Privacy protection

The company DataTip, s.r.o. processes personal data in accordance with the legal regulations effective as of May 25, 2018, specifically in compliance with Act No. 18/2018 Coll. on the Protection of Personal Data and on amendments to certain acts (hereinafter referred to as the "Act") and also in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

The company DataTip, s.r.o. processes personal data in accordance with the legal regulations effective as of May 25, 2018, specifically in compliance with Act No. 18/2018 Coll. on the Protection of Personal Data and on amendments to certain acts (hereinafter referred to as the "Act") and also in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

The following information concerns the processing of personal data of visitors and/or customers of the operator's e-shop (hereinafter referred to as the "data subject") carried out by the operator.

Basic Provisions

  1. The controller of personal data according to Section 5(o) of the Act is the company DataTip, s.r.o., ID No. 36869112, with its registered office at Alžbetina 30, 040 01 Košice (hereinafter referred to as the "controller").
  2. The contact details of the controller are:
    address: Alžbetina 30, 040 01 Košice
    email: info@kiids.shop
  3. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  4. The controller has not appointed a data protection officer. In case of any questions regarding personal data, the data subject may contact the controller at info@kiids.shop


    Sources and Categories of Processed Personal Data

     

      1. The controller processes personal data provided by the data subject or personal data obtained by the controller based on the fulfillment of the data subject's order, i.e., based on a concluded contract.
      2. The controller processes identification and contact data of the data subject and data necessary for the performance of the contract, which are: name and surname, or title, postal address, telephone and email contact, IP address, cookies, or bank account number.

        Legal Basis and Purpose of Personal Data Processing

        1. The legal basis (lawful reason) for processing personal data is:
          • Performance of a contract between the data subject and the controller according to Section 13(1)(b) of the Act. The personal data of the data subject processed by the controller for the purpose of processing orders and fulfilling obligations arising from the contract concluded between the data subject and the controller are: name and surname, postal and email address, and telephone number of the data subject. The legal basis for processing these voluntarily provided data is the fulfillment of rights and obligations arising from the aforementioned contract, which would otherwise not be possible to conclude.
          • Legitimate interest of the controller according to Section 13(1)(f) of the Act (in case of withdrawal from the contract or exchange of goods by the data subject, for the controller's accounting purposes). The personal data of the data subject processed by the controller for the purpose of withdrawal from the contract or exchange of goods by the data subject are: name, surname, postal address, or account number. The legal basis for processing said personal data is the legitimate interest of the controller in fulfilling the rights and obligations arising from the distance contract. The personal data of the data subject processed by the controller for accounting purposes are: name and surname, postal address, account number.
          • Consent of the data subject to the processing of personal data according to Section 13(1)(a) of the Act (for the purposes of creating a user account for the data subject, for the purposes of correspondence with the controller via the contact form), if no order for goods has been placed. The personal data of the data subject processed by the controller in the case of correspondence via the contact form are: name and surname and email address. Personal data voluntarily provided within the use of the contact form will not be published and serve exclusively for the purpose of answering the data subject's question or suggestion by the controller. The personal data of the data subject processed by the controller for the purpose of creating a user account and providing services intended for registered users are: name and surname, postal and email address, and telephone number of the data subject.
        2. The purpose of processing personal data is:
            • processing the data subject's order and exercising rights and obligations arising from the contractual relationship between the data subject and the controller; when ordering, personal data are required that are necessary for the successful processing of the order, the provision of personal data is a necessary requirement for the conclusion and performance of the contract, without the provision of personal data it is not possible to conclude the contract or for the controller to perform it,
            • withdrawal from the contract or return of goods by the data subject,
            • maintaining the controller's accounting,
            • registration of the data subject on the controller's website, i.e., setting up a user account for the data subject,
            • using contact forms for correspondence with the controller,
            • using cookies.

           3. There is no automated individual decision-making by the controller within the meaning of Section 28 of the Act. 

          Personal Data Retention Period

            1. The controller stores personal data: 
              • for the duration of the controller's legal obligations arising from generally binding legal regulations, in particular the Civil Code, the Consumer Protection Act on the sale of goods or provision of services based on a distance contract or a contract concluded outside the seller's business premises, the Act on Archives and Registries, the Accounting Act, and the VAT Act, i.e., in the case of some data on tax documents for at least 10 years;
              • for the period necessary to exercise the rights and obligations arising from the contractual relationship between the data subject and the controller and the assertion of claims from these contractual relationships (for a period of 10 years from the termination of the contractual relationship);
              • for the duration of the data subject's interest in using services associated with the user account. 
            1. After the personal data retention period expires, the controller shall delete the personal data.

            Recipients of Personal Data (Controller's Subcontractors)

              1. Recipients of personal data are persons:
                • involved in the delivery of goods/services/execution of payments based on the contract,
                • providing e-shop operation services and hosting services and other services in connection with the operation of the e-shop,
                • providing services related to accounting management (external accountant) and providing accounting software.
              • The controller intends to transfer personal data to a third country (a country outside the EU) or an international organization. Recipients of personal data in third countries are providers of mailing services/cloud services.

              Rights of the Data Subject

                1. Under the conditions set out in the Act, the data subject has:
                  • the right to access their personal data according to Section 21 of the Act,
                  • the right to rectification of personal data according to Section 22 of the Act, or restriction of processing according to Section 24 of the Act,
                  • the right to erasure of personal data according to Section 23 of the Act,
                  • the right to object to the processing of personal data according to Section 27 of the Act,
                  • the right to data portability according to Section 26 of the Act,
                  • the right to withdraw consent to the processing of personal data at any time in writing to the address of the controller's registered office or electronically to the controller's email specified in Art. I. of these terms,
                • Furthermore, the data subject has the right to file a complaint with the Office for Personal Data Protection if they believe that their right to personal data protection has been violated. 

                Personal Data Security Conditions

                1. The controller declares that they have taken all appropriate technical and organizational measures to secure personal data.
                2. The controller has taken technical measures to secure data storage and storage of personal data in paper form. Work computers are protected by antivirus software and secured against access by unauthorized persons using passwords. Software and applications used for business activities are encrypted. To protect personal data, we perform backups, which are also encrypted. Paper documents are stored in a lockable cabinet.
                3. The controller declares that only persons authorized by them have access to personal data.

                Final Provisions

                1. The possibility of purchasing goods offered on the controller's website is not primarily intended for visitors under 16 years of age.
                2. By submitting an order from the online order form, the data subject confirms that they have been informed of the personal data protection conditions and that they accept them in their entirety.
                3. The data subject agrees to these conditions by checking the consent box via the online form. By checking the consent box, the data subject confirms that they have familiarized themselves with the personal data protection conditions and that they accept them in their entirety.
                4. The controller is entitled to change these conditions. A new version of the personal data protection conditions will be published on their website and at the same time, the controller will send a new version of these conditions to the data subject's email address provided to the controller. 

                These conditions take effect on September 1, 2022.