GENERAL DATA PROTECTION AND REGULATION

I. General Obligations

1. Personal Data Administrator under Art. 4 p. 7 Regulation of the European Parliament and Council (EU) 2016/679 on protection of individuals personal data and free movement of such data (further only: “GDPR”) is Coffee Home, s.r.o., ID 48104795, headquartered: Špitálska 53, Bratislava 811 01 (further only “Administrator”).

2. Administrator contacts:

3. Personal Data are all the information about identified or an identifiable individual; identifiable individual is an individual, that is possible to identify directly or indirectly, in particular by reference in a specific identifier, for e.g. name, ID no., location data, web identifier or with help of one or more specific data, physiological, genetic, mental, economic, cultural or social.

4. The Administrator didn’t appoint a Personal Data Protection Officer.

II. Sources and Categories of Processed Personal Data

1. The Administrator processes personal data, which you provided him with, or which he gained based on your order.

2. The Administrator processes your identification and contact information and other necessary information for a full contract.

III. Legal Reason and Purpose of Processing Personal Data

1. Legal Reason for processing personal data is:

  • Fulfilling the contract between you and Administrator under Art. 6 par. 1 letter b) GDPR
  • The Administrator is entitled to provide direct marketing (for sending notifications and newsletters) under Art. 6 par. 1 letter a) GDPR in association with §7 par. 2 the law no. 480/2004 Coll., about certain information services company in case of absence of order of goods or services.

2. The purpose of processing personal data is:

To complete your order and exercise of the rights and obligations arising from contract relationship between you and Administrator; when placing order personal data are required, which are necessary for a successful completion of the order (name and address, contact). Provision of personal data is a necessary requirement for the conclusion and fulfillment of the contract, without the provision of data it is impossible to conclude the contract or to execute it by the Administrator.

3. The Administrator does not come to an automatic individual decision in the sense of Art. 22 GDPR. With such processing, you have provided your definite approval.

IV. Data Retention Period

1. Administrator preserves personal data:

  • For the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the Administrator and applied claims under these contractual relationships (up to 15 years after termination of the contractual relationship)
  • Until the consent to the processing of personal data for marketing purposes is revoked, for a maximum of 3 years if personal data is processed with an approval.

2. After the expiry of the retention period of the personal data, the Administrator deletes personal data.

V. Recipients of Personal Data (Subcontractors of the Administrator)

1. Recipients of personal data are:

  • Participants of the delivery of goods/services/ execution of payments based on the contract.
  • Providers of e-shop marketing services and more services related to the operation of the e-shop.
  • Providing marketing services

2. The Administrator does not intend to provide personal data to a third country (outside of EU) or to an international organization. Recipients of personal data in third countries are providers of cloud services.

VI. Your Rights

1. Under the terms of the GDPR you have:

  • The right to access to your personal data under Art. 15 GDPR
  • The right for correction of personal data under Art. 16 GDPR, optionally limitation of processing under Art. 18 GDPR
  • The right to delete personal data under Art. 17 GDPR
  • The right to object to the processing of personal data under Art. 21 GDPR
  • The right to transfer data under Art. 20 GDPR
  • The right to withdraw consent of processing by writing or electronically to the address or e-mail of the 
  • Administrator referred to in Art. 3 of these terms

2. Furthermore, you have the right to file for a complaint to Office for Personal Data Protection in case you suspect, that your privacy policy has been violated.

VII. Terms of Personal Data Protection

1. The Administrator declares, that he has taken all technical and organizational measures to secure personal data

2. The Administrator has taken technical measures to secure the data repositories and the personal data repositories in written form

3. The Administrator declares that personal data is accessible only to their authorized subjects.

VIII. Final Provisions

1. By sending an order from the online order form, you confirm that you are aware of the privacy policy and that you accept them

2. You agree with these terms by ticking the agreement via the online forms. By confirming your agreement, you confirm that you are aware of the privacy policy and that you accept it in its entirety.

3. The Administrator is entitled to change these terms. New version of the privacy policy will be published on the Administrators website and at the same time will send you a new version of these terms on your e-mail address which you provided to the Administrator

These terms shall enter into force on 25.05.2018.