fbpx

Principles of Processing and Protection of Personal Data

Principles of Processing and Protection of Personal Data

All4Gastro s. r. o., having its registered office at Nobelova 1/A, 831 02 Bratislava - Nové Mesto, company ID No.: 48115878 (hereinafter referred to as the "Company" or the "Controller") treats your personal data responsibly and therefore, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)(hereinafter referred to as the "GDPR") and the Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendment and Additions to Certain Acts (hereinafter referred to as the "Act"), to you, as the data subject (the natural person whose personal data is being processed), on its website, in addition to its identification and contact details

and the contact details of the data protection officer, it also makes available other necessary information.

Pursuant to Article 24 of the GDPR and Section 31 of the Act, the Controller has taken appropriate technical, organisational, personnel and security measures and safeguards, that take into account in particular:

  • - the principles of the processing of personal data, which are lawfulness, fairness and transparency, the limitation and compatibility of the purposes for which personal data are processed, the minimisation of personal data, their pseudonymisation and encryption, as well as integrity, confidentiality and availability;

  • - the principles of necessity and proportionality (also applicable to the scope and amount of personal data processed, the storage period and access to the data subject's personal data) of the processing of personal data with regard to the purpose of the processing operation;

  • - the nature, scope, context and purpose of the processing operation;

  • - the resilience and recovery of personal data processing systems;

  • - instructions to authorised persons of the Controller;

  • - taking measures to establish without delay whether a personal data breach has occurred

    and promptly informing the supervisory authority and the data protection officer;

  • - taking measures to ensure the rectification or deletion of inaccurate data or the implementation

    of other rights of the data subject;

  • risks of varying likelihood and severity to the rights and freedoms of natural persons (in particular

    ccidental or unlawful destruction of personal data, loss or alteration of personal data, misuse of personal data - unauthorised access or unauthorised disclosure, assessment of the risks having regard to the origin, nature, likelihood and severity of the risk
    in relation to the processing and to identify best practices to mitigate the risk).

    Information on the purpose of the processing for which the personal data are intended.

    As the operator of the online shop on the website https://www.ananas.wtf , we collect personal data from you that we actually need to provide you with a full service and process it when delivering the products and goods you have ordered, when providing client and product support, or when dealing with any complaints that may arise. At the same time, we process personal data for the purpose of fulfilling our legal obligations in the field of tax and accounting, more specifically in the preparation and issuance of clients’ invoices.

page1image3749760 page1image3747072

Legal bases for processing personal data

page2image3795648

Below are the legal bases for the processing of personal data for a specific purpose in individual procedural steps during the provision of our services:

  • When communicating with clients by phone, in person, by email/regular post, we process data within the meaning of Article 6(1)(f) of the GDPR - legitimate interest for the purpose of responding to an enquiry/suggestion or question made by you regarding the services and goods provided, where it is necessary to verify the relevance of the request, or to carry out a possible follow-up contact of the client as a data subject;

  • In case of interest in our services, when placing an order for products/goods via telephone, e-mail or via e-shop
    at https://www.ananas.wtf, we process data within the meaning of Article 6(1)(b) of the GDPR Regulation - where data processing is necessary to carry out the necessary measures as requested by the customer as a data subject prior to the conclusion and confirmation of the order, i.e. during the pre-contractual relationship process - e.g. identification of the client when creating or defining the request or order, determination or change of address and delivery time;

  • After confirmation of the order, i.e. after the contractual relationship has been established between the Company as the operator of the e-shop https://www.ananas.wtf and you as the data subject - the ordering party, during the necessary cooperative communication with the client, when informing about changes in the status of the order, during the final personal delivery, or during the preparation and issuance of the tax document - invoice, we process data within the meaning of Article 6 (1) (b) of the GDPR Regulation - where the processing of the data is necessary for the fulfilment of the contractual relationship, to which the data subject, i.e. the client, is a contractual party.

    List of personal data processed

    Data required for online ordering
    - Name and surname
    - E-mail address
    - Address of permanent residence or other correspondence address for delivery of shipment
    - Telephone number

    Billing information
    - Name and surname
    - Address of permanent residence or other correspondence address for delivery of shipment telephone number
    - Name and surname

    - Address of permanent residence or other correspondence address for billing purposes

page2image3672128 page2image3682304 page2image3674624 page2image3675968 page2image3683072page2image3682688

- Telephone number - to confirm the date, time and place of delivery, or to make changes to the order

- E-mail address - for the purposes of sending an order confirmation, an emergency means of communication if the customer is not available at the telephone number provided.

