Home
Catalog
Cart
Profile
Protecting your personal data is important to us
We take a responsible approach to the protection of your personal data and strive to ensure your right to information alongside this.
In particular, Act No. 18/2018 Coll. serves as a legal prerequisite. on the protection of personal data and on amending and supplementing certain regulations (hereinafter referred to as the "Personal Data Protection Act") and REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (hereinafter referred to as the GDPR).
When processing your personal data, we also adhere to the principles of lawfulness, purpose limitation of personal data, minimization of scope and storage, accuracy, integrity, confidentiality and accountability.
1. Data Controller.
SOFIKAR s.r.o.
Registered office address: prof. Hlaváča 1, 071 01 Michalovce, Slovak Republic
Ičo: 52154807
Tax ID: 2120980499
VAT ID: SK2120980499
2.Contact details of the responsible person
If you have any questions regarding your personal data, please write us an email to sofikar.sro@gmail.com call us on +421944649798 or visit us in person at our company's address.
3. Purpose of processing personal data
The Company needs to know certain personal data of the data subjects for the quality of its services and needs to provide it to other recipients in order to comply with its legal obligations and to provide the highest quality services.
The Company processes the personal data provided for several purposes:
- Processing of contractual and pre-contractual obligations
- Processing of personnel and payroll
- Processing of the accounting agenda
- Provision of services
- Marketing purposes
- Measures to detect corrupt activities
4. Legal basis for the processing of data subjects' personal data:
When processing personal data, the company proceeds in accordance with the valid and current Act No. 18/2018 Coll. on the protection of personal data and on amendment and supplementation of certain regulations (hereinafter referred to as the "Personal Data Protection Act") and REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (hereinafter referred to as the GDPR).
The legal basis for the processing of personal data is:
- specific legal provisions, in particular: the Social Insurance Act, the Labour Code, the applicable payroll and accounting regulations, the Commercial Code, the Civil Code, the Trade Licensing Act, the Occupational Health and Safety Act
- the data subject's consent to the processing of personal data, depending on the purpose of the processing of personal data
- performance of a contract to which the data subject is a party
- the processing of personal data to protect the life, health or property of the data subject
- the legitimate interest of the company
The company processes personal data without the data subject's consent also if:
1. a) the purpose of the processing of personal data, the range of data subjects and the list of personal data or the scope thereof is provided for by a directly enforceable legally binding act of the European Union, an international treaty to which the Slovak Republic is bound or this Act. If the list or scope of personal data is not established, the company may process personal data only to the extent and in the manner necessary to achieve the established purpose of the processing, while complying with the basic obligations pursuant to Section 13(3)(a) to (e)(i) of the Personal Data Protection Act.
2. b) The Company shall further process personal data without the consent of the data subject if the purpose of the processing of personal data, the range of data subjects and the list of personal data are provided for by a special law and only to the extent and in the manner provided for by the special law. The personal data processed may be disclosed, made available or published only if the special law provides for the purpose of disclosure, disclosure or publication, the list of personal data that may be disclosed, disclosed or published, as well as the third parties to whom the personal data are disclosed or the range of recipients to whom the personal data are disclosed, if the Personal Data Protection Act does not provide otherwise.
3. c) the processing of personal data is necessary to protect the life, health or property of the data subject,
4. d) personal data are processed which have already been disclosed in accordance with the law and have been duly identified by the controller as having been disclosed; the person who claims to be processing disclosed personal data shall, upon request, demonstrate to the Authority that the personal data being processed have already been lawfully disclosed,
5. e) the company processes personal data which is necessary to protect the rights and legitimate interests of the controller or of a third party for these purposes:
- ensuring pre-contractual/contractual relations
The following information about you must be provided when placing a binding order:
- name and surname, exact address including country (or address to be indicated on the invoice)
- Your e-mail address (used to identify you in the system and to communicate with you)
- Optional additional addresses (if you wish to deliver to an address other than the billing address)
- phone number (for faster contact with you)
- if you are buying as a company / sole trader, additionally: business name, VAT number and VAT number (for invoicing and correct accounting)
This data is stored in a protected database on our server, and is also necessary for our accounting and invoicing system.
