PERSONAL DATA PROCESSING PRINCIPLES

1. WHAT CAN I FIND IN THIS DOCUMENT?

Given that we sometimes need to process your personal data as part of our e-shop sales, we would like to inform you in this document about the details of such processing, including informing you about your rights. In this document you will find the answers to the following questions:
o Who are we?
o What personal data processing does this document cover?
o What data can you collect in relation to me?
o How do you obtain my personal data?
o How do you use my personal data and for how long?
o To whom do you disclose personal data?
o Where do you keep personal data?
o What are my rights?
o How can I exercise my rights and contact you?
o How is my personal data protected?
o How will these principles change?

If for any reason you do not find the answers to your questions, please don’t hesitate to contact us using the procedure set-out at this document’s conclusion.


2. WHO ARE YOU?


We are a company trading under the name of IRISIMO s.r.o., Bystrická cesta 5633 / 16A, 03401 Ružomberok, Business ID: 46569014, registered in the Commercial Register of the District Court of Žilina, Section C, Insert No.: 56258 / L and hereinafter referred to as "we" or "controller".

You can find our contacts in the answer to question No. 10


3. WHAT PERSONAL DATA PROCESSING DOES THIS DOCUMENT COVER?


This document applies to all processing operations related to our e-shop sales. Personal data processing related to cookies is set-out in a separate document HERE
.


4. WHAT DATA CAN YOU COLLECT IN RELATION TO ME?


In connection with sales at our e-shop, we may gain access to information such as:

- Identification data. This is data such as name or surname.

- Contact data. This is data such as Your telephone number or e-mail address.

- Address data. This is data that relates to Your address (due to goods delivery or invoicing).

- Details of purchased goods. This is data that relates to the specific goods that you have bought from us.

- Order history data. This is data that relates to your previous purchases with us, including information about what you like.

- Payment details. This information includes your payment information, such as account number, etc.

Not all of the above categories of personal data will necessarily be processed for all purposes, more details can be found in the answer to question No. 6.


5. HOW DO YOU OBTAIN MY PERSONAL DATA?


We only obtain your personal data from one source and that is you - by this we mean that we only process personal data that you give us.


6. HOW DO YOU USE MY PERSONAL DATA AND FOR HOW LONG?

Registration and user account creation

On our websites, we allow our customers to register with us and create a user profile, which makes it easier to make purchases in the future.

In this case, we process your personal data as follows:

Purpose of processing

Extent of processed data

Basis for processing

Processing period

Registration and user account management, including related communication

Identification data, Contact data, Address data

Consent to personal data processing

For the period of using the user account, not longer than 3 years from the last login

Sending news and promotions and other tailored newsletters

Identification data, Contact data, or order history data

Consent to send commercial communications

For a period of 3 years from granting

The above processing is only carried out on the basis of your free and voluntary consent. You are not obliged by any law or contract to register at our e-shop, it is only a way to facilitate future purchases, or to obtain additional benefits. However, we are unable to allow you to register and maintain your user account without this consent.

You are also free to choose to receive commercial communications from us that are tailored to you. To this end, we use profiling options according to various aspects so that we can only send you truly relevant or appropriate notifications that may be useful to you.

In both of the above cases, you may withdraw your consent at any time, in which case we will terminate your user account immediately or stop sending our commercial communications. The way to withdraw the consent can be found in section 9.6 below.


Order form

Whether you are a registered or unregistered customer, we need some personal data in order to enter into a contract with you. Without this data, we are unable to deliver the goods to you or communicate with you in any way.

With this in mind, we process your personal data for the following purposes:

Processing purposes

Extent of processed data

Basis for processing

Processing period

Conclusion and performance of the agreement, including related communication and delivery of goods

Identification data, Contact data, Address data, Payment details, Details of purchased goods

Necessity for the performance of the agreement

For the duration of the contractual relationship and for 3 years thereafter; basic data on the legal relationship and its existence (parties, subject of the obligation, etc.) for a period of 10 years after the agreement ends

Fulfilling accounting and tax obligations, including archiving

Identification data, Contact data, Address data, Payment details, Details of purchased goods

Necessity for compliance with a legal obligation

For a period specified by applicable law, usually 5 to 10 years

Sending commercial communications relating to purchased products, including sending a satisfaction questionnaire as part of the programme Verified by Customers

Identification data, Contact data, Address data, Details of purchased goods

Legitimate interest for the purpose of direct marketing, or customer exemption

For a period of 3 years from the purchase

Sending news and promotions and other tailored newsletters

Identification data, Contact data, or order history data

Consent to send commercial communications

For a period of 3 years from granting

As mentioned above, in order to be able to enter into an agreement with you in accordance with our terms and conditions, we need some of your data to do so. Without this data, we are unable to sell or deliver goods to you, or we are unable to fulfil our accounting and tax obligations, where we are obliged to keep some of your personal data in the form of accounting documents.

In connection with the purchase, we would like to write to you from time to time regarding similar goods you have purchased from us. We would also like to send you a questionnaire regarding your satisfaction with your purchase. Both of these are based on legitimate interest, or so-called customer exemptions, which you can exclude when filling in the order form, or by the procedure set-out in section 9.6 below. Our legitimate interest lies in our efforts to improve our services, but also in the possibility of contacting you in the event that we have a relevant communication for you concerning the goods you purchased from us.

This allows us to stay in touch and recommend goods that you might find useful or like.