Information on the retention period of personal data
Information on the period of processing of personal data or information on the criteria for its determination:

Your personal data that we have processed or are processing within the meaning of Article 6(1)(b) of the GDPR Regulation - in the context of fulfilling the Company's obligations as the operator of the e-shop https://www.ananas.wtf towards customers and clients, we also process for the purpose of fulfilment of our legal obligations in the field of taxation and accountancy, which are imposed on us by generally binding legal regulations (e.g. we must retain individual accounting records of your confirmed orders and invoicing for the purposes of delivery of selected goods to your contact address in accordance with the Act no. 431/2002 Coll. on Accounting, as amended, for the cases of proving compliance with tax obligations in accordance with the tax legislation, such as the Act no. 595/2003 Coll. on Income Tax, Act no. 563/2009 Coll. on Tax Administration, etc.) for the period of time stipulated by the relevant legislation. In any case, however, we are guided by the principle of minimising the retention of personal data within the meaning of Article 5(1)(e) of the GDPR Regulation and therefore your personal data that is not subject to archiving under special legislation will be deleted or anonymised.

Personal data processed within the meaning of Article 6(1)(f) of the GDPR Regulation - on the basis of legitimate interest, which was obtained in response to an enquiry/suggestion or question made by you regarding the services provided and products supplied, where it was necessary to verify the relevance of the request or to carry out any follow-up contact of the client/data subject, after which it was not subsequently forwarded to a pre-contractual or contractual relationship, are deleted without delay.

As the Controller, we will ensure deletion of the personal data without undue delay after:

all contractual relationships between you and our Company have been terminated; and/or
all your obligations to our Company have ceased; and/or
all your complaints and requests have been processed; and/or
all other rights and obligations between you and our Company have been settled;

and/or
all the processing purposes set out in the legislation

or the purposes for which you have given your consent have been fulfilled, if the processing was carried out on the basis of consent of the

data subject; and/or
the period for which consent was given has expired or the data subject has withdrawn his or her consent;

and/or
the data subject's request for erasure of personal data has been complied with and one of the grounds justifying the acceptance

of that request has been fulfilled;
a legal event that is relevant for the termination of the purpose of the processing has occurred

and at the same time the protective retention period defined with regard to the principle of minimisation of the retention period personal

data has expired;
and at the same time the legitimate interest of our Company ceased to exist,

all obligations of our Company stipulated under generally binding legal regulations which require

page3image3683840

retention of the data subject's personal data (in particular for archival purposes, tax inspection purposes, etc.), or which could not be fulfilled without retention of such data, ceased to exist.

In any event, we do not systematically further process any personal data collected incidentally for any purpose defined by us. Where possible, we inform the data subject to whom the incidentally obtained personal data belong of their incidental collection and, according to the nature of the case, provide the data subject with the necessary cooperation leading to the restoration of control over the data subject’s personal data. Immediately after these necessary actions to resolve the situation, we immediately dispose of all accidentally obtained personal data in a secure manner.

If you would like further information about the specific retention period of your personal data, please contact us using the contact details provided on our website.

Rights of the data subject

The GDPR and the Act guarantee you the following rights as a data subject:
a) the right of the Data subject to access to personal data, the content of which is:

  • the right to obtain confirmation from the Controller as to whether personal data relating to the Data subject are being processed;

  • where the Data subject's personal data are being processed, the right to obtain access to the personal data being processed and the right to obtain the following information:

    - information about the purposes of the processing;

    - information about the categories of personal data concerned;

    - information about the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;

    - where possible, information on the expected retention period of the personal data or, if this is not possible, information on the criteria for determining it;

    - information on the existence of the right to request from the Controller the rectification of personal data relating to the Data subject or its erasure or restriction of processing and the existence of the right to object to such processing;

    - information on the right to lodge a complaint with a supervisory authority;

    - if the personal data were not obtained from the Data subject, any available information as to its source;

    - information on the existence of automated decision-making, including profiling referred to in Article 22(1) and (4) of the Regulation and, in such cases, at least meaningful information about the procedure used as well as the significance and the envisaged consequences of such processing of personal data for the Data subject;

• the right to be informed of the adequate safeguards under Article 46 of the Regulation relating to the transfer of personal data where personal data are transferred to a third country or an international organisation;

page4image3795072

• the right to be provided with a copy of the personal data being processed, provided, however, that the right to be provided with a copy of the personal data being processed shall not adversely affect the rights and freedoms of others;

