More
    Language
    English
    Registration
    Home / PRIVACY AND COOKIES NOTICE

    PRIVACY AND COOKIES NOTICE

    PRIVACY AND COOKIES NOTICE

    / Privacy Policy and Privacy Notice provided by the data controller to the data subject with respect to obtaining personal data from the data subject, and the cookie notice of the internet shop webbernaturals.at, webbernaturals.de, webbernaturals.ch /

     

    1. Data Controller

     

    • The identity and contact details of the data controller are:

     

    Business name: iNET, spol. s r.o.
    Registered office: Romanova 15, Bratislava 851 02, Slovak Republic

    Registered in the Commercial Register of Bratislava III Municipal Court, Section Sro, File No. 22215/B
    ID No.: 35793392

    VAT Registration: 2020213921

    VAT ID: SK2020213921
    Bank account: SK5711000000002628833920

    The Seller is a VAT payer.

     

    1.2 E-mail and telephone of the Data Controller:

     

    E-mail: info@webbernaturals.at

    Tel: +4219XXXXXXXX

     

    • Address of the Data Controller for sending documents:

     

    iNET, spol. s r.o., Romanova 15, 85102 Bratislava, Slovak Republic

     

    1.4. In accordance with Article 13(1) and (2) of  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“Regulation”), and in accordance with Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Acts, as amended, and in accordance with Act No. 452/2021 Coll. on Electronic Communications, as amended, the Data Controller provides to the Data Subject - (buyer), from whom the Data Controller (seller) obtains personal data concerning the Data Subject, the following information and instructions:

     

    1. References

     

    2.1. This Privacy Policy and Privacy Notice form part of the General Terms and Conditions published on the Seller's Website.

    2.2. Pursuant to §3 (1) (n) Act No. 102/2014 Coll., the Seller hereby informs consumers that there are no special relevant codes of conduct which the Seller has committed to abide by; ‘code of conduct’ means an agreement or a set of rules that lay down the Seller’s conduct, which the Seller has agreed to comply with respect to one or more specific business practices or business sectors unless these are provided for by law or by other legislation or measures of a public authority, which the Seller has committed to comply with, and on the manner in which the consumer may inspect or obtain such documents.

     

    III. Privacy and Cookies Use, Instructions and Guidance on Cookies, Scripts, and Pixels

    3.1 The website operator provides the following brief explanation of the function of cookies, scripts and pixels:

    3.1.1. Cookies are text files that contain small amounts of information that are downloaded onto your device when you visit a website. Through this file, the website retains information about your actions and preferences (such as login, language, font size and other display settings) for a certain period of time, so that you do not have to re-enter them the next time you visit the website or browse its individual pages.

    A script is a piece of programming code that is used to make a website function properly and interactively. This code runs on the operator's server or on your device.

    Pixels are small, invisible texts or images on a web page that are used to monitor website traffic. For this to happen, various data is stored via pixels.

    3.1.2. Types of Cookies

    Technical or functional cookies - ensure the proper functioning of the website and its use. These cookies may be used without your consent.

    Statistical cookies - The controller obtains statistics on the use of its website. These cookies are only used subject to your consent.

    Marketing/Advertising Cookies - Used to create advertising profiles and similar marketing activities. These cookies are only used subject to your consent.

    3.2. How to control cookies:

    3.2.1. You can control and/or delete cookies at your discretion - see aboutcookies.org for details. You can delete any cookies stored on your computer or other device, and you can set up most browsers to prevent them from being stored.

    3.3. The Data Controller’s website uses the following cookies:

    Technical or functional cookies - the information is accessed by the website operator. Cookies are stored for 2 years.

    Statistical cookies - the information is accessed by the website operator. Cookies are stored for 2 years.

    Marketing and advertising cookies - the information is accessed by the website operator. Cookies are stored for 2 years.

    3.3.1. Cookies made available to third parties:

    Google Analytics, Google ADS: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For more information on privacy please visit https://support.google.com/analytics/topic/2919631?hl=sk&ref_topic=1008008

    META Pixels: Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland. For more information on privacy please visit https://www.facebook.com/about/privacy/

     

    1. Processed Personal Data

     

    4.1. The Data Controller processes the following personal data on its website: name, surname, residence, e-mail address, home telephone number, mobile phone number, billing address, delivery address, data obtained from cookies, and IP addresses.

