Article 13, paragraphs 1 and 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 May 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, which repeals Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the “Regulation”, in compliance with Act No. 18/2018 Coll. on the Protection of Personal Data and on the Amendment and Supplementation of Certain Acts as amended, and in compliance with Act No. 452/2021 Coll. on Electronic Communications as amended, provides the data subject (the Buyer), from whom the Operator (the Seller) obtains personal data concerning them, with the following information, guidance, and explanations.

II. References

2.1. These principles and guidance on personal data protection form part of the General Terms and Conditions published on the Seller’s Website.

2.2. In accordance with §3, paragraph 1, letter n) of Act No. 102/2014 Coll., the Seller informs the consumer that there are no special relevant codes of conduct to which the Seller has committed to adhere. A code of conduct is understood as an agreement or set of rules defining the behavior of the seller, who has committed to adhere to this code of conduct in relation to one or more specific business practices or sectors, provided that these are not established by law or another legal regulation or measure of a public authority, which the seller has committed to follow, and about how the consumer can become familiar with or obtain their text.

III. Personal Data Protection and Use of Cookies. Guidance and Explanation of Cookies, Scripts, and Pixels

3.1. The operator of the website provides the following brief explanation of the function of cookies, scripts, and pixels:

3.1.1. Cookies are text files containing a small amount of information that are downloaded to your device when you visit a website. Thanks to these files, the website can retain information about your actions and preferences (such as login name, language, font size, and other display settings) over a period of time, so you don’t have to re-enter them each time you visit the website or browse its various pages.

A script is a piece of program code used for the proper and interactive functioning of web pages. This code is executed on the operator’s server or your device.
Pixels are small, invisible texts or images on a website that are used to monitor website traffic. In order to do so, various data is stored through pixels.

3.1.2. Cookies are divided into:

• Technical or functional cookies – ensure the proper functioning of the operator’s website and its use. These cookies are used without consent.
• Statistical cookies – the operator obtains statistics regarding the use of its websites. These cookies are used only with consent.
• Marketing / Advertising cookies – used to create advertising profiles and similar marketing activities. These cookies are used only with consent.

3.2. How to control cookies:

3.2.1. You can control and/or delete cookies at your discretion – see details at aboutcookies.org. You can delete all cookies stored on your computer or other devices, and most browsers can be set to prevent them from being stored.

3.3. The operator’s website uses the following cookies:

All cookies used by the operator can be found on the site https://www.cookieserve.com/ by entering the operator’s website address https://www.elmec.sk.
Technical or functional cookies – accessed by the operator’s website. Cookie duration is 5 years.
Statistical cookies – accessed by the operator’s website. Cookie duration is 5 years.
Marketing and advertising cookies – accessed by the operator’s website. Cookie duration is 5 years.

3.3.1. Cookies accessible to third parties:

Google Analytics, Google ADS: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. More information on privacy can be found at https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008.
Facebook Pixels: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. More information on privacy can be found at https://www.facebook.com/about/privacy/.

IV. Processed Personal Data

4.1. The operator processes the following personal data on its website: name, surname, residence, email address, home phone number, mobile phone number, billing address, delivery address, data obtained from cookies, IP addresses.

V. Contact Details of the Data Protection Officer

5.1. The operator has appointed a data protection officer in accordance with Regulation 2016/679 on the protection of natural persons regarding the processing of personal data and on the free movement of such data. Contact: Email: info@elmec.sk, Phone: +421 915 794 803.

5.2. The operator is also the seller as defined in the General Terms and Conditions of this website.

VI. Purposes of Processing Personal Data of the Data Subject and the Retention Period

6.1. The purposes of processing the personal data of the data subject are primarily:

• 6.1.1. Record keeping, creation, and processing of contracts and client data for the purpose of concluding contracts with third parties.
• 6.1.2. Processing of accounting documents and documents related to the business activities of the operator.
• 6.1.3. Compliance with legal regulations in connection with the archiving of documents and records, e.g., according to Act No. 431/2002 Coll., the Accounting Act as amended, and other relevant regulations.
• 6.1.4. The operator’s activities in connection with fulfilling a request, order, contract, and similar instruments of the data subject.
• 6.1.5. Newsletter, marketing, and similar advertising activities of the operator, provided that the data subject has given consent to the operator for marketing and similar advertising activities.

6.2. The operator retains the personal data of the data subject only for the necessary period required for the purposes of fulfilling the contract and its subsequent archiving in accordance with the statutory periods imposed on the operator by legal regulations. If the data subject has consented to the sending of advertising emails and similar offers, the personal data of the data subject is processed for these purposes until the data subject withdraws their consent, but for no longer than 10 years.

VII. Legal Basis for Processing the Personal Data of the Data Subject

7.1. If the operator carries out the processing of personal data based on the consent of the data subject, this processing will only begin after the data subject has given such consent.
7.2. If the operator processes the personal data of the data subject for the purposes of negotiating pre-contractual relationships and concluding and fulfilling the purchase contract, and the related delivery of goods, products, or services, the data subject is obliged to provide personal data for the proper fulfillment of the purchase contract, otherwise, it is not possible to ensure the fulfillment. Personal data for this purpose is processed without the consent of the data subject.

