Privacy Policy
Privacy Policy - equos.sk
This privacy policy explains how we process personal data when providing our services within the company JASAB s.r.o., located at Maša 1117, 040 16 Baška, Slovakia, ID number: 52655024, registered in the Commercial Register of the District Court in Košice, Section: Sro, insert no. 47298/V (hereinafter referred to as "the operator" or "we"). For any questions related to the protection of personal data or requests from data subjects, you can contact us using the following contact details:
Email: equos.shop@gmail.com
Phone number: +421903055642
Correspondence address: Maša 1117, 040 16 Baška
These privacy terms are primarily intended to fulfill the information obligations under Articles 13 and 14 of the GDPR towards data subjects whose personal data we process. Typically, this applies to our employees or employees of our business partners, clients, or suppliers. When processing personal data, we primarily follow the General Data Protection Regulation (GDPR), which also governs your rights as a data subject, as well as the provisions of Act no. 18/2018 Coll. on the protection of personal data (hereinafter referred to as the "Personal Data Protection Act") that apply to us, along with other relevant legal regulations. If you do not fully understand any of the information provided in these terms, feel free to contact us using the contact details provided above.
Why do we process personal data?
The processing of personal data is necessary on our part primarily for the following purposes:
- To provide our services and products and for that purpose, process personal data of our clients, suppliers, business partners, employees, and other individuals;
- To effectively manage our human resources;
- To fulfill various legal and contractual obligations;
- To protect our legitimate interests.
For what purposes and on what legal grounds do we process personal data?
We process personal data for the following purposes on the basis of the following legal grounds:
|
Purpose of personal data processing |
Legal basis |
|
|
1. |
Personnel and payroll purposes |
Fulfillment of legal obligations |
|
2. |
Storage of data about unsuccessful applicants |
Consent |
|
3. |
Demonstrating, asserting, or defending legal claims (legal agenda) |
Legitimate interest |
|
4. |
Rights agenda of data subjects |
Fulfillment of legal obligations |
|
5. |
Entering into contractual relationships with clients (e-shop) |
Pre-contractual relationships, Fulfillment of the contract |
|
6. |
Handling complaints and claims (complaint procedure) |
Fulfillment of legal obligations |
|
7. |
Membership registration on equos.sk |
Legitimate interest |
|
8. |
Managing profiles on social networks |
Legitimate interest |
|
9. |
Marketing and PR purposes |
Consent and/or legitimate interest |
|
10. |
Accounting and tax purposes |
Fulfillment of legal obligations |
|
11. |
Archival purposes and record management |
Article 89 GDPR |
|
12. |
Statistical purposes | Article 89 GDPR |
What legitimate interests do we pursue when processing personal data?
For the following purposes, we rely on the legal basis of legitimate interest according to Article 6(1)(f) of the GDPR. Below, you will find a more detailed explanation of these purposes or legitimate interests:
|
Proving, exercising, or defending legal claims (legal agenda) |
In exceptional cases, we may need to prove, exercise, or defend our legal claims through court or out-of-court proceedings, or we may need to report certain facts to public authorities, which we consider to be our legitimate interest. |
|
Registration of membership on equos.sk |
The registration of membership on equos.sk provides us with closer contact with our regular customers, allowing us to interact better, expand our customer base, and build better customer relationships, which we consider to be our legitimate interest. |
|
Operation and management of profiles on social media, including discussion forums |
When we operate our own profiles on social media (Facebook, Instagram), we rely on our legitimate interest, which is increasing awareness of our company in the online environment. |
Marketing and PR purposes |
If we organize various events and actions and invite our business partners, we rely on our legitimate interest, which is for direct marketing purposes. According to recital 47 of the GDPR: "Processing personal data for direct marketing purposes may be considered a legitimate interest." |
What personal data do we process about you?
In order to deliver goods and services, we process personal data in the following scope: Title, first name, last name, phone number, email, billing address, delivery address (if different from billing), and text in the order note. If the client is a company, we process the business name, billing information, contact information, and possibly a contact person.
In connection with registration on equos.sk, we process personal data in the scope of email and password.
In employment-related matters, we process the following personal data: Title, first name, last name, phone number, email, temporary address, permanent address, ID card number, date of birth, salary, marital status, information about spouse-children, education, birth certificate, health insurance provider, bank account details.
Who do we share your personal data with?
