PRIVACY POLICY AND PERSONAL DATA PROCESSING

Prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, pursuant to Articles 13 and 14 of the Regulation (hereinafter referred to as “GDPR”), and Act No. 18/2018 Coll. on Personal Data Protection (hereinafter referred to as the “Personal Data Protection Act”).

Pursuant to Article 6(1)(b) of the General Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, the seller, as the data controller, will process the buyer’s personal data in the process of concluding a purchase contract without the buyer’s explicit consent. This is because the processing of the buyer’s personal data is carried out by the seller in pre-contractual relations with the buyer and is necessary for the performance of the purchase contract, in which the buyer is one of the contracting parties.

An online store (hereinafter referred to as the “e-shop”) can be defined as the sale of goods or services using information and communication technologies and web applications in the online environment, where the e-shop operator is on one side of this relationship and the customer (hereinafter referred to as the “customer”) is on the other.

When purchasing in the e-shop, a purchase contract is concluded between the operator and the customer via the internet (a remotely concluded contract). As part of such a contract, information is obtained, including the customer’s personal data, in the following scope:
• Title, first name, last name
• Home address, or delivery address
• Email, phone number
• Order details
• Personal data necessary for making online payments

The seller undertakes to handle and process the buyer’s personal data in accordance with the applicable legal regulations of the Slovak Republic.

The seller declares that personal data will be collected exclusively for the purposes stated in this Privacy Policy.

The seller also declares that personal data will be processed and used exclusively in a manner that corresponds to the purpose for which it was collected and will not be combined with personal data obtained for other purposes.

  1. Data Controller

The data controller is the e-shop operator:
Business name: SACSLAB s. r. o.
Registered office: Kopčianska 10, 851 01 Bratislava – mestská časť Petržalka, Slovakia
Company ID (IČO): 56 157 169

Registered in: Commercial Register of the District Court Bratislava III, Section: Sro, Insert No. 177262/B
Legal form: Limited Liability Company (s. r. o.)
Phone: +421 950 77 55 00
Email: info@sacslab.com

  1. Data Protection Officer

A Data Protection Officer has not been appointed, as this obligation does not arise from the GDPR.

  1. Automated Decision-Making and Profiling

Your personal data will not be used for automated individual decision-making, including profiling.

  1. Transfer of Personal Data to Third Countries

The data controller does not provide, disclose, or grant access to personal data to third countries.

  1. Security of Personal Data Processing

The data controller declares that appropriate personnel, technical, and organizational measures have been taken to ensure the security of personal data.

  1. Purpose of Personal Data Processing

The data provided by the buyer is necessary for processing and fulfilling orders, issuing invoices, concluding a purchase contract, making payments, delivering goods or services, and providing other related services, such as issuing tax documents and handling complaints in the online store (especially in accordance with legal regulations governing consumer protection).

Order Processing

We process your personal data to conclude a contract between you, as our customer and potential buyer, and us, as the supplier, when using our services. In this case, personal data is processed only to the extent necessary to conclude and fulfill the respective contract. This primarily includes fulfilling the contract’s subject matter, customer support, and contract management.

Providing your personal data for this purpose is entirely voluntary but necessary for concluding the contract and managing it. If the buyer does not provide the required data, the seller has the right to cancel the order.

When shopping in the e-shop, the buyer commits to providing truthful information. Providing false information is in violation of the general terms and conditions of the e-shop.

Communication and Customer Support

Personal data is used to communicate with you. We may contact you for the following reasons:

  • To remind you of an item left in your online shopping cart,
  • To assist you in completing your order,
  • To provide updates on the status of your request, order, or complaint.
  • Providing updates on the current status of your request, order, or complaint,
  • Obtaining additional necessary information.

Marketing Purposes:

  1. Sending newsletters to an email address upon the customer’s subscription to the mailing list on the sacslab.com online store. The data collected includes (title, first name, last name, and email address).
  2. Participation in marketing campaigns (promotions) conducted on the SACSLAB s. r. o. online store website or via printed materials (flyers). The data collected includes (title, first name, last name, postal address, email address, phone number, and signature).
  3. Subscription to the newsletter can be done by entering an email address in the “Subscribe to our newsletter” field on sacslab.com. Additionally, a customer can consent to receiving marketing emails by checking the relevant box before submitting an order.

In accordance with Article 6(1)(a) of the General Data Protection Regulation (EU) 2016/679, the customer consents to the processing and storage of their personal data—particularly the data mentioned above or any data necessary for SACSLAB’s activities related to sending information about new products, discounts, and promotions. The customer agrees that SACSLAB may process their data in all its information systems related to these purposes.

