Privacy Policy
Our Commitment To Your Privacy
Your privacy is important to us. To better protect your privacy the following notice explains the information we collect, how it is used, how it is safeguarded, and how to contact us if you have any concerns.
SNIPETOR.COM PRIVACY POLICY
- IDENTIFICATION OF THE OPERATOR AND GENERAL INFORMATION
This Privacy Policy (hereinafter referred to as the “Policy“) contains information about the processing of your personal data by a natural person – entrepreneur Viktor Maximilian Madaj with place of business Jadranská 2316/88, 841 01 Bratislava – Dúbravka, ID No.: 52 686 116, registered in the Trade Register of the District Office Bratislava, Trade Register No.: 110 – 282715 (hereinafter referred to as the “Operator” or “we” in the corresponding grammatical form), which occurs on the Operator’s website www.snipetor.com (hereinafter referred to as the “Website“) and through the Operator’s follow-up profiles on the social networks Facebook and INSTAGRAM .
Information on the processing of personal data that takes place outside the website or the Operator’s social media profiles is documented by the Operator in the relevant internal regulations and will be provided to you where applicable.
Through this Policy, the Controller provides you with information about why your personal data is processed, how it is processed, how long the Controller stores it, what your rights are in relation to the processing of your personal data and other relevant information about the processing of your personal data. Through this Policy, the Controller fulfils its information obligation towards all data subjects both if the Controller has obtained personal data directly from you as a data subject and if the Controller has obtained your personal data from another source.
The Controller processes your personal data in accordance with Regulation 2016/679 of the European Parliament and of the Council of the European Union on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “Regulation“), the relevant Slovak legislation, in particular Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments and Additions to Certain Acts (hereinafter referred to as the “Act“) and other regulations on the protection of personal data (the Regulation, the Act and other regulations on the protection of personal data are hereinafter collectively referred to as the “Personal Data Protection Regulations“).
You can contact the Data Controller in matters relating to the processing and protection of personal data at Jadranská 2316/88, 841 01 Bratislava – Dúbravka or by e-mail to sales@snipetor.com. The Controller has not appointed a responsible person in the area of processing and protection of personal data.
- PURPOSES, LEGAL BASES, CATEGORIES OF PERSONAL DATA PROCESSED AND RETENTION PERIOD
The controller shall only process your personal data for justified purposes, for a limited period of time and using the maximum possible level of security. The controller shall only process personal data if there is a legal basis for the processing (in accordance with the principle of lawfulness). The controller shall always retain personal data in accordance with the principle of minimisation only for the period for which it is necessary to retain the personal data. After this period, the Data Controller shall delete the personal data, unless otherwise provided for by law. The controller shall also process your personal data in accordance with the principle of minimisation, i.e. only to the extent necessary to fulfil the intended purpose of the processing. This means that the Controller does not request personal data from you that is not necessary for the specific purpose of processing.
Please see the table below for specific information on the purposes of processing, the legal basis for processing and the retention period.
|
Purposes of processing
|
Legal basis |
Categories of personal data
|
Retention period
|
Categories of data subjects (when we process your personal data for the purpose stated) |
|
Processing of accounting documents |
Art. 6(1)(c) of the Regulation – the processing of personal data is carried out in the performance of a legal obligation |
Ordinary personal data necessary for the fulfilment of legal obligations (name, surname, address of residence / place of business, delivery address, contact details – telephone number, e-mail address, bank connection) |
10 years following the year to which it relates |
Natural persons – customers and natural persons – contact persons of legal entities |
|
Fulfilling the contractual obligations of the Operator (based on contracts concluded remotely via the website), including pre-contractual relations (handling enquiries, taking orders, making payments, delivering goods, etc.) |
Art. 6(1)(b) of the Regulation – the processing of personal data is carried out in the performance of a contract (including pre-contractual relationships) |
Ordinary personal data (first name, last name, address of residence / place of business, billing address, contact details – telephone number, e-mail address, bank connection, affiliation to the company that is the customer) |
During the duration of the contractual relationship and after the termination of the contractual relationship until the full settlement of legal and other claims arising from the contractual relationship |
Natural persons – customers (their representatives) |
|
Keeping records of customers and contact persons of customers – legal entities |
Art. 6(1)(f) of the Regulation – the processing of personal data is carried out on the basis of the legitimate interest of the Data Controller, which consists in the necessity to keep records of customers (contact persons of customers – legal entities) for the purposes of internal control, accounting, communication with representatives of legal entities and the enforcement of legal and other claims arising from concluded contracts |
Ordinary personal data (first name, last name, address of residence / place of business / billing address, affiliation / function in the company that is the customer, contact details – phone number, email) |
During the duration of the contractual relationship and after the termination of the contractual relationship until the legal and other claims arising from the contractual relationship are fully settled (until the expiry of the limitation periods) |