During your visit, temporary information is stored on our server which is necessary for the correct functioning of the shop (e.g. what you put in your shopping cart, when you arrived on the page, where you came to the page from).
5. Recipient
Our company may provide your personal data to the following recipients:
Intermediaries - who perform payroll and accounting, security and asset protection, and web hosting support services for our company.
6. Consent of the data subject
The company obtains the consent of the data subject freely, without coercion or compulsion, as well as without making it conditional on the threat of refusal of the contractual relationship, the services provided or the obligations arising for the controller from legally binding acts of the European Union, an international treaty to which the Slovak Republic is bound or a law.
Consent is granted separately for each purpose of processing personal data.
As the data subject, you may withdraw your consent at any time.
The company respects privacy and considers the personal data provided to be confidential.
7. Intermediaries
In its business activities, the Company cooperates with a number of intermediaries whose aim is to provide quality services, and these entities process the personal data of data subjects in the performance of their contractual activities for the Company. These include, for example, support services in the processing of accounting and payroll services, the provision of OSH services and the provision of web hosting services.
The company declares on its honour that, when selecting the individual processors, it has taken care to ensure their professional, technical, organisational and personnel competence and their ability to guarantee the security of the personal data processed by means of the security measures taken in accordance with the Personal Data Protection Act.
At the same time, when selecting a suitable processor, the company has acted in such a way as not to jeopardise the rights and legitimate interests of data subjects.
The Company as a controller has concluded written agreements with processors within the meaning of Section 34 of the Personal Data Protection Act on the protection of personal data processed by the processors it has entrusted with the processing of personal data of data subjects to the extent, under the conditions and for the purpose agreed in the agreement and in the manner provided for in the Personal Data Protection Act.
8. Third parties
In order to be able to process your order correctly, we also cooperate with banks (in some cases providing your name), delivery companies (delivery address) and we also provide your data to certain suppliers when the nature of the product ordered requires it (for product updates, registration of membership cards in the provider's system, etc.). However, this data is always provided on a one-off basis for the processing of your specific order. We protect the database of personal data against damage, destruction, loss and misuse.
9. Conditions and manner of processing of personal data of data subjects
The Company processes the personal data of data subjects in its information systems by automated and non-automated means of processing.
The Company shall not disclose the personal data processed, except where required by a specific legal regulation or by a decision of a court or other public authority.
The Company will not process your personal data without your explicit consent or any other lawful legal basis for any other purpose, or to a greater extent than is specified in this information and in the record sheets of the individual information systems of the controller.
10. Retention period of personal data of data subjects
The retention period of personal data shall be determined according to the purpose of the processing of personal data and according to the requirements of specific regulations.
Specific retention periods are prescribed by the company's internal regulation, the Records Management Plan, drawn up in accordance with the Law on Archives and Registers.
The Company shall dispose of personal data in the prescribed manner where the purpose of processing and the retention period have expired. After the end of the defined purpose, the company is entitled to process personal data to the extent necessary for research or statistical purposes in their anonymised form.
The company shall ensure that the personal data of the data subjects are processed in a form which permits identification of the individual data subjects for no longer than is necessary to achieve the purpose of the processing.
11. Automated individual decision-making, including profiling
Cookies
The Company uses an analytics tool to monitor its website, which compiles a data chain and tracks how visitors use the site on the Internet. When someone browses the site, the system generates a cookie to record information related to the visit (pages visited, time spent on our site, browsing data, leaving the site, etc.). This is a tool to improve the ergonomic design of the website, to create a user-friendly website and to enhance the online experience of visitors. Most internet browsers accept cookies, but visitors have the option to delete or automatically reject them. Because each browser is different, visitors can set their cookie preferences individually using the browser toolbar. If you choose not to accept cookies, you may not be able to use some features on our website. For more information about cookies, see. Cookiepolicy on our website.