The Data subject's right of access to personal data inherently means that the Data subject has the right to obtain confirmation from us as to whether personal data relating to him or her is being processed and, if so, the right to obtain access to that personal data. We will provide a copy of the personal data that is being processed to the Data subject upon request. We may charge a reasonable fee for any additional copies requested by the Data subject, commensurate with the administrative costs. Where the Data subject has made a request by electronic means, the information will be provided in a commonly used electronic format, unless the Data subject has requested otherwise. The information must be provided immediately and at the latest within 1 month. We have the right to extend the processing time for a request by a further 2 months if the request is complex or frequent. However, we must notify the Data subject within 1 month of the reason for the extension of the processing period. If the request is unreasonable or too frequent, we have the right to charge a fee proportionate to the cost or refuse the request. We must explain the reason for the refusal and the data subject's right to complain to the supervisory authority.

b) the Data subject's right to rectification of personal data, which includes:

  • The right to have inaccurate personal data concerning the data subject rectified by the

    Controller without undue delay;

  • the right to have incomplete personal data of the data subject completed, including through the provision of a supplementary statement by the data subject;

    The right of the data subject to rectification of personal data means that you can ask us to correct or complete your personal data at any time if it is inaccurate or incomplete. The data subject has the right to have incomplete personal data completed, including by providing a supplementary declaration.

    c) the right of the data subject to have his or her personal data erased ("right to be forgotten"), which includes:

• the right to obtain from the Controller the erasure of personal data relating to the data subject without undue delay if one of the following grounds is met:

- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

- the data subject withdraws the consent on the basis of which the processing is carried out, provided that there is no other legal basis for the processing of the personal data;

- the data subject objects to the processing of personal data pursuant to Article 21(1). Regulation and there are no overriding legitimate grounds for processing the personal data; or the data subject objects to the processing of personal data pursuant to Article 21(2). Regulation;

- the personal data have been unlawfully processed;

- the personal data must be erased in order to comply with a legal obligation under European Union law or the law of a Member State to which the controller is subject;

- the personal data were collected in connection with the offer of information society services pursuant to Article 8(1). of the Regulation;

• the right to have the controller who has disclosed the personal data of the data subject take reasonable measures, including technical measures, having regard to the technology available and the cost of implementing the measures, to inform other controllers who process personal data that the data subject has requested them to erase all references to, copies of, or replicas of that personal data;

in doing so, the right to erasure of personal data containing the rights under Article 17(1) and (2) of the Regulation shall not arise insofar as the processing of the personal data is necessary:

1. for the exercise of the right to freedom of expression and information;

2. for the performance of a legal obligation which requires processing under European Union law or the law of a Member State to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

3. for reasons of public interest in the field of public health in accordance with Article 9(2)(h) and (i) of the Regulation as well as Article 9(3) of the Regulation;

4. for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the Regulation, in so far as the right referred to in Article 17(1) of the Regulation is likely to make it impossible or seriously impede the achievement of the objectives of such processing of personal data; or

5. for the establishment, exercise or defence of legal claims;

Thus, the data subject's right to erasure of personal data means that we must erase your personal data if (i) it is no longer necessary for the purposes for which it was collected or otherwise processed, (ii) the processing is unlawful, (iii) you object to the processing and there are no overriding legitimate interests for the processing, or (iv) we are required to do so by law.

d) the data subject's right to restrict the processing of personal data, which includes:
• The right to have the controller restrict the processing of personal data if one of the

following cases occurs:

- The data subject contests the accuracy of the personal data, during a period allowing the controller to verify the accuracy of the personal data;

- the processing of the personal data is unlawful, and the data subject objects to the erasure of the personal data and requests instead the restriction of its use;

- the controller no longer needs the personal data for the purposes of the processing, but the data subject needs it to establish, exercise or defend legal claims;

- the data subject has objected to the processing pursuant to Article 21(1) of the Regulation, pending verification whether the legitimate interests on the part of the Controller override the legitimate interest of the Data subject;

• the right, where the processing of personal data has been restricted pursuant to the first paragraph of this point (d), to have such restricted personal data processed only with the consent of the data subject, except for storage, or for the establishment, exercise or defence of legal claims or for the protection

of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State;

• the right to be informed in advance of the lifting of the restriction on the processing of personal data;

The data subject's right to restrict the processing of personal data means that until we have resolved any disputed issues regarding the processing of your personal data, we must restrict the processing of your personal data so that we can only store and not further process the data subject's personal data.

e) the right of the data subject to comply with a notification obligation to recipients, which includes:

  • the right for the controller to notify each recipient to whom personal data has been disclosed of any rectification or erasure of personal data or restriction of processing made pursuant to Article 16, Article 17(1) and Article 18 of the Regulation, unless this proves impossible or requires disproportionate effort;

