(Principles and Instructions on Personal Data Protection)
provided by the Controller to the data subject when acquiring personal data from the data subject for the online store www.northfinder.com
The Controller herein, in keeping with Article 13 par. 1 and 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “Regulation”), provides to the Data Subject, from whom the Controller obtains personal data concerning him, with the following information:
II. Identity and contact details of the Controller
The Controller is the commercial company NORTHFINDER, a. s., with registered seat at Rastislavova 109, 951 41 Lužianky, Slovak Republic, Company ID: 35 933 011. More detailed contact and identification data of the Controller are available in the section IMPORTANT INFORMATION – CONTACT DETAILS.
III. Personal data processed
3.1. The Controller processes the following personal data: name, surname, residence, email address, delivery address, telephone number, data obtained from cookies, IP addresses, bank name and IBAN, signature, login name and password to the user account at www.northfinder.com, aggregated purchase information (e.g. order history of the data subject, bonuses granted and paid to the data subject, etc.).
IV. Contact details of the responsible person
4.1. No responsible person is appointed.
V. Purposes of the processing of personal data of the Data Subject
5.1. The purposes of processing the personal data of the Data Subject are:
5.1.1. processing of accounting documents,
5.1.2. records on contracts and clients for the purposes of concluding and fulfilling contracts,
5.1.3. archiving of documents in line with legal provisions,
5.1.4. fulfilment of the contract concluded with the Data Subject
5.1.5. operating a user account on the website www.northfinder.com
VI. Legal grounds for processing the personal data of the Data Subject
6.1. The legal grounds for the processing of personal data of the Data Subject will be, depending on the specific personal data and the purpose of their processing, the fulfilment of the legal obligation of the Controller or the fulfilment of the contract to which the Data Subject is a party.
VII. Recipients or categories of recipients of personal data
7.1. Recipients of the personal data of the Data Subject will be or minimally may be:
7.1.1. statutory bodies or members of the statutory bodies of the Controller
7.1.2. employees of the Controller
7.1.3. sales representatives of the Controller and other persons cooperating with the Controller in the performance of the tasks of the Controller.
7.2. The recipients of the personal data of the Data Subject will also be the associates of the Controller, its business partners, suppliers and contractual partners, in particular: an accounting company, a company providing services related to software creation and maintenance, a company providing legal services to the Controller, a consulting company, transport companies and delivery of products to buyers and third parties.
7.3. The recipients of personal data will also be courts, law enforcement agencies, the tax office and other state authorities in cases stipulated by law.
VIII. Information on the planned transfer of personal data to a third country
Not applicable – the Controller has no intention of transferring personal data to a third country.
IX. Storage period for personal data
Personal data will be stored in conformity with the law for the time needed for the purposes of performance of the contract and their subsequent archiving.
X. Instruction on the existence of relevant rights of the Data Subject
10. The Data Subject has the following rights, among others:
10.1. the right of access of the Data Subject to data pursuant to Article 15 of the Regulation, the content of which is:
10.1.1. the right to obtain from the Controller confirmation as to whether or not personal data concerning the Data Subject are being processed;
10.1.2. the right to be informed of the appropriate safeguards pursuant to Article 46 of the Regulation concerning the transfer of personal data, where personal data are transferred to a third country or to an international organisation;
10.1.3. the right to the provision of a copy of the personal data being processed, provided, however, that the right to provide a copy of the personal data processed must not adversely affect the rights and freedoms of others;
10.2. the Data Subject’s right to rectification under Article 16 of the Regulation, the content of which is:
10.2.1. the right to have the Controller rectify incorrect personal data concerning the Data Subject without undue delay;
10.2.2. the right to have incomplete personal data of the Data Subject completed, including by means of providing a supplementary statement of the Data Subject;
10.3. the right of the Data Subject to the erasure of personal data (the so-called right "to be forgotten”) under Article 17 of the Regulation, which contains:
10.3.1. the right to obtain from the Controller without undue delay the erasure of personal data concerning the Data Subject, if any of the following grounds applies:
10.4. the right where the Controller has made the Data Subject’s personal data public, taking into account the available technology and the costs of implementing the measures, to take reasonable steps, including technical measures, to inform Controllers which are processing the personal data that the Data Subject has requested the erasure by such Controllers of any links or copy or replication thereof;
