FREE SHIPPING
FREE SHIPPING

Processing of personal data

INFORMATION FOR THE DATA SUBJECT IN RELATION TO THE COLLECTION AND PROCESSING OF PERSONAL DATA

provided by the controller to the data subject when obtaining personal data from the data subject

The controller hereby complies with Article 13(1) and (2). of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 May 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "Regulation"), the Controller provides the following information to the Data Subject from whom the Controller obtains personal data concerning him/her :

Identity and contact details of the Operator:

The operator is STUDIO 20A s.r.o., with its registered office at Ulica Hraničná 9034/20A, 917 05 Trnava, ID No.: 50 819 119, registered in the Commercial Register of the District Court of Trnava, Section: Sro, Insert No.: 50571/T, Tax ID No.: 2120491219, VAT ID No.: SK2120491219, statutory body: Ing. Tomáš Stacho - managing director, email: info@artup.sk, telephone number: +421 948 975 542.

Contact details of the responsible person:

It is not established.

Personal data processed: name, surname, title, residence, email address, telephone number, date of birth, bank name, bank account, IP address, cookies, signature.

Purposes of the processing of the Data Subject's personal data:

The purposes of processing the Data Subject's personal data are:

  1. processing of accounting documents
  2. performance and registration of contracts
  3. operation of the website www.artup.sk
  4. keeping records of customers and contractual partners for the purposes of concluding and executing contracts
  5. archiving of documents in accordance with the law
  6. correspondence and communication

 

Legal basis for the processing of the Data Subject's personal data:

The legal basis for the processing of the data subject's personal data will be the performance of a contract to which the data subject is a party, the fulfilment of a legal obligation or the data subject's consent, as follows:

  1. processing of accounting documents - legal basis: Article 6(1)(c) of the Regulation
  2. performance and registration of contracts - legal basis: Article 6(1)(b) of the Regulation
  3. operation of the website www.artup.sk - legal basis: Article 6(1)(b) of the Regulation
  4. records of customers and contractual partners for the purposes of concluding and performing contracts - legal basis: Article 6(1)(b) of the Regulation
  5. archiving of documents in accordance with the law - legal basis: Article 6(1)(c) of the Regulation
  6. correspondence and communication - legal basis: Article 6(1)(b) of the Regulation

 

Recipients or categories of recipients of personal data:

The recipient of the data subject's personal data will be or at least may be, in addition to the Controller, also the Controller's shareholders and statutory bodies, as well as the Controller's employees. For the purposes of this document, all natural persons performing dependent work for the Controller on the basis of an employment contract or agreements for work performed outside the employment relationship shall be considered to be employees of the Controller.

The recipient of the data subject's personal data may be the controller's collaborators, business partners, suppliers and contractors, in particular: an accounting company, a company providing legal services to the controller, a company providing services related to the creation and maintenance of software.

The recipient of personal data will also be the tax authorities, courts, law enforcement authorities and state authorities, in the cases provided for by law.

Information about the intended transfer of personal data to a third country:

It does not.

Retention period of personal data:

The personal data will be kept for the necessary period of time in accordance with the law for the purpose of the performance of the contract and their subsequent archiving. Where personal data are processed on the basis of the consent of the Data Subject, they shall be processed for the period of the consent.

Instruction on the existence of relevant rights of the Data Subject:

The person concerned shall have the following rights, among others:

a) the right of the Data Subject to access to data pursuant to Article 15 of the Regulation, which includes:

  1. the right to obtain confirmation from the Data Controller as to whether personal data relating to the Data Subject is being processed;
  2. in the event that the personal data of the Data Subject is processed, the right to access the personal data processed and the right to obtain such information:

- information on the purposes of processing;

- information on the categories of personal data concerned;

- information on the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;

- where possible, information on the expected retention period of the personal data or, if this is not possible, information on the criteria for determining it;

- information on the existence of the right to request from the Data Controller the rectification of personal data relating to the Data Subject or their erasure or restriction of processing and on the existence of the right to object to such processing;

- information on the right to lodge a complaint with the supervisory authority;

- if the personal data was not obtained from the Data Subject, any available information as to its source;

- information on the existence of automated decision-making, including profiling referred to in Article 22(1) and (4). Regulation and, in such cases, at least meaningful information about the procedure used as well as the significance and foreseeable consequences of such processing of personal data for the Data Subject;

  1. the right to be informed of the adequate safeguards under Article 46 of the Regulation relating to the transfer of personal data where personal data are transferred to a third country or an international organisation;
  2. the right to be provided with a copy of the personal data being processed, provided, however, that the right to be provided with a copy of the personal data being processed shall not adversely affect the rights and freedoms of others;

