Your security is our priority. In this document, you will find all the necessary information about how we protect your privacy. You will learn more about what data we collect, how we use it, with whom we share it, how you can control the processing, and also about the measures we take to protect your data and the rights you have in connection with the processing.
Who we are and how to contact us
BELIeveS & CO., s.r.o.
Hrubý Šúr 459
903 01 Hrubý Šúr
IČ DPH: SK2021860445
The Data Protection Officer is Eva Belišová, who can be contacted at the email address: firstname.lastname@example.org.
By placing an order, subscribing to receive commercial notifications, or browsing our website, you allow our company to use your personal data.
What information we collect about you
Data during Purchase
When making a purchase, we request information necessary for its processing to fulfil the contract. Mandatory data are only those without which we cannot send the purchase and process the order. These include your name, email address, delivery address, phone number, and the item ordered.
We retain personal data for user records for a period of 5 years from your last completed order. During this time, we process your personal data, including name, surname, and email address, for the purpose of direct marketing, based on the legal grounds of the controller’s legitimate interest.
In our store, you do not provide any information directly related to handling money in your accounts. All currently offered forms of electronic banking (payment for goods online) are carried out directly on the bank’s website, which provides us only with information about the success or failure of the payment and your name or account number (to identify the payment and, if necessary, refund).
Under no circumstances do we obtain any additional information, such as your login details or your account balance. The only data we may store in this context is related to the “remember” function of your card. However, even this function is secured by the bank, and only the bank can match your card number with an anonymised data point that our system uses to remember your card.
Data when Participating in Consumer Contests
In the event that you decide to participate in one of our consumer contests, we process all relevant data within the scope specified in the registration form or questionnaire (especially name, surname, email address, possibly phone number, age, and mailing address).
We process your personal data on the legal basis of contract preparation and fulfilment, or on the legal basis of granted consent, or on the legal basis of legitimate interest, with details provided in the contest’s statute, its attachment containing information on the processing of personal data, or on the contest information page.
Personal data for the purpose of organising and evaluating the contest are processed until the complete conclusion of the specific consumer contest and will subsequently be deleted, usually within 3 months after the contest’s conclusion. Details and other possible processing purposes may be specified in the contest’s statute, its attachment containing information on the processing of personal data, or on the contest information page.
Data when Granting Consent for Direct Marketing Purposes
In case you were not our customer but granted us specific consent to process your personal data for the purpose of direct marketing, we will process them on this legal basis, within the scope of name, surname, age, and email address.
We will process your personal data for a period of 5 years from the granting of consent. After the specified period, they will be deleted unless you regrant consent for their processing.
Other Data Processed for Direct Marketing Purposes
Based on legitimate interest, we also process email addresses that you provided to us during sales, exhibition, marketing, or contest events if you expressed interest in updates through the website. Such personal data will be processed for a period of 5 years from acquisition, or until the objection is raised, whichever occurs first.
How We Use the Data
The data obtained about you is used for the following purposes:
Providing Our Services
Based on the data obtained from you, we can deliver our services in accordance with our Terms and Conditions. The data obtained when creating an order is used for processing it, ensuring delivery, and selling this personal data to shipping companies. We may also use them to remind you of the order if you have not completed the process with a binding order. These data are also necessary for our accounting and invoicing system.
We use your contact information to send notifications related to order processing and service provision or to respond to your inquiries (when you ask about the status of your order, want to inform us of a new delivery address, or request a change in your order details). Your contact information, as well as data about your purchases, is also processed if you wish to return or claim a product.
How We Use Data for Marketing Purposes
If you have granted us consent, or if you have been our customer in the past five years, we also send you commercial information about news and current offers that may interest you. You can easily unsubscribe from these emails by clicking the “Unsubscribe” option in the received email.
If you have been our customer, all personal data used in marketing is utilised under the legal basis of legitimate interest, and for marketing purposes, we retain them for a period of 5 years from your last order. If you have not been our customer but have given us consent to process personal data for marketing purposes, we will process your personal data for a period of 5 years from the date of granting this consent.
Whom We Provide Access to Data
Your personal data are used exclusively for our internal purposes, primarily for the reasons mentioned above. However, not all necessary services related to personal data are provided solely by us, and we also utilise the services of third parties. With third parties to whom we provide your personal data, we have a contract in place, enabling us to secure and protect your rights in the area of personal data protection.
As part of your order, personal data may be transferred to transportation companies:
- Direct Parcel Distribution SK s.r.o.
