within the meaning of Article 19 et seq. of Act No. 18/2018 Coll. on Personal Data Protection and on Amendments and Supplements to Certain Acts, as amended, in accordance with Arti- cles 13 and 14 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of person- al data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”).
Pursuant to the provisions of Article 19 et seq. of Act No. 18/2018 Coll. on Personal Data Pro- tection as amended (hereinafter referred to as the “Personal Data Protection Act”), we hereby provide you as the data subject with the following information about the processing of your personal data.
The controller is the company Verteco digital services, s.r.o., with its registered office:
Verteco digital services, s. r. o.
Daniela Dlabača 21
Žilina 010 01
ID: 53 412 834
VAT ID: SK2121358349
Register. no.: 75936/L
represented by: Norman Bytričan (hereinafter referred to as the “Controller”).
Phone: +421 948 355 017
Access to personal data:
In the processing of personal data, in addition to the Controller and the companies related to the Verteco digital services, s.r.o., and their employees, other persons processing personal data as processors may have access to personal data. A specific, continuously updated list of processors, i.e. recipients of personal data processed on behalf of the Controller, in following categories:
• Companies providing marketing services
• Companies providing payroll and accounting services
• Companies providing internal and external audit services
The legal basis for the processing of personal data is, as a rule, the fulfilment of the statutory obligation (in particular Act No. 18/2018 Coll. on Personal Data Protection), the conclusion, administration and fulfilment of contractual obligations arising out of employment and com- mercial contracts, the legitimate interest, which is the protection of rights and interests of the Controller and his employees protected by right, as well as the consent of the data subject (mainly for the purposes of marketing, competitions, social events, etc.). The consent to the processing of personal data must be granted voluntarily, and the data subject may withdraw the consent at any time. However, the consent is necessary for the Controller to ensure, for example, corporate events, and the like, and without such consent, the Controller is not enti- tled to provide the services in question. If the data subject refuses to provide the Controller with the personal data required for the purpose of fulfilling the contractual obligations of the Controller or complying with the law, the Controller is not obliged to conclude a contract or provide any other services.
Processed personal data:
We collect our merchants’ customers’ name, email, shipping and billing address, payment details, company name, phone number, IP address, information about orders you initiate, information about the Verteco digital services – supported merchant stores that you visit, and information about the device and browser you use. We collect this information when you use or access a store that uses our services, such as when you visit a merchant’s site, place an order or sign up for an account on a merchant’s site. As you visit or browse the Verteco digital services website, we collect information about the device and browser you use, your network connection, your IP address, and information about the cookies installed on your device. We also collect personal information submitted by you via any messaging feature available from our website. From forum users, we collect your name, email address, website URL, and other personal information you may post.
Purpose of processing and sharing:
We use this information to provide our merchants with the services, including supporting and processing orders, authentication, and payments. We also use this information to improve our services. Verteco digital services, s.r.o, works also with a third parties and service providers to help provide our mer- chants with the services and we may share personal information with them to support these efforts. We may also share your information in the following circumstances:
- If the merchant whose store you visit or access directs us to transfer this information (for example, if they enable a third-party app that accesses customer personal information).
- to conform to legal requirements, or to respond to lawful court orders, subpoenas, warrants, or other requests by public authorities (including to meet national security or law enforce- ment requirements).
Personal information may also be shared with a company that acquires our business or the business of a merchant whose store you visit or access, whether through merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceeding.
Storage of personal data and duration of processing:
The Controller is authorized to process personal data of data subjects for a period of time determined in accordance with the relevant legislation. Processing of personal data upon a consent shall only be possible for the period for which the consent was granted. The consent is granted to the Controller for the following three (3) years or until the moment of withdraw- al of the consent. Upon expiry of the relevant period, personal data will be erased if their storage is not required under the relevant Slovak legislation.
Rights of data subjects related to the processing of personal data:
As regards the processing of personal data, data subjects may exercise the following rights:
- the right to access and be provided information about their personal data;
- the right to the rectification of personal data;
- the right to the erasure of personal data;
- the right to the restriction of personal data processing
- the right to personal data portability;
- the right to object to the processing of personal data;
- the right to the ineffectiveness of automated individual decision-making, including profiling;
- the right to withdraw consent at any time (if consent is the legal basis of processing);
- the right to file a motion to initiate proceedings under Article 100 et seq. of the Personal Data Protection Act with the supervisory authority, i.e. the Office for Personal Data Protection of the Slovak Republic, with its registered office at Hraničná 12, 820 07 Bratislava 27, Slovak Republic, contact details: +421 2 3231 3214, e-mail: email@example.com.
Data subjects may exercise the above rights, which are further specified in the provisions of Article 21 et seq. of the Personal Data Protection Act, in accordance with the Personal Data Protection Act and the GDPR as well as other relevant legislation. Data subjects may exercise their rights against the Controller by means of a written request sent or delivered to the Con- troller’s registered office: Trnavské mýto 1, 831 04 Bratislava; or by electronic mail sent to theaddress: firstname.lastname@example.org.
The request must contain the following information: name, surname, date of birth and perma- nent address so that the Controller is able to identify the data subject. The Controller may request the provision of additional information necessary to verify the identity of the data subject if he has reasonable doubts as to the identity of the natural person. The Controller is required to provide the data subject with information on the measures taken at his/her request within one (1) month of receipt of the request. In justified cases, with regard to the complexity and the number of requests, the Controller may extend the above period by further two (2) months, even repeatedly. The Controller shall be obliged to inform the data subject about any such extension within one (1) month of receipt of the request, stating the reasons for the extension of the time limit. If the data subject has submitted the request in electronic form, the Controller shall provide the information in electronic form, unless the data subject requested information in any other way. If the Controller fails to take measures at the request of the data subject, he is required to inform the data subject about the reasons for the failure to act within one (1) month of receipt of the request as well as about the possi- bility to file a motion to initiate proceedings under Article 100 of the Personal Data Protection Act with the Office for Personal Data Protection. Notifications of the measures taken shall be provided free of charge. If the request of the data subject is manifestly unfounded or inappro- priate, in particular for its recurrent nature, the Controller may require a reasonable fee taking into account the administrative costs of providing the information, or a reasonable fee taking into account the administrative costs of the notification, or a reasonable fee taking account the administrative costs of implementing the requested measure, or refuse to act upon the request. The Controller shall prove that the request is unfounded or inappropriate.
Verteco digital services, s.r.o., understands that you have rights over your personal information, and takes reason- able steps to allow you to access, correct, amend, delete, port, or limit the use of your person- al information. If you are a merchant or a partner, you can update many types of personal information, such as payment or contact information, directly within your account settings. If you are unable to change your personal information within your account settings, or if you are concerned about data collected as you visit Verteco digital services’s website or use our support services, please contact us to make the required changes. It’s important to remember that if you delete or limit the use of your personal information, the services may not function properly.