 

b) the right of the Data Subject to rectification under Article 16 of the Regulation, which includes:

  1. the right to have incorrect personal data concerning the Data Subject corrected by the Controller without undue delay;
  2. the right to supplement incomplete personal data of the Data Subject, including by providing a supplementary declaration of the Data Subject;

 

c) the right of the Data Subject to erasure of personal data (the so-called "right to be forgotten") under Article 17 of the Regulation, which includes:

(i) the right to obtain from the Data Controller, without undue delay, the erasure of personal data relating to the Data Subject where one of the following grounds is met:

- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

- The data subject shall withdraw the consent on the basis of which the processing is carried out, provided that there is no other legal basis for the processing of the personal data;

- The data subject objects to the processing of personal data pursuant to Article 21(1). Regulation and there are no overriding legitimate grounds for the processing of personal data or the Data Subject objects to the processing of personal data pursuant to Article 21(2). Regulation;

- personal data have been unlawfully processed;

- the personal data must be erased in order to comply with a legal obligation under European Union law or the law of a Member State to which the Data Controller is subject;

- the personal data were collected in connection with the offer of information society services pursuant to Article 8(1). of the Regulation;

  1. the right to have the Data Controller who has disclosed the Personal Data of the Data Subject take reasonable measures, including technical measures, having regard to the technology available and the cost of implementing the measures, to inform other Data Controllers who process Personal Data that the Data Subject has requested them to erase all references to, copies of, or replicas of that Personal Data;

However, the right to erasure of personal data containing the rights under Article 17(1) and (2). Regulation [i.e. with the content of the rights under (i) and (ii) of this point (c) of point J. of this document] will not arise as long as the processing of the personal data is necessary:

  1. to exercise the right to freedom of expression and information;
  2. for compliance with a legal obligation requiring processing under European Union law or the law of a Member State to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  3. for reasons of public interest in the field of public health in accordance with Article 9(2)(h) and (i) of the Regulation as well as Article 9(3). of the Regulation;
  4. for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1). Regulation, where the right referred to in Article 17(1) is likely to Regulation will make it impossible or seriously impede the achievement of the purposes of such processing of personal data; or
  5.  to prove, exercise or defend legal claims;

 

d) the right of the Data Subject to restrict the processing of personal data pursuant to Article 18 of the Regulation,

the content of which is:

(i) the right to have the Controller restrict the processing of personal data in respect of one of the following cases:

- The data subject contests the accuracy of the personal data during the period allowing the Data Controller to verify the accuracy of the personal data;

- processing of personal data is unlawful and the Data Subject objects to the erasure of the personal data and requests instead the restriction of its use;

- The controller no longer needs the personal data for the purposes of the processing, but the Data Subject needs them to establish, exercise or defend legal claims;

- The data subject objected to processing pursuant to Article 21(1). Regulation, pending verification whether the legitimate grounds on the part of the Controller outweigh the legitimate grounds of the Data Subject;

  1. the right that, where the processing of personal data has been restricted pursuant to point (i) of this point (d) of paragraph J. hereof, such restricted personal data shall, with the exception of storage, be processed only with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State;
  2. the right to be informed in advance of the lifting of the restriction on the processing of personal data;

 

(e) the right of the Data Subject to comply with the notification obligation to recipients under Article 19 of the Regulation, which includes:

  1. the right to have the Data Controller notify any recipient to whom personal data have been disclosed of any rectification or erasure of personal data or restriction of processing carried out pursuant to Articles 16, 17(1) and 18 of the Regulation, unless this proves impossible or involves disproportionate effort;
  2. the right for the Controller to inform the Data Subject about these recipients, if the Data Subject so requests;

 

(f) the Data Subject's right to data portability under Article 20 of the Regulation, which includes:

(i) the right to obtain the personal data concerning the Data Subject which he or she has provided to the Data Controller in a structured, commonly used and machine-readable format and the right to transfer such data to another controller without hindrance from the Data Controller if:

- the processing is based on the Data Subject's consent pursuant to Article 6(1)(a) of the Regulation or Article 9(2)(a) of the Regulation, or on a contract pursuant to Article 6(1)(b) of the Regulation, and at the same time

- the processing is carried out by automated means, and at the same time

- the right to obtain personal data in a structured, commonly used and machine-readable format and the right to transfer such data to another controller without being hindered by the Data Controller will not have adverse effects on the rights and freedoms of others;