Likewise, if you would like to receive commercial communications regarding all relevant news (not just similar goods you have purchased from us), you can give us your consent to receive customised commercial communications, where we will send you all relevant news, including news based on your purchase history, but also other promotions. This consent is also revocable at any time by following the procedure set-out in section 9.6 below.


Newsletter

We will be very happy if you give us your consent to receive commercial communications. In this case, we will process your personal data as follows

Processing purposes

Extent of processed data

Basis for processing

Period of processing

Sending news and promotions and other tailored newsletters

Identification data, Contact data, or order history data

Consent to personal data processing

For a period of 3 years from granting

It is your free choice whether you wish to receive our commercial communications regarding all relevant news, and you are not compelled by law or contract to do so.

If you decide that you no longer wish to receive our communications, you may withdraw your consent by following the procedure set-out in section 9.6 below.


7. TO WHOM DO YOU DISCLOSE PERSONAL DATA?

We want to assure you that we guard your personal data carefully and do not disclose it to anyone unless it is unavoidable. For this reason, we only disclose your personal data in the following cases:

- The provider of the e-shop application and the marketing administrator. As part of the operation of our sites, we use the services of a company that develops and manages the e-shop application.

- Carrier. For the purpose of delivering our products, we use the services of couriers to whom we communicate the necessary address data to perform the agreement between ourselves and you.

- Accounting and tax advisor. As part of our accounting and tax obligations, we use an advisor who may have access to your identification data and payment details from time to time.

- Emailing tool. We utilise the services of a third party to send emails, which technically ensures the distribution of our messages.



8. WHERE DO YOU KEEP PERSONAL DATA?

We keep the personal data we process as part of our activities only within the European Union and do not transfer them to countries outside its borders.


9. WHAT ARE MY RIGHTS?

In connection with personal data processing, you have various rights that we would like to inform you about.

9.1. Right of access. You have the right to contact us and obtain confirmation from us whether or not we process your personal data. If we process your personal data, you have the right to gain access to the processed personal data, when we will be happy to inform you of more detailed information about this processing and at the same time, you have the right to obtain a copy of such personal data.

9.2. Right to rectification. We try to do everything so that we process only the most current personal data about you. This does not change the fact that you have the right to contact us and ask us to rectify your personal data if we process it as out of date or inaccurate.

9.3. Right to erasure (right to be forgotten). We only keep your personal data for as long as is necessary to fulfil the purpose, and we erase or anonymise unnecessary data immediately. However, this does not change the fact that you have the right for us to erase (or anonymise) your personal data without delay, provided that one of the following reasons applies:

- the personal data is no longer necessary for the purposes stated above;

- you withdraw your consent to personal data processing;

- the processing was unlawful;

- we are required to erase it by Slovak or EU law


However, we do not always have, or can, comply with your right. This is the case where processing is necessary:

- for exercising the right of freedom of expression and information;

- to comply with a legal obligation;

- for reasons of public interest in the area of public health;

- for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes;

- for the establishment, exercise or defence of legal claims.


However, it is quite possible that none of the above will occur at all, so you do not have to worry that we will not erase your personal data if you actually ask us to do so (especially in the case of processing based on consent).

9.4. Right to restriction of processing. The law grants you the right to restrict the personal data processing at your request, in one of the following cases:

 - you contest the accuracy of personal data, for a period enabling to verify their accuracy,

 - the processing is unlawful, you oppose to erasure personal data and you will request the restriction of their use;
- we will no longer need personal data for the purposes of the processing, but you will request us to keep it for the establishment, exercise or defence of legal claims.

9.5. Right to portability. Although it sounds strange, if we process your personal data by automated means and the processing is based on consent or necessity for the performance of a contract, you have the right to so-called portability. The right to data portability guarantees that we will provide you with the data you have provided to us in a commonly used and machine-readable format, or we will transmit the data to another controller that you indicate to us.

9.6. The right to withdraw consent and to object to a legitimate interest for the purposes of direct marketing. If we process your personal data on the basis of consent, you of course have the right to refuse and withdraw consent at any time. In this case, we will not continue with further processing and, unless we are prevented by law from doing so, we will erase your personal data.

However, if we also process your personal data on the basis of another legal basis, we are not obliged (sometimes not even allowed) to erase the personal data.

You can also withdraw your consent for commercial communications by clicking on the link provided with each commercial communication. The same applies to processing carried out on the basis of the so-called customer exemption or legitimate interest for direct marketing purposes

9.7. The right to lodge a complaint with a supervisory authority. Of course, if you believe that we are processing your personal data in breach of the law, you have the right to lodge a complaint with the relevant supervisory authority. You can find the contact details of the relevant supervisory authority under this link HERE, and should you need assistance in making a choice, please don’t hesitate to contact us.


10. HOW CAN I EXERCISE MY RIGHTS AND CONTACT YOU?

You can exercise your rights through your user account if you are a registered customer. In addition, you can always contact us at our email address info@irisimo.com


11. HOW IS MY PERSONAL DATA PROTECTED?


We only use verified processors with whom we have concluded the relevant personal data processing agreements. We can assure you that we have done our utmost to ensure the security of your personal data.

If you believe that the security of the personal data you have entrusted to us has been compromised, please don’t hesitate to contact us.


12. HOW WILL THESE PRINCIPLES CHANGE?

In the event that we need to change these principles, we will do so by uploading the new version to our websites. Should this be a material change, or should circumstances require it, we will notify you of the change to this document by email.


13. FINAL PROVISIONS

Finally, we would like to inform you that there is no automated individual decision-making in processing personal data.

 

These Principles are effective from 25.11.2021