Personal Data Protection Rules
Privacy of our customers and other natural persons is important to us. These terms and conditions explain how we process personal data in the course of the business operation of the Internet shop BESTCENA.SK s.r.o., with its registered office at: Hradbová 19, 400 01 Košice, Company registration number: 46310657, Tax ID: 2023322180, VAT registration number: SK2023322180, (hereinafter “We"). If you have any questions, you can contact us by phone at +421 55/2220123, by e-mail at email@example.com or by mail to our headquarters address.
When processing the personal data, we are primarily governed by the EU General Data Protection Regulation ("GDPR"), which also governs your rights as the data subject, by those provisions of the Personal Data Protection Act which are applicable to us as well as by other regulations. We abide the Code of Conduct adopted by the SSV E-Shops Operators, which explains the processing of personal data by E-Shop Operators. More about the Code of Conduct on https://www.turbado.eu/kodex
Why do we process the personal data?
The processing of the personal data is necessary for us, especially in order to:
- provide business activity to our customers;
- fulfil various statutory and contractual obligations; and
- protect the legitimate interests of us, our clients and others.
For what purposes and on what legal basis do we process the personal data?
|Categories of processing purposes||Legal basis||Related regulations|
|Business activity - sale or lease of products||The consent of the data subject, Art. 6 (1)(a) of GDPR or fulfilment of the statutory obligation under Art. 6 (1)(c) of GDPR (in relation to specific categories of personal data, the additional conditions under Article 9 (2)(f) of GDPR)||The Civil and Commercial Code|
|Provision of other services||The consent of the data subject under Article 6 (1)(a) of GDPR or performance of a contract pursuant to Article 6 (1) (b) of GDPR as well as fulfilment of legal obligation according to Article 6 (1) (c) of GDPR||The e-Government Act, the Civil and the Commercial Code, the Non-Residential Premises Lease Act|
|Ensuring compliance with legislation||The fulfilment of the legal obligation under Article 6 (1) (c) of GDPR, the legitimate interest of ES Operator or third-party operators under Article 6 (1) (f) of GDPR, public interest pursuant to Article 6 (1) (e) of GDPR||Act on Protection against the Legalization of Income from Criminal Activity, Act on Notification of Anti-Social Activities, GDPR|
|Purposes relating to the protection of legitimate interests||The legitimate interest of ES Operator or third party under Article 6 (1) (f) of GDPR||GDPR, Civil and Commercial Code, Criminal Procedure Code, Criminal Code, Civil Dispute Settlement, Civil Extra-Dispute Rules, Administrative Rules, Administrative Procedure, Offence Act|
|Marketing purposes||The consent of the data subject, Art. 6 (1) (a) GDPR or legitimate interest of ES Operator or third party under Art. 6 (1) (f) of GDPR||Electronic Communications Act, Advertising Act, Consumer Protection Act, the Civil Code|
|Statistical purposes, archival purposes in the public interest and purposes of historical and scientific research||Art. 89 of GDPR||Archives Act|
|Human Resources and wages||The fulfilment of the legal obligation under Art. 6 (1) (c) of GDPR, a legitimate interest according to Art. 6 (1) (f) of GDPR as well as the performance of the contract pursuant to Article 6 (1) (b) of GDPR (in relation to specific categories of personal data, the additional conditions under Article 9 (2) (b) of GDPR)||Labour Code, Advocacy Act and other regulations|
|Accounting and tax purposes||The consent of the data subjects Art. 6 (1) (a) of GDPR or fulfilment of a statutory obligation under Art. 6 (1) (c) of GDPR||Special laws in the field of accounting and tax administration|
Who do we make your personal data available to?
The personal data of our customers and other natural persons is made available only to the extent necessary and always while maintaining the confidentiality of the data recipient, e.g. our employees, the persons we entrust with the execution of individual acts of legal services, the cooperating ES Operators, other companies belonging to our group, our accounting advisers, including the employees of these persons. Also, to carriers, standard software facilities providers (e.g. Microsoft) or technical support to our company; cloud or hosting services provider (e.g. Google).