(ii) the right to have personal data transmitted directly from one controller to another controller, insofar as this is technically feasible;

(g) the right of the Data Subject to object pursuant to Article 21 of the Regulation, the content of which is:

  1. the right to object at any time, on grounds relating to the particular situation of the Data Subject, to processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(e) or (f) of the Regulation, including objections to profiling based on these provisions of the Regulation;
  2. [in the case of the exercise of the right to object at any time, on grounds relating to the particular situation of the Data Subject, to processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(a)(1)(b) of the GDPR]. (e) or (f) of the Regulation, including an objection to profiling based on those provisions of the Regulation] the right not to further process the Data Subject's personal data unless the Data Subject demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims
  3. the right to object at any time to the processing of personal data concerning the Data Subject for direct marketing purposes, including profiling to the extent that it is related to direct marketing; provided that if the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for such purposes;
  4. (in relation to the use of information society services) the right to exercise the right to object to the processing of personal data by automated means using technical specifications;
  5. the right to object, on grounds relating to the particular situation of the Data Subject, to the processing of personal data concerning the Data Subject where the personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1). Regulation, except where the processing is necessary for the performance of a task carried out for reasons of public interest;

 

(h) the Data Subject's right relating to automated individual decision-making under Article 22 of the Regulation, which includes:

  1. the right not to be subject to a decision which is based solely on automated processing of personal data, including profiling, and which has legal effects concerning him or her or similarly significantly affects him or her, except pursuant to Article 22(2). Regulation [i.e., except where the decision is: (a) necessary for entering into, or performance of, a contract between the Data Subject and the Data Controller, (b) permitted by European Union law or the law of a Member State to which the Data Controller is subject and which also provides for appropriate measures guaranteeing the protection of the rights and freedoms and legitimate interests of the Data Subject, or (c) based on the Data Subject's explicit consent].

 

Instructions on the right of the Data Subject to withdraw consent to the processing of personal data:

The data subject shall be entitled to withdraw his or her consent to the processing of personal data at any time, without prejudice to the lawfulness of the processing of personal data based on the consent given prior to its withdrawal.

The data subject is entitled to withdraw his or her consent to the processing of personal data at any time - in whole or in part. The partial withdrawal of consent to the processing of personal data may relate to a specific type of processing operation(s), while the lawfulness of the processing of personal data to the extent of the remaining processing operations remains unaffected. A partial withdrawal of consent to the processing of personal data may relate to a particular specific processing purpose(s), while the lawfulness of the processing of personal data for the remaining purposes remains unaffected.

The right to withdraw consent to the processing of personal data may be exercised by the Data Subject in paper form to the address of the Controller registered as its registered office in the commercial register at the time of withdrawal of consent to the processing of personal data, by telephone or electronically by electronic means (by sending an e-mail to the e-mail address of the Controller specified in the identification of the Controller in this document).

Instructions on the right of the Data Subject to lodge a complaint with the supervisory authority:

The data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of employment or place of the alleged infringement, if he or she considers that the processing of personal data concerning him or her is in breach of the Regulation, without prejudice to any other administrative or judicial remedy.

The person concerned shall have the right to be informed by the supervisory authority to which the complaint has been lodged, as complainant, of the progress and outcome of the complaint, including the possibility of seeking judicial redress pursuant to Article 78 of the Regulation.

The supervisory authority in the Slovak Republic is the Office for Personal Data Protection of the Slovak Republic.

Information about the existence/non-existence of an obligation of the Data Subject to provide personal data:

The Data Controller informs the Data Subject that the provision of the Data Subject's personal data is not a legal or contractual requirement, nor is it a requirement that is necessary for the conclusion of a contract with the Data Controller. The Data Controller informs the Data Subject that the Data Subject is not obliged to provide personal data nor is the Data Subject obliged to give consent to their processing. The consequence of not providing personal data and/or the consequence of not giving consent to the processing of personal data will be that the Controller will not process the personal data and that the personal data will not be used for the purposes listed in point D. of this document.

Information relating to automated decision-making, including profiling:

Not applicable - As the processing of personal data of the Data Subject in the form of automated decision-making, including profiling referred to in Article 22(1) and (4), is not involved in the case of the Controller. 2(f) of the Regulation, the Data Controller is not obliged to provide information pursuant to Article 13(2)(f) of the Regulation, i.e. information on automated decision-making, including profiling, and on the procedure used, as well as on the significance and foreseeable consequences of such processing of personal data for the Data Subject.