Personal Data Protection
Personal data protection and processing policy
Nazaret s.r.o., Chotár 4033, 968 01 Nová Baňa, company number 46639462, incorporated in the Commercial Register held at the District Court Banská Bystrica, section Sro, insert 22076/S (the Controller), handles the personal data of data subjects in accordance with applicable regulations regarding personal data protection, including the general data protection regulation (the GDPR), and has proportionate security measures in place to protect the data. In relation to our position as Controller in the processing of personal data, you are the data subject, i.e. the person whose personal data are being processed. All electronic personal data are stored in databases and systems accessible strictly, and only to the necessary extent, by persons who require access to personal data for the purposes indicated in this policy. Access to personal data is protected by passwords and a firewall.
Type of data we collect
We process data provided by customers, data from freely accessible sources, and data obtained through cookies. These data are primarily name, academic degree, company name, email address, billing and mailing address, phone number, and payment data. Further information about cookies is provided below. We do not collect or otherwise process any sensitive personal data, such as data pertaining to health status, religion, faith, etc.
Why we collect data and how we process data (legal basis for use of your personal data)
We use your contact details (email, telephone number) to send you notices or reminders concerning your product orders and services. The processing of data covers all activities, from registering queries, preparing price quotations, orders and order processing, including payment and delivery of ordered goods.
We need personal data primarily for the purposes of
- contract fulfilment – when you order goods or services, or for pre-contract needs (price quotations);
- legal compliance – for storing your data and your order in our accounts or for sharing your data with state and other authorities that supervise our activities or resolve disputes, or for the enforcement of decisions;
- offers of products and services through marketing messages. We conduct this type of processing to pursue our legitimate interests, in the form of limited direct marketing that does not require your consent to receive such marketing information; however, you may unsubscribe from the list at any time or lodge an objection to such processing;
- tracking our website traffic, website traffic statistics and the behaviour of site visitors;
- improving our services, marketing and advertising.
Who we share data with
We do not publicly disclose your personal data. We share it with third-party delivery services and our suppliers who process data on our behalf in accordance with our instructions and in compliance with this policy. These third parties comply with all necessary security, technical and organisational measures to ensure they protect the personal data of data subjects as required.
- ACCRUAL, s.r.o. (outsourced accounting services)
- Slovenská pošta a.s. (mailing and transport services)
- other processors
We do not actively transmit your personal data to countries outside the EU. Some of our processors (Google Inc.) may process various data in third countries.
How long we keep data
We process your personal data to fulfil contracts for the time it takes to process your order, including payment and delivery. Afterwards, we retain certain data contained in our accounting records in accordance with applicable law.
Marketing messages are sent for the entire time your consent to receive them remains valid. For customers, this means marketing messages are sent until you unsubscribe from the list or until you object to the processing of your data for this purpose.
Rights of data subjects
Right to access your personal data. You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and if we do process your personal data, we will provide you information about the type of data we process, the purposes of the processing, the recipients to whom we have disclosed your personal data, whether your personal data was transmitted to a third country, and how long we will keep your personal data.
Right to rectification of personal data. You have the right to obtain from us without undue delay the rectification of any of your personal data that is inaccurate. Taking into account the purposes of the personal data processing, you have the right to have incomplete personal data completed.
Right to rectification of personal data. You have the right to obtain from us without undue delay the erasure of your personal data in the event that:
- the data are no longer needed for the purposes for which they were obtained or otherwise processed;
- you withdraw your consent on which the processing of your personal data is based and there is no other legal basis for the processing;
- the personal data are processed unlawfully;
Right to restriction of processing of personal data. You have the right for us to restrict the processing of your personal data if o you contest the accuracy of the personal data, for a period allowing the verification of the accuracy of the personal data;
- the processing of personal data is unlawful, but instead of erasure of the personal data you request the restriction of their use;
- we no longer need the personal data for the purposes of processing the data, but they are necessary for exercising your own legal claims.
Right to object. You have the right to object to the processing of your personal data conducted on the basis of our legitimate interests for direct marketing purposes.
Right to portability of personal data. You have the right to receive the personal data concerning you that you provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those personal data to another controller where that is technically feasible.
Right to withdraw your consent to personal data processing at any time.
You can exercise your rights by sending an email to firstname.lastname@example.org or posting a written request to the postal address of the Controller.
If you exercise any of the above rights, we will notify you within 30 days of receipt of your request of the action taken. In justified cases, we may extend this time period to 60 days; you will be notified of any such extension. If you believe that the processing of your personal data by our company is in conflict with the applicable regulations on personal data protection, you have the right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic.