Go to content

Privacy policy

WebHouse Company Statement on the Handling of Personal Data of Customers and Visitors to the Online Store www.webhouse.sk

The operator of the online store www.webhouse.sk, WebHouse, s. r. o., Paulínska 20, 917 01 Trnava, Company ID: 36743852, VAT ID: SK2022329705, undertakes to comply with the rules below regarding the handling of personal data of customers and visitors.

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation), and with Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Acts, the operator processes personal data for the following purposes:

1. Processing orders, issuing tax documents, and handling complaints in the online store www.webhouse.sk within the scope of: title, first name, last name, postal address, e-mail address, telephone number, bank account number.

The seller hereby notifies the buyer that the processing of personal data is permitted pursuant to Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Pursuant to Article 6(1)(b) of Regulation (EU) 2016/679, the seller as the controller will, in the process of concluding a purchase contract, process the buyer’s personal data without the buyer’s consent as a data subject, since the processing of the buyer’s personal data will be carried out by the seller within pre-contractual relations with the buyer and the processing of the buyer’s personal data is necessary for the performance of the purchase contract, in which the buyer acts as one of the contracting parties.

2. Domain registration within the scope of: title, first name, last name, postal address, e-mail address, telephone number, personal identification number, date of birth, IP address.

The operator undertakes to process only such personal data of the buyer as are necessary to provide the ordered service.

The categories of recipients of personal data include domain registrars and domain registry operators where the operator registers domains for customers.

3. Marketing within the scope of: title, first name, last name, e-mail address.

The operator sends newsletters to an e-mail address by the customer subscribing to the mailing list on the online store pages, or by giving consent to receive the newsletter.

A visitor to the online store may subscribe to receive news by entering their e-mail address directly into the “Subscribe to news” field on the pages of www.webhouse.sk. A customer of the online store may subscribe to receive the newsletter in the Setup administration interface (www.setup.sk), which they can access using an assigned customer ID and password, or as a buyer may, by ticking the relevant box before submitting the order, express their consent pursuant to Article 6(1)(a) of Regulation (EU) 2016/679, for the seller to process and store their personal data, in particular those listed above and/or those required for the seller’s activities related to sending information about new products, discounts, and special offers for goods offered, and to process them in all of its information systems related to sending information about new products, discounts, and special offers for goods offered. The buyer grants the seller this consent for a fixed period until the purpose of processing the buyer’s personal data has been fulfilled. After fulfilling the purpose of processing, the seller will ensure the immediate disposal of the buyer’s personal data. The buyer may withdraw consent to the processing of personal data at any time in writing. Withdrawal of consent for sending newsletter messages may also be carried out electronically by unsubscribing from the mailing list. An automatic unsubscribe link is displayed at the bottom of the newsletter message delivered to the recipient’s provided e-mail address. The consent will terminate within 1 month from the delivery of the withdrawal of consent by the buyer to the seller. 

The operator declares that:
a) The processed personal data of data subjects will be used only for the purposes stated above within the scope of its business activities.
b) Not using the newsletter sending service does not create a risk of refusal of a contractual relationship.

Common provisions:
The personal data you provide to the operator through the registration form or a direct order must be truthful, and in the event of any change you are obliged to inform the operator of such change without undue delay.

The protection of your personal data is governed by the provisions of the Personal Data Protection Act, while your rights are set out in Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, e.g. the right, on the basis of a written request, to ask for:

Right of access 

  • You have the right to be provided with a copy of the personal data we hold about you, as well as information about how we use your personal data. In most cases, your personal data will be provided to you in written paper form, unless you request otherwise. If you requested these information by electronic means, they will be provided to you electronically, if technically feasible. 

Right to rectification

  • We take reasonable measures to ensure the accuracy, completeness, and up-to-dateness of the information we hold about you. If you believe that the data we hold is inaccurate, incomplete, or out of date, please do not hesitate to ask us to correct, update, or supplement this information.

Right to erasure

  • Under certain circumstances, you have the right to request that we erase your personal data, for example if the personal data we obtained about you is no longer necessary for fulfilling the original purpose of processing, or if you withdraw your consent to processing. However, your right must be assessed in light of all relevant circumstances. For example, we may have certain legal and regulatory obligations, which means that we may not be able to comply with your request.

