Terms of privacy protection
These privacy conditions explain how we process personal data when providing our services within the framework of the company Mária Kovalčíková – MAYAK design, with registered office: 08216 Záhradné, Hlavná 221/20, ID number: 50351249, registration: Prešov District Office, trade register number: 750- 46631 (hereinafter referred to as “operator” or “we”). Your point of contact for answering any questions regarding the protection of personal data or receiving and handling requests from data subjects is the following contact information:
Contact details of the operator:
E-mail: info@mayakhandmade.com
Phone number: +421 948 768 828
Correspondence addess: 08216 Záhradné, Hlavná 221/20
These privacy protection conditions serve primarily to fulfill information obligations under Art. 13 and 14 of the GDPR towards the affected persons whose personal data we process. Typically, these are mainly our clients, employees of our business partners or suppliers. When processing personal data, we primarily follow the EU General Regulation on the Protection of Personal Data (“GDPR”), which also regulates your rights as a data subject, the provisions of Act No. 18/2018 Coll., on the protection of personal data (hereinafter referred to as the “Act on the Protection of Personal Data”), which apply to us as well as other legal regulations. If you do not fully understand any of the information provided in these terms and conditions, please do not hesitate to contact us.
Why do we process personal data?
The processing of personal data is necessary on our part mainly so that we can:
- provide our services and products and for this purpose process personal data of our clients, suppliers, business partners, employees and other persons;
- effectively manage our human resources;
- fulfill various legal and contractual obligations;
- to protect our legitimate interests.
For what purposes and on what legal grounds do we process personal data?
We process personal data for the following purposes on the basis of the following legal bases::
|
|
The purpose of personal data processing |
Legal basis |
|
1. |
Closing the relationship with the customer (e-shop mayakhandmade.com) |
Fulfillment of the contract |
|
2. |
Complaints procedure (dealing with initiatives and complaints) |
Fulfillment of legal obligations |
|
3. |
Registration in the e-shop mayakhandmade.com (my account) |
Fulfillment of the contract |
|
4. |
Reviews (building the good name of the operator) |
Consent |
|
5. |
Organization of consumer competitions |
Consent |
|
6. |
Organization of consumer competitions |
Fulfillment of the contract |
|
7. |
Proving, exercising or defending legal claims (legal agenda) |
Legitimate interest |
|
8. |
Agenda of the rights of affected persons |
Fulfillment of legal obligations |
|
9. |
Operation of profiles on social networks |
Legitimate interest |
|
10. |
Marketing and PR purposes |
Consent and/or legitimate interest |
|
11. |
Accounting and tax purposes |
Fulfillment of legal obligations |
|
12. |
Archival purposes and registry management |
Article. 89 GDPR |
|
13. |
Statistical purposes |
Article. 89 GDPR |
What are the legitimate interests that we pursue when processing personal data?
For the following purposes, we rely on the legal basis of legitimate interest according to Art. 6 par. 1 letter f) GDPR. Below you will find a more detailed explanation of these purposes or legitimate interests:
|
Proving, exercising or defending legal claims (legal agenda) |
In rare cases, we have to demonstrate, exercise or defend our legal claims in court or out of court, or we have to report certain facts to public authorities, which we consider to be our legitimate interest. |
|
Operation and management of profiles on social networks, including discussion forums |
If we operate our own profiles on social networks (Facebook, Instagram, etc.), we rely on our legitimate interest, which is to raise awareness of our company in the online environment. |
|
Marketing and PR purposes |
From time to time we send an information newsletter to our existing customers. In the sense of Recital 47 GDPR: “The processing of personal data for the purposes of direct marketing can be considered a legitimate interest.” |
What personal data do we process about you?
Billing data – first name, last name, company name (optional), country, street, zip code, city, phone. number (optional), text in the note, e-mail address, possibly delivery data, account number, method of transport, or text in the order note. In the case of a complaint, also a description of the complaint, date and time of submission of the initiative.
To whom do we provide your personal data?
We take the confidentiality of personal data very seriously and have therefore adopted internal policies whereby your personal data is shared only with authorized employees of our company or vetted third parties. Our employees and workers may have access to your personal data exclusively on a “need-to-know” basis, i.e. only authorized employees of a specific department to which the processing of personal data is related may have authorized access, while this access is typically limited by the position, function and workload of a specific employee. We provide personal data of our clients, employees, business partners and other natural persons only to the extent necessary to the following categories of recipients of personal data:
– to our verified and legally bound intermediaries;
– to our professional advisors (e.g. lawyers, auditors);
– payroll and accounting companies;
– to providers of software equipment and cloud services (e.g. Active24);
– to providers of technical (IT) and organizational (event agency) support for our company;
– Social insurance company, pension administration insurance company, supplementary pension insurance company, health insurance company, Office of Social and Family Affairs;
– to mail carriers and courier services (Slovenská pošta a.s., Packeta);
– employees of the above-mentioned persons.
