Personal data protection
DATA PROTECTION - GDPR
INFORMATION ON THE PROCESSING OF PERSONAL DATA
In connection with the processing of personal data, we provide you with the following information in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
WHO IS THE DATA CONTROLLER
The controller who has determined the purposes and means of processing your personal data is Visit Košice
You can contact us in writing at Visit Košice Hlavná 59, 04001 Košice, or by e-mail firstname.lastname@example.org
SCOPE OF PERSONAL DATA AND ITS SECURITY
We minimise the amount of personal data we process so that it is sufficient to provide the quality of service you expect from us, to comply with our legal obligations and to protect our legitimate interests. We process both the personal data of our customers and the personal data of our potential customers who have given us consent to do so. We process the following categories of personal data:
Basic data, which is your name and surname, home address or, if you are an entrepreneur - natural person (sole trader), your ID number.
Contact data, which is your e-mail, telephone number or contact address.
Registration details (name, password) and account settings if you have registered before purchase.
Information about the products and services you have purchased or are considering purchasing. For example, data from orders, invoices, payments, or shopping cart data.
Information about your use of our online shop, how you behave when you visit, the pages you read, the links you click on, the way you navigate through each page. This data also includes information about your device (technical parameters, operating system, screen resolution, browser used), information about the IP address of your device and the geographic location derived from it, as well as data obtained through cookies and similar technologies
Data about reading our newsletter. Whether you have received the messages, the time you opened the messages, the content that interested you, the links in the messages that you clicked on, and data collected through cookies and similar technologies.
Records of email and chat communications, records of telephone calls or other communications with you in electronic or written form.
Transaction data, in particular information about your payments and payment methods.
Technology data and logs that are recorded in information systems during your visits to our website or during communications. This data includes, in particular, the static (permanent) or dynamic (temporarily assigned) IP address of your device, data about the operating system, the browser used, the time and duration of the visit or communication.
Data related to visits to our business and operational premises - video recordings (without sound) of your personal visits to our stores. (Information on the processing of personal data by CCTV systems monitoring publicly accessible areas of stores )
We protect your personal data using effective security technologies and organisational measures. All data is encrypted, protected by new generation firewalls and regularly backed up. Only professionally trained employees and vetted contractors have access to it.
More information about the technical and organisational security measures we have put in place is available on request.
PURPOSES AND LEGAL BASIS OF PROCESSING
We process your personal data primarily to enable you to make a convenient purchase and to deliver the ordered goods to you. We process your personal data in accordance with the law, based on the following legal bases:
Processing on the basis of the data subject's consent pursuant to. Article 6(1)(a) of the GDPR
For the purposes of organising consumer competitions in which you may voluntarily participate if you meet the conditions for participation in a particular competition.
Processing for the performance of a contract pursuant to. Article 6(1)(b) of the GDPR
For the purpose of ordering and delivery of goods (preparation and execution of distance sales contracts)
For the purposes of commercial communication, in the context of the preparation and execution of commercial contracts, when ordering goods, their delivery, as well as the provision of related information.
For the purpose of registration on the e-shop, as a step that precedes the conclusion of a contract based on your decision and allows you to make repeat purchases more conveniently, to get an overview of your orders as well as the possibility of accessing and modifying your data.
For the purpose of providing data for the delivery of goods by courier. The companies used by us to provide services pursuant to Act No. 324/2011 Coll. on postal services subsequently process your data as a third party and for the time necessary for the delivery of parcels.
Processing on the basis of a legal obligation pursuant to. Article 6(1)(c) of the GDPR
For the purpose of complaint handling, pursuant to Act no. 250/2007 Coll. on consumer protection, Act No. 102/2014 Coll. on consumer protection in the distance or off-premises sale of goods
For the purpose of keeping accounting and tax records, pursuant to Act No. 431/2002 on Accounting, Act No. 222/2004 Coll. on VAT and Act No 595/2003 on income tax
For the purposes of network and information systems security, pursuant to Act No. 69/2018 Coll. on cyber security and pursuant to Article 32 of the GDPR
For the purpose of handling requests from data subjects related to the exercise of rights under the GDPR.
Processing on the basis of a legitimate interest pursued by us as a controller pursuant to. Article 6(1)(f) of the GDPR
For the purpose of verifying customer satisfaction, in connection with the progress of the last purchase.
For the purposes of communication via social networks, in connection with your interaction on content published by us via our fan page, website, newsletter, blog, etc.
For the purposes of maintaining legal records relating to proving, defending and pursuing legal claims.
For the purpose of monitoring our business and premises with CCTV cameras, designed to protect the property of the operator and customers and to protect the health and life of persons on the premises.
CATEGORIES OF RECIPIENTS
Your personal data may be disclosed to the following categories of recipients during processing:
Courier and transport companies
Slovenská pošta, a.s., with registered office at Partizánska cesta 9, 975 99 Banská Bystrica,
ID: 36 631 124
Marketing agencies and call centres
IDEA ELEMENT, s.r.o., Urbánková 10, 040 01 Košice
IT service providers
Blue Lemons s.r.o., Továrenská 3436/8, 040 01 Košice - web hosting and e-shop management
Furthermore, law and legal offices, accounting offices, auditors and tax advisors, experts and forensic experts, collection companies and bailiffs, courts and law enforcement agencies.
RETENTION PERIOD OF PERSONAL DATA
If we process your data on the basis of consent, we will process it for the duration of your consent, but for a maximum period of 3 years. After this period, we will destroy it. This period may be shorter, for example:
6 months to 3 years in the case of displaying behavioural advertising, depending on the type of advertising system.
In the case of cookies, 13 months from the date of the last visit
If we process your data on the basis of the performance of a contract, we will process it for the duration of the contract and for 5 years after its termination.
If we process your data on the basis of a legal obligation, we will process it for the period specified by the relevant legislation.
In the case of accounting, this period is 10 years.
In the case of claims, this period is 2 years from the claim.
In the case of cyber security, this period is 12 months.
If we process your data on the basis of a legitimate interest pursued by us as a controller we will process it for the time strictly necessary to achieve the purpose of the processing.
In the case of CCTV systems, this period is 72 hours.
In the case of proving, defending and pursuing legal claims, until the time after which they will be time-barred. (for civil disputes 3 years)
YOUR DATA PROTECTION RIGHTS
We are ready to exercise your rights when processing your personal data.
You have the right of access to your personal data, as well as the right to know for what purpose it is processed, who the recipients of your personal data are, what is the duration of the processing.
You have the right to rectification, if your personal data is incorrect or has changed, please contact us, we will correct it.
You have the right to have your personal data erased if it is incorrect or processed unlawfully.
If your personal data is processed on the basis of consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent given prior to its withdrawal.
You have the right to restrict processing if you wish, we will only process the data for the most necessary lawful reasons or not at all.
You have the right to data portability, if you wish to transfer the data to another controller, we will provide it to you in the appropriate format, unless other technical or legal obstacles prevent this.
You have the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, located at Hraničná 12, 820 07 Bratislava 27, Slovak Republic, ID No.: 36 064 220, tel. no.: +421 2 3231 3220, https://dataprotection.gov.sk/uoou/
WHERE AND HOW YOU CAN EXERCISE YOUR RIGHTS
You can also exercise your rights by writing to Visit Košice, Hlavná 59, 04001 Košice
We will respond to your request free of charge within 30 days. In the event of complexity or a large number of requests, we are entitled to extend this period by a further 60 days. If this happens, we will inform you of this and the reasons for it.
However, if your request is manifestly unreasonable or repetitive, we are entitled to charge a reasonable administrative fee to cover the cost of providing this service.