Date of entry into force: 02. November 2018.
Online Media Shop s.r.o. (registered office: Slovak Republic, 943 01 Štúrovo, Hlavná 22, registration number: 50 663 801, tax number: SK2120797613) (hereinafter referred to as "Data Manager") on www.onlinemediashop.sk and other services offered As a data controller, you are compelled to accept the contents of this Privacy Statement.
The personal data of the user who uses the Data Manager and the personal contributor of the customer (hereinafter referred to as "Affected") are handled by the Data Handler. The Data Controller undertakes to ensure that the data handling related to the website and other services provided is in compliance with the applicable laws and the requirements of this Data Management Prospectus. The Data Controller reserves the right to unilaterally modify this Prospectus. Therefore, it is recommended that you visit https://www.onlinemediashop.sk regularly to monitor your changes. The current content of the Prospectus can be read and retained at the same time.
Upon request, we will send a copy of the current Prospectus to the Affiliate.
By providing such personal information, the Affected Party declares that he / she has recognized and explicitly accepted the version of this Prospectus valid at the time of making the disclosure.
The requirements in the Data Handling Guide are in line with existing data protection legislation:
• The Basic Law of Slovakia;
• REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation)
• Act CXII of 2011 on the right to information self-determination and freedom of information; law;
• Act V of 2013 on the Civil Code
- Data manager data
Online Media Shop s.r.o.
Headquarters: Slovak Republic, 943 01 Štúrovo, Hlavná 22.
The contact details of the Data Manager through which you can exercise the rights of the Participant in this information:
- THE FUNDAMENTALS OF DATA PROTECTION
2.1. Personal data:
Any natural person (identified or identifiable) identified (identified as identifiable or identifiable), hereinafter referred to as "the person concerned", may be deduced from the data for the person concerned. Personal data preserves this quality while handling it as long as its relationship can be restored with the affected person. A person may in particular be considered identifiable if he or she can be identified, directly or indirectly, by a name, identifier or one or more physical, physiological, mental, economic, cultural or social identity;
A voluntary and decisive statement of the wishes of the person concerned, based on appropriate information and with which he or she gives his / her unambiguous consent to the handling of his / her personal data, covering all or part of operations;
The statement of the person concerned with which he or she objected to the handling of his / her personal data and requests the termination of data processing and the cancellation of the data processed;
2.4. Data Manager:
A natural or legal person or an organization without legal personality, who or which determines the purpose of the processing of personal data, makes and executes decisions on data handling (including the equipment used), or performs it with the data processor entrusted to it;
2.5. Data handling:
Irrespective of the method used, any operation or aggregation of any operation, such as collecting, capturing, recording, systematizing, storing, modifying, using, transmitting, disclosing, aligning, linking, blocking, deleting or destroying any of the operations, preventing its use. Data processing means making photographs, sound or images and recording physical features (such as finger or palm prints, DNA samples, iris images) that can identify a person;
2.6. Data transmission:
If the data is made available to a specific third party;
If the data is made available to anyone;
2.8. Data Wiping:
Making the data unrecognizable in such a way that restoration is no longer possible;
2.9. Data Closing:
Making it impossible for the data to be transmitted, acquired, disclosed, modified, altered, destroyed, deleted, interconnected or coordinated and used, for a definite or definite period of time;
2.10. Data Shredding:
Complete physical destruction of the data or the media containing the data;
2.11. Data processing:
Perform technical tasks related to data management operations, regardless of the method and tool used to implement the operations, and the location of the application;
2.12. Data processing:
It is a natural or legal person or an organization without legal personality who, on the order of the data controller, also processes the processing of personal data, including orders under the provisions of the law;
2.13. Third person:
It is a natural or legal person or a non-legal entity that is not the same as the data subject, the data controller or the data processor;
2.14. EEA states:
The Member State of the European Union and any other State party to the Agreement on the European Economic Area, as well as a State which is a national of a Contracting Party to the Agreement on the European Economic Area, on the basis of an international treaty between the European Community and its Member States and a non-member State party to the Agreement on the European Economic Area, a national of a Member State;
2.15. Third country:
Any State other than an EEA State.
- DATA PROTECTION PRINCIPLES
1. be managed legally and fairly and in a transparent way for the person concerned ("legality, fairness and transparency");
2. to be collected for a specific, unambiguous and legitimate purpose and not treated in a manner incompatible with these purposes; in accordance with Article 89 (1) of the GDPR, no further data processing ("purpose limitation") for purposes of public interest archiving, for scientific and historical research purposes or for statistical purposes, is not compatible with the original purpose;
3. they must be appropriate and relevant for the purposes of data management and should be limited to the need ("saving of the data");
4. be exact and, if necessary, up-to-date; all reasonable measures must be taken to correct or correct inaccurate personal data for the purposes of data management ("accuracy");
5. storage must take place in a form which permits the identification of the data subjects only for the time needed to manage the personal data; the storage of personal data for a longer period of time may only take place if personal data are processed in accordance with Article 89 (1) of the GDPR for public interest archiving purposes for scientific and historical research purposes or for statistical purposes, and subject to appropriate technical and organizational measures for the protection of its freedom ("limited storage");
6. It must be handled in such a way as to ensure adequate security of personal data, including the protection of unauthorized, unlawful, accidental loss, destruction or damage to data ("integrity and confidentiality") by means of appropriate technical or organizational measures.