While we have a limited obligation to provide your personal data to public authorities, we have a duty to spoil committing of a crime, and we also have a duty to report information on money laundering and terrorist financing. If we use subcontractors for the processing of the personal data, before entrusting them, we verify that they meet the requirements of organizational and technical nature in order to ensure the security of the processing of your personal data under GDPR. If we are requested by the public authorities to make your personal data available, we will examine the conditions laid down in the legislation to make it available and without such verification your personal data is not disclosed. If we are requested by the public authorities to make your personal data available, we will examine the conditions laid down in the legislation to make it available and without such verification your personal data is not disclosed.
Which countries do we transfer your personal information to?
The cross-border transfer of your personal data to third countries outside the European Economic Area (EU, Iceland, Norway and Liechtenstein) is not intended. However, some of our subcontractors and above-mentioned recipients of the personal data may be established, or their servers may be located in the United States of America which, as such, represent a third country which does not guarantee the protection of the personal data with adequate protection in the EU. However, companies that have been certified in the so-called The EU-US Privacy Shield Mechanism, according to the EU Commission's decision, are considered to provide adequate protection of personal data in the same way as in the EU. If, however, we are conducting a transfer of personal data to third countries, we do so only on the basis of a EU Commission Privacy Decision (such as EU-US Privacy Shield) or we require other safeguards to protect personal data (e.g. so-called contractual clauses).
What automated individual decision-making do we carry out?
No automatic individual decision-making with legal effect on the data subjects is currently ongoing.
How long do we keep your personal data?
We keep the personal data as long as necessary for the purposes for which the personal data is processed. When keeping the personal data, we follow the recommended storage times within the Group's internal guidelines:
- The incoming mail book and the outcoming mail book is kept by ES Operator for 10 years from the date of receipt or posting in the last recorded mail;
- The inventory list is archived by ES Operator for ten years after its drafting;
The general storage periods for personal data set up for the purpose of the processing personal data are as follows:
|Purpose||General personal data storage time|
|General personal data storage time||During the contractual relationship with the customer.|
|Sending marketing messages (newsletter)||Until the submission of a complaint against the processing or marking "unsubscribe" from the newsletter.|
|Accounting and tax purposes (accounting agenda)||During ten years following the accounting year to which the accounting documents, accounting books, lists of figures or other symbols and abbreviations used in accounting, depreciation plan, inventory lists, inventory records, accounting schedule relate.|
|Proving, implementation or defending legal claims (legal agenda)||Until the legal claim is barred.|
|Performance of a contract with natural persons - performance of the contract||During the contractual relationship with a natural person.|
|Social networks profiles keeping||Until the post is removed by the data subject, deleting the post by us, deleting our profile, or requesting the person to delete the personal data.|
|Archival purposes and registry administration||During storage times according to the registry plan.|
|Statistical purposes||For duration / existence of other processing purposes.|
The above storage times only specify the general times during which the personal data is processed for the purposes. In fact, we, however, proceed to disposal or anonymization of personal data before the expiry of these general periods if we consider the personal data to be unnecessary in view of the above-mentioned processing purposes. E.g.:
- Business communication (e-mail) is kept for 2 years;
- Received business offers are kept for 2 years;
- Issued business offers are kept for 5 years;
- Received business orders are kept for 5 years;
- Issued business orders are kept for 5 years;
- Phone records are kept for 1 year;
- Customer or other contracts are kept for 5 years after expiry.
If you are interested in knowing whether we are currently processing your personal data for specific purposes, please contact us to confirm whether we process personal information about you.
How do we acquire the personal data about you?
Your personal data is most often obtained directly from you. In such a case, obtaining personal data is voluntary and does not constitute a contractual or statutory obligation. You can provide us with personal information in a variety of ways:
- communicating with us;
- registration on our customer e-shop;
- participation in events organized by our company;
- participation in our social networking activities;
- filling in and submitting the contact form with your comments, queries or questions.
However, we may also obtain your personal data from your employer or from the company in relation to which we process your personal information. The most common are cases when we sign or negotiate a contractual relationship with the company or its terms. If the acquisition of the personal data relates to a contractual relationship, it is most often a contractual requirement or a requirement that is required to conclude a contract. Failure to provide personal data (whether yours or your colleagues) may have negative consequences for the organization you represent, as contractual relationship may not be entered into or implemented. If you are a member of a statutory body of an organization that is a contracting party to us or with whom we are negotiating a contractual relationship, we may obtain your personal data from publicly available sources and registers. In any case, we will not further systematically process any randomly obtained personal data for any of the purposes for which we process the personal data.