Natural persons – customers and natural persons – contact persons and representatives of legal persons |
|
Maintenance of customer accounts (profiles) of registered visitors on the website and provision of gratuitous services related thereto |
Art. 6(1)(b) of the Regulation – the processing of personal data is carried out in the performance of a contract |
Common personal data (first name, last name, residential address / place of business / billing address, affiliation / function in the company that is the customer, contact details – phone number, email) purchase history data and data provided in orders) |
Until termination of the contractual relationship (no later than 6 months from the date of the last login to the customer’s account) and until the contractual and other claims arising from the contractual relationship have been settled in full |
Natural persons – registered users |
|
Compliance with legal obligations related to the conclusion of a distance contract of information, (e.g. information obligations, withdrawal obligations) |
Art. 6(1)(c) of the Regulation – the processing of personal data is carried out in the performance of a legal obligation |
Common personal data |
During the duration of the distance contract and until the legal and other claims arising from the distance contract are fully settled |
Individuals – customers who have ordered goods from the Operator through a contract concluded remotely (via e-shop) |
|
Handling complaints and keeping records of complaints filed |
Art. 6(1)(c) of the Regulation – the processing of personal data is carried out in the performance of a legal obligation |
Ordinary personal data (in particular first name, last name, address of residence/place of business, telephone number, e-mail) |
3 years from the date of the claim if the claim is made by a natural person and 4 years from the date of the claim if the claim is made by a legal person |
Individuals making a claim (customers, their employees and representatives)
|
|
Handling of exercised rights of data subjects |
Art. 6(1)(c) of the Regulation – the processing of personal data is carried out in the performance of a legal obligation |
Common personal data included in the application |
Pending the settlement of the rights exercised |
Individuals who have made a request or exercised data subject rights with the Controller |
|
Records of exercised rights of data subjects |
Art. 6(1)(f) of the Regulation – the processing of personal data is carried out on the basis of the legitimate interest of the Data Controller, which is to record the exercised rights of data subjects for the purpose of demonstrating compliance with obligations arising from legal regulations |
Common personal data included in the application |
5 years from the date of exercise of rights |
Individuals who have made a request or exercised data subject rights with the Controller |
|
Publication of testimonials about the Operator’s services on the Operator’s website |
Art. 6(1)(a) of the Regulation – the processing of personal data is carried out on the basis of the data subject’s consent |
Name, e-mail address, photo |
3 years from the date of consent or until its revocation, whichever is the earlier |
Natural persons who have published a reference |
|
Responding to messages and handling queries/requests from messages received via the contact form on the website, the Operator’s profile on the social network and via email communication or by telephone |
Art. 6(1)(f) of the Regulation – the processing of personal data is carried out on the basis of the legitimate interest of the Data Controller, which is to respond to messages and inquiries received for the proper conduct of business communication and to provide information about the activities of the Data Controller |
First name, last name, e-mail, other data in the message |
60 days from the date of receipt of the request or until the request is processed (purpose fulfilled), whichever is earlier |
Natural persons sending a message / enquiry |
|
Taking photographs of data subjects and publishing them on the website of the Operator and on the profile on the social network ti |
Article 6(1)(a) of the Regulation – processing of personal data is carried out on the basis of the data subject’s consent |
Photography |
5 years from the date of consent or until its revocation, whichever is the earlier |
Individuals who have given consent |
|
Sending information about the Operator’s activities and its own services (direct marketing to existing and former clients) |
Article 6(1)(f) of the Regulation Processing is carried out on the basis of the legitimate interest of the Controller, which is the interest in maintaining existing clientele and informing them about the Controller’s current services. |
Name, surname, function in the company of the business partner/customer, e-mail address |
3 years from the date of provision of the services/sale of the goods or until unsubscription, whichever is earlier |
Natural persons – customers and business partners and natural persons – representatives of customers and business partners |
|
Sending information about the operator’s current offer (direct marketing – newsletter) |
Article 6(1)(a) of the Regulation – processing of personal data is carried out on the basis of the data subject’s consent |
E-mail address |
3 years from the date of consent or until its revocation, whichever is the earlier |
Individuals who have subscribed to the newsletter |
|
Measurements of website traffic, website activity and targeting of the Operator’s online advertising (via online tools – cookies) |
Article 6(1)(a) of the Regulation – processing of personal data is carried out on the basis of the data subject’s consent |
IP address and other data about the activity on the website of the Operator and its preferences in the online environment |
For a maximum of 2 years from the date of consent or until its revocation, whichever is the earlier |
Individuals who have visited the website and given consent |
In connection with the security of personal data, the Controller has adopted the relevant internal documentation specifying the appropriate security measures adopted by the Controller for the purpose of securing your personal data.
