PRIVACY AND COOKIES NOTICE / Privacy Policy and Privacy Notice

provided by the data controller to the data subject when collecting personal data from the data subject and the cookie notice of the fragrancenter.com online shop  /

 

  1. Operator

 

1.1.The identity and contact details of the Operator are:

 

Business name: IS Studio, s.r.o.

Registered office: Žižkova 2339/25, Košice 040 01, Slovak Republic

Registered in the Register of the District Court Košice I, Section Sro, Entry No. 26122/V

ID NO: 45675201

DIC: 2023088166

VAT ID: SK2023088166

Bank account: SK57 1100 0000 0029 2884 2407

Seller is a VAT payer /Value Added Tax/

 

1.2 Email contact and telephone contact of the Operator is:

Email: info@fragrancenter.com

Tel: +421 903963929

 

1.3 Address of the Operator for sending documents:

 

IS Studio s.r.o., Žižkova 25, 04001 Košice, Slovak Republic

 

1.4.The Controller hereby, in accordance with Article 13, paragraphs 1. and 2. 1. and 2. of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 May 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC GDPR (hereinafter referred to as the "Regulation"), the Controller provides the Data Subject from whom the Controller obtains personal data concerning him/her with the following information, instructions and explanations:

 

  1. References

 

2.1.This Policy and the Privacy Notice form part of the General Terms and Conditions published on the Seller's Website.

2.2.Pursuant to §3, paragraph 1, letter n), Act No. 102/2014 Coll. The Seller informs the Consumer that there are no special relevant codes of conduct to which the Seller is committed to adhere, whereby a code of conduct is understood to be an agreement or a set of rules that define the Seller's behaviour, which the seller has undertaken to comply with that code of conduct in relation to one or more specific commercial practices or sectors of trade, unless these are laid down by law or by other legislation or by action of a public authority) which the seller has undertaken to comply with, and the manner in which the consumer may become aware of them or obtain their wording.

 

III. Privacy and use of cookies. Instructions and explanation of cookies

3.1 The controller provides the following brief explanation of the function of cookies:

3.1.1.Cookies are text files containing small amounts of information that are downloaded to your computer, mobile or other electronic device that you use to browse the website domain when you visit the website.

Cookies not only allow the operator's web domain to recognise the user's device, but also allow the user to access features on the site.

We divide cookies into two basic types, namely:

Persistent cookies - these cookies remain on the user's device for the period of time specified in the cookie. They are activated whenever the user visits the web domain that created the cookie.

Session cookies - these cookies allow the operator of the web domain to link the user's activities when the user opens a browser window and exits when the browser window is closed. Session cookies are created temporarily. When the browser is closed, all session cookies are deleted.

3.2.Explanation of cookies

3.2.1 A cookie is a small text file that a website stores on your computer or mobile device when you browse it. Thanks to this file, the website stores information about your actions and preferences (such as login name, language, font size and other display settings) for a certain period of time, so that you do not have to enter them again the next time you visit the website or browse its individual pages.

3.3.Instructions on the use of cookies

3.3.1.The website operator uses cookies to store:

3.3.1.1.the fact that you have already responded to a survey displayed in a separate window (pop-up), through which you can express your opinion on the content of the site (it will not be redisplayed);

3.3.1.2.the fact that you have consented (or not) to our use of cookies on this website.

3.3.1.3.Marketing and remarketing

Likewise, some subpages that are part of the Operator's website use cookies to anonymously collect statistical data about who is the referrer of the source of our Internet domain and how you have accessed our Internet domain.

Allowing the use of cookies is not strictly necessary for the proper functioning of the website, but it will provide you with a better user experience when working with it. You can delete or block cookies.

The information stored in cookies will not be used to identify you personally and the data structure is entirely under our control. Cookies are not used for purposes other than those stated in this text. Some of our sites or sub-sites may use additional or different cookies than those listed above. In this case, details of their use will be provided on the site in question in a separate cookie notice.

3.4.How to control cookies

3.4.1. You can control and/or delete cookies at your discretion - see aboutcookies.org. You can delete all cookies stored on your computer and you can set most browsers to prevent them from being stored.

 

  1. Personal data processed

 

4.1.The operator processes the following personal data on its website: name, surname, residence, email address, home telephone number, mobile phone number, billing address, delivery address, data obtained from cookies, IP addresses.