This consent is granted for a limited period until the purpose of processing is fulfilled. Once the purpose is achieved, the seller will promptly delete the customer’s personal data.

A customer may withdraw consent at any time in writing. They can also unsubscribe from the newsletter electronically by clicking the “Unsubscribe” link located at the bottom of each newsletter email they receive. The consent will be revoked within one month of the seller receiving the withdrawal request.

Marketing Communication with Customers:

Organizing competitions via online stores or social media platforms. The following personal data is processed:

  • First name, last name,
  • Email address,
  • Postal address,
  • Phone number.

Registration Form:

Customers have the option to register in the online store. A registered customer can take advantage of the benefits offered by the e-shop. The following personal data is processed:

  • First name, last name,
  • Address,
  • Phone number,
  • Email address,
  • Password.

Abandoned Cart:

If a registered customer does not complete their purchase or payment, they will receive an email reminder with the contents of their cart. The following personal data is processed:

  • IP address,
  • Email address,
  • First name, last name.

Contact Form:

Through the contact form, customers can reach out to the e-shop operator more efficiently to expedite the resolution of their requests. The following personal data is processed:

  • First name,
  • Email address.

Reactivation:

If a customer has not been active in the e-shop for an extended period, the operator may send a discount code to encourage them to make another purchase. The following personal data is processed:

  • Identification data,
  • Location data.

Segmentation:

The operator analyzes customers based on their purchased products and subsequently targets them with relevant product offers. The following personal data is processed:

  • Identification data,
  • Location data.

Upselling:

Based on the contents of a customer’s cart or their previous purchases, additional recommended products may be displayed during the checkout process. The following personal data is processed:

  • Identification data,
  • Location data.
  • When operating profiles on social media platforms (Facebook, Instagram), our primary goal is to increase awareness of our business in the online environment and maintain communication with our customers.
  • Any personal data you publish on our social media pages, such as comments, likes, videos, images, etc., will be shared through the platform’s services. These personal data will not be further processed for any other purposes.
  • You have the right to object at any time, for reasons related to your specific situation, to the processing of your personal data. You can submit your objections via email to our contact address: info@sacslab.com.

Social media platform operators have their own policies, service infrastructures, and privacy regulations. We have no influence over how these platforms transfer and use your data. We strongly recommend reviewing the privacy policies of the respective social media platforms:

Measurement of Website Traffic and Service Improvement

We collect data on website traffic, viewed content, and user activity through cookies to improve our services. This data is collected based on your consent, granted through your browser settings. More information can be found in our “Cookie Usage Policy.”

To ensure full transparency, we assess the accuracy of the personal data provided (where circumstances permit). If we identify incorrect personal data or inaccurate information stored in our system, we will promptly correct, restrict processing, or delete such data. If such data has been shared with third parties, we will inform all involved parties accordingly.

  1. Legal Basis for Processing Personal Data
  • Article 6(1)(a) GDPR: Your consent for processing personal data for direct marketing purposes.
  • Article 6(1)(b) GDPR: Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject before entering into a contract. When placing an order (pre-contractual relationship), a purchase contract is usually concluded remotely between the e-shop operator and the data subject. This also includes payment processing, product/service delivery, complaint handling, etc., where customer data is processed without explicit consent.
  • Article 6(1)(c) GDPR: Processing is necessary to comply with the controller’s legal obligations, including invoicing, record-keeping of accounting documents, and other legal requirements related to e-commerce operations.
  • Article 6(1)(f) GDPR: Processing is necessary for the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject that require data protection.
  1. Categories of Data Subjects
  • Customers of the e-shop (website visitors).
  1. How Long Do We Process Personal Data? Sharing with Third Parties

The controller retains personal data:

  • For the period necessary to fulfill rights and obligations arising from the contractual relationship between you and the controller, as well as to enforce claims resulting from these relationships.
  • Upon expiration of the legally required retention period under Act No. 395/2002 Coll. on Archives and Registries, the controller will delete the personal data.
  1. Recipients of Personal Data

A recipient is any entity to whom personal data is provided, regardless of whether it is a third party. A public authority processing personal data under special legislation is not considered a recipient.
The recipients include service providers involved in product/service delivery and payment processing under contractual agreements:

  • Geis (Parcel reception, processing, and delivery, SMS notifications to recipients).
  • MKV Group, s.r.o. (Website administration).
  1. Your Rights Regarding Personal Data Processing