     

    1. Contact Details of the Data Protection Officer

     

    5.1. The Data Controller has appointed a data protection officer in accordance with Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Contact: E-mail: info@webbernaturals.at, Tel: +421902399047.

     

    5.2. At the same time, the Data Controller is also the Seller within the meaning set out in the General Terms and Conditions of this website.

     

    1. Purposes of Processing Data Subject’s Data and Duration Data Processing

     

    6.1. The purposes of the processing of the data subject’s data include:

     

    6.1.1. registration, creation, and processing of contracts and client data for the purpose of concluding contracts with third parties.

     

    6.1.2. processing of accounting documents and documents related to the Data Controller’s business activity.

     

    6.1.3. compliance with legal regulations in connection with archiving instruments and documents according to Act No. 431/2002 Coll. Accounting Act as amended and other relevant regulations.

     

    6.1.4. the activities of the Data Controller in connection with the fulfilment of the requests, orders, contracts and other of the data subject.

     

    6.1.5. newsletter, marketing and similar advertising activities of the Data Controller. In case the data subject has given consent to the Data Controller for marketing and similar advertising activities.

     

    6.2. The data subject’s personal data shall be stored by the Data Controller only for the strictly necessary period of time required for the purposes of the performance of the contract, and the data shall be subsequently archived as per the statutory time limits imposed on the Data Controller. If the data subject has consented to receive promotional e-mails and similar offers, the data subject’s personal data shall be processed for these purposes until the data subject withdraws their consent. The processing period shall not exceed 10 years.

     

    VII. Legal Basis for Data Processing

     

    7.1 If the Data Controller processes personal data based on the consent of the data subject, such processing will only be initiated after the data subject has given their consent.

     

    7.2. If the Data Controller processes personal data of the data subject for the purposes of negotiating pre-contractual relations and the conclusion and performance of a purchase contract and the related delivery of goods, products or services. The data subject is obliged to provide personal data for the proper performance of the purchase contract; otherwise, the performance thereof cannot be ensured. Personal data for this purpose may be processed without the consent of the data subject.

     

    VIII. Recipients or Categories of Recipients of Personal Data

     

    8.1. The recipient of the data subject’s personal data will be or may be:

     

    8.1.1. the statutory bodies or members of the statutory bodies of the Data Controller.

     

    8.1.2. persons performing work as part of their employment or similar labour relationship with the Data Controller.

     

    8.1.3. the Data Controller’s sales representatives and other persons working with the Data Controller in the performance of the Data Controller’s tasks. For the purposes of this document, all natural persons performing dependent work for the Data Controller under an employment contract or agreements on the performance of work performed outside of employment shall be deemed to be employees of the Data Controller.

     

    8.1.4. The recipient of the data subject’s personal data may also be provided to the associates, business partners, suppliers and contractors of the Data Controller, in particular any of the following: accounts, companies providing software development and software maintenance, companies providing legal services to the Data Controller, Data Controller’s consultants, companies transporting and delivering products to purchasers and third parties, marketing companies, companies operating social networks, companies providing payment gateways and other payment methods.

     

    8.1.5. The personal data may also be provided to courts, law enforcement authorities, tax authorities and other state agencies if so required by law. The Data Controller shall provide the personal data to the competent authorities and state agencies on the basis of and in accordance with the legislation of the Slovak Republic.

     

    8.1.6. List of third-party processors and recipients who will process the personal data of the data subject:

     

    Österreichische Beteiligungs AG - third party providing transport services

     

    PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24, Boulevard Royal, 2449, LUXEMBOURG, Luxembourg - third-party provider of the PAYPAL payment gateway

     

    Shoptet, a.s., Dvořeckého 628/8, 169 00 Praha 6, Czech Republic, ID: 28935675, Tax ID: CZ28935675 - third entity providing the SHOPTETPAY payment gateway

     

    TATRA - AUDIT, spol. s r.o., Hroncová 2 040 01 Košice - third party providing accounting

     

