WebHouse company's statement on handling personal data of customers and visitors of the online store www.webhouse.sk.
The operator of the online store www.webhouse.sk, WebHouse s.r.o., Paulínska 20, 917 01 Trnava, ID No: 36743852, VAT ID: SK2022329705, undertakes to comply with the rules for handling personal data of customers and visitors as described below.
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and Act no. 18/2018 Coll. on the protection of personal data and on the amendment and supplement of certain laws, the operator processes personal data for the following purposes:
1. Processing of orders, issuing of invoices, and handling of complaints in the online store www.webhouse.sk, to the extent of: title, first name, last name, postal address, email address, telephone, bank account number.
The seller hereby informs the buyer that the processing of personal data is allowed in accordance with Article 6(1)(b) of the General Regulation (EU) 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
In accordance with Article 6(1)(b) of the General Regulation (EU) 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, the seller as operator will process the personal data of the buyer without their consent as a data subject, as the processing of the buyer's personal data will be carried out by the seller in the pre-contractual relationship with the buyer, and the processing of the buyer's personal data is necessary for the performance of the contract in which the buyer is one of the contracting parties.
2. Domain registration, to the extent of: title, first name, last name, postal address, email address, telephone, ID number, date of birth, IP address.
The operator undertakes to process only the personal data of the buyer that is necessary to ensure the ordered service.
The category of recipients of personal data includes domain registrars and domain registry managers, where the operator registers domains for customers.
3. Marketing, to the extent of: title, first name, last name, email address.
The operator sends newsletters to the email address by the customer signing up for the mailing list on the website of the online store, or by expressing consent to receive the newsletter.
A visitor of the online store can sign up for news by directly entering their email address in the "Sign up for news" field on the website www.webhouse.sk. The customer of the online store can sign up for the newsletter in the Setup administrative interface (www.setup.sk), to which they have access based on the assigned customer ID and password, or as a buyer, they can express their consent by ticking the appropriate box before submitting their order in accordance with Article 6(1)(a) of the General Regulation (EU) 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, for the seller to process and store their personal data, particularly those mentioned above and/or those necessary for the seller's activity regarding sending information about new products, discounts and promotions on the offered goods and process them in all its information systems regarding sending information about new products, discounts and promotions on the offered goods. The buyer grants this consent to the seller for a definite period until the completion of the purpose of processing the buyer's personal data. After fulfilling the purpose of processing, the seller will ensure the immediate liquidation of the buyer's personal data. The buyer can revoke this consent at any time in written form. The cancellation of consent for sending newsletter messages can also be done electronically by unsubscribing from the mailing list. Automatic unsubscription is displayed in the bottom of the newsletter message that will be sent to the recipient's email address provided. The consent shall cease within 1 month of the delivery of the revocation of consent by the buyer to the seller.
The operator declares that:
a) The processed personal data of the data subjects will only be used for the above-mentioned purposes within its business activities.
b) Not taking advantage of sending newsletter messages does not pose a risk of rejection of a contractual relationship.
The personal data you provide to the operator through the registration form or direct order must be true, and in case of any change, you are obligated to immediately inform the operator of such change as well.
The protection of your personal data is governed by the Personal Data Protection Act, and your rights are regulated by the General Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, such as the right to request, in writing:
Access to your personal data
- You have the right to receive a copy of the personal data we have about you, as well as information about how we use your personal data. In most cases, your personal data will be provided to you in written form, unless otherwise requested by you. If you have requested these information electronically, they will be provided to you electronically if technically possible.
Rectification of your personal data
- We take appropriate measures to ensure the accuracy, completeness, and timeliness of the information we have about you. If you believe that the data we possess is inaccurate, incomplete, or outdated, please feel free to ask us to amend, update or supplement that information.
Erasure of your personal data
- Under certain circumstances, you have the right to request that we delete your personal data, such as when the personal data we have collected about you is no longer necessary for the original purpose of processing or if you withdraw your consent to the processing. However, your right must be assessed in light of all relevant circumstances. For example, we may have certain legal and regulatory obligations that mean we cannot comply with your request.
Restriction of the processing of your personal data
- In certain circumstances, you are entitled to ask us to stop using your personal data. Examples of such cases include when you believe that the personal information we hold about you is inaccurate, or if you believe that we no longer need to use your personal information.
- In certain circumstances, you have the right to request us to transfer the personal data that you have provided us, to another third party of your choice. However, the right to data portability only applies to personal data that we have obtained from you based on your consent or under a contract in which you are a party.
The right to object
- You have the right to object to the processing of your data that is based on our legitimate interests (such as personal data processed for network and infrastructure security purposes). In case we do not have a compelling legitimate reason for the processing and you raise an objection, we will no longer process your personal data.
Rights related to automated decision-making
- You have the right to refuse automated decision-making, including profiling, that has legal or similarly significant consequences for you. The company generally does not use automated decision-making or profiling in the context of employment.
Withdraw your consent to the processing of your personal data
- In most cases, we do not process your personal data based on your consent. However, it may happen that in specific cases we will ask for your consent. In cases where we do, you have the right to revoke your consent for further use of your personal data (e.g. photograph).
Lodge a complaint with the supervisory authority
- If you want to file a complaint about the way your personal data is being processed, including the exercise of your rights mentioned above, you can contact us via the phone number +421.910969601, by sending an email to firstname.lastname@example.org, or by sending a written request to the operator's address at Paulínska 20, 917 01 Trnava.
If you are not satisfied with our response, or if you believe that we are processing your personal data unfairly or unlawfully, you can file a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, https://dataprotection.gov.sk, Hraničná 12, 820 07 Bratislava 27, phone number: +421.232313214, email: email@example.com.