at the same time it shall apply that the right to erasure of personal data with the content of the rights according to Article 17, par. 1 and 2 of the Regulation [i.e. with the content of rights according to (i) and (ii) of this lett. c) point J of this document] expires, if the processing of personal data is necessary:
10.4.1. for exercising the right of freedom of expression and information;
10.4.2. for compliance with a legal obligation requiring processing by European Union or a Member State law to which the Controller is subject, or for performance of a task carried out in the public interest or in the exercise of public authority vested in the Controller;
10.4.3. for reasons of public interest in the field of public health in accordance with points h and I of Article 9 par. 2 lett. h of the Regulation, as well as Article 9 par. 3 of the Regulation;
10.4.4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 par. 1 of the Regulation, in so far as the right referred to in Article 17 par. 1 of the Regulation is likely to render impossible or seriously impair to achievement of the objectives of the processing of personal data; or
10.4.5. for the establishment, exercising or defence of legal claims;
10.5. the right of the Data Subject to a restriction of the processing of personal data pursuant to Article 18 of the Regulation, the content of which is:
10.5.1. the right to have the Controller restrict the processing of personal data in one of the following cases:
10.5.2. the right, where the processing of personal data has been restricted under paragraph (i) of this letter d, point j of this document, such personal data shall, with the exception of storage, only be processed only with the Data Subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interests of the European Union or a Member State;
10.5.3. the right to be informed in advance of the lifting of the restriction on the processing of personal data;
10.6. the right of the Data Subject to fulfilment of the notification obligation towards recipients under Article 19 of the Regulation, the content of which is:
10.6.1. the right for the Controller to notify each recipient to whom personal data have been provided of any rectification or erasure of personal data or restrictions on processing carried out pursuant to Article 16, Article 17 par. 1 and Article 18 of the Regulation, if this is not proven to be impossible or involves a disproportionate effort;
10.6.2. the right for the Controller to inform the Data Subject about those recipients, if the Data Subject so requests;
10.7. the right of the Data Subject to data portability pursuant to Article 20 of the Regulation, the content of which is:
10.7.1.the right to receive the personal data concerning the Data Subject and which he or she has provided to the Controller, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from the Controller, if
10.7.2. the right to have the personal data transmitted directly from one controller to another, where technically feasible;
10.8. the right of the Data Subject to object pursuant to Article 21 of the Regulation, the content of which is:
10.8.1. the right to object, on grounds relating to the Data Subject’s particular situation, at any time to processing of personal data concerning him or her which is based on Article 6 par. 1 lett. e) or f), including profiling based on these provisions of the Regulation;
10.8.2. [in the case of exercising the right to object at any time on grounds relating to the specific situation of the Data Subject against the processing of personal data concerning him or her carried out pursuant to Article 6 par. 1 lett. e) or f) of the Regulation, including objections to profiling based on these provisions of the Regulation] the right to have the Controller not further process the personal data of the Data Subject unless the Controller can demonstrate the necessary legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercising or defence of legal claims
10.8.3. the right to object at any time to the processing of personal data concerning the Data Subject for the purposes of direct marketing, including profiling, in so far as it relates to direct marketing; however, if the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for such purposes;
10.8.4. (in connection with the use of information services company) the right to exercise the right to object to the processing of personal data by automated means with the use technical specifications;
10.8.5. the right to object, on grounds relating to the specific situation of the Data Subject, to the processing of personal data concerning the Data Subject if the personal data are processed for the purposes of scientific or historical research or for statistical purposes pursuant to Article 89 par. 1 of the Regulation, unless the processing is necessary for the performance of a task carried for reasons of public interest;
10.9. the right of the Data Subject associated with automated individual decision-making under Article 22 of the Regulation, the content of which is:
10.9.1. the right of the Data Subject not to be subject to a decision that is based solely on the automated processing of personal data, including profiling, which produces legal effects concerning him or her or similarly affecting him or her, with the exception of cases according to Article 22 par. 2 or the Regulation [i.e. except in cases when a decision is: (a) necessary for the conclusion or performance of a contract between the Data Subject and the Controller, (b) is authorised by European Union law or by the law of the Member State to which the Controller is subject and which at the same time lays down the freedoms and legitimate interests of the Data Subject, and (c) based on the explicit consent of the Data Subject].