If we use an intermediary to process personal data, we always check in advance whether the intermediary meets the requirements of an organizational and technical nature from the point of view of ensuring the security of your personal data processing. If we use our own recipients (internal staff of our company) to process personal data, your personal data is always processed on the basis of authorizations and instructions, by which we instruct our recipients not only about the internal rules of personal data protection, but also about their legal responsibility for their violation. If we are asked by a public authority to make your personal data available, we examine the conditions set by legislation for making them available and do not provide your personal data without checking whether the conditions are met. If you are interested in information regarding our current brokers, please do not hesitate to contact us.
To which countries do we transfer your personal data?
By default, we limit any cross-border transfers of personal data to third countries outside the European Economic Area (EU, Iceland, Norway and Liechtenstein).
How long do we keep your personal data?
We keep personal data for as long as it is necessary for the purposes for which the personal data is processed. In general, the retention period results from legal regulations. If it does not follow from legal regulations, we always determine the storage period of your personal data in relation to specific purposes through our group internal policy and/or our registry plan. If we process your personal data on the basis of consent, after its withdrawal we are obliged not to process the personal data further for the given purpose. However, this does not rule out that we may continue to process your personal data on another legal basis, especially if it concerns the fulfillment of legal obligations.
The general retention periods of personal data for the purposes defined by us for the processing of personal data are as follows:
|
Purpose |
General retention period of personal data |
|
Closing the relationship with the customer (e-shop mayaknaramky.sk) |
During the duration of the contractual relationship. |
|
Complaints procedure (processing of suggestions and complaints) |
For a period of 5 years. |
|
Registration in the e-shop mayaknaramky.sk (my account) |
For the duration of the use of the account, but for a maximum period of 5 years from the last login. |
|
Reviews (building the good name of the operator) |
Until the review is removed by the person concerned, the review is removed by us, consent to the processing of personal data is revoked, or the person requests the deletion of personal data. |
|
Organization of consumer competitions |
For the duration of the competition, announcement of the winner and delivery of the prize. |
|
Entering into contractual relations with business and other partners |
For the duration of the contract and subsequently for a period of 10 years. |
|
Proving, exercising or defending legal claims (legal agenda) |
Until the statute of limitations of the legal claim. |
|
Agenda of the rights of affected persons |
Until the statute of limitations of the legal claim. |
|
Operation of profiles on social networks |
Until the post is removed by the affected person, the post is removed by us, our profile is removed, or the affected person requests the deletion of personal data. By default, we delete messages via social networks once every 2 years. |
|
Marketing and PR purposes |
In the case of a newsletter, until receiving an objection to the processing of personal data or unsubscribing from the newsletter. |
|
Accounting and tax purposes |
During the 10 years following the accounting year to which accounting documents, accounting books, lists of accounting books, lists of numerical signs or other symbols and abbreviations used in accounting, depreciation plan, inventory lists, inventory records, accounting schedule refer. |
|
Archival purposes and registry management |
During the storage periods according to the registry plan. |
|
Statistical purposes |
During the duration / existence of other processing purposes. |
|
|
|
The above-mentioned storage periods only determine the general periods during which personal data is processed for the given purposes. In reality, however, we proceed with liquidation or anonymization of personal data even before the expiration of these general periods, if we consider the given personal data to be unnecessary from the point of view of the aforementioned purposes of processing. On the contrary, in some specific situations, we may keep your personal data longer than stated above, if required by law or our legitimate interest. If you are interested in information regarding the specific retention period for storing your personal data, please do not hesitate to contact us.
How do we collect personal data about you?
We most often obtain your personal data directly from you. In this case, the collection of personal data is voluntary. You can provide personal data to our company in various ways, e.g. :
- by creating an order on the mayaknaramky.sk e-shop
- by registering on our site (my account);
- in the process of entering into a contract with our company;
- communicating with you;
- by participating in events organized by our company;
- by participating in our company’s activities on the social network;
- by submitting the contact form with your comments, questions or questions.
However, we can also obtain your personal data from your employer or from the company in connection with which we process your personal data. Most often, these are cases when we conclude or negotiate a contractual relationship or its terms with a given company. If the acquisition of personal data relates to a contractual relationship, it is most often a contractual requirement or a requirement that is necessary to conclude a contract. Failure to provide personal data (either yours or your colleagues’) may have negative consequences for the organization you represent, as a contractual relationship may not be concluded or implemented. If you are a member of the statutory body of an organization that is our contractual party or with which we are negotiating the conclusion of a contractual relationship, we may obtain your personal data from publicly available sources and registers. We do not systematically process any accidentally obtained personal data further for any personal data processing purpose defined by us.
What rights do you have as a data subject?
“If we process personal data about you based on your consent to the processing of personal data, you have the right to withdraw your consent at any time. However, its revocation does not affect the legality of personal data processing before its revocation. You have the right to object effectively at any time to the processing of personal data for the purposes of direct marketing, including profiling.”