 

  1. Contact details of the data protection supervisor

 

5.1 The controller has appointed a data protection supervisor in accordance with Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Contact: info@fragrancenter.com

 

5.2.The Operator, is also the Seller within the meaning of the term set out in the General Terms and Conditions of this website.

 

  1. Purposes of the processing of the data subject's personal data and duration of the processing of personal data

 

6.1.The purposes of the processing of the data subject's personal data are in particular:

 

6.1.2.the registration, creation and processing of contracts and client data for the purpose of concluding contracts with third parties

 

6.1.3.processing of accounting documents and documents related to the business activity of the Controller

 

6.1.4.compliance with legal regulations in connection with archiving documents and documents, e.g. pursuant to Act No. 431/2002 Coll., the Accounting Act as amended and other relevant regulations

 

6.1.5.the activities of the Operator in connection with the fulfilment of the request, order, contract and similar institutes of the Concerned Person.

 

6.2.The Data Subject's personal data shall be kept by the Controller only for the strictly necessary period of time required for the purposes of the performance of the contract and their subsequent archiving within the meaning of the statutory time limits imposed on the Controller by law.

 

VII. Legal basis for the processing of the data subject's personal data

 

7.1 The legal basis for the processing of personal data of Data Subjects is, depending on the specific personal data processed and the purpose of the processing, the consent of the Data Subjects to the processing of their personal data.

 

7.2 In the event that the Controller carries out processing of personal data based on the consent of the Data Subject, such processing shall only be initiated after the Data Subject has given his or her consent.

 

7.3 Where the Controller processes the Data Subject's personal data for the purposes of negotiating pre-contractual relations and the conclusion and performance of a sales contract and the related delivery of goods, products or services. The data subject is obliged to provide personal data for the proper performance of the purchase contract, otherwise the performance cannot be ensured. Personal data for this purpose is processed without the consent of the data subject.

 

VIII. Recipients or categories of recipients of personal data

 

8.1.The recipients of the Data Subject's personal data will be, or at least may be:

 

8.1.1.the statutory bodies or their members of the Controller

 

8.1.2.persons performing work activity in an employment or similar relationship for the Controller.

 

8.1.3.business representatives of the Operator and other persons cooperating with the Operator in the performance of the Operator's tasks. For the purposes of this document, all natural persons performing dependent work for the Operator on the basis of an employment contract or agreements for work performed outside the employment relationship shall be considered to be employees of the Operator.

 

8.1.4.The recipient of the Data Subject's personal data will also be the Controller's collaborators, business partners, suppliers and contractors, in particular: an accounting company, a company providing services related to the creation and maintenance of software, a company providing legal services to the Controller, a company providing consultancy services to the Controller, companies providing transport and delivery of products to buyers and third parties, marketing companies, companies operating social networks, companies providing payment gateways and other payment methods.

 

8.1.5.The recipient of personal data will also be courts, law enforcement authorities, tax authorities and other state authorities, if so provided by law. Whereby personal data will be provided by the Controller to the authorities and state institutions concerned on the basis of and in accordance with the legislation of the Slovak Republic

 

  1. Information on the provision of personal data to third countries and the period of their storage:

 

9.1. Not applicable. The controller does not transfer personal data of persons to third countries..

 

 

  1. Information on the existence of the relevant rights of the Data Subject:

 

10.1.The data subject has the following rights, among others, whereby:

 

10.1.1.Clause 10.1 is without prejudice to the other rights of Data Subjects.

 

10.1.2.The Data Subject's right of access to data pursuant to Article 15 of the Regulation, which includes:

 

the right to obtain confirmation from the Data Controller as to whether it processes the Data Subject's personal data and, if so, to what extent. At the same time, if they are processed, he has the right to find out their content and to request information from the Data Controller about the reason for processing them, in particular information on: The reason for their processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations, the envisaged period of retention of the personal data or, if this is not possible, information on the criteria for determining it,  1. a 4. Regulation and, in such cases, at least meaningful information about the procedure used as well as the significance and the envisaged consequences of such processing of personal data for the Data Subject, about the adequate safeguards under Article 46 of the Regulation concerning the transfer of personal data where personal data are transferred to a third country or an international organisation.

 

10.1.3.the right to be provided with a copy of the personal data being processed, provided, however, that the right to be provided with a copy of the personal data being processed shall not adversely affect the rights and freedoms of others.

