Ecompo

Privacy Policy

Privacy Rules

written pursuant to Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter also referred to as the "Regulation") and in accordance with Act No 18/2018 Coll. on the Protection of Personal Data and on Amendments and Additions to Certain Acts (hereinafter also referred to as the "Act on the Protection of Personal Data")

We value your privacy and protecting your personal information is one of our priorities. This Privacy Policy ("Policy") sets out what personal information we collect about you in the course of our business, how we use it and how we protect it.

We will only use the personal information you provide to us to provide you with a high quality service. We always consider your privacy when providing our services and treat the protection of your personal information with respect and responsibility. We encourage you to read this policy carefully to familiarise yourself with all your rights before entering into a legal relationship with us.


IDENTIFICATION OF THE DATA CONTROLLER

Data Controller: KMS-PT s.r.o.
Registered office: K Surdoku 5/A, 08001 Prešov
E-mail: kardos@kms-pt.sk, tel: 0918897747
WEB: www.ecompo.sk
Responsible person: Iveta Janovčíková

(hereinafter referred to as "the Data Controller" or "we") hereby take the liberty to inform you, as data subjects, about the manner and scope of processing of your personal data, including the scope of your rights related to the processing of your personal data. The Data Controller is engaged in the provision of services in the field of mould manufacturing for injection moulding machines and vacuum forming.

Basic terms: 

  1. The Data Controller is the natural or legal person who is responsible for the protection and processing of personal data. We are in accordance with Article 4, point 7. of the Regulation and §5 (o) of the OOU Act, the controller of your personal data.
  2. A processor is anyone who processes personal data on behalf of the controller. Our processors are the entities listed in Article V. of this Policy.

III. The Privacy Policy (hereinafter referred to as the "Policy") governs the legal relationships between the Operator and its clients, potential clients and users of the Operator's website, the Operator and its suppliers, the Operator and its processors in the processing of their personal data pursuant to the OOU Act and the Regulation.

  1. For the purposes of these Rules, a data subject (hereinafter also referred to as "data subject", "client" or "you") means any natural person whose personal data is processed. Data subjects include in particular:
  • clients and potential clients who have expressed interest in our goods and services and have placed an order electronically or by telephone,
  • natural persons with whom we have a contract in the course of our business who have ordered services from us
  • users of our website;
  • representatives of clients, natural persons representing legal persons, natural persons forming the statutory body of a legal person;
  • natural persons acting as our agents with whom we have concluded a special cooperation agreement in the course of our business
  • any natural persons who use goods or services offered by our company,
  • any natural person who is an authorised representative of a customer of our company who uses goods or services offered by our company (in any legal relationship with the customer),
  • natural persons in their capacity as suppliers/customers of the goods or services provided, or their employees, statutory bodies
  • natural persons who enter personal data in the form published on our website
  • natural persons who visit our premises
  • natural persons - senders and recipients of correspondence.

In order to provide our services and/or enter into a contract, we need to collect personal information from the customer which will be used to provide those services and to communicate with the customer. We ensure the protection of any personal data you provide to us in any form in accordance with the OOU Act. In particular, we take care to prevent the occurrence of personal data breaches, in particular by taking reasonable precautions to prevent the occurrence of accidental or unlawful destruction, loss, alteration or unauthorised disclosure of, or unauthorised access to, transmitted, stored or otherwise processed personal data. We have put in place appropriate technical, organisational and staffing measures appropriate to the nature of the processing. All customer personal data is stored on a secure server and in locked rooms and we make every effort to protect it. In particular, when processing the personal data of clients, prospective clients and client representatives, we comply with the principles of lawfulness, purpose limitation, minimisation of personal data, accuracy, minimisation of storage, integrity and confidentiality and accountability.

ARTICLE II.

