Privacy policy
Privacy policy
(hereinafter referred to as the “controller”)
Contact details of the person designated by the controller
The data subject may, if necessary, contact the person designated by the controller (“the person designated”) in connection with the protection of personal data at any time:
E-mail: info@peptiderevolution.eu
I. GENERAL INFORMATION
1. The operator is a commercial company engaged mainly in retail and wholesale, in particular the filling, delivery, import and export of mineral and health waters, as well as other activities registered as business objects in the commercial register.
2. When carrying out the above activities, data subjects may voluntarily provide the operator with their personal data identifying the user as a specific person, in particular by electronic mail (e-mail), by filling out a form, in connection with events organized by the operator or within the framework of legal relationships that the data subject enters into with the operator, such as concluding an employment, civil/commercial or other contract.
3. These Principles of Processing and Protection of Personal Data (hereinafter referred to as the “Principles”) apply to all situations in which the personal data of the data subjects is processed by the operator, and also contain a range of information in connection with the processing of personal data that must be provided to you by the operator.
II. EXPLANATION OF SOME TERMS
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Personal data – is any information relating to an identified or identifiable natural person (or “data subject”), which means a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing – is an operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organizing, structuring, storing, processing or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, whether or not by automated means.
Information system – is any structured set of personal data that is accessible according to specified criteria, whether centralized, decentralized or distributed on a functional or geographical basis.
Controller – is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor – is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Consent of the data subject – is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her.
III. METHOD, PURPOSE AND LEGAL BASIS OF PROCESSING PERSONAL DATA
1. The operator processes your personal data, both automatically and manually, but only to the extent strictly necessary to fulfill the purpose of the processing and for the necessary period of time (i.e. in the event of the provision of personal data beyond this framework, or if the purpose or legal basis for their processing ceases to exist, the operator shall no longer process such data and shall remove them from its information systems).
2. The purpose and legal basis for the processing of personal data (i.e. the reason for which the processing takes place) of the data subjects is in particular:
• entering into contractual and other similar legal relationships with the operator and matters related thereto, e.g. fulfilling a contractual obligation in connection with mineral waters, etc. pursuant to Article 6(1)(b) of the GDPR;
• exercising the operator’s legitimate interests pursuant to Article 6(1)(a) of the GDPR; f) GDPR, in particular sending news and newsletters to persons who have already provided their data to the operator in the past, in order to improve the quality of the services provided and provide related information;
• fulfillment of the operator’s legal obligations pursuant to Article 6(1)(c) GDPR, in particular in relation to the fulfillment of the operator’s legal obligations as an employer towards its employees, fulfillment of the operator’s obligations under the Accounting Act, etc.;
• implementation of direct marketing based on the consent of the data subject pursuant to Article 6(1)(a) GDPR, e.g. sending news and newsletters to persons who have not yet provided their data to the operator;
• processing of personal data based on the consent of the data subject pursuant to Article 6(1)(a) GDPR in connection with the activities of the operator, in accordance with the purpose for which the consent was provided, i.e. e.g. processing of personal data at events organized by the operator, unless it is a legitimate interest of the operator;
• processing of personal data for the purpose of protecting the vital interests of the data subject pursuant to Article 6(1)(d) of the GDPR, e.g. in cases where it is necessary to obtain and subsequently process personal data for the purpose of calling emergency medical assistance.
3. You, as the data subject, provide personal data to the operator on the basis of your voluntary decision (i.e. you have no obligation to do so). However, the operator states that in some cases it is not possible to perform the actions requested by you without providing specific personal data (for example, it is not possible to conclude an employment contract with the operator or to place an order or perform another contract without providing some of your personal data).
4. If the consent of you as the data subject is necessary for the processing of the provided personal data, the operator is obliged to request it from you in advance. When processing personal data based on consent to processing, you can withdraw your consent at any time, in the same simple way as it was granted (e.g. in the case of electronically granted consent, consent can be withdrawn by sending an e-mail to the data controller or directly to the controller), but without this affecting the lawfulness of the processing of personal data before the withdrawal of consent.