XI. Instruction on the right of the Data Subject to revoke the consent to the processing of personal data:
11.1. The Data Subject is entitled to withdraw his or her consent to the processing of personal data at any time, without prejudice to the lawfulness of the processing of personal data based on the consent given prior to the withdrawal.
The Data Subject is at any time authorised to withdraw his or her consent to the processing of personal data – in whole or in part. The partial withdrawal of consent to the processing of personal data may relate to a certain type of processing operation, and the lawfulness of the processing of personal data to the extent of the remaining processing operations shall remain unaffected. The partial withdrawal of consent to the processing of personal data may relate to a specific purpose of the processing of personal data or certain specific purposes of the processing of personal data, and the lawfulness of the processing of personal data for other purposes shall remain unaffected.
The Data Subject may exercise the right to revoke the consent to the processing of personal data in paper form at the Controller’s address recorded as its registered seat in the Commercial Register at the time of revoking the consent to the processing of personal data or in electronic form by electronic means (by sending an e-mail to the Controller’s e-mail address stated when identifying the Controller in this document or by filling in the electronic form published on the Controller’s website).
XII. Instruction on the right of the Data Subject to lodge a complaint to a supervisory authority:
12.1. The Data Subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or of the alleged infringement, if the Data Subject considers that the processing of personal data related to him/her infringes this Regulation, namely: all without prejudice to any other administrative or judicial remedy.
The Data Subject has the right to be informed by the supervisory authority to which the complaint has been lodged, as the complainant, of the progress and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the Regulation.
The supervisory authority in the Slovak Republic is the Office for Personal Data Protection of the Slovak Republic.
XIII. Information on the existence/non-existence of the Data Subject’s obligation to provide personal data:
13.1. The Controller shall inform the Data Subject that the provision of personal data of the Data Subject is necessary for the conclusion of the purchase contract and for its fulfilment. The Controller shall inform the Data Subject that the Data Subject is not obligated to provide personal data nor is he/she obligated to give consent to their processing. Failure to provide personal data and/or failure to give consent to the processing of personal data will result in the Controller not being able to conclude and fulfil the purchase contract.
XIV. Information associated with automatic decision-making, including profiling:
14.1. Not applicable – Since the Controller it is not the processing personal data of the Data Subject in the form of automated decision-making, including the profiling referred to in Article 22 par. 1 and 4 of the Regulation, the Controller is not obligated to provide information according to Article 13 par. 2 lett. f) of the Regulation, i.e. information on automated decision-making, including profiling, and on the procedure used, as well as the meaning and anticipated consequences of such processing of personal data for the Data Subject.
In connection with the EU directive on the protection of privacy in electronic communications, we herein provide a brief explanation of the function of cookies. Cookies are text files that contain a small amount of information that is downloaded to your computer, mobile phone or other device when you visit a website. Cookie files are useful because they allow the website not only to recognize the user’s device but also to allow the user to access the functions on the website.
In principle, we divide cookies into two types.
Permanent cookies – these cookies remain on the user’s device for the time specified in the cookie. They are activated whenever the user visits the website that created the cookie.
Relational cookies – these files enable the website operator to link the user’s activities when the user opens a browser window and exits when the browser window is closed. Relational cookies are created temporarily. After the closing of the browser, all relational cookies are deleted.
A cookie is a small text file that a website stores on your computer or mobile device when you browse it. Thanks to this file, the website stays informed of your steps and preferences (such as login, language, font size, and other display settings) for a period of time, so you don’t have to re-enter them the next time you visit or browse the site.
The information stored in cookies will not be used for your personal identification and the structure of the data is fully under our control. Cookies are not used for purposes other than those specified in this text.
Some of our sites or sub-sites may use additional or different cookies than those listed in the previous text. In such a case, detailed information on their use will be provided in a separate notice on cookies on the site in question.
You can control and/or delete cookies as you wish – see the site aboutcookies.org for details. You can delete all cookies stored on your computer, and you can also set most browsers to prevent them from being stored. In this case, however, you will likely have to manually adjust some settings each time you visit the website, and some services and features may not work.
XVI. Final provisions
These Principles and Instructions on Personal Data Protection form an integral part of the General Terms and Conditions and the Warranty Policy. The documents – General Terms and Conditions and the Warranty Policy of this online store are published on the domain of the Seller’s online store.
These principles of personal data protection come into force and effect by their publication in the online shop of the seller from 1 June 2021.