WHAT PERSONAL DATA THE DATA CONTROLLER PROCESSES 

In accordance with the Regulation and the OOU Act, as a controller we process the personal data you provide to us in connection with the performance of our activities. We only process such personal data in order to provide you with our services, individual products, to comply with our legal obligations and also to protect our legitimate interests. We collect personal data about our clients who are interested in our services or who have given us their consent so that we can address them with product and service offers, personal data that you provide to us in connection with the purchase of goods or the use of services (e.g. in the context of creating an order for goods electronically, by telephone, purchasing goods and entering your personal data in the context of the issuance of an invoice by the Operator or when making a claim for goods). This includes in particular personal data about:

  • Identification and contact data (in particular title, name, surname, permanent address, delivery address, e-mail address, telephone contact, data on the natural and legal person)
  • Contract reference and transaction data (in particular signature, order code, data relating to purchases made (e.g.: type, quantity and price of goods, date of purchase, optional additional data, transaction history of orders, details of goods purchased, bank account)
  • Telecommunications data (traffic data, location data, data on online identifiers or IP addresses)

The Data Controller processes this personal data only in accordance with the purposes set out below, to the extent and for the period necessary for the fulfilment of these stated purposes, otherwise only for the period of mandatory archiving in accordance with the specific provisions of Slovak law.

ARTICLE III.

FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS THE DATA CONTROLLER PROCESSES PERSONAL DATA 

  1. Processing of personal data in connection with the delivery of services by agreement by telephone order, electronically or on the premises
  • The processing of personal data is primarily based on your legal relationship as a data subject with our company, i.e. the processing of personal data is necessary for the performance of a contract to which you as a data subject are a party or to carry out pre-contractual measures at your request (Article 6(1)(b) of the Regulation or Article 13(1)(b) of the OOU Act). The processing of personal data is therefore necessary for the purposes of concluding the purchase contract and its subsequent execution, the delivery of the ordered services and also for the fulfilment of statutory tax obligations or statutory complaint obligations (Article 6(1)(c) of the Regulation and Article 13(1)(c) of the OOU Act, respectively).
  • In preparation for the creation and execution of the order, the Data Controller collects and processes your personal data in the following scope - first name, last name, permanent residence address or delivery address, telephone number, e-mail address, order code, data related to the type of services provided, etc. The provision of this personal data is a prerequisite for the delivery of services, whereby the provision of personal data serves primarily to uniquely and unmistakably identify you and further to contact you for the purpose of delivering the services in question.

2. Processing of personal data in connection with the handling of complaints, enquiries and claims

  • We use your personal data to resolve your complaints, to fulfil our obligations towards you, to exercise rights and legal claims concerning you or our company, for example, if you are not satisfied with our goods or services or in the event of an accident occurring in our store.
  • The legal title for the processing of personal data is the fulfilment of the legal obligations of the Operator - Act No. 40/1964 Coll. of the Civil Code and Act No. 250/2007 Coll. on Consumer Protection, as amended (Art. 6(1)(c) of the Regulation and Art. 13(1)(c) of the OOU Act, respectively). In connection with the handling of complaints, the Data Controller also processes personal data for the purposes of its legitimate interests in the event of a possible dispute in the event of a complaint (Article 6(1)(f) of the Regulation or §13(1)(f) of the OOU Act).
  • When handling complaints, the Data Controller collects and processes your personal data in the following scope - title, first name, surname, residence or delivery address, telephone number, e-mail address, order transaction history, data on the purchased goods, signature, contract reference data.

3. Processing of personal data in connection with the exercise of data subjects' rights

  • Legal basis: we use your personal data to exercise your rights under the OOU Act. In the event that you exercise any of your rights specified in this Policy, we have the right to accurately identify you. The legal basis for processing your personal data is the performance of the Data Controller's legal obligations under Section 13(1)(c) of the OOU Act and Article 6(1)(c) of the Regulation, i.e. under the OOU Act. In connection with the exercise and exercise of your rights, the Controller also processes your personal data for the purposes of its legitimate interests in the event of a potential dispute in accordance with §13(1)(f) of the OOU Act and Article 6(1)(f) of the Regulation, without the need for your consent.
  • Scope of the personal data processed: In exercising your rights, the Data Controller collects and processes your personal data in the following scope - first name, surname, date of birth, residential address, delivery address (if different from the residential address), e-mail address, telephone contact.