The controller is responsible for compliance with the above and must be able to verify this compliance ("accountability"). The Data Controller does not collect any personal data relating to minors.
- DETAILED RULES OF DATA MANAGEMENT
Access to data:
• the data management staff;
• the staff of Data Processors specified below;
• some authorities have requested information that they have requested in the course of official procedures and which are legally binding by the Data Controller;
• employees of the debt management company entrusted by the Data Controller to handle the expired debts;
• other persons on the basis of the express consent of the Person.
The Data Administrator undertakes a strict confidentiality obligation with respect to the personal data it manages without any time limit, and may not, to the contrary, be disclosed to any third party.
Revocation of the consent does not affect the legitimacy of the previous data handling.
4.1 Data management related to the registration
4.1.1 The scope of the managed data and the purpose of data management:
• Full Name: The name of the client is indispensable for identification in each database
• E-mail address: serves the purpose of maintaining contact between the Data Manager and the Affected (User, Buyer's Personal Contributor) and the user name
• Password: For secure access to the user box
• Phone number: For flexible contact with the user
• Company name: the basis of the reseller contract, identification, contact
• Billing Address: The basis for the reseller contract
• Delivery address: The basis for the reseller contract
• Tax number: the basis of the reseller contract, identification
• Contact Details: The basis for the reseller agreement, identification, contact
4.1.2 Legal basis for data handling
The legal basis for data processing is the Contribution of the Person (GDPR Article 6 (1) (a)).
4.1.3 Duration of data handling
The Data Controller manages the personal data until the holder's consent is withdrawn. You can cancel your contribution at any time by sending an e-mail to firstname.lastname@example.org.
4.2 Data Management related to Ordering Your Product
4.2.1 The scope of the data processed and the purpose of data management:
• Full Name: The name of the client is indispensable for identification in each database
• E-mail address: serves the purpose of maintaining contact between the Data Manager and the Affected (Buyer) and is the user name
• Phone number: For flexible contact with the user
• Company name: the basis of the reseller agreement, identification, performance of the contract, contact, billing
• Billing Address: The Reseller Contract is the basis for contract performance billing
• Delivery address: the basis of the reseller contract, performance of the contract, contact
• Tax number: the basis of the reseller contract, performance of the contract, invoicing
• Contact Details: The basis for the reseller agreement, identification, performance of the contract, contact
4.2.2 Legal basis for data handling
Legal basis for data processing is performance of contract (GDPR Article 6 (1) (b)).
4.2.3 Duration of data handling
After the termination of the contact with the Affected Person, 6:22. Section 5 is deleted in 5 years. If the data are kept under Section 169 of Act C of 2000 on Accounting ("Accounting Law"), the data will be deleted 8 years after termination of the relationship with the Customer. In practice this is the case where the data are part of the supporting documents, for example, in contract documents (where applicable, in the contract itself) or in the invoice issued.
4.3 The cookie related information on our site
4.3.1 The scope of the data processed and the purpose of data management:
By visiting the Data Handler website or one of its sub pages and browsing the content of the page, you agree to the following terms, even if you have not registered the Affiliate.
Some of the Data Manager features unique identifiers, so-called cookies, placed on the affected (user) computer. These are only used to identify the current session of a visitor, to store the data entered during that process, to prevent loss of data, and to analyze anonymously about the Context Behaviors using Google Analytics. Such data may include the visitor's IP address, time and date of visit, visited pages, browser type, operating system, etc. These data are stored, which are handled confidentially and are only used for further development of the www.onlinemediashop.sk website and for the production of statistics.
4.3.2 Legal basis for data handling
The legal basis for data handling is the Contributor's consent.
4.3.3 Duration of data handling
The duration of a cookie lasts until www.onlinemediashop.sk.
4.3.4 Visitor's cookie rights
You can always delete cookies at the visitor's browser.
You can request information from the latest available products from the Data Manager, get notification of current promotional products, and changes to web site operation.
The Data Handler does not send a non-smoking advertising message and, without any restrictions or justifications, you can opt-out of sending bids free of charge. In this case, all personal data required to send the newsletter will be deleted from your records and will not contact the Affiliate with any additional promotional offers. You can unsubscribe from the newsletter at any time by clicking on the link in the message.