    1. Information on the Disclosure of Personal Data to Third Countries and Retention Period:

     

    9.1. Not applicable. The controller will not transfer the personal data of data subjects to third countries.

     

    1. Data Subject Rights:

     

    10.1. The data subject shall have the following rights, inter alia:

     

    10.1.1. The provisions of Clause 10.1 shall be without prejudice to the other rights of the data subject.

     

    10.1.2. The right of the data subject to access to data pursuant to Article 15 of the Regulation, which includes:

     

    • the right to obtain confirmation from the Data Controller as to whether it processes the data subject’s personal data and, if so, to what extent. At the same time, if the data is processed, the data subject is entitled to know about the content of the information and to request information from the Data Controller about the reason for their processing, in particular information on: the reason for the processing, the categories of the personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if the recipients are located in third countries or are international organisations, the estimated period of retention of the personal data or, if this information is not available, the criteria for determining such information, on the existence of the right to require that the Data Controller rectify or delete or limit the extent of the processing of the personal data of the data subject and the right to object against such processing, the right to file a complaint with the supervisory authority where the personal data have not been obtained from the data subject, any information available regarding the information source, the existence of automated decision-making including profiling as per Article 22 (1) and (4) of the Regulation, and, in such cases, at least meaningful information about the process used as well as the significance and the envisaged consequences of such processing of personal data for the data subject, about the adequate safeguards pursuant to Article 46 of the Regulation relating to the transfer of personal data where personal data are transferred to a third country or an international organisation.

     

    10.1.3. the right to obtain a copy of the personal data processed, provided, however, that the right to obtain a copy of the personal data processed shall not adversely affect the rights and freedoms of others.

     

    10.1.4. the right of the data subject to rectification pursuant to Article 16 of the Regulation, which includes the right: the right to obtain rectification from the Data Controller without undue delay of any incorrect personal data concerning the data subject; the right to have any incomplete personal data of the data subject completed, including by means of providing a supplementary statement; the right to obtain erasure of personal data (the so-called “right to be forgotten”) pursuant to Article 17 of the Regulation, which includes:

     

    10.1.5. the right to obtain from the Data Controller without undue delay the erasure of personal data concerning the data subject where one of the following grounds applies:

    - the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing, the data subject objects to the processing pursuant to Article 21(1) of the Regulation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the Regulation, the personal data have been unlawfully processed, the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject, the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the Regulation;

     

    10.1.6. if the Data Controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the Data Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, and the right to the erasure of personal data as per Article 17 (1) and (2) of the Regulation shall not apply to the extent that processing is necessary:

     

    10.1.7. for exercising the right of freedom of expression and information,

     

    10.1.8. for compliance with a legal obligation which requires processing by the European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,

     

    10.1.9. for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) as well as Article 9 (3) of the Regulation,

     

    10.1.10. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) of the Regulation in so far as the right referred to in Article 17 (1) of the Regulation is likely to render impossible or seriously impair the achievement of the objectives of that processing; or for the establishment, exercise or defence of legal claims;

     

    10.1.11. The right of the data subject to obtain from the Data Controller restriction of processing pursuant to Article 18 of the Regulation where one of the following applies:

     

    10.1.12. the right to obtain from the Data Controller restriction of processing of personal data in the following cases: the accuracy of the personal data is contested by the data subject, for a period enabling the Data Controller to verify the accuracy of the personal data, the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead, the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims, the data subject has objected to processing pursuant to Article 21 (1) of the Regulation pending the verification whether the legitimate grounds of the controller override those of the data subject;

     

    10.1.13. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State;

     

    10.1.14. A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted;

     

    10.1.15. the right of the data subject to obtain performance of the notification of recipients pursuant to Article 19 of the Regulation: the Data controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 (1) and Article 18 of the Regulation to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it;

     

    10.1.16. The right of the data subject to data portability pursuant to Article 20 of the Regulation: the data subject shall have the right to receive the personal data concerning them, which they have  provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Data Controller to which the personal data have been provided, where:

     

    a/ the processing is based on consent pursuant to point (a) of Article 6 (1) (a) of the Regulation or Article 9 (2) (a) of the Regulation or on a contract pursuant to Article 6 (1) (b) of the Regulation, and at the same time;

    b/ the processing is carried out by automated means:

     

    10.1.17. the right to receive the personal data in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the Data Controller shall be without prejudice to the rights and freedoms of others;

     

    10.1.18. the right to have the personal data transmitted directly from one controller to another, where technically feasible;

     

    10.1.19.the right of the data subject to object under Article 21 of the Regulation, which includes:

     

    10.1.20. the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning them which is based on Article 6 (1) (e) or (f) of the Regulation, including profiling based on those provisions;

     

    10.1.21. in the event of exercising the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning them which is based on Article 6 (1) (e) or (f) of the Regulation, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;

     

    10.1.22. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing; where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes;

     

    10.1.23. In the context of the use of information society services, the data subject may exercise his or her right to object by automated means using technical specifications;

     

    10.1.24. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1), the data subject, on grounds relating to their particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest;

     

    10.1.25. The right of the data subject related to automated individual decision-making pursuant to Article 22 of the Regulation, which includes:

     

    10.1.26. The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them; this shall not apply in cases pursuant to Article 22 (2) of the Regulation, i.e. if the decision (a) is necessary for entering into, or performance of, a contract between the data subject and a Data Controller.  

     

    10.1.27. (b) Is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (c) is based on the data subject’s explicit consent.

     

    1. Instructions on the Right of the Data Subject to Withdraw Consent to Personal Data Processing:

     

    11.1. The data subject is be entitled to withdraw their consent to the processing of personal data at any time, without this prejudicing the lawfulness of the processing of personal data based on the consent given prior to its withdrawal.

    The data subject is entitled to withdraw their consent to the processing of personal data at any time - in whole or in part. A partial withdrawal of the consent to the processing of personal data may relate to a specific type of processing operation(s), while the lawfulness of the processing of personal data to the extent of the remaining processing operations remains unaffected. A partial withdrawal of the consent to the processing of personal data may relate to a particular specific processing purpose(s), while the lawfulness of the processing of personal data for the remaining purposes remains unaffected.

    The right to withdraw the consent to the processing of personal data may be exercised by the data subject in paper form to the address of the Data Controller registered as its registered office in the commercial register at the time of withdrawal of consent to the processing of personal data or in electronic form by electronic means (by sending an e-mail to the e-mail address of the Data Controller specified in the identification of the Data Controller in this document).

     

    XII. Instructions on the Right of the Data Subject to File a Complaint with the Supervisory Authority:

     

    12.1. The data subject shall have the right to file a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of workplace of the alleged infringement, if they believe that processing of personal data concerning them is violating the Regulation, without prejudice to any other administrative or judicial remedy.

    The person concerned, as the complainant, shall have the right to be informed by the supervisory authority to which the complaint has been filed of the progress and outcome of the complaint, including the possibility of seeking judicial redress pursuant to Article 78 of the Regulation.

     

    12.2. The supervisory authority in the Slovak Republic is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, Slovak Republic. Tel. contact: +421 /2 3231 3214, E-mail: statny.dozor@pdp.gov.sk,

     

    XIII. Information Related to Automated Decision-Making Including Profiling:

     

    13.1. As the processing of the data subject’s personal data by the Data Controller does not include automated decision-making, including profiling referred to in Article 22 (1) and (4) of the Regulation, the data subject’s personal data shall be processed in accordance with Article 22 (1) and (4) of the Regulation. 2(f) of the Regulation, the Data Controller is not obliged to provide the information pursuant to Article 13 (2) (f) of the Regulation, i.e. information on automated decision-making, including profiling, and on the procedure used, as well as on the significance and foreseeable consequences of such processing of personal data for the data subject. Not applicable.

     

    XIV. Final Provisions

    14.1. This Privacy Policy and the privacy and cookie notices form an integral part of the General Terms and Conditions and the Complaints Procedure. The documents - General Terms and Conditions and Complaints Procedure of this Website are published on the domain of the Seller’s website.

    14.2. This Privacy Policy comes into force and effect upon their publication on the Seller’s website on 18.10.2023

     

     

    This eshop is certified http://www.pravoeshopov.sk