Privacy Policy
Privacy Policy
1. Principles of personal data processing
TWINYX s.r.o. with its registered office at Cukrová 6, 811 08 Bratislava, ID No. 52720144 (hereinafter referred to as the "Operator"), in accordance with Regulation 2016/679 GDPR on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "Regulation") and Act No. 18/2018 Coll. on the protection of personal data and on the amendment and supplementation of certain acts (hereinafter referred to as the "Act"), has developed security measures that are regularly updated. They define the scope and method of security measures necessary to eliminate and minimize threats and risks acting on the information system in order to ensure:
* the availability, integrity and reliability of management systems using state-of-the-art information technology,
* protect personal data from loss, damage, theft, modification, destruction and maintain its confidentiality,
* identify and prevent potential problems and sources of disruption.
Contact person responsible: twinyx@twinyx.sk
2. Privacy Policy
Your personal data will be stored securely, in accordance with the data retention policy and only for as long as necessary to fulfil the purpose of the processing. Only persons authorised by the controller to process the personal data and who process the personal data on the basis of the controller's instructions will have access to the personal data. Your personal data will be backed up in accordance with the retention policy of the controller. The personal data stored on backup storage sites is used to prevent security incidents that could arise, in particular, through a breach of security or damage to the integrity of the processed data.
3. Definitions
3.1 "personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
3.2. 'processing' means an operation or set of operations concerning personal data or sets of personal data, such as obtaining, recording, organizing, structuring, storing, processing or altering, retrieving, consultation, using, disclosing by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, whether or not by automated or non-automated means;
3.3. 'restriction of processing' means the marking of personal data stored in order to restrict its processing in the future;
3.4 "profiling" means any form of automated processing of personal data which consists of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects of the natural person concerned relating to job performance, financial situation, health, personal preferences, interests, reliability, behaviour, location or movements;
3.5. 'information system' means any organised collection of personal data which is accessible according to specified criteria, whether the system is centralised, decentralised or distributed on a functional or geographical basis;
3.6. 'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are laid down in Union law or in the law of a Member State, the controller or the specific criteria for its determination may be determined in Union law or in the law of a Member State;
3.7 "processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
3.8. 'third party' means a natural or legal person, a public authority, an agency or an entity other than the data subject, the controller, the processor and persons who are entrusted with the processing of personal data on the direct authority of the controller or processor;
3.9. "consent of the data subject" means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she consents, by means of a statement or an unambiguous confirmatory act, to the processing of personal data concerning him or her;
3.10. "personal data breach" means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data that is transmitted, stored or otherwise processed;
3.11. 'relevant and reasoned objection' means an objection to a draft decision as to whether there has been
an infringement of this Regulation or whether the envisaged measure in relation to the controller or processor is in accordance with this Regulation, which must clearly demonstrate the seriousness of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free movement of personal data within the Union.
4. Purposes of the processing of personal data
Purpose
The performance of a contract to which the data subject is a party or to take pre-contractual measures at the request of the data subject
Legal basis
Article 6(1)(b) of the Regulation
List of personal data
- title
- name and surname
- signature
- address
- phone number
- delivery address
Categories of data subjects
customer
Category of beneficiaries
shipping companies:
* Geis SK, s.r.o., Trnanská 6, 960 01 Zvolen, ID No: 31324428
* DHL Express (Slovakia) s.r.o., Letisko M.R. Štefánika, 820 01 Bratislava, ID No: 31342876
* 123Kurier, s. r. o.. Tomanoczyho 378, 027 43 Nižná, ICO: 46598863
Intermediaries
-
Retention period
to the extent required by law
Cross-border transfer
the transfer of personal data to a third country does not take place
Purpose
e-shop
Legal basis
Article 6(1)(f) of the Regulation
List of personal data
user account:
- name and surname
- phone number
- date of birth
- address of permanent residence
- delivery address
Description
Customer registration and registration of e-shop purchases.