What rights do you have as the data subject?
If we process your personal data based on your consent to do so, you have the right to revoke your consent at any time.
Regardless of this, you have the right at any time to object to the processing of the personal data on the basis of legitimate or public interest as well as for the purposes of direct marketing, including profiling.
“If we process your personal data based on your consent to do so, you have the right to revoke your consent at any time. You have the right at any time to effectively object to the processing of the personal data for the purposes of direct marketing, including profiling.” It is only about sending marketing newsletter. You can do that by either "unsubscribe" in the text of each marketing e-mail or by submitting an objection to our contact details listed above.
You have the right to object to the processing of your personal data on the basis of the legitimate interests we pursue. In our case, these processing purposes are:
- Provision of goods and services;
- Sending marketing communications (newsletter);
- Proving, implementation or defending legal claims (legal agenda);
- Social networks profiles keeping.
In exercising this right, we will be happy to show you how we have assessed these legitimate interests as prevailing over the rights and freedoms of the data subjects.
GDPR lays down general conditions for the exercise of your individual rights. However, their existence does not automatically mean that they will be accepted by us in the application of the individual rights because, in a particular case, exceptions may apply or as a case may be some rights are linked to specific conditions that do not have to be met in every case. Your request for a specific right will always be dealt with and examined in terms of legal regulations and applicable exemptions.
As the data subject, you have in particular:
- The right to request access to personal data pursuant to Article 15 of GDPR that we process about you. This right includes the right to confirm whether we process the personal data, the right to access that data, and the right to obtain a copy of the personal data we process about you, if technically feasible;
- The right to correct and complete your personal data under Article 16 of GDPR, if we process inaccurate or incomplete personal data;
- The right to delete your personal data under Article 17 of GDPR;
- The right to restrict the processing of the personal data under Article 18 of GDPR;
- The right to data portability under Article 20 where the processing of personal data is based on the legal basis of consent under the performance of the contract.
- You also have the right to file a complaint at any time to the Personal Data Protection Office of the Slovak Republic or refer the case to the appropriate court. In any case, we recommend that any disputes, questions or objections are dealt primarily by communicating with us.
Processing the cookies
Our website directly stores cookie information about the permanent hiding of the cookie bar after the visitor's consent. The website stores a session ID in a cookie so that it can memorize and display the content of visitor's shopping cart and other order settings without registering and signing to the appropriate visitor. The session is active until the purchase is completed by paying, for a maximum of 14 days.
Learn more about each browser here:
In addition, cookies use third-party´s instruments that are implemented on websites:
Google Analytics - an analytical tool that allows to generate statistics on website traffic by storing information in cookies. This functionality is not essential for browsing and serves us to monitor and improve the site's performance. Permanent cookies are used, the third-party tool is provided. View details.
Information stored in cookies will not be used for your personal identification. Cookies are not used for purposes other than those contained herein. Within the implemented tools of the third-party, cookies beyond our reach can be used and their storing and processing takes place outside of any possibility of being affected.
How to control cookies? You can check and/or delete cookies at your discretion. Use the tools that are part of your internet browser or third-party add-ins. You can clear all cookies stored on your computer and set most browsers to prevent them from being stored. In this case, however, you may have to manually modify some settings for each website visit, and some services and features will not work.
Our Commitment to Privacy
Privacy is of utmost importance to us. It is our aim and intent to provide our services in such a way that the basic principles and principles of privacy protection, and in particular the protection of personal data, are respected in all circumstances. It is our priority to collect and store personal data only to the extent necessary and for the necessary time.
Privacy does not mean a one-time issue for us. The information we are obliged to provide you with due to our personal data processing may change or cease to be up to date. For this reason, we reserve the right to modify and change these terms in any scope at any time. If we change these terms in a meaningful way, we will notify you, for example, by a general announcement on this website or by specific email notification.
Personal Data Protection Terms and Conditions valid from 25.05.2018