Personal data protection
Principles of personal data processing by B&B Montagen, s.r.o.
Privacy policy in the online shop and when working with personal data
This privacy policy summarizes the principles by which personal data is processed by the data controller. The controller takes care in its activities to protect personal data to the maximum extent possible and to process them only to the extent and for the time necessary.
Definitions of terms
Data subject - any person whose personal data is processed
E-shop - a web application offering goods and services that can be ordered
GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
Shop - an establishment of a seller in which goods or services may be purchased
Personal data - any information relating to an identified natural person or an identifiable natural person
Controller - the person who determines the manner and has defined the purpose of processing personal data.
Information about the controller and its contacts
Personal data is processed by the Controller and its processors.
The Controller is B&B Montagen, s.r.o. with registered office at Sebedražská cesta 680/10, 971 01 Prievidza, ID No.: 47 196 149, whereby this Controller determines the means and purpose of processing the personal data of the customers as well as is responsible for the processing of the personal data obtained.
If you have any questions about the protection of personal data, you can contact us by email: info@xxlcolors.com
List of personal data processed, including their purposes and legal basis
| Name of the processing operation | Purpose of the processing of personal data | Category of personal data | Legal title of processing | Data storage period | Other beneficiaries |
| Processing of personal data on the basis of an order | supply of goods or services | name, surname, title, delivery address, billing address, e-mail, telephone | contractual relationship - performance of the contract | until the end of the period during which the goods can be claimed, i.e. two years | transport companies providing transport of goods |
| Issuing invoices and their archiving | statutory registration | name, surname, title, delivery address, billing address, e-mail, telephone | the obligation under the legislation in force | 10 years | control mainly by FS SR, SOI, Police SR and other authorities |
| Customer account registration | registration of the client's personal data for further orders, which can be carried out more quickly in this way | name, surname, title, delivery address, billing address, e-mail, telephone | the data subject's consent to registration | 5 years | they are not |
| Sending newsletters by e-mail | sending business announcements by email | consent of the data subject | 5 years, or until further notice | they are not | |
| Sending news by SMS | sending business notifications by SMS | phone number | consent of the data subject | 5 years, or until further notice | they are not |
| Competition customer records | contact details of the participants involved | name, surname, title, delivery address, e-mail, telephone | consent of the data subject | 2 roky | Facebook Inc. |
| Evidencia obchodných partnerov | information about the company's business partners | name, surname, car registration number, e-mail, telephone | consent of the data subject | 5 years since the last commercial transaction | they are not |
| Jobseeker | information from the CVs of jobseekers | name, surname, title, education, e-mail, phone, work. Experience | consent of the data subject | 1 year | they are not |
|
Payroll and personnel agenda |
complete information on employees required by law as well as information on salary, leave, health. status | name, surname, title, place of residence, document no. Identity, attendance, information for wage calculation, information on family, name, address, name, surname, name, address. members | law | max. 50 years | in case of control Social Insurance Institution, FR SR, health insurance companies |
| Records of complaints | information on how to make a claim and how to deal with it | title, name, surname, address, IBAN, telephone, e-mail | the legal obligation of the controller | 3 years | in the event of an SOI inspection |
| Records of withdrawals | information on how to withdraw from the contract and how to deal with it | title, name, surname, address, IBAN, telephone, e-mail | the legitimate interest of the controller | 3 years | in the event of an SOI inspection |
| Handling customer enquiries | providing information to clients | title, name, surname, e-mail, telephone | performance of pre-contractual relations | 1 month | not |
| Rating "Verified by customers" | evaluation of the quality of goods and services provided by e-shops | order number, e-mail address | the legitimate interest of the controller | one impact | Heureka Shopping, s.r.o. |
| Transmission of data about viewed pages | increasing the quality of online trade | IP address of the e-shop visitor | the legitimate interest of the controller | after lodging the objection max. 3 years | |
| Collection of data from completed questionnaires | collecting data (responses) from visitors in order to improve the quality of services provided | are defined in the individual forms | consent of the data subject | up to a maximum of 2 years until the consent is withdrawn | |
| Information about the pages viewed and customer behaviour on those pages | The service improves the quality of the e-shop | IP address and simulation crawl page | the legitimate interest of the controller | up to a maximum of 2 years until the lodging of an objection | |
| Loyalty program | Providing discounts to regular shoppers | name, surname, title, permanent residence, e-mail, telephone | consent of the data subject | 5 years since last purchase | not |
All the personal data we collect we request exclusively from you, not from other sources.