We take confidentiality about personal data very seriously, and therefore we have implemented internal policies to ensure that your personal data is shared only with authorized employees of our company or vetted third parties. Our employees and workers can access your personal data solely on a "need-to-know" basis, meaning that only authorized employees of the relevant department responsible for processing personal data can have access, which is typically limited by the position, function, and job description of the specific employee. We provide personal data of our clients, employees, business partners, and other individuals only to the necessary extent to the following categories of recipients of personal data:
- Our vetted and legally bound processors
- Our professional advisors (e.g., lawyers, auditors)
- Payroll and accounting companies (e.g., KG Holding)
- Providers of software and cloud services (e.g., Google Drive)
- Providers of technical (IT) and organizational (event agencies) support to our company (e.g., Websupport, Shoptet)
- Social insurance, pension fund management companies, supplementary pension insurance companies, health insurance companies, the Social Affairs and Family Office
- Postal delivery and courier services (e.g., GLS General Logistics Systems Slovakia s.r.o., Direct Parcel Distribution SK, s.r.o.)
- Employees of the above entities
If we use a processor for the processing of personal data, we always verify in advance whether the processor meets the organizational and technical requirements for ensuring the security of processing your personal data. If we use our own recipients (internal staff of our company) for processing personal data, your personal data is always processed based on authorizations and instructions, by which we inform our recipients not only about internal rules for personal data protection but also about their legal responsibility for any violations. If we are asked by a public authority to disclose your personal data, we carefully examine the conditions set by the legislation for disclosure and will not provide your personal data without verifying if those conditions are met. If you are interested in information regarding our current processors, please feel free to contact us.
To which countries do we transfer your personal data?
By default, we restrict any cross-border transfers of personal data to third countries outside the European Economic Area (EEA), which includes the EU, Iceland, Norway, and Liechtenstein.
How long do we retain your personal data?
We retain personal data for as long as necessary to fulfill the purposes for which the data is processed. In general, the retention period is determined by legal regulations. If no legal regulations apply, we determine the retention period of your personal data in relation to specific purposes based on our internal policies and/or our records management plan. If we process your personal data based on consent, we are required to cease processing it for that specific purpose upon withdrawal of consent. However, this does not exclude the possibility of continuing to process your personal data for another legal basis, especially if it is necessary to fulfill legal obligations.
The general retention periods for personal data for the purposes we have defined are as follows:
|
Purpose |
General retention period of personal data |
|
Personnel and payroll purposes |
During the employment relationship and after the statutory periods for retaining certain types of documents have expired (usually 10 years after the termination of the employment relationship) |
|
Retention of data about unsuccessful applicants |
Until the end of the calendar year following the year in which the personal data were delivered |
|
Proving, asserting, or defending legal claims (legal agenda) |
Until the limitation period for legal claims expires |
|
Agenda of the rights of data subjects |
Until the limitation period for legal claims expires |
|
Entering into contractual relationships with clients (e-shop) |
During the contract term |
|
Handling complaints and claims (complaint procedure) |
For a period of 5 years |
|
Registration of membership on equos.sk |
For a period of 10 years from the last login of the registered member |
|
Operating profiles on social media |
Until the post is deleted by the data subject, the post is removed by us, or the data subject requests the deletion of personal data |
|
Marketing and PR purposes |
In the case of newsletters, until an objection to the processing of personal data is received or the newsletter subscription is canceled |
|
Accounting and tax purposes |
For 10 years following the fiscal year to which the accounting documents, accounting books, lists of accounting books, lists of numerical symbols or other symbols and abbreviations used in accounting, depreciation plan, inventory lists, inventory records, account schedules relate |
|
Archiving purposes and records management |
During the retention periods according to the registry plan |
| Statistical purposes |
During the duration/existence of other processing purposes |
The above-mentioned retention periods establish only general periods during which personal data is processed for the respective purposes. However, in reality, we proceed with the destruction or anonymization of personal data before the expiration of these general periods if we no longer consider the data necessary for the purposes stated above. On the other hand, in some specific situations, we may retain your personal data longer than stated above if required by law or our legitimate interest. If you would like to inquire about the specific retention period for the storage of your personal data, please do not hesitate to contact us.
How do we obtain your personal data?
We most often obtain your personal data directly from you. In such cases, providing personal data is voluntary. You may provide your personal data to our company in various ways, such as:
- Registration on our website (eshop equos.sk)
- Ordering goods or services
- During the process of entering into a contract with our company
- Communication with you
- Participation in events organized by our company
- Participation in activities of our company on social media
- Sending a contact form with your comments, questions, or inquiries
However, we may also obtain your personal data from your employer or from a company with which your personal data is processed. Most often, this occurs when we enter into or negotiate a contractual relationship or its terms with the company. If the collection of personal data relates to a contractual relationship, it is usually a contractual requirement or a request necessary to conclude the contract. Failure to provide personal data (whether yours or your colleagues') may have negative consequences for the organization you represent, as the contractual relationship may not be concluded or executed. If you are a member of the statutory body of an organization that is our contracting party or with which we are negotiating a contractual relationship, we may obtain your personal data from publicly available sources and registers. Any accidentally obtained personal data will not be systematically processed for any of the purposes defined by us.