4. Processing of personal data in connection with the legitimate interests of the Data Controller

  • Legal basis: we use your personal data for the purpose of our internal legitimate interests, whereby we process personal data on a legal basis pursuant to Article 6(1)(f) of the Regulation or Article 13(1)(f) of the OOU Act, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, in particular where the data subject is a child.
  • Such legitimate interests are in particular: the protection of our rights under generally binding laws and contracts in relation to contractors and other persons - for this purpose we retain personal data for no longer than necessary to protect such rights and legitimate interests; to enforce the security of our services, prevent misuse of our services and investigate breaches of our terms and conditions; to prevent fraudulent conduct where we reasonably believe that there is a risk of such conduct - for this purpose we retain personal data for no longer than the period prescribed by generally binding law; to maintain a database of clients. The legal basis for the processing of personal data for the purposes of recording data subjects and related communication with them is based on legitimate interest, since we use this database to gain insight into the implementation of our activities, internal functions necessary for our business (auditing, controlling, IT operation, taxes, accounting, administration, database management, etc.). You can object to processing based on legitimate interests, which we will examine and assess whether the processing complies with the requirements of the regulations.

5. Processing of personal data in connection with the fulfilment of the legal obligations of the controller, in particular the provision of assistance to state authorities and public authorities in the exercise of control, the purpose of registry and archiving of documents, the performance of activities to comply with obligations arising from special regulations, the fulfilment of obligations arising from the relevant tax and accounting regulations

  • Legal basis: The processing of personal data for the aforementioned purposes is necessary pursuant to the relevant special regulations in accordance with §13(1)(c) of the OOU Act and Article 6(1)(c) of the Regulation.

 

ARTICLE IV.

FOR HOW LONG THE DATA CONTROLLER PROCESSES YOUR PERSONAL DATA

 

  1.  The Data Controller processes your personal data in the case of interest in our services or their order electronically, by telephone or on the premises for the duration of the contractual relationship, further for the period necessary to ensure mutual rights and obligations arising from the contract and further for a period of 5 years. Issued tax documents are archived in accordance with § 70 of Act No. 222/2004 Coll., on value added tax, as amended, for a period of 10 years from the date of their issuance. Due to the necessity to prove the legal reason for the issuance of tax documents, orders are also archived for 10 years from the date of dispatch of the order by the customer.
  2. After the end of the ordered service / contract, personal data are further processed exclusively for the protection of the Data Controller and your rights and interests, and for the time necessary to ensure their performance. This period is primarily determined by the limitation periods laid down by law (Civil Code) or by contract. Our activity is also subject to a special sector regulation (distribution of services), which provides for the retention of certain types of documents relating to the activity of the Operator for a period of time established by law, so that it is able to demonstrate the performance of its duties and professional care (generally, this is 10 years). The period of retention of personal data results in particular from Act No 395/2002 Coll. on archives and registers, Act No 40/1964 Coll. of the Civil Code and the relevant accounting and tax regulations.

III. If the client gives us consent to the processing of personal data, we will store the data for the period specified in the consent to the processing of personal data. If you withdraw your consent, this is without prejudice to the processing of your personal data carried out by the Data Controller under other legal titles, in accordance with this Policy.

  1. If the purpose for the processing of personal data is terminated or your consent to the processing of personal data is withdrawn, we shall proceed to the destruction of your personal data, unless it is not possible to process your personal data on another legal basis. We apply the principle of minimisation when dealing with personal data, which means that as soon as the period for which we are obliged to keep personal data has expired, we destroy your personal data from our databases and information systems.

 

ARTICLE V.

WHO WILL HAVE ACCESS TO YOUR PERSONAL DATA 

1. Personal data may also be processed by entities other than the Data Controller and its employees in order to fulfil the above purposes. The Data Controller carefully selects the external partners that may process your personal data as processors and entrusts personal data only to those entities that provide sufficient guarantees to ensure appropriate technical and organisational security measures to prevent, in particular, accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, the personal data transmitted, stored or otherwise processed.

The entities that may have access to your personal data are, or may in the future be:

  • third parties who provide us with the technical operation of a particular service or the operators of the technologies used by the Operator for these services (typically programming or other technical support services, server services, email distribution or Data Controllers of technical equipment, our email domain),
  • third parties who provide services to us in connection with the administration of the website
  • intermediaries who process your personal data on our behalf,
  • accounting, legal, tax and other advisers with whom we have a contractual relationship to provide such services, to the extent necessary to provide such services.

2. As the Data Controller, we are obliged to transfer certain of your personal data to the following recipients on the basis of generally binding applicable law in cases where such obligation arises from the law or is necessary for the establishment, exercise or defence of the rights and legitimate interests of us or of third parties. These recipients have the status of independent controllers.