4.4.1 The scope of the data processed and the purpose of data management:
• Name / Company Name: Identification, Contact
• E-mail address: we will forward the current news to you.
4.4.2 Legal basis for data handling
The legal basis for data handling is your contribution and the 2008 Act XLVIII of 2008 on the Fundamental Terms and Limitations of Economic Advertising. the Person in question may expressly and specifically consent to the Service Provider's promotional offers and other items in the given contact details (e-mail).
4.4.3 Duration of data management
The Data Controller retains personal data until the consent of the Person concerned is withdrawn.
By post by the Slovak Republic, 943 01 Štúrovo, Hlavná 22; e-mail can also be requested by e-mail email@example.com to delete your personal information.
4.4.4 Rights of the data subjects concerned
You can opt-out of the newsletter at any time, free of charge.
5. PERSONS RESPONSIBLE FOR DATA PROCESSING
The Data Handler uses the data processors listed in the table below to perform the technical tasks related to the data management operations. The rights and obligations of the data processor regarding the processing of personal data are determined by the Data Controller within the framework of the GDPR and the special laws on data management. The data controller is responsible for the legality of the instructions given by him. The data processor may not make any substantive decision on data management, process personal data that he or she is aware of, only processed by the Data Controller, for the purpose of processing data for his own purposes, and for storing and retaining personal data according to the provisions of the Data Controller.
Name and contact details of the data processor Personal data and data processed by the data processor
GLS General Logistics Systems Hungary Package Logistics Ltd.
(Phone: (29) 886 649) Personal Information provided by the Affected Person.
You have access to the shipping data handled by the Data Handler based on this Prospectus. Its task is to deliver the products on the basis of the data provided by the Data Manager.
6. DATA SECURITY MEASURES
The Data Controller shall refer to the "European Parliament Decree 2016/679" and "Act CXII of 2011 on Information Freedom of Information and Freedom of Information concerning personal data provided by the Person concerned". law ".
The Data Controller shall take all reasonable steps to ensure the security of the data, and shall ensure an adequate level of protection, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction and accidental destruction and damage. The Data Controller ensures the security of the data through appropriate technical (eg logic protection, in particular encryption of passwords and communication channels) and organizational measures (physical protection, in particular data security training for data controllers, restriction of access to information).
Please help us protect the information by not using a clear login name or password, as well as changing your password regularly, and also make sure that your password is not made available to another person.
7. RIGHTS RESOLVED IN THE DATA MANAGEMENT
The data protection rights and legal remedies of the Affected Party and, in this connection, the relevant provisions and limitations of GDPR are contained in the GDPR in detail (in particular, GDPRs 15, 16, 17, 18, 19, 20, 21, 22, 77, 78, 79 and 82). Below we summarize the most important provisions.
7.1 Access Rights of the Subject
You are entitled to receive feedback from us about whether your personal information is being processed. If such data processing is in progress, the User is entitled to receive access to personal information and the following information:
1. (a) the purposes of data management;
2. (b) the categories of personal data concerned;
3. (c) the categories of recipients or recipients with which personal data will be communicated or communicated, including in particular third country addressees or international organizations;
4. (d) where appropriate, the intended duration of the storage of personal data or, where this is not possible, the criteria for determining that period;
5. (e) You have the right to apply for correction, deletion or limitation of your personal data concerning the Person and may object to the handling of such personal data;
6. (f) the right to lodge a complaint addressed to a supervisory authority; and
7. (g) where the data is not collected from the Party, all available information on their source;
8. (h) the fact of automated decision making, including profiling, and at least in such cases the logic used and the understandable information on the significance of such data handling and the likely consequences for the Affected Person.
When personal data is transmitted to a third country, the Affected person is entitled to receive information about the appropriate warranties for the transfer.
A copy of the personal data subject to the data is provided to the person concerned. If the Affected Application is filed electronically, the information should be provided in a widely used electronic format, unless requested otherwise by the Affected Person.
7.2 Right to rectification
You are entitled to correct, without undue delay, any inaccurate personal information about the Affiliate. You are entitled to request the supplementation of incomplete personal data, including by means of a supplementary statement.
7.3 Right to Cancellation ("Right to Forgive")
(1) The Affected Person is entitled to delete personal data concerning the Affiliate upon his request without undue delay if one of the following reasons exists:
1. (a) personal data are no longer required for the purpose from which they have been collected or otherwise handled;
2. (b) The User withdraws the consent of the data controller and does not have any other legal basis for data processing;
3. (c) The Opposing Party objects to its data handling and, where appropriate, no prior legitimate reason for data handling;
4. (d) we have treated the personal data unlawfully;
5. (e) the personal data must be removed for the fulfillment of the legal obligation imposed by the applicable Union or national law on us; or
6. (f) the collection of personal data was concerned with the provision of information society-related services.