In addition to processing your order, we process your personal data in the information and marketing systems of third parties, which are essential for our business, such as:
- SuperFaktura, s.r.o., located at Pri Suchom mlyne 6, 811 04 Bratislava
- Google Ireland Limited, Gordon House, located at Barrow Street, Dublin 4, Ireland
- MailChimp / The Rocket Science Group LLC
- Facebook Ireland Limited, located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
- WebSupport, s.r.o., Karadžičova 7608/12, 821 08 Bratislava
How We Protect Your Data
In accordance with the requirements of applicable legislation, we implement all necessary security, technical, and organisational measures to protect your personal data from any misuse. We store this data on our secure servers, and we protect the database of personal data from damage, destruction, loss, and misuse.
Access to Systems
Access to systems handling the personal data of our customers is granted only to a limited number of internal users, as necessary for their job responsibilities. These may include employees working in customer support, order processing, and similar roles. Each individual employee has access only to the amount of personal data necessary for their work. Access to all critical systems processing the personal data of our customers is limited within the internal network, and the aforementioned individuals automatically lose access to your personal data in the event of the termination of their legal relationship with us.
Rights Granted by GDPR and How to Exercise Them with Us
Right to Access Information and Right to Correction
If we process your personal data inaccurately, you can alert us to this fact by sending a message to the email address email@example.com. Subsequently, we will correct the inaccurate personal data without unnecessary delay.
Right to Object to the Processing of Personal Data
Even if we process your personal data based on our legitimate interest, you have the right to object to such processing, including objections to the processing of personal data for the purposes of direct marketing. You can do so by sending a message to the email address firstname.lastname@example.org. If you raise such an objection, we will evaluate, without undue delay, whether your objection is justified in accordance with the law and how we will handle your personal data in the meantime. If we do not demonstrate legitimate reasons for processing, we will cease processing your personal data.
Right to Restrict Processing of Personal Data
You have the right to request us to restrict any processing of your personal data, including their deletion, to cease handling them:
- If you notify us that the personal data we collect about you is inaccurate, until we verify their accuracy.
- If the processing of your personal data is unlawful, and instead of deletion, you request us, by sending a message to the email address email@example.com, to restrict their use.
- If we no longer need your personal data to provide our services, but you need them to assert your rights.
- If you object to processing under the paragraph above, until we verify whether our reasons for processing outweigh your interests.
Right to be Forgotten (Right to Erasure of Personal Data)
In case you discover that we process your personal data:
- Despite the fact that their processing is no longer necessary for the purposes for which we obtained them.
- If you object as mentioned above, and we cannot demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, and/or
- Unlawfully, you have the right to request, without undue delay by sending a message to the email address firstname.lastname@example.org, that we erase such processed personal data from our records. However, we cannot delete data even upon your request if their processing is necessary for exercising the right to freedom of expression and information, for fulfilling our legal obligation, or for the performance of a task carried out in the public interest, or for the establishment, exercise, or defence of legal claims.
Right to Data Access
If you request, by sending a message to the email address email@example.com, that we provide you with the personal data we process, we will send them to you in a structured, commonly used, and machine-readable format (e.g., in *.xls, *.csv, or a similar format). If you ask us to send your personal data to another personal data controller, we will, of course, comply with your request.
Right to Unsubscribe from Commercial Announcements at Any Time
If you no longer wish to receive commercial announcements from us, you can prevent them by clicking on the link included in each commercial announcement.
Right to Withdraw Consent for Receiving Commercial Announcements and Processing Personal Data for Participation in Consumer Contests at Any Time
If, as part of our special actions, we seek your consent to process personal data, you can withdraw this consent at any time, without specifying a reason. You can withdraw your consent either in the manner described in the rules of the consumer contest or by sending a withdrawal of consent to the email address firstname.lastname@example.org. In this case, personal data will be promptly deleted. However, further participation in the contest will be excluded. Withdrawal of consent does not affect the legality of processing personal data based on consent before its withdrawal.
Right to Lodge a Complaint with the Office for Personal Data Protection
If, in your opinion, we are not fulfilling all our legal obligations related to the processing of personal data, please contact us at the email address email@example.com. If we do not assist you, you have the right to contact the Office for Personal Data Protection at its registered office address: Hraničná 4826/12, 820 07 Bratislava, by email at firstname.lastname@example.org, or through any other means accepted by the Office for Personal Data Protection.
For more information about the office, please visit their website at www.uoou.sk.