The recipients of your personal data may be:

  • courts of the Slovak Republic (the legal basis is Act No. 160/2015 Coll., the Civil Litigation Procedure Code, as amended, Act No. 301/2005 Coll., the Criminal Procedure Code),
  • law enforcement authorities (the legal basis is Act No 301/2005 Coll., the Code of Criminal Procedure),
  • tax authorities (the legal basis is Act No 563/2009 Coll. on Tax Administration (Tax Procedure Code), Act No 479/2009 Coll. on State Administration Bodies in the Field of Taxes and Fees),
  • Criminal Police Service, Border Police Service, Foreign Police Service, Financial Police Service of the Police Corps (legal basis is Act No 171/1993 Coll. on the Police Corps),
  • bailiffs (the legal basis is Act No 233/1995 Coll. on bailiffs and enforcement activities (the Execution Code),
  • advocates (the legal basis is Act No 586/2003 Coll. on Advocacy),
  • Social Insurance Institution, health insurance companies, tax office (Act No 595/2003 Coll. on Income Tax),
  • Labour Inspectorate, Office for Personal Data Protection and other state bodies with supervisory and control powers, Labour, Social Affairs and Family Office (Act No. 125/2006 Coll. on Labour Inspection, Act No. 124/2006 Coll. on Occupational Health and Safety, OOU Act).

3. As the Data Controller, we are entitled to entrust the processing of your personal data to processors who are authorised to process personal data on our behalf and are obliged to follow our instructions. In accordance with the Regulation, your specific consent is not required for such delegation. Such a processor is any person who has entered into a separate contract with us for the processing of personal data.

Our intermediaries are:

  • persons providing bookkeeping services
  • safety technician for OSH, fire technician for FS
  • serve providers with whom we have signed a separate contract
  • IT administration services and management of the CCTV system
  1. Some of the service providers we work with operate online media channels (websites, social networking sites) and provide relevant online advertisements for our products and services through these online media channels on our behalf. For example, you may see an advertisement for our products and services if you visit a particular social networking site. Such service providers include e.g. Facebook, Google, etc.

 

ARTICLE VI.

WHERE WE OBTAIN YOUR PERSONAL DATA FROM 

We obtain your personal data directly from you when carrying out our activities, when entering into and during the term of a contract and in the performance of that contract, or through other persons insofar as these persons have your consent.

 

ARTICLE VII.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES 

We do not transfer your personal data to a third country or international organisation

 

ARTICLE VIII.

THE USE OF AUTOMATED PROCESSING OF YOUR PERSONAL DATA 

We do not use automated processing of your personal data or profiling of personal data in carrying out our activities.

 

ARTICLE IX.

COOKIES FILES

Cookies are necessary on the site to ensure the functionality of the site. Analytical cookies allow the operator to recognise and count the number of users and to obtain information about how the website is used without personally identifying individual visitors. Google Analytics uses _ga as the main cookie, which allows the service to distinguish users and is valid for two years. It is used by all websites that implement Google Analytics (e.g. to identify which pages a user opens most often and whether they receive error messages from certain pages). This helps us improve the way our website works and allows you to easily find what you are looking for.

 

ARTICLE X.

WHAT RIGHTS YOU HAVE IN THE PROCESSING OF YOUR PERSONAL DATA

The proper processing of your personal data is important to us and its protection is a matter of course. You can exercise the following rights when processing your personal data:

Right of access to your personal data
You have the right to confirm whether or not your personal data is being processed and, if so, to access information on the purposes of processing, the categories of personal data concerned, the recipients or categories of recipients, the period of retention of personal data, information on your rights, the right to lodge a complaint with the Data Protection Authority, information on the source of personal data, information on whether or not automated decision-making and profiling is taking place, information and safeguards in the event of a transfer of personal data to a third country or an international organisation. You have the right to be provided with copies of the personal data processed. You may send your request electronically to our email address or in paper form to the address set out in Article I of this Policy. If you request specific personal data, we will require that the request under this paragraph be certified by an official.

Right to rectification of your personal data
Are we processing your outdated or inaccurate personal data? For example, have you changed your home address? Please inform us and we will correct the personal data. You can send your request electronically to our email address or in paper form to the address listed in Article I. of this Policy.