What rights do you have regarding privacy?
| Your law | Clarification of the law |
| for information | you have the right to be informed who is processing your personal data, how, why, for how long, etc. (this information is published in this document) |
| to access data | you can request information about who has accessed your personal data. A statement of this right is in the format we have set out. You can make this request in writing or by email. |
| for repair | if the personal data is outdated, you can request that it be corrected so that it is correct and you can continue to work with the data |
| for deletion | if you do not want the controller to process the personal data further, you can ask the controller to delete them, which the controller will delete, but this does not apply if the controller is required by law to process or archive the data |
| restriction of processing | only applies if the data are processed on the basis of a legitimate interest of the controller. If an objection is lodged during the assessment period, this right can be exercised and consists in the fact that the personal data will not be processed during that period. |
| withdrawal of consent to processing | shall apply where consent is given, if the data subject no longer wishes such data to be further processed pursuant to that consent, he or she may withdraw the consent and the personal data shall no longer be processed by the controller |
| for the transfer of personal data | whereby you may only request the data to be transferred if the processing of personal data is based on the data subject's consent or for the purpose of fulfilling a contractual or pre-contractual relationship |
| the right to lodge a complaint with the supervisory authority | if you believe that your personal data has been processed in violation of the Act or the Regulation, you have the right to file a complaint with the competent supervisory authority, which is the Office for Personal Data Protection based in Bratislava, contact details can be found at https://dataprotection.gov.sk/ |
How can I exercise my rights?
You can exercise your right as follows:
- by email,
- in person,
- by post.
The controller shall have the right to require the data subject to reimburse reasonable costs or to refuse to comply with the request if it is considered manifestly unfounded, disproportionate or because it is a repetitive request.
How do we protect and store data?
Personal data is secured from access by unauthorised persons. destruction, damage or party both offline and online, using sophisticated electronic, organisational and physical security measures.
Do you use profiling?
Profiling is not used.
What is your policy on the use of small text files called cookies?
Cookies are created when you browse the site and are stored on your computer. They enable us to distinguish you from other users and so we can bring you more intuitive searches and site content.
The cookies we receive are divided into the following in terms of time:
- temporary, these only contain information about the current browser session and are deleted automatically when the browser is switched off
- permanent, they contain information about your preferred settings (e.g. language) or save your name and password on the site if you agree to it, etc., and these files are not automatically deleted but you have to delete them manually.
At the same time, according to their purpose, cookies are divided into the following:
- Necessary cookies - (they are temporary) and contain necessary information about the site, its security, etc.
- essential - essential for the proper functioning of the site, containing information about the language chosen or storing (if you have agreed to it) your login details
- analytical/performance - they identify visitors and obtain statistical and analytical cookies about them. These allow us to count the number of visitors or stock certain, most popular goods or reduce their price
- advertising - keep track of your visits to the site, pages viewed or products viewed in order to provide more accurately targeted advertising and you provide this data voluntarily, however these files are persistent files, i.e. they are not deleted automatically but must be deleted by you
- technical - used to ensure tracking of consent to advertising cookies
You can set cookies in the settings of the specific internet browser you are using.
Who generally has access to my personal data?
The personal data can be accessed by employees of the controller, but also by its contractual agents or recipients, which may be, for example, a carrier. Our employees are instructed by an internal directive and are obliged to comply with strict rules for the protection of your personal data, the same applies to the processors with whom we have concluded the relevant contract.
Which legal regulations apply to data protection?
These are:
- the Charter of Fundamental Rights of the European Union
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR)
- Constitution of the Slovak Republic
- Act No. 18/2018 Coll. on the protection of personal data and on amending and supplementing certain acts, as amended.
Who is your responsible person?
Our company does not have a designated responsible person, as this is not a legal necessity in the case of our company. However, you can direct your questions about your personal data directly to our company.