The Company uses the Google AdWords advertising program, through which it has the opportunity to create online advertisements and reach people at the time they are interested in the products and services provided by the Company. The Remarketing or Similaraudiences features in AdWords allow us to reach people who have visited your website in the past. It allows you to display ads in search, on YouTube and in emails. Dynamic remarketing allows users to see ads for products or services they have viewed in the past. Cookies that provide remarketing codes can be disabled by visitors to the website by adjusting the appropriate settings on the browser in question.
The Company can also be contacted via Facebook. The purpose of data management is to share the content of the Company's website and the presentation of the Company. Through the Facebook page, guests can find out about news, current special offers at the Company and also view photos of selected Company commissions. By clicking "like" on the Company's Facebook page, subjects agree to allow the Company to post its news and offers on their Facebook board. The Company also publishes photos/videos of various events on its Facebook page. The Company only publishes this data of individuals if their written consent has been previously obtained. For more information on managing Facebook page data, please refer to the privacy policy and guide at www.facebook.com.
12. Rights of the data subject related to the processing of his/her personal data
The data subject shall have the right, upon written request, to request from the company:
- in a generally comprehensible form, precise information about the source from which he or she obtained his or her personal data for processing,
- access to his or her personal data,
- in a generally comprehensible form, a list of his or her personal data subject to processing,
- the rectification or erasure of her personal data which are incorrect, incomplete or out of date and which are the subject of the processing,
- the erasure of his or her personal data for which the purpose of the processing has ceased; where official documents containing personal data are the subject of the processing, he or she may request their return,
- the destruction of her personal data which are the subject of the processing, if there has been a breach of the law,
- the restriction of the processing of her personal data,
- the data subject, upon written request to the company or in person, if the matter cannot be delayed, the right to object at any time to the processing of personal data by expressing legitimate grounds or by providing evidence of unlawful interference with his or her rights and legitimate interests which are or may be harmed in a particular case by such processing of his or her personal data; unless prevented by lawful grounds and the objection of the data subject is proven to be justified, the company shall block and delete the personal data to which the data subject has objected without undue delay and as soon as the circumstances permit,
- prevent the processing of his or her personal data which he or she believes are or will be processed for direct marketing purposes without his or her consent and request their destruction,
- the right to have her personal data transferred to another controller
- whether the provision of personal data is a legal or contractual requirement or a requirement necessary for entering into a contract and whether the data subject is obliged to provide personal data, as well as the possible consequences of not providing personal data,
- the right to bring an action pursuant to Article 100. If the data subject suspects that his or her personal data are being unlawfully processed, he or she may file a petition for the initiation of personal data protection proceedings with the Office for Personal Data Protection of the Slovak Republic, located at Hraničná 12, 820 07 Bratislava 27, Slovak Republic, or contact the Office via its website at http://www.dataprotection.gov.sk.
If the data subject lacks full legal capacity, his or her rights may be exercised by a legal representative.
If the data subject is deceased, his or her rights under this Act may be exercised by a person close to him or her.
A request by a data subject under the Personal Data Protection Act shall be processed by the company free of charge, except for a payment in an amount which may not exceed the amount of the reasonably incurred material costs associated with the making of copies, the procurement of technical media and the sending of the information to the data subject, unless otherwise provided for by a special law.
The company shall be obliged to deal with the data subject's request in writing no later than 30 days from the date of receipt of the request.
The company shall notify the data subject and the Office for Personal Data Protection of the Slovak Republic in writing without undue delay of the restriction of the data subject's rights under the Personal Data Protection Act.
The Company has hereby informed you as the data subject about the protection of your personal data and has informed you of your rights in relation to the protection of personal data within the scope of this written information obligation.