Right to have your personal data erased
In certain cases provided for by law, we are obliged to delete your personal data on your instruction. However, each such request is subject to an individual assessment as to whether the conditions are met because, for example, we may have an obligation or legitimate interest, if it outweighs your interests, to retain the personal data. You may send your request electronically to our email address or in hard copy to the address set out in Article I of this Policy.

The right to restrict the processing of your personal data
If you wish us to process your personal data only for the most necessary legal reasons or to block your personal data, you can send your request for restriction of processing of your personal data electronically to our e-mail address or in paper form to the address specified in Article I. of this Policy.

Right to data portability of your personal data
If you wish us to disclose your personal data to another controller, another company, we will transfer your personal data in an appropriate format, if we are not prevented from doing so by any legal or other significant obstacle, to an entity designated by you, if this is technically feasible and if

  • personal data are processed on the basis of your consent, consent for the processing of a special category of personal data, or where the processing of personal data is necessary for the performance of a contract; and
  • the processing of the personal data is carried out by automated means, whereby this right must not adversely affect the rights of other persons.

You may send your application electronically to our email address or in paper form to the address set out in Article I of these Rules, together with a certified signature on the application in question. We require a certified signature on the application in question in order to prevent unauthorised disclosure of your personal data to other entities.

Right to object to the processing of your personal data for marketing purposes and automated individual decision-making
If you become aware or believe that we are processing your personal data in breach of the protection of your private and personal life or in breach of the law, please contact us and ask us to explain or remedy the situation. Furthermore, you can also object directly to automated decision-making or the processing of your personal data for marketing or advertising purposes, if such processing is carried out without your consent for the purpose of the legitimate interest of the controller. You can send your request electronically to our email address or in paper form to the address set out in Article I. of this Policy.

You have the right not to be subject to a decision which is based solely on automated processing of your personal data, including profiling, and which has legal effects concerning you or similarly significantly affecting you. This right shall not apply where the decision is

  • necessary for entering into a contract or performance of a contract between you and the controller,
  • carried out on the basis of a special regulation or an international treaty by which the Slovak Republic is bound, and which also provides for appropriate measures guaranteeing the protection of the rights and legitimate interests of the data subject, or
  • based on your explicit consent to the processing of personal data.

Right to withdraw your consent to the processing of personal data
If the processing of your personal data is based on your specific consent, e.g. consent to the processing of personal data relating to your health, or marketing consent (see Article III Legal basis for the processing of personal data by purpose), you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of the processing of personal data based on consent prior to its withdrawal. You may send your request to withdraw consent electronically to our email address or in paper form to the address set out in Article I of this Policy. We can send you a template of such a request by email on request.

Right to lodge a complaint with the Data Protection Authority
You may at any time contact the supervisory authority with your complaint or complaint regarding the processing of personal data, namely the Office for Personal Data Protection of the Slovak Republic, located at Hraničná 12, 820 07 Bratislava 27, Slovak Republic, Business ID: 36 064 220, telephone No.: +421/2/3231 3220, website https://dataprotection.gov.sk/uoou/.

In order to be able to process your request and to uniquely identify you as a data subject, we are entitled to request additional information.

The client is obliged to provide only complete and truthful data. The Client is obliged to update his/her data in case of changes and bears full responsibility for the consequences of a breach of this obligation.

 

ARTICLE XI.

EXERCISE OF THE DATA SUBJECT'S RIGHTS

We provide all notifications and statements regarding the rights you have exercised free of charge. However, if the request is manifestly unfounded or inappropriate, in particular because it is repetitive, we shall be entitled to charge a fee taking into account the administrative costs of providing the requested information of EUR 10,-. 

How long can I expect a reply
We will provide you with a statement and, where appropriate, information on the measures taken as soon as possible and within one month at the latest. We will inform you in due time of any extension of the deadline, including the reason.


ARTICLE XII.

CHANGE OF PRIVACY RULES

The Data Controller reserves the right to amend or supplement this Privacy Policy at any time. Such amendment or supplementation shall in no way affect your rights under the applicable generally binding data protection legislation without your express consent.

In case of any query regarding the processing of your personal data or the exercise of the aforementioned rights, you may contact the Data Controller at the contacts listed in Article I. of these Rules.

 

In Prešov 20. 03. 2023

We are a company dedicated to the production of bioplastic products and a partner that shares your vision of a greener future.
© 2024 ecompo.sk
 | Website designed and developed by YNK media
crossmenu