(2) If the Data Controller has disclosed personal data and is required to cancel it pursuant to paragraph 1, it shall take reasonable steps, including technical measures, to take into account the available technology and implementation costs in order to inform the data controllers handling the data that the Affiliate has applied to them for the deletion of links to such personal data or of a copy or duplicate of such personal data.
3. Paragraphs 1 and 2 shall not apply where data processing is required, including:
1. (a) to exercise the right to freedom of expression and information;
2. (b) for the purpose of fulfilling the obligation of the Union or of the Member States to comply with the personal data requirements;
3. (c) for the purposes of public interest archiving, for scientific and historical research purposes or for statistical purposes, provided that the right referred to in paragraph 1 is likely to render impossible or seriously undermine this data management; or
4. (d) to submit, enforce or protect legal claims.
7.4 Right to Restrict Data Management
(1) The Affected Person is entitled to limit the processing of his or her request at any request if either of the following conditions is met:
1. (a) The Party disputes the accuracy of the personal data, in this case the restriction concerns the period of time which allows us to verify the accuracy of the personal data;
2. (b) data processing is unlawful and the Opposition opposes the deletion of data and, instead, requests that they be restricted;
3. c) we no longer need personal data for data management purposes but the Requested Party requests them to submit, enforce or protect legal claims; or
4. (d) The Opposing has objected to data handling; in this case, the restriction applies to the period until it is determined whether the Data Manager's legitimate reasons prevail over the legitimate grounds of the Affected Person.
If the processing is restricted under paragraph 1, such personal data may only be used with the consent of the Person or with the submission, enforcement or protection of legal or other rights of a natural or legal person, Member State's important public interest.
We will notify the user before we discontinue the disclosure limitation.
7.5 The obligation to notify or erase personal data or limitation of data management
The Data Handler informs all recipients of all corrections, cancellations, or restrictions on data handling with whom we have communicated personal information, unless this proves impossible or requires disproportionate effort. We will inform you of those recipients at the request of the person concerned.
7.6 Right to data storage
(1) You have the right to receive personal information about the Affected Person that you have provided in a machine-readable widely-used, widely used machine-readable format and you have the right to transfer this data to another data controller without this being obstructed by the Data Manager, if:
1. (a) the processing of data is either a contribution or a contract; and
2. (b) data management is carried out in an automated manner.
In exercising the right to carry the data pursuant to paragraph 1, the User is entitled to request the direct transfer of personal data between data controllers, if technically feasible.
7.7 Right to Protest
You are entitled to object to any legitimate interest in your personal data, including profiling, for any reason relating to your own situation. In this case, we will not treat the personal data unless it is proven that data management is justified by legitimate compelling reasons which are of priority to the interests, rights and freedoms of the concerned, or which relate to the submission, enforcement or protection of legal claims.
If your personal data is handled for direct business acquisition, the Affected person is entitled to object at any time to the treatment of the relevant Personal Data for this purpose, including profiling, if it is related to direct business acquisition.
If the Opposition protests against the handling of personal data for direct business acquisition, personal data may no longer be handled for that purpose.
With respect to the use of information society services and by derogation from Directive 2002/58 / EC, the Right to Protest may also be exercised by automated means based on technical specifications.
If personal data is processed for scientific and historical research purposes or for statistical purposes, the User is entitled to object to the handling of personal data concerning the Person for reasons related to his / her own situation, unless it is necessary for the performance of a task for public interest purposes.
7.8 Right to complain to the supervisory authority
The Applicant can enforce his rights under the GDPR and the Civil Code, as well as to the National Data Protection and Information Authority (NAIH) (1125 Budapest, Erzsébet Szilágyi fasor 22 / C, mailing address: 1530 Budapest, Pf.5, phone: +36 1 391 1400; e-mail: firstname.lastname@example.org) may apply in case of complaints about the data management practices of the data controller. Detailed rights and remedies for data management are described in detail in paragraphs 77, 79. and 82 thereof.
7.9 Right to an effective remedy against a supervisory authority
The Affected person is entitled to effective judicial remedy against the legally binding decision of the supervisory authority on the Affected Person.
The Affected Person is entitled to effective judicial remedy if the competent supervisory authority does not address the complaint or within three months informs the Affected about the procedural developments or the outcome of the complaint submitted.
The procedure against the supervisory authority shall be initiated before the courts of the Member State in which the supervisory authority is situated.
7.10 Right to an effective remedy against data controller or data processor
The Affected Person is entitled to an effective remedy if he considers that his personal data have been infringed under GDPR as a result of improper handling of GDPR.
The data controller or processor shall be initiated before the court of the Member State in which the data controller or the processor is established. Such proceedings may also be instituted before the courts of the Member State of habitual residence of the person concerned.
Before initiating a procedure, it is advisable for the data controller to submit the complaint.