FREE SHIPPING for orders over 60€

Principles of personal data processing by B&B Montagen, s.r.o.

Privacy policy in the online shop and when working with personal data

This privacy policy summarizes the principles by which personal data is processed by the data controller. The controller takes care in its activities to protect personal data to the maximum extent possible and to process them only to the extent and for the time necessary.

Definitions of terms

Data subject - any person whose personal data is processed

E-shop - a web application offering goods and services that can be ordered

GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data

Shop - an establishment of a seller in which goods or services may be purchased

Personal data - any information relating to an identified natural person or an identifiable natural person

Controller - the person who determines the manner and has defined the purpose of processing personal data.

Information about the controller and its contacts

Personal data is processed by the Controller and its processors.

The Controller is B&B Montagen, s.r.o. with registered office at Sebedražská cesta 680/10, 971 01 Prievidza, ID No.: 47 196 149, whereby this Controller determines the means and purpose of processing the personal data of the customers as well as is responsible for the processing of the personal data obtained.

If you have any questions about the protection of personal data, you can contact us by email: info@xxlcolors.com

List of personal data processed, including their purposes and legal basis

Name of the processing operation Purpose of the processing of personal data Category of personal data Legal title of processing Data storage period Other beneficiaries
Processing of personal data on the basis of an order supply of goods or services name, surname, title, delivery address, billing address, e-mail, telephone contractual relationship - performance of the contract until the end of the period during which the goods can be claimed, i.e. two years transport companies providing transport of goods
Issuing invoices and their archiving statutory registration name, surname, title, delivery address, billing address, e-mail, telephone the obligation under the legislation in force 10 years control mainly by FS SR, SOI, Police SR and other authorities
Customer account registration registration of the client's personal data for further orders, which can be carried out more quickly in this way name, surname, title, delivery address, billing address, e-mail, telephone the data subject's consent to registration 5 years they are not
Sending newsletters by e-mail sending business announcements by email e-mail consent of the data subject 5 years, or until further notice they are not
Sending news by SMS sending business notifications by SMS phone number consent of the data subject 5 years, or until further notice they are not
Competition customer records contact details of the participants involved name, surname, title, delivery address, e-mail, telephone consent of the data subject 2 roky Facebook Inc.
Evidencia obchodných partnerov information about the company's business partners name, surname, car registration number, e-mail, telephone consent of the data subject 5 years since the last commercial transaction they are not
Jobseeker information from the CVs of jobseekers name, surname, title, education, e-mail, phone, work. Experience consent of the data subject 1 year they are not

Payroll and personnel agenda

complete information on employees required by law as well as information on salary, leave, health. status name, surname, title, place of residence, document no. Identity, attendance, information for wage calculation, information on family, name, address, name, surname, name, address. members law max. 50 years in case of control Social Insurance Institution, FR SR, health insurance companies
Records of complaints information on how to make a claim and how to deal with it title, name, surname, address, IBAN, telephone, e-mail the legal obligation of the controller 3 years in the event of an SOI inspection
Records of withdrawals information on how to withdraw from the contract and how to deal with it title, name, surname, address, IBAN, telephone, e-mail the legitimate interest of the controller 3 years in the event of an SOI inspection
Handling customer enquiries providing information to clients title, name, surname, e-mail, telephone performance of pre-contractual relations 1 month not
Rating "Verified by customers" evaluation of the quality of goods and services provided by e-shops order number, e-mail address the legitimate interest of the controller one impact Heureka Shopping, s.r.o.
Transmission of data about viewed pages increasing the quality of online trade IP address of the e-shop visitor the legitimate interest of the controller after lodging the objection max. 3 years Google
 
Collection of data from completed questionnaires collecting data (responses) from visitors in order to improve the quality of services provided are defined in the individual forms consent of the data subject up to a maximum of 2 years until the consent is withdrawn
Information about the pages viewed and customer behaviour on those pages The service improves the quality of the e-shop IP address and simulation crawl page the legitimate interest of the controller up to a maximum of 2 years until the lodging of an objection Google
 
Loyalty program Providing discounts to regular shoppers name, surname, title, permanent residence, e-mail, telephone consent of the data subject 5 years since last purchase not 

All the personal data we collect we request exclusively from you, not from other sources.