VIII. Recipients or Categories of Recipients of Personal Data

8.1. Recipients of the personal data of the data subject will be or at least may be:

• 8.1.1. Statutory bodies or their members of the operator.
• 8.1.2. Persons performing work activities in an employment or similar relationship for the operator.
• 8.1.3. The operator’s business representatives and other persons cooperating with the operator in fulfilling the operator’s tasks. For the purposes of this document, the operator’s employees will be considered all natural persons performing dependent work for the operator based on an employment contract or agreements on work performed outside the employment relationship.
• 8.1.4. The recipients of the personal data of the data subject will also be the operator’s collaborators, its business partners, suppliers, and contractual partners, including, but not limited to: accounting companies, companies providing services related to software development and maintenance, companies providing legal services to the operator, companies providing consulting services to the operator, companies ensuring the transportation and delivery of products to buyers and third parties, marketing companies, companies operating social networks, companies ensuring payment gateways and other payment methods.
• 8.1.5. The recipients of personal data will also be courts, law enforcement authorities, tax offices, and other state authorities, if required by law. Personal data will be provided by the operator to these bodies to the extent and in a manner that conforms to the legislation and the operator’s obligations.
• 8.1.6. The recipients of the personal data of the data subject will also be statutory auditors, accountants, tax advisors, and other persons performing consulting services for the operator, who will require this personal data for the purposes of providing services to the operator.
• 8.1.7. The recipients of personal data may also be persons and companies operating social networks on which the operator has an account, profile, or performs marketing activities, if the data subject provides their consent.

IX. Personal Data Transfers to a Third Country

9.1. The operator does not intend to transfer personal data to a third country or international organization.

X. Rights of the Data Subject

10.1. The data subject has the following rights regarding the processing of their personal data by the operator:

• 10.1.1. Right to Access: The data subject has the right to obtain confirmation from the operator as to whether or not personal data concerning them is being processed, and, if so, access to the personal data and the following information: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data has been or will be disclosed, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.

• 10.1.2. Right to Rectification: The data subject has the right to request the rectification of inaccurate personal data concerning them without undue delay. Considering the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

• 10.1.3. Right to Erasure (“Right to be Forgotten”): The data subject has the right to request the erasure of personal data concerning them without undue delay, and the operator has the obligation to erase personal data without undue delay if one of the following grounds applies:

  • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • The data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing.
  • The data subject objects to the processing and there are no overriding legitimate grounds for the processing.
  • The personal data has been unlawfully processed.
  • The personal data must be erased for compliance with a legal obligation.

• 10.1.4. Right to Restriction of Processing: The data subject has the right to obtain from the operator the restriction of processing if one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the operator to verify the accuracy of the personal data.
  • The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
  • The operator no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise, or defense of legal claims.
  • The data subject has objected to processing pending the verification of whether the legitimate grounds of the operator override those of the data subject.

• 10.1.5. Right to Data Portability: The data subject has the right to receive the personal data concerning them, which they have provided to the operator, in a structured, commonly used, and machine-readable format, and has the right to transmit that data to another operator without hindrance from the operator to which the personal data has been provided, where the processing is based on consent or on a contract and the processing is carried out by automated means.

• 10.1.6. Right to Object: The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on the operator’s legitimate interests or the performance of a task carried out in the public interest. The operator shall no longer process the personal data unless the operator demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

• 10.1.7. Right to Withdraw Consent: Where the processing of personal data is based on the data subject’s consent, the data subject has the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

• 10.1.8. Right to Lodge a Complaint: The data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement if the data subject considers that the processing of personal data relating to them infringes the Regulation.

XI. How to Exercise Your Rights

11.1. The data subject may exercise their rights by contacting the operator via the provided contact details. The operator shall provide information on actions taken on a request under Articles 15 to 22 of the Regulation to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

11.2. If the operator does not take action on the request of the data subject, the operator shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

XII. Data Security

12.1. The operator implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

• Pseudonymization and encryption of personal data.
• The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
• The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
• A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

12.2. The operator ensures that any person acting under the authority of the operator who has access to personal data does not process them except on instructions from the operator, unless they are required to do so by Union or Member State law.

XIII. Changes to the Privacy Policy

13.1. The operator reserves the right to modify or update this Privacy Policy from time to time to reflect changes in legal, technical, or business developments. When the operator updates the Privacy Policy, appropriate measures will be taken to inform the data subject, consistent with the significance of the changes made. The operator will obtain the data subject’s consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.

13.2. The current version of the Privacy Policy will always be available on the operator’s website.

XIV. Final Provisions

14.1. These principles and guidelines form part of the operator’s General Terms and Conditions and are governed by Slovak law.

14.2. If any provision of this Privacy Policy is found to be invalid or unenforceable, the remaining provisions will remain in full force and effect.

14.3. This Privacy Policy is valid and effective from 1st August 2024.

Contact Information: ELMEC, s.r.o.
Zuzany Chalupovej 4004/12A, 851 07 Bratislava, Slovak Republic
Email: info@elmec.sk
Phone: +421 915 794 803