 

10.1.4.the right of the Data Subject to rectification pursuant to Article 16 of the Regulation, which includes the right: for the Controller to correct incorrect personal data concerning the Data Subject without undue delay; the right to supplement incomplete personal data of the Data Subject, including by providing a supplementary statement of the Data Subject; the right of the Data Subject to erasure of personal data (the so-called "right to be forgotten") pursuant to Article 17 of the Regulation, which includes:

 

10.1.5.the right to obtain from the Data Controller, without undue delay, the erasure of the personal data concerning the Data Subject if one of the following grounds is met:

the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, the Data Subject withdraws the consent on the basis of which the processing is carried out, provided that there is no other legal basis for the processing of the personal data, the Data Subject objects to the processing of the personal data pursuant to Article 21(1). Regulation and there are no overriding legitimate grounds for the processing of personal data, or the Data Subject objects to the processing of personal data pursuant to Article 21(2). Regulations, the personal data has been unlawfully processed, the personal data must be erased in order to comply with a legal obligation under European Union law or the law of a Member State to which the Data Controller is subject, the personal data has been collected in connection with the offer of information society services pursuant to Article 8(1). of the Regulation;

 

10.1.6.the right for the Data Controller who has disclosed the Personal Data of the Data Subject to take reasonable measures, including technical measures, having regard to the technology available and the cost of implementing the measures, to inform other Data Controllers who carry out the processing of Personal Data that the Data Subject has requested them to erase all references to such Personal Data, copies or replicas thereof, whereby the right to erasure of the Personal Data containing the rights under Article 17(1) and (2) shall apply. Regulation shall not arise if the processing of the personal data is necessary:

 

10.1.7.to exercise the right to freedom of expression and information.

 

10.1.8.for the performance of a legal obligation which requires processing under European Union law or the law of a Member State to which the Data Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.

 

10.1.9.for reasons of public interest in the field of public health in accordance with Article 9(2)(h) and (i) of the Regulation as well as Article 9(3). Regulation.

 

10.1.10.for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1). Regulation, in so far as the right referred to in Article 17(1) is likely to of the Regulation will render impossible or seriously impede the achievement of the purposes of such processing of personal data; or for the establishment, exercise or defence of legal claims;

 

10.1.11.the right of the Data Subject to restrict the processing of personal data pursuant to Article 18 of the Regulation, which includes:

 

10.1.12. The right to have the Controller restrict the processing of personal data in respect of one of the following cases: The Data Subject contests the accuracy of the personal data during a period allowing the Controller to verify the accuracy of the personal data, the processing of the personal data is unlawful and the Data Subject objects to the erasure of the personal data and requests instead the restriction of its use, the Controller no longer needs the personal data for the purposes of the processing, but the Data Subject needs it to establish, exercise or defend legal claims, the Data Subject has objected to the processing pursuant to Article 21 para. 1. Regulation, pending verification whether the legitimate grounds on the part of the Controller outweigh the legitimate grounds of the Data Subject;

 

10.1.13.the right, where the processing of personal data has been restricted, to have such restricted personal data processed only with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State, with the exception of storage;

 

10.1.14.the right to be informed in advance of the lifting of the restriction on the processing of personal data;

 

  1. and Article 18 of the Regulation, unless this proves impossible or requires a disproportionate effort, the right for the Controller to inform the Data Subject about these recipients, if the Data Subject so requests;

 

10.1.16. the Data Subject's right to data portability under Article 20 of the Regulation, which includes: the right to obtain personal data relating to the Data Subject which he or she has provided to the Controller in a structured, commonly used and machine-readable format and the right to transfer that data to another controller without hindrance from the Controller if:

 

a/ the processing is based on the Data Subject's consent pursuant to Article 6(1)(a) of the Regulation or Article 9(2)(a) of the Regulation, or on a contract pursuant to Article 6(1)(b) of the Regulation, and at the same time

b/ the processing is carried out by automated means, and at the same time:

 

10.1.17.the right to obtain personal data in a structured, commonly used and machine-readable format and the right to transfer such data to another controller without hindrance by the Controller will not have adverse effects on the rights and freedoms of others;

 

10.1.18.the right to transfer personal data directly from one Controller to another Controller, insofar as this is technically feasible;

 

10.1.19.the right of the Data Subject to object under Article 21 of the Regulation, which includes:

 