Categories of data subjects
customer
Category of beneficiaries
shipping companies:
* Geis SK, s.r.o., Trnanská 6, 960 01 Zvolen, ID No: 31324428
* DHL Express (Slovakia) s.r.o., Letisko M.R. Štefánika, 820 01 Bratislava, ID No: 31342876
* 123Kurier, s. r. o.. Tomanoczyho 378, 02743 Nižná, ID No.: 46598863
* Slovenská pošta, a.s., with registered office at Partizánska cesta 9, 975 99 Banská Bystrica, ID No.: 36631124, registered in the Commercial Register of the District Court of Banská Bystrica, Section Sa, Entry No. 803/S
Intermediaries
-
Retention period
during the registration period in the e-shop
Cross-border transfer
the transfer of personal data to a third country does not take place
Purpose
Records of requirements
Legal basis
within the meaning of Article 6(1)(a) of the Regulation (the data subject has consented to the processing of his or her personal data for one or more specific purposes).
List of personal data
- name, surname
- address
- telephone
Description
The personal data that we process via the contact forms on our website and emails are only processed to process your request. By completing and submitting the application form, you consent to the processing of personal data within the meaning of Article 6(1)(a) of the Regulation. You have the right to withdraw your consent to the processing of your personal data at any time before the expiry of the above period by sending your request to the following email address: twinyx@twinyx.sk or by sending your request to the address of the Data Controller with the text "GDPR withdrawal of consent" on the envelope. The Controller declares that in the event of a written request from the data subject to terminate the processing of personal data before the aforementioned period, the personal data will be erased within 30 days of receipt of the withdrawal of consent.
Categories of data subjects
customer and potential customer
Intermediaries
-
Retention period
for 1 year
Cross-border transfer
the transfer of personal data to a third country does not take place
Purpose
Live chat
Legal basis
Article 6(1)(a) of the Regulation
We only process the personal data that we process through the online chat published on our website to process your request. By completing and submitting the request, you consent to the processing of your personal data within the meaning of Article 6(1)(a) of the Regulation (the data subject has consented to the processing of his or her personal data for one or more specific purposes).
List of personal data
- name and surname
- phone number
- IP address
Categories of data subjects
customer and potential customer
Intermediaries
MODENA TO, s.r.o. Cukrová 6, 811 08 Bratislava
Retention period
1 year
Cross-border transfer
the transfer of personal data to a third country does not take place
Purpose
Loyalty programme
Legal basis
Article 6(1)(b) of the Regulation
List of personal data
- name and surname
- address of permanent residence
- state
- phone number
Categories of data subjects
customer
Intermediaries
-
Retention period
1 year after unsubscribing from the e-shop
Cross-border transfer
the transfer of personal data to a third country does not take place
Purpose
Processing of accounting documents
Legal basis
Article 6(1)(c) of the Regulation within the meaning of Act No 431/2002 Coll. on Accounting, as amended, Act No 222/2004 Coll. on Value Added Tax, as amended, Act No 40/1964 Coll. on the Civil Code, as amended
List of personal data
- title
- name and surname
- address
- telephone
- account number
- signature
Categories of data subjects
natural persons who have incurred an obligation to pay
Intermediaries
-
Retention period
in accordance with Act No. 395/2002 Coll. on archives and registers
Cross-border transfer
the transfer of personal data to a third country does not take place
Purpose
Complaints
Legal basis
Article 6(1)(c) of the Regulation
40/1964 Coll., the Civil Code, as amended, Act No. 250/2007 Coll., on Consumer Protection and on Amendments to the Act of the Slovak National Council No. 372/1990 Coll., on Offences, as amended by Act No. 397/2008 Coll., on Consumer Protection and on Amendments to the Act of the Slovak National Council No.