What rights do you have as a data subject?
|
"If we process your personal data based on your consent to the processing of personal data, you have the right to withdraw your consent at any time. However, the withdrawal of consent does not affect the lawfulness of the processing of personal data before the withdrawal.You also have the right to object at any time to the processing of your personal data for direct marketing purposes, including profiling." "You also have the right to object to the processing of your personal data based on our legitimate interests, as explained above. This right also applies to the processing of personal data based on public interest, which we do not perform." In case of exercising this right, we will be happy to show you how we have assessed these legitimate interests as prevailing over the interests, rights, and freedoms of the data subjects. |
The GDPR sets out the general conditions for the exercise of your individual rights. However, their existence does not automatically mean that we will always comply with them, as exceptions may apply in specific cases, or certain rights may be subject to conditions that may not be met in every case. We will always address your request regarding a specific right and assess it based on the legal framework and our internal policy for handling data subject requests. As a data subject, you have the following rights:
-
Right to request access to personal data under Article 15 of the GDPR, which we process about you. This right includes the right to confirm whether we process personal data about you, the right to access such data, and the right to obtain a copy of the personal data we process about you, if technically feasible.
-
Right to rectification and completion of personal data under Article 16 of the GDPR, if we process incorrect or incomplete personal data about you.
-
Right to erasure of your personal data under Article 17 of the GDPR.
-
Right to restriction of processing of personal data under Article 18 of the GDPR.
-
Right to data portability under Article 20.
If you believe that we process incorrect personal data about you concerning the purpose and circumstances, and you cannot modify such personal data through the app, account, or website features, you may request the correction of incorrect or the completion of incomplete personal data using the additional declaration below (all information is voluntary) and/or contact us using our contact details:
|
Supplementary Statement on the Correction of Personal Data |
|
|
Your First and Last Name |
|
|
Contact Information |
|
|
Relevant Purpose of Processing |
Please specify which purpose of processing your request pertains to |
|
Context or Relationship Between You and Our Company |
Please indicate whether you are our employee, business partner, job applicant, etc. |
|
Nature of Your Correction |
Please explain whether you are requesting the correction of inaccurate personal data or the supplementation of incomplete personal data |
|
Context of Your Correction Request |
Please explain why you believe we are processing your incorrect or incomplete personal data |
| Correction |
Please specify which specific personal data you wish to correct or supplement |
Please send this additional statement regarding the correction of personal data to the contact details provided above |
|
Do you engage in automated individual decision-making?
No, we currently do not perform processing operations that involve making decisions with legal effect or significant impact on you, based solely on fully automated processing of your personal data in accordance with Article 22 of the GDPR.
External Websites
Our websites may contain links to other websites and/or services provided by third parties (e.g., reCAPTCHA by Google Inc.). We are not responsible for the content or management of third-party websites or services to which we link. These privacy terms do not apply to the processing of personal data during your navigation on other websites.
How do we protect your personal data?
It is our duty to protect your personal data appropriately, and we pay due attention to its protection. Our company has implemented generally accepted technical and organizational standards to ensure the security of processed personal data, especially to protect it from loss, misuse, unauthorized modification, destruction, or any other impact on the rights and freedoms of data subjects. In situations where sensitive data is transmitted, we use encryption technologies, such as when communicating with the payment gateway. Your personal data is stored on our secured servers or the servers of our website operators located in data centers in Slovakia and the Czech Republic.
Cookies
Cookies are small text files that enhance the use of a website, such as recognizing previous visitors when logging into the user interface, remembering visitor choices when opening a new window, measuring website traffic, or improving its usability. Our website uses cookies primarily for measuring traffic. You can prevent the storage of these files on your device at any time by adjusting your browser settings. The settings of your browser, in accordance with § 55(5) of the Electronic Communications Act, are considered as your consent to the use of cookies on our site.
Social Networks
We recommend that you familiarize yourself with the privacy policies of the social media platforms through which we communicate. Our privacy policy explains only the basic issues related to the management of our profiles or the profiles of our clients. We only have typical administrative rights when processing your personal data through our or client profiles. By using social networks, you understand that your personal data is primarily processed by the social media platform providers (such as Facebook and Instagram) and that we have no control over or responsibility for this processing, the further disclosure of your personal data to third parties, and cross-border transfers to third countries carried out by the social media platform providers.
Changes to Privacy Policy
Data protection is not a one-time matter for us. The information we are obligated to provide to you regarding our processing of personal data may change or become outdated. Therefore, we reserve the right to modify or change these terms at any time and to any extent. If we make significant changes to these terms, we will notify you of these changes, for example, by posting a general notice on this website or by sending a specific notice via email.
JASAB s. r. o.
In Košice, on April 13, 2020