“You also have the right to object to the processing of your personal data based on the legitimate interests we pursue, as explained above. You also have this right against the processing of personal data on the legal basis of public interest, which, however, we do not carry out.”
In the case of exercising this right, we will be happy to show you the way in which we evaluated these legitimate interests as prevailing over the interests, rights and freedoms of the persons concerned.
The GDPR establishes the general conditions for the exercise of your individual rights. However, their existence does not automatically mean that we will comply with them when exercising individual rights, as exceptions or some rights are linked to specific conditions that may not be met in every case. We will always consider and investigate your request regarding a specific right in light of the legislation and our internal data subject handling policy. As a data subject, you have in particular:
- The right to request access to personal data according to Article 15 GDPR that we process about you. This right includes the right to confirmation as to whether we are processing personal data about you, the right to access that data and the right to obtain a copy of the personal data we are processing about you, if technically feasible;
- The right to correct and supplement personal data according to Article 16 GDPR, if we process incorrect or incomplete personal data about you;
- The right to delete your personal data according to Article 17 GDPR;
- The right to restrict the processing of personal data according to Article 18 GDPR;
- Right to data portability pursuant to Article 20.
If you believe that we are processing incorrect personal data about you, taking into account the purpose and circumstances, and you cannot change such personal data through the functions of the application, account or website, you can request the correction of incorrect or incomplete personal data using the additional statement below (all information are voluntary) and/or contact us through our contact details:
|
Additional statement on correction of personal data |
|
|
Your first and last name: |
|
|
Contact information: |
|
|
Relevant processing purpose: |
Please indicate the purpose of processing your request relates to. |
|
Context or the relationship between you and our company: |
Please indicate whether you are our employee, business partner, job seeker, etc. |
|
Nature of your Correction: |
Please explain whether you are requesting the correction of incorrect personal data or the addition of incomplete personal data. |
|
Context of your request for correction: |
Please explain why you believe that we are processing your incorrect or incomplete personal data. |
|
Correction: |
Please indicate which specific personal data you require to be corrected or supplemented. |
|
Please send this supplementary statement on the correction of personal data to the contact details provided in the header of this document.
|
|
You also have the right to file a complaint with the Office for Personal Data Protection of the Slovak Republic at any time or to file a claim with the relevant court. In any case, we recommend that any disputes, questions or objections be resolved primarily by communicating with us.
Is there automated individual decision-making?
No, we currently do not carry out such processing operations, based on which a decision with legal effect or other significant impact on your person would be taken, which would be based exclusively on the fully automated processing of your personal data within the meaning of Art. 22 GDPR.
External websites
Our website may contain links to other websites and/or services of other providers (e.g. so-called reCAPTCHA from Google Inc.). We are not responsible for the content and management of websites or services of other Providers to which we refer. These privacy conditions do not apply to the processing of personal data in the context of your movement on other websites.
How do we protect your personal data?
It is our duty to protect your personal data in an appropriate way and for this reason we pay due attention to its protection. Our company has implemented generally accepted technical and organizational standards in order to preserve the security of processed personal data, especially against their loss, misuse, unauthorized modification, destruction or other impact on the rights and freedoms of the persons concerned. In situations where sensitive data is transmitted, we use encryption technologies, e.g. communication with the payment gateway. Your personal data is stored on our secure servers or the servers of the operators of our websites located in data centers located in the Slovak Republic and the Czech Republic. In the case of using third-party analytical tools, the data is stored on third-party servers.
Cookies
Cookies are small text files that improve the use of the website, e.g. by making it possible to recognize previous visitors when logging into the user environment, by remembering the visitor’s choice when opening a new window, measuring website traffic or the way it is used for its user improvement. Our website uses cookies mainly for the purpose of measuring its traffic. You can prevent these files from being stored on your device at any time by setting your web browser. The setting of your browser is within the meaning of § 55 par. 5 of the Electronic Communications Act, considered as your consent to the use of cookies on our website.
Social networks
We recommend that you familiarize yourself with the privacy protection terms of the providers of the social media platforms through which we communicate. Our privacy policy only explains basic issues regarding the management of our profiles or the profiles of our clients. We only have typical administrator rights when processing your personal data through our or client profiles. We assume that by using social networks, you understand that your personal data is primarily processed by providers of social network platforms (such as Facebook, etc.) and above this processing, the further provision of your personal data to third parties and the cross-border transfer to third countries carried out by these providers social networking platforms, we have no control over and are not responsible for it.
Change of privacy protection conditions
Personal data protection is not a one-time issue for us. The information that we are obliged to provide you with regard to our processing of personal data may change or cease to be up-to-date. For this reason, we reserve the right to modify and change these terms and conditions to any extent at any time. If we change these conditions in a significant way, we will bring this change to your attention, e.g. by a general announcement on this website or a special announcement via email.
Mária Kovalčíková – MAYAK design
In Záhradné on 21.1.2022