- Source of personal data
The Controller obtains your personal data directly from you as the data subject when you provide it to the Controller (when ordering goods via the website, when sending a message via the contact form on the website, a message on a social network, or when visiting the Controller’s website). In some cases, in particular where a commercial company or other entity of which you are an agent or contact person orders a service from the Controller, it is this entity that is the source of your personal data.
In some cases, if you do not provide your personal data to the Operator, the Operator would not be able to deliver the goods to you, enter into a contract with you and fulfil its other legal and contractual obligations.
- To whom does the Controller provide your personal data?
In certain cases, the controller is obliged to provide your personal data to public authorities that are authorised under the relevant legislation to process your personal data as third parties, e.g. courts, law enforcement authorities, supervisory authorities for the operation of electronic commerce (e.g. the Slovak Trade Inspection Authority) or experts and entities providing expert examination of defects in goods in the event of your complaint.
The Controller also provides your personal data to its processors, i.e. external entities that process your personal data on behalf of the Controller. The processors process personal data on the basis of a contract concluded with the Controller, in which they undertake to take appropriate technical and security measures in order to process your personal data securely. The Controller’s processors include:
- company providing hosting services (including mailhosting services) (WebSupport s.r.o.),
- a company providing newsletter-ing services (MailChimp service).
In the performance of the contract towards the Operator’s customers, the recipient of your personal data may also be the company providing the services of the online payment gateway – PayPal (making payment for the delivery of goods if you choose to pay via the payment gateway) and companies providing services in the field of delivery of goods (Slovenská pošta, a. s.). The aforementioned entities act as independent controllers when processing your personal data and the terms and conditions of processing your personal data by these companies can be found on their respective websites.
Recipients of your personal data also include Google, LLC and Facebook, Inc., which provide analytical and marketing services through cookies that are stored on your device by the website if you give the Operator your consent to the storage of these files.
The recipients of your personal data also include the operator of the social networks Facebook and INSTAGRAM (Facebook Ireland Limited) if you contact the Operator via a message on the Operator’s social networks or if you give the Operator consent to publish your photo on the social network in a presentation activity. The said company acts as a joint controller with the Controller in the processing of personal data and the processing of personal data in this case is governed by a joint controllers agreement within the meaning of Article 26 of the Regulation, pursuant to which the Controller is the point of contact.
- TRANSFER to third countries and international organisations and PROFiling
When using analytical and marketing cookies on the Operator’s website and if you contact the Operator via a message on the Operator’s social networks or if you grant the Operator consent to publish your photo on social networks, your personal data may be transferred to the USA, to Facebook, Inc., Google, LLC. as parent companies of their European subsidiaries as providers of the above services (based on the relevant legislation applicable in the USA).
If you subscribe to the newsletter, your personal data will also be transferred to The Rocket Science Group in the USA, which is the operator of the MailChimp service.
The transfer of your personal data is secured in the above cases by means of appropriate means of securing the transfer of personal data to third countries in accordance with the Data Protection Regulations, in particular through the use of standard contractual clauses that are part of the terms of use of the above services.
The controller does not use profiling when processing your personal data and does not process personal data in any form of automated individual decision-making, which would lead to the evaluation of your personal aspects.
- What are your rights in relation to the processing of personal data?