List of personal data
- name and surname
- address
- phone number
- signature
Categories of data subjects
customer/consumer
Beneficiaries
TWINYX s.r.o., Cukrová 6, 811 08 Bratislava
Intermediaries
-
Retention period
10 years
Cross-border transfer
the transfer of personal data to a third country does not take place
Purpose
Debt recovery
Legal basis
Article 6(1)(c) of the Regulation
Act No. 162/2015 Coll., the Administrative Procedure Code, Act No. 160/2015 Coll., the Civil Procedure Code, Act No. 301/2005 Coll., the Criminal Procedure Code, Act No. 233/1995 Coll., the Execution Procedure Code, Act No. 7/2005 Coll., the Act on Bankruptcy and Restructuring
List of personal data
- name and surname
- birth number
- address
Categories of data subjects
the persons concerned, natural persons, legal persons in the capacity of parties to the proceedings
Intermediaries
-
Retention period
5 years
Cross-border transfer
the transfer of personal data to a third country does not take place
Purpose
Foreclosures
Legal basis
Article 6(1)(c) of the Regulation
pursuant to Act No. 59/2018 Coll. on bailiffs and enforcement activity (Execution Procedure Code)
List of personal data
- routine personal data, other personal data discovered or provided in the course of the proceedings
Categories of data subjects
a natural person - a party to the enforcement proceedings, a statutory body or other person authorised to act on behalf of a party to the proceedings
Intermediaries
-
Retention period
7 years
Cross-border transfer
the transfer of personal data to a third country does not take place
Purpose
Register of jobseekers
Legal basis
Article 6(1)(a) of the Regulation
List of personal data
- title
- name
- surname
- residence address
- and any other information necessary to verify the eligibility for the post
Description
Only successful applicants will be contacted by the operator.
Personal data will not be used for automated individual decision-making, including profiling.
You have the right to withdraw your consent to the processing of your personal data at any time before the expiry of the above-mentioned period by sending a request to the email address: twinyx@twinyx.sk or by sending a request to the address of the Controller with the text "GDPR withdrawal of consent" on the envelope. The Controller declares that in the event of a written request from the data subject to terminate the processing of personal data before the aforementioned period, the personal data will be erased within 30 days of receipt of the withdrawal of consent.
Categories of data subjects
jobseekers
Intermediaries
-
Retention period
personal data is kept for 1 year after consent is given
Cross-border transfer
the transfer of personal data to a third country does not take place
Purpose
Newsletter
Legal basis
Article 6(1)(a) of the Regulation
List of personal data
Description
If you wish, you can subscribe to our newsletter, which is located on our website twinyx.sk Personal data will only be processed for the purpose of sending newsletter messages to the e-mail address you have provided. By subscribing to the newsletter you agree to the processing of your personal data. Personal data is processed within the meaning of Article 6 (1) (a) of the Regulation. Your
e-mail address will be processed until you unsubscribe. You
can unsubscribe by clicking on the "unsubscribe" link provided in each newsletter message you receive from us. After unsubscribing, you will no longer receive any newsletter messages from us. Scope of personal data processed: email address.
Categories of data subjects
customer and potential customer
Category of beneficiaries
Your personal data related to marketing may be provided to our partners who carry out partial personal data processing activities for the controller, in particular in the field of marketing and satisfaction surveys
Intermediaries
-
Retention period
personal data is kept for 1 year after consent is given
Cross-border transfer
the transfer of personal data to a third country does not take place
Purpose
Register of representatives of suppliers and customers
Legal basis
Article 6(1)(f) of the Regulation
List of personal data
- title, name, surname
- job classification
- duty assignments
- functional classification
- the employee's personal number
- professional unit
- place of work
- telephone and fax number
- e-mail address of the workplace
- and employer identification data
Categories of data subjects
representatives or employees of suppliers and customers
Intermediaries
-
Retention period
10 years after the end of the contract or business relationship
Cross-border transfer
the transfer of personal data to a third country does not take place
Purpose
Camera system
Legal basis
Article 6(1)(f) of the Regulation
List of personal data
- video recording of the monitored area
Description
Some of our premises are equipped with a camera information system, which monitors the premises of the operator in order to protect the property. Recordings from the CCTV system are not disclosed to third parties. They are only made available to authorised persons of the operator and IT specialists who carry out maintenance on them. Personal data collected by the CCTV system shall be used for the protection of property and for the taking of evidence in administrative proceedings in cases where personal data collected by the CCTV system are used as evidence in ongoing administrative proceedings. They may be provided to courts and authorities involved in misdemeanour or criminal proceedings.