Right to restriction of processing

  • Under certain circumstances, you are entitled to request that we stop using your personal data. This includes, for example, cases where you believe that the personal data we hold about you may be inaccurate, or where you believe that we no longer need to use your personal data.

Right to data portability

  • Under certain circumstances, you have the right to request that we transfer the personal data you provided to us to another third party of your choice. However, the right to portability applies only to personal data that we obtained from you on the basis of consent or on the basis of a contract to which you are one of the contracting parties. 

Right to object

  • You have the right to object to processing that is based on our legitimate interests (for example, we process personal data for the purpose of network and infrastructure security). If we do not have a compelling legitimate reason for processing and you raise an objection, we will no longer process your personal data.  

Rights related to automated decision-making

  • You have the right to refuse automated decision-making, including profiling, which produces a legal effect concerning you or similarly significantly affects you. The company generally does not use automated decision-making or profiling in the context of employment.

Right to withdraw consent

  • In most cases, we do not process your personal data on the basis of your consent. However, in specific cases we may request your consent. Where we do so, you have the right to withdraw your consent to further use of your personal data (e.g. a photograph).

Right to lodge a complaint

  • If you wish to lodge a complaint about how your personal data is processed, including exercising the rights listed above, you may contact us by phone at +421.910969601, by e-mail at webhouse@webhouse.sk, or by a written request sent to the operator’s registered office at Paulínska 20, 917 01 Trnava. 

If you are not satisfied with our response, or you believe that we process your personal data unfairly or unlawfully, you may lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, https://dataprotection.gov.sk, Hraničná 12, 820 07 Bratislava 27, phone: +421.232313214, e-mail: statny.dozor@pdp.gov.sk.   

Intermediated processing of the customer’s customers’ personal data

In relation to the customer’s customers, the operator acts as a processor within the meaning of Article 28 GDPR. For this reason, the contract between the operator and the customer is governed by the following:

  • The operator may not entrust the processing of personal data to another processor without the customer’s prior specific written consent. In the event of the customer’s written consent, the operator is obliged to impose on that further processor, in the contract or other legal act, the same obligations regarding personal data protection as set out in this contract, while the operator remains liable to the customer if the further processor fails to fulfill its personal data protection obligations.
  • The operator undertakes to process personal data only for the purpose of providing services. The operator processes personal data throughout the entire period of validity and effectiveness of the contract between it and the customer and to the same extent as the customer processes it. The data subjects are the customer’s customers.
  • The operator is entitled to perform only processing operations necessary to fulfill the purpose of processing, in particular collection, recording, storage, and disposal. The operator is obliged to process personal data only to the necessary extent in order to achieve the purpose of processing and only in accordance with the conditions of this article of the Terms and Conditions, or the customer’s written instructions, including where this involves a transfer of personal data to a third country or an international organization.
  • Where a transfer of personal data to a third country or an international organization is carried out on the basis of specific legislation or an international treaty binding on the Slovak Republic, the operator is obliged to inform the customer of this requirement prior to processing the personal data, unless such notification is prohibited by that specific legislation or international treaty for reasons of public interest.
  • The operator declares that it guarantees the security of the processed personal data and that, when adopting technical and organizational measures to ensure the protection of rights and the protection of the personal data of the customer’s customers—especially against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of transmitted, stored, or otherwise processed personal data, or unauthorized access— it has taken into account the scope, nature, context, and purpose of processing, as well as the risks capable of compromising the security of personal data protection and their severity.
  • The operator is obliged to protect processed personal data against damage, destruction, loss, alteration, unauthorized access and disclosure, provision or publication, as well as against any other impermissible methods of processing.
  • The operator is obliged not to provide personal data to third parties, not to use personal data for a purpose other than the agreed purpose, not to misuse it for its own benefit or the benefit of a third party, and not to handle personal data in breach of this article of the Terms and Conditions.
  • The operator and its employees are obliged to maintain confidentiality of personal data obtained about the customer’s customers. Personal data must not be used for personal needs, must not be published, provided, or made accessible. They undertake to maintain this confidentiality even after the termination of the validity and effectiveness of the contract. The operator is responsible for ensuring that its employees and other persons authorized by it, as well as any external collaborators, also maintain confidentiality.
  • The operator is obliged to ensure that the collected personal data is processed in a form enabling identification of the customer’s customers only for as long as necessary to achieve the purpose of processing.
  • The operator undertakes to cooperate and provide the customer with assistance in ensuring compliance with the customer’s obligations to respond to requests from the customer’s customers when exercising their rights under Chapter III GDPR, including notifying the customer of any written request for access delivered to the operator in connection with the customer’s obligations under GDPR, Act No. 18/2018 Coll. on the Protection of Personal Data, and other related regulations.
  • The operator undertakes to provide the customer with all information necessary to demonstrate compliance with the obligations laid down in Article 28 GDPR and to provide the customer with assistance in the context of a personal data protection audit and inspections by the customer or an auditor appointed by the customer.
  • The operator undertakes to cooperate and provide the customer with assistance in ensuring compliance with obligations under Articles 32 to 36 GDPR, namely to ensure processing security, notify the Office for Personal Data Protection and data subjects where required of any personal data breach, perform a data protection impact assessment where necessary regarding the impact of processing on personal data protection, and consult the Office for Personal Data Protection prior to carrying out any processing if the data protection impact assessment indicates that the processing would lead to a high risk if the customer did not take measures to mitigate that risk.
  • The operator is obliged to notify the customer without undue delay if, in the operator’s opinion, any instruction given by the customer violates personal data protection legislation, specific regulations, or an international treaty binding on the Slovak Republic relating to personal data protection.
  • After the termination of the validity and effectiveness of the contract, the operator undertakes, based on the customer’s decision, to erase personal data or return personal data to the customer and erase existing copies containing personal data, unless specific legislation or an international treaty binding on the Slovak Republic requires the retention of such personal data.