In connection with the processing of your personal data, you have the following rights as a data subject:
|
Your rights
|
|
|
Right of access – As a data subject, you have the right to obtain confirmation from the Data Controller as to whether it is processing your personal data and, if so, to obtain access to that personal data and information pursuant to Article 15 of the Regulation. The Controller will provide you with a copy of the personal data that is being processed. If you make a request by electronic means, the information will be provided to you by the Controller in a commonly used electronic format, unless you request otherwise. |
Right to restriction of processing – You also have the right to have the Controller restrict the processing of your personal data. This will be the case, for example, if you contest the accuracy of the personal data or if the processing is unlawful and you request the restriction of processing, or if the Controller no longer needs your personal data for the purposes of processing but you need it to prove, exercise or defend legal claims. The Controller will restrict the processing of your personal data if you request it. |
|
Right to rectification – To ensure the accuracy, completeness and timeliness of your personal data, the Controller has taken reasonable measures. As a data subject, you have the right to have your inaccurate personal data corrected or your incomplete personal data completed by the Controller without undue delay.
|
Right to data portability – In certain circumstances, you have the right to have your personal data transferred to another data controller that you designate. However, the right to portability only applies to personal data that the Data Controller processes on the basis of the consent you have given to the Data Controller, on the basis of a contract to which you are one of the parties or where the Data Controller processes personal data by automated means. |
|
Right to erasure (“right to be forgotten”) – You also have the right to obtain from the Data Controller the erasure of your personal data without undue delay if certain conditions are met, for example, if the personal data are no longer necessary for the purposes for which they were collected or processed by the Data Controller. However, this right of yours must be considered on a case-by-case basis, as there may be situations where the Controller is prevented from erasing your personal data by other circumstances (for example, a legal obligation of the Controller). This means that in such a case, the Data Controller will not be able to comply with your request to erase your personal data. |
Right to lodge a complaint or complaint – If you feel that your personal data is being processed in violation of applicable law, you may lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, located at Hraničná 12, 820 07 Bratislava 27; website: dataprotection.gov.sk, phone number: 02 3231 3214; e-mail: statny.dozor@pdp.gov.sk.
|
|
RIGHT TO INSTALL You have the right to object to the processing of your personal data, for example, if the Controller processes your personal data on the basis of a legitimate interest or in the case of processing involving profiling. If you object to such processing of your personal data, the Controller will not further process your personal data unless it demonstrates the necessary legitimate grounds for further processing of your personal data.
|
|
THE RIGHT TO WITHDRAW CONSENT If the Controller processes your personal data on the basis of your consent, you have the right to withdraw the consent at any time in the same way as you gave it. Withdrawal of consent does not affect the lawfulness of the processing carried out prior to the withdrawal of consent. Upon withdrawal of consent, the Controller will cease to process your personal data. |
You can exercise your rights specified in the table above at the contact addresses of the Operator indicated at the beginning of this document. The Operator will provide you with a response to the exercise of your rights free of charge. In the event of a repeated, unfounded or unreasonable request to exercise your rights, the Controller is entitled to charge a reasonable fee for the provision of the information . The Controller will provide you with a reply within 1 month from the date on which you exercised your rights. In certain cases, the Controller is entitled to extend this period, in the event of a high number and complexity of requests from data subjects, but not more than 2 months. The Controller will always inform you of the extension of the time limit.
- Social media and links to other websites
In order to promote marketing and advertising, you will find links to various social networks such as Facebook on the Operator’s website. The Operator hereby wishes to inform you that once you click on the add-on on the website and go to the social network, the privacy policy of the social network operator will apply, except in cases where you contact the Operator via a message on the social network (in which case the processing of your personal data is also governed by this Policy and your personal data processed by the Operator in accordance with the information provided above).
For more information on the processing of your personal data by social network operators, please visit the following links: (i) Facebook: https://sk-sk.facebook.com/policy.php, (ii) Instagram: https://sk-sk.facebook.com/help/instagram/155833707900388/ and (iii) YouTube: https://policies.google.com/privacy?hl=sk.
- Validity
This Policy is valid and effective as of 01.08.2021. As it may be required to update the information on the processing of personal data contained in this Policy in the future, the Controller is entitled to update this Policy at any time. However, in such a case, the Controller will notify you of this in an appropriate manner in advance.
Please contact those vendors and others directly if you have any questions about their privacy policies. You can also read more on our terms and conditions page.