Categories of data subjects
- employees
- persons moving in the monitored area
Intermediaries
-
Retention period
if the record made is not used for the purposes of criminal or offence proceedings, the record shall be automatically destroyed by a programming operation within 5 days of the day following the day on which the record was made
Cross-border transfer
the transfer of personal data to a third country does not take place
Purpose
Direct marketing
Legal basis
Article 6(1)(f) of the Regulation
List of personal data
- name and surname
- address
- telephone
Categories of data subjects
customer
Category of beneficiaries
Your personal data related to marketing may be provided to our partners who carry out partial personal data processing activities for the controller, in particular in the field of marketing and satisfaction surveys
Intermediaries
-
Retention period
for the duration of the contractual or commercial relationship
Cross-border transfer
the transfer of personal data to a third country does not take place
5. Rights of the data subject
5.1 Right to withdraw consent - where we process your personal data on the basis of your consent, you have the right to withdraw that consent at any time. You can withdraw your consent electronically, at the address of the authorised person, in writing, by notice of withdrawal of consent or in person at our registered office. Withdrawal of consent does not affect the lawfulness of the processing of personal data we have processed about you on the basis of that consent.
5.2 Right of access - you have the right to be provided with a copy of the personal data we hold about you
and to be informed about how we use your personal data. In most cases, your personal data will be provided to you in written paper form, unless you request a different method of provision. If you have requested this information by electronic means, it will be provided to you electronically where technically possible.
5.3 Right to rectification - We take reasonable steps to ensure that the
information we hold about you is accurate, complete
and up to date. If you believe that the information we hold is inaccurate, incomplete or out of date, please do not hesitate to ask us to correct, update or complete the information.
5.4 Right to erasure (to be forgotten) - you have the right to ask us to erase your personal data, for example, if the personal data we have collected about you is no longer necessary to fulfil the original purpose of the processing. However, your right must be considered in light of all the relevant circumstances. For example, we may have certain legal and regulatory obligations which mean that we may not be able to comply with your request.
5.5 Right to restrict processing - in certain circumstances you are entitled to ask us to stop using your personal data. These include, for example, where you think that the personal data we hold about you may be inaccurate or where you think that we no longer need to use your personal data.
5.6 Right to data portability - in certain circumstances you have the right to ask us to transfer the personal data you have provided to us to another third party of your choice. However, the right of portability only applies to personal data that we have obtained from you on the basis of consent or on the basis of a contract to which you are a party.
5.7 Right to object - you have the right to object to processing based on our legitimate interests. If we do not have a compelling legitimate ground for processing and you object, we will no longer process your personal data.
If you believe that any personal information we hold about you is incorrect or incomplete, please contact us.
If you wish to object to the way in which we process your personal data, please contact our Data Protection Supervisor by email at: twinyx@twinyx.sk or in writing to:
TWINYX s.r.o.
Cukrová 6
811 08 Bratislava
Our designated person will investigate your objection and work with you to resolve the matter.
If you believe that your personal data is being processed unfairly or unlawfully, you may lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, Hranicná 12, 820 07 Bratislava 27; telephone number: +421 /2/ 3231 3214; e-mail: statny.dozor@pdp.gov.sk, https://dataprotection.gov.sk.
Bratislava on 6.7.2022