Third parties:

Personal data may be provided to third parties and processors, i.e. entities cooperating with the operator. The current list of these entities is available at https://www.webhouse.sk/sk/sprostredkovatelia/

Related information: terms and conditions, identification details of processors

 

Cookie Policy

Cookies are small data files which, when you visit the website www.webhouse.sk (hereinafter the “website”), are stored on your computer, phone, or other device.

Necessary cookies

These cookies are necessary for the basic functionality of the website—i.e. for the website to perform its essential function, to be displayed properly, and to ensure stability and security.

Analytics cookies

These cookies are used to improve the functioning of the website. They allow us to recognize and determine the number of visitors and to monitor how visitors use the website. They help us improve the way the website works, for example by enabling users to easily find what they are looking for. Using these tools, we analyze the functionality of our website. Analytics cookies will be used only on the basis of your consent.

Marketing cookies

They are used to track the website user’s preferences for the purpose of advertising targeting, i.e. displaying marketing and advertising messages in accordance with those preferences. Marketing cookies use tools of external companies. These marketing cookies are used only on the basis of your consent.

Processing of cookies outside the European Union

We use Google Tag Manager on our website. This is a technical platform that facilitates the provision and management of other web services and website tracking programs using so-called “tags”.
In this context, Google stores cookies on your device and analyzes the use of tracking tools to monitor your browsing behavior on the website. This data sent by individual tags is consolidated, stored, and processed under a single user interface. When using our website, by activating Google tags, certain data—especially your IP address and your user activity—may be transferred to Google’s servers and may also be processed and stored outside the EU, e.g. in the USA, while complying with the relevant security standards. The tracking tools used within Google Tag Manager ensure that source codes are anonymized via Google Tag Manager before transfer. Google Tag Manager can therefore collect IP addresses only in an anonymized form through so-called IP masking.

How you can manage cookies

You can give consent to the storage of cookies using the so-called cookie banner, or via your browser. In your web browser settings, you can also refuse the storage of cookies or set it to allow only certain cookies. However, if you do not allow us to use certain cookies, some functions of the website may not work as they should.

Further information about cookies and their current list can be found via individual web browsers, most commonly under Developer Tools.

Rights of data subjects

As a data subject, you have statutory rights listed above on this page in the section dedicated to personal data protection.

This Cookie Policy is effective as of 1 January 2022.