Processing of personal data of customers by the contractor
The operator is in the position of a data processor in relation to the customers of the controller, in accordance with Article 28 of the GDPR. Therefore, the contract between the operator and the controller is governed by the following:
- The operator shall not appoint another processor without the prior specific written consent of the customer. In the case of written consent of the customer, the operator shall be obliged to impose on this other processor the same obligations regarding the protection of personal data as set out in this contract, and the operator shall bear the responsibility towards the customer if the other processor fails to fulfill its obligations regarding the protection of personal data.
- The operator undertakes to process personal data only for the purposes of providing services. The operator processes personal data during the entire period of validity and effectiveness of the contract between him and the customer and in the same scope as the customer processes them. The data subjects are the customers of the customer.
- The operator is entitled to perform only the processing operations necessary to achieve the purpose of processing, in particular the acquisition, collection, storage, and destruction of personal data. The operator is obliged to process personal data only to the extent necessary to achieve the purpose of processing and in accordance with this article of T&C, or the written instructions of the client, including the transfer of personal data to a third country or international organization.
- In the event of the transfer of personal data to a third country or international organization based on a specific regulation or international agreement binding on the Slovak Republic, the controller is required to notify the controller of this requirement before processing the personal data, unless such notification is prohibited by the specific regulation or international agreement binding on the Slovak Republic for reasons of public interest.
- The operator declares that it guarantees the security of processed personal data, and when implementing technical and organizational measures to ensure the protection of rights and protection of personal data of the customer's customers, in particular against accidental or unlawful destruction, loss, alteration or unauthorized disclosure of transmitted personal data, stored personal data, or otherwise processed personal data, or unauthorized access, taking into account the scope, nature, context and purpose of processing personal data, risks that are capable of compromising personal data security and their significance.
- The operator is obliged to protect the processed personal data from damage, destruction, loss, alteration, unauthorized access and disclosure, as well as from any other unacceptable methods of processing.
- The operator is obliged to not disclose personal data to third parties, not to use personal data for any other than the agreed purpose, not to exploit it for their own benefit or the benefit of a third party, and not to handle personal data in violation of this article.
- The operator is obligated to keep the personal data of customers of the client confidential. Personal data may not be used for personal needs, may not be published, provided or made accessible. They undertake to maintain this confidentiality even after the validity and effectiveness of the contract. The operator is responsible for ensuring that this confidentiality is maintained by its employees and other authorized persons, as well as any external collaborators.
- The operator is obliged to ensure that the collected personal data are processed in a form that allows identification of the customers of the ordering party only for the necessary period of time to achieve the purpose of processing.
- Prevádzkovateľ sa zaväzuje spolupracovať a poskytnúť objednávateľovi súčinnosť pri zabezpečovaní dodržiavania povinností objednávateľa reagovať na žiadosti zákazníkov objednávateľa pri výkone ich práv podľa ustanovení kapitoly III GDPR, vrátane oznámenia objednávateľa o každej písomnej žiadosti o prístup, ktoré boli doručené prevádzkovateľovi v súvislosti s povinnosťami objednávateľa podľa GDPR, Zákona č. 18/2018 Z. z. o ochrane osobných údajov a o zmene a doplnení niektorých zákonov a iných súvisiacich predpisov.
- Prevádzkovateľ sa zaväzuje poskytnúť objednávateľovi všetky informácie potrebné na preukázanie splnenia povinností stanovených v ustanovení čl. 28 GDPR a poskytnúť objednávateľovi súčinnosť v rámci auditu ochrany osobných údajov a kontroly zo strany objednávateľa alebo audítora, ktorého poveril objednávateľ.
- Prevádzkovateľ sa zaväzuje spolupracovať a poskytnúť objednávateľovi súčinnosť pri zabezpečovaní dodržiavania povinností podľa ustanovení čl. 32 až 36 GDPR, a to zabezpečiť bezpečnosť spracúvania, oznámiť Úradu na ochranu osobných údajov a dotknutým osobám, ak je to potrebné, akékoľvek porušenie ochrany osobných údajov, v prípade potreby vykonať posúdenie vplyvu na ochranu osobných údajov, týkajúce sa vplyvu spracúvania na ochranu osobných údajov a konzultovať s Úradom na ochranu osobných údajov pred uskutočnením akéhokoľvek spracúvania, ak z posúdenia vplyvu na ochranu osobných údajov vyplýva, že toto spracúvanie by viedlo k vysokému riziku v prípade, ak by objednávateľ neprijal opatrenia na zmiernenie tohto rizika.
- Prevádzkovateľ je povinný bezodkladne oznámiť objednávateľovi, ak podľa názoru prevádzkovateľa akýkoľvek pokyn udelený objednávateľom porušuje zákon o ochrane osobných údajov, osobitný predpis alebo medzinárodnú zmluvu, ktorou je Slovenská republika viazaná, ktoré sa týkajú ochrany osobných údajov.
- Prevádzkovateľ sa zaväzuje po skončení platnosti a účinnosti zmluvy, na základe rozhodnutia objednávateľa vymazať osobné údaje alebo vrátiť osobné údaje objednávateľovi a vymazať existujúce kópie, ktoré obsahujú osobné údaje, ak osobitný predpis alebo medzinárodná zmluva, ktorou je Slovenská republika viazaná, nepožaduje uchovávanie týchto osobných údajov.
Vaše osobné údaje môžu byť poskytnuté tretím stranám a sprostredkovateľom, t.j. subjektom spolupracujúcim s prevádzkovateľom. Aktuálny zoznam týchto subjektov je uvedený na https://www.webhouse.sk/sk/sprostredkovatelia/