  • the right for the controller to inform the data subject about these recipients, if the data subject so requests;

    The right of the data subject to comply with the obligation to notify recipients means the obligation of the controller to notify each recipient to whom it has provided the data subject's personal data of any rectification and erasure of personal data or restriction of processing. The controller does not have this obligation only if such notification is impossible or requires disproportionate effort from objective reasons.

    f) the right of the data subject to the portability of personal data, which includes:

• the right to obtain personal data concerning the data subject which he or she has provided to the controller in a structured, commonly used and machine-readable format and the right to transfer such data to another controller without hindrance from the Controller if:

- the processing is based on the data subject's consent pursuant to Article 6(1)(a) of the Regulation or Article 9(2)(a) of the Regulation, or on a contract pursuant to Article 6(1)(b) of the Regulation, and at the same time;

- the processing is carried out by automated means, and at the same time;

- the right to obtain personal data in a structured, commonly used and machine-readable format, and the right to transmit such data to another controller without hindrance by the controller, will not have adverse effects on the rights and freedoms of others;

• the right to transfer personal data directly from one controller to another controller, insofar as it is technically feasible;

The right to data portability means that you have the right to obtain from us your personal data that you have previously provided to us in a structured, commonly used and machine-readable format, and you have the right to request that we transfer your personal data to another controller subject to the fulfilment of legal conditions; the exercise of this right is without prejudice to your right to erasure of your personal data. However, the right of portability only applies to personal data that we have obtained from you on the basis of a contract to which you are a party.

g) the right of the data subject to object, which includes:

  • The right to object at any time, on grounds relating to the particular situation of the data subject, to processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(e) or (f) of the Regulation, including to object to profiling based on these provisions of the Regulation;

  • [in the case of the exercise of the right to object at any time, on grounds relating to the particular situation of the data subject, to processing of personal data concerning him or her which is carried out on the basis of Article 6(1) (e) or (f) of the Regulation, including to object to profiling based on these provisions of the Regulation] the right for the controller not to further process the data subject's personal data unless the data subject demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;

  • the right to object at any time to processing of personal data concerning the data subject for direct marketing purposes, including profiling, insofar as it relates to direct marketing; provided that if the data subject objects to the processing of personal data
    for direct marketing purposes, the personal data may no longer be processed for such purposes;

  • (in relation to the use of information society services) the right to object to the processing of personal data by automated means using technical specifications;

  • the right to object, on grounds relating to the particular situation of the data subject, to the processing of personal data concerning the data subject where the personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the Regulation, except for the cases where the processing is necessary for the performance of a task due
    to the reasons of public interest;

    The right of the data subject to object therefore means that you, as a data subject, can object to the processing of your personal data that we process for direct marketing purposes or for legitimate reasons. We will stop processing personal data for marketing purposes as soon as we receive your objection.

    h) the right of the data subject related to automated individual decision-making, which includes:

the right of the data subject not to be subject to a decision which is based solely on automated processing of personal data, including profiling, and which has legal effects concerning him or her or similarly significantly affects him or her, except for the cases pursuant to Article 22(2) of the Regulation [i.e. except for the case where the decision is: (a) necessary for the conclusion or performance of a contract between the data subject

and the controller, (b) permitted by European Union law or the law of a Member State to which the controller is subject and which also provides for appropriate measures guaranteeing the protection of the rights and freedoms and legitimate interests of the data subject, or (c) based on the explicit consent of the data subject];

The data subject's right relating to automated individual decision-making means that as a data subject you have the right not to be subject to a decision which is based solely on automated processing, including profiling, and which has legal effects concerning you or similarly significantly affecting you. Where such processing is necessary for entering into or performance of a contract or based on the data subject's explicit consent, the controller shall take appropriate measures to protect the rights and freedoms and legitimate interests of the data subject, in particular by adopting minimum measures such as the right to human intervention on the part of the controller, the right of the data subject to express his or her point of view and the right of the data subject to contest the decision.

In the event that you become aware of any violation of the law in the area of personal data protection, you may contact the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic – Úrad na ochranu osobných údajov SR, Hraničná 12, 820 07 Bratislava (www.dataprotection.gov.sk).

If you have any questions, please do not hesitate to contact us with your query at info@ananas.wtf

We are constantly striving to work on improving the quality of our services, on the basis of which the provisions on the principles of processing and protection of personal data may be modified or supplemented. The current version is always published on our website.

The Principles of Processing and Protection of Personal Data are valid and effective as of 1.12.2020

page9image3738048

Powered by wp ~ spravuje SCHEDIO