10.1.20.the right to object at any time, on grounds relating to the particular situation of the Data Subject, to the processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(e) or (f) of the Regulation, including to object to profiling based on these provisions of the Regulation;

 

10.1.21.in the case of the exercise of the right to object at any time, on grounds relating to the particular situation of the Data Subject, to processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(a)(1)(b) of the Regulation. (e) or (f) of the Regulation, including the right to object to profiling based on these provisions of the Regulation, the right not to have the Data Subject's personal data further processed by the Controller unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject, or grounds for establishing, exercising or defending legal claims

 

10.1.22. the right to object at any time to the processing of personal data concerning the Data Subject for direct marketing purposes, including profiling to the extent that it is related to direct marketing; provided that if the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for such purposes;

 

10.1.23.in relation to the use of information society services, the right to object to the processing of personal data by automated means using technical specifications;

 

10.1.24.the right to object, on grounds relating to the particular situation of the Data Subject, to the processing of personal data concerning the Data Subject where the personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1). Regulation, except where the processing is necessary for the performance of a task carried out for reasons of public interest;

 

10.1.25.the right of the Data Subject relating to automated individual decision-making under Article 22 of the Regulation, which includes:

 

10.1.26.the right not to be subject to a decision which is based solely on automated processing of personal data, including profiling, and which has legal effects concerning him or her or similarly significantly affects him or her, except pursuant to Article 22(2). Regulation [i.e., except where the decision is: (a) necessary for entering into, or performance of, a contract between the Data Subject and the Data Controller,

 

10.1.27.permitted by European Union law or the law of a Member State to which the Controller is subject and which also provides for appropriate measures guaranteeing the protection of the rights and freedoms and legitimate interests of the Data Subject; or (c) based on the Data Subject's explicit consent.

  1. Instructions on the right of the Data Subject to withdraw consent to the processing of personal data:

 

11.1.The data subject shall be entitled to withdraw his or her consent to the processing of personal data at any time, without prejudice to the lawfulness of the processing of personal data based on the consent given prior to its withdrawal.

The data subject shall be entitled to withdraw his or her consent to the processing of personal data at any time, in whole or in part. A partial withdrawal of consent to the processing of personal data may relate to a specific type of processing operation(s), while the lawfulness of the processing of personal data to the extent of the remaining processing operations remains unaffected. A partial withdrawal of consent to the processing of personal data may relate to a particular specific processing purpose(s), while the lawfulness of the processing of personal data for the remaining purposes remains unaffected.

The right to withdraw consent to the processing of personal data may be exercised by the Data Subject in paper form to the address of the Controller registered as its registered office in the commercial register at the time of withdrawal of consent to the processing of personal data or in electronic form by electronic means (by sending an e-mail to the e-mail address of the Controller indicated in the identification of the Controller in this document).

 

XII. Instructions on the right of the Data Subject to lodge a complaint with the supervisory authority:

 

12.1.The Data Subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if he or she considers that the processing of personal data concerning him or her is in breach of the Regulation, all without prejudice to any other administrative or judicial remedies.

The data subject shall have the right to be informed by the supervisory authority to which the complaint has been lodged of the progress and outcome of the complaint, including the possibility of seeking judicial redress pursuant to Article 78 of the Regulation.

 

12.2 The supervisory authority in the Slovak Republic is the Office for Personal Data Protection of the Slovak Republic.

 

XIII. Information related to automated decision-making, including profiling:

 

As the processing of the Data Subject's personal data in the form of automated decision-making, including profiling referred to in Article 22(1) and (4), is not involved in the case of the Controller. 2(2)(f) of the Regulation, the Data Controller is not obliged to provide information pursuant to Article 13(2)(f) of the Regulation, i.e. information on automated decision-making, including profiling, and on the procedure used, as well as on the significance and foreseeable consequences of such processing of personal data for the Data Subject. Not applicable.

 

XIV. Final provisions

14.1 This Privacy Policy and the privacy and cookie notices form an integral part of the General Terms and Conditions and the Complaints Policy. The documents - the General Terms and Conditions and the Complaints Procedure of this Website are published on the domain of the Seller's Website.

14.2.This Privacy Policy shall come into force and effect upon its publication on the Seller's Website on 20.08.2022.

 

 

This eshop is certified http://www.pravoeshopov.sk

Our website uses cookies. By using this page, you agree to the use of cookies. We hope you don't mind. More information