IV. SCOPE OF PROCESSING PERSONAL DATA
1. The operator processes your personal data only to the extent necessary to fulfill the purpose of the processing. For example, for the purposes of concluding a contract, the operator usually does not need to obtain and process your photograph and thus processes only personal data that are necessary to fulfill the rights and obligations arising from the contract (i.e. name and surname, address, contact, or other necessary data). At the same time, if personal data is provided beyond the necessary scope, the operator will not process such data further and will remove it from its information systems.
V. SECURITY OF PERSONAL DATA AND STORAGE PERIOD
1. The personal data voluntarily provided by you are stored in a secure environment and will be used by the operator exclusively in fulfilling obligations and/or liabilities towards persons who have provided the operator with personal data in another way, only to the extent that results from the information provided, for the period necessary to exercise the rights and fulfill the operator’s obligations arising from the concluded contract, legal regulations, or for the period to which you have agreed (unless otherwise provided by legal regulations or an agreement, this period is a maximum of 10 years from the provision of personal data).
2. In connection with the period of retention of personal data, the operator refers in particular to the fact that the retention of personal data is also based on certain legal regulations, such as the Accounting Act, which directly imposes their retention for a certain period and at the same time their longer-term retention is also necessary due to the possibility of exercising the operator’s rights, in particular with reference to statutory limitation periods. However, here too, the operator only stores data whose storage is necessary.
3. The operator declares that it has ensured appropriate technical and organizational measures to ensure the processing of your personal data, while also declaring that after the expiry of the period of their processing and storage, it will ensure their disposal in a manner providing sufficient guarantees against their possible misuse.
VI. PROCESSING OF PERSONAL DATA BY AN ENTITY OTHER THAN THE OPERATOR
1. The operator declares that it will not rent, sell or exchange with a third party the personal data of the data subject (i.e. data such as name, address, telephone number, e-mail, etc., which identify the user as a specific person), without the express consent of you as the data subject, which does not affect the possibility of the operator to designate a processor for the processing of personal data in accordance with these Principles and the GPDR regulation. In the operator’s terms, this may include in particular: – persons involved in the transport of goods, if they are sent by the operator, – persons involved in the implementation of payment and other services based on an order, etc., – persons ensuring the operation of the website and related services, – persons providing marketing services, – persons performing accounting services, in the case of exercising the operator’s rights, a lawyer, etc.
2. This also does not affect the fact that other persons expressly authorized by the operator and duly instructed by him (e.g. persons in an employment relationship with the operator) may also have access to your voluntarily provided data, but only for the purposes strictly necessary for the processing of your personal data in accordance with the purpose for which they were provided. The operator is also entitled, or obliged, in cases provided by law, to transfer certain personal data on the basis of applicable legal regulations, for example to criminal law enforcement authorities or other public authorities.
VII. PROFILING AND AUTOMATED DECISIONS
1. The operator declares that the personal data provided by you are not used for profiling purposes. Likewise, your personal data are not subject to automated decision-making.
VIII. TRANSFER OF DATA TO A THIRD COUNTRY
1. The operator also declares that it does not transfer your personal data to a third country (i.e. outside the EU) or to an international organization.
IX. DECLARATION OF THE DATA SUBJECT
1. Before you voluntarily provide information to the operator, you declare that all personal data provided by you are true, accurate, up-to-date and complete and you give (where applicable) your voluntary consent to their processing.
X. INFORMATION ON THE RIGHTS OF THE DATA SUBJECT
1. As a data subject, you have certain rights under the GDPR, including, for example:
• the right to file a complaint with the supervisory authority (i.e. the Office for Personal Data Protection of the Slovak Republic, with its registered office at Hraničná 12, 820 07 Bratislava 27, Slovak Republic, Company ID: 36 064 220, tel. no.: +421 2 3231 3220),
• the right to request access to personal data,
• the right to rectify and erase personal data,
• the right to restrict processing, the right to object to the processing of personal data
• or the right to data portability.
2. A complete instruction to the data subject on all rights that the GDPR confers on him/her in connection with the protection of personal data can be found at the registered office of the controller, or the controller will provide it in electronic form upon request.
XI. FINAL PROVISIONS
1. These Principles shall enter into force on March 1, 2022.
2. The controller is entitled to amend these Principles. The controller shall publish the new version of the Principles immediately after their adoption.
Last amendment August 25, 2024