What rights do you have regarding privacy?

Your law Clarification of the law
for information you have the right to be informed who is processing your personal data, how, why, for how long, etc. (this information is published in this document)
to access data you can request information about who has accessed your personal data. A statement of this right is in the format we have set out. You can make this request in writing or by email.
for repair if the personal data is outdated, you can request that it be corrected so that it is correct and you can continue to work with the data
for deletion if you do not want the controller to process the personal data further, you can ask the controller to delete them, which the controller will delete, but this does not apply if the controller is required by law to process or archive the data
restriction of processing only applies if the data are processed on the basis of a legitimate interest of the controller. If an objection is lodged during the assessment period, this right can be exercised and consists in the fact that the personal data will not be processed during that period.
withdrawal of consent to processing shall apply where consent is given, if the data subject no longer wishes such data to be further processed pursuant to that consent, he or she may withdraw the consent and the personal data shall no longer be processed by the controller
for the transfer of personal data whereby you may only request the data to be transferred if the processing of personal data is based on the data subject's consent or for the purpose of fulfilling a contractual or pre-contractual relationship
the right to lodge a complaint with the supervisory authority if you believe that your personal data has been processed in violation of the Act or the Regulation, you have the right to file a complaint with the competent supervisory authority, which is the Office for Personal Data Protection based in Bratislava, contact details can be found at https://dataprotection.gov.sk/ 

How can I exercise my rights?

You can exercise your right as follows:

  1. by email,
  2. in person,
  3. by post.

The controller shall have the right to require the data subject to reimburse reasonable costs or to refuse to comply with the request if it is considered manifestly unfounded, disproportionate or because it is a repetitive request.

How do we protect and store data?

Personal data is secured from access by unauthorised persons. destruction, damage or party both offline and online, using sophisticated electronic, organisational and physical security measures.

Do you use profiling?

Profiling is not used.

What is your policy on the use of small text files called cookies?

Cookies are created when you browse the site and are stored on your computer. They enable us to distinguish you from other users and so we can bring you more intuitive searches and site content.

The cookies we receive are divided into the following in terms of time:

  1. temporary, these only contain information about the current browser session and are deleted automatically when the browser is switched off
  2. permanent, they contain information about your preferred settings (e.g. language) or save your name and password on the site if you agree to it, etc., and these files are not automatically deleted but you have to delete them manually.

At the same time, according to their purpose, cookies are divided into the following:

  1. Necessary cookies - (they are temporary) and contain necessary information about the site, its security, etc.
  2. essential - essential for the proper functioning of the site, containing information about the language chosen or storing (if you have agreed to it) your login details
  3. analytical/performance - they identify visitors and obtain statistical and analytical cookies about them. These allow us to count the number of visitors or stock certain, most popular goods or reduce their price
  4. advertising - keep track of your visits to the site, pages viewed or products viewed in order to provide more accurately targeted advertising and you provide this data voluntarily, however these files are persistent files, i.e. they are not deleted automatically but must be deleted by you
  5. technical - used to ensure tracking of consent to advertising cookies

You can set cookies in the settings of the specific internet browser you are using.

Who generally has access to my personal data?

The personal data can be accessed by employees of the controller, but also by its contractual agents or recipients, which may be, for example, a carrier. Our employees are instructed by an internal directive and are obliged to comply with strict rules for the protection of your personal data, the same applies to the processors with whom we have concluded the relevant contract.

Which legal regulations apply to data protection?

These are:

  • the Charter of Fundamental Rights of the European Union
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR)
  • Constitution of the Slovak Republic
  • Act No. 18/2018 Coll. on the protection of personal data and on amending and supplementing certain acts, as amended.

Who is your responsible person?

Our company does not have a designated responsible person, as this is not a legal necessity in the case of our company. However, you can direct your questions about your personal data directly to our company.

Free shipping from 60 € More in shipping and payment
Most products in stock We ship within 24 h.
Advisory every working day Mon - Fri: 8:00 a.m. - 5:00 p.m.
Own air-conditioned warehouse We guarantee the quality of storage
Upgates online store rental , Cookies settings