Ensuring the lawful processing of your personal data is a priority for us, and we are committed to its protection. Under the GDPR, you have the following rights:

  • Right to access your personal data (Article 15 GDPR)
  • Right to rectify inaccurate or outdated personal data (Article 16 GDPR)
  • Right to restrict processing (Article 18 GDPR)
  • Right to erasure (“right to be forgotten”) (Article 17 GDPR)
  • Right to object to processing (Article 21 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to withdraw consent (Article 7 GDPR), either electronically or in writing
  • Right to lodge a complaint with a data protection authority if you believe your data protection rights have been violated (Article 77 GDPR)

Your Rights Regarding Personal Data Processing

Under the GDPR, you have the following rights:

  • Right to access your personal data (Article 15 GDPR)
  • Right to rectify inaccurate or outdated personal data (Article 16 GDPR)
  • Right to restrict processing (Article 18 GDPR)
  • Right to erasure (“right to be forgotten”) (Article 17 GDPR)
  • Right to object to processing (Article 21 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to withdraw consent (Article 7 GDPR), either electronically or in writing
  • Right to lodge a complaint with the data protection authority if you believe your data protection rights have been violated (Article 77 GDPR)

Information About the Processing of Your Personal Data

The information provided includes:

  • Identity and contact details of the data controller.
  • The purposes of processing.
  • Categories of personal data being processed.
  • Recipients or categories of recipients of personal data.
  • Information on data transfers to third countries.
  • Retention periods for personal data.
  • Authorized processors.
  • An overview of your rights.
  • The possibility of lodging a complaint with the Data Protection Authority.
  • The source of the processed personal data.
  • Information on whether and how automated decision-making and profiling occur.

Right to Access Personal Data

You have the right to confirm whether your personal data is being processed and, if so, to access details about:

  • The purposes of processing.
  • Categories of personal data involved.
  • Recipients or categories of recipients.
  • Retention periods for personal data.
  • Your rights regarding data processing.
  • The right to lodge a complaint with the Data Protection Authority.
  • The source of the personal data.
  • Whether automated decision-making and profiling take place.
  • Information and safeguards related to the transfer of personal data to a third country or international organization.
  • You also have the right to request a copy of the processed personal data.

Right to Rectification

Are we processing outdated or incorrect personal data about you? Have you changed your email address? Please inform us, and we will correct your personal data accordingly.

Right to Erasure (“Right to Be Forgotten”)

In certain cases prescribed by law, we are obliged to delete your personal data upon request. However, each request is individually assessed to determine whether the conditions for deletion are met. In some cases, the controller may have a legal obligation or legitimate interest in retaining certain data if it outweighs your right to erasure.

Rights to Restrict Processing

If you wish for us to process your personal data solely for the most necessary legal reasons or to block your personal data, you have the right to request restriction of processing.

Right to Data Portability

If you would like us to provide your personal data to another controller or company, we will transfer your data in an appropriate format unless legal or other significant obstacles prevent us from doing so.

Right to Object

If you believe or suspect that we process your personal data in violation of your privacy, personal rights, or applicable laws, please contact us to request an explanation or rectification of the issue.

Right to File a Complaint with the Data Protection Authority

You may file a complaint regarding the processing of your personal data with the supervisory authority at any time:
Office for Personal Data Protection of the Slovak Republic
Address: Hraničná 12, 820 07 Bratislava 27, Slovak Republic
Company ID: 36 064 220
Phone: +421/2/3231 3220
Website: https://dataprotection.gov.sk/uoou/

  1. How Can You Exercise Your Rights?

You can submit your request through one of the following methods:

  • By Email: info@sacslab.com
  • By Mail: Kopčianska 10, 851 01 Bratislava – mestská časť Petržalka, Slovakia
  • Electronically via the following links:
    • Request to Exercise Data Subject Rights
    • Objection to Personal Data Processing
    • Withdrawal of Consent for Personal Data Processing
  1. How Soon Can You Expect a Response from SACSLAB s.r.o.?

We will respond to your request and provide information on any measures taken as soon as possible, but no later than one month from receiving your request. If necessary, and considering the complexity and number of requests, we may extend this period by two additional months. If an extension is required, we will notify you along with the reasons for the delay.

  1. How to Contact Us?

If you have any questions or concerns regarding this privacy policy, please feel free to contact us anytime:

  • Email: info@sacslab.com
  • Mail: Kopčianska 10, 851 01 Bratislava – mestská časť Petržalka, Slovakia

These Privacy Policy Terms become valid and effective upon publication on the website.

Downloads: