Controller´ s contact details:

MAX SPORT s.r.o.

Mlynské luhy 76 / A

821 05 Bratislava

ID No: 31368891

VAT ID: SK2020353225

Email: maxsport@maxsportnutrition.com

(hereinafter referred to as the ,,Controller“)

The processing of personal data is carried out accordance with Regulation of the European Parliament and of the Council 2016/679- on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “Regulation of GDPR”) and  Act. No. 18/2018 Z. z. Personal Data Protection

(hereinafter referred to as the “Act”).

 

1. Terms

Data subject:     Any natural person whose personal information is processed by the Controller (hereinafter referred to as the ,,Data subject”).

Personal data: Information provided by the Data subject to the Controller for defined purposes.

Controller: Legal person defined in the header of the document, which determines purpose and means of processing the Personal data, realizes processing of the Personal data and it is an entity, which is responsible for proper and lawful processing of the personal data.

Processor: The entity, who is authorized for processing personal data of Data subject, provided to the processor by the Controller on basis of the contract for the secure processing of personal data.

Website: Website available at https://www.maxsport.sk, through which the Controller products are purchased also by Data subject.

Purpose of Personal data processing: The reason why personal information is processed. The purposes of the processing of Personal data are described and identified in hereinbelow Provision No. 4. 

Cookies:  Short text files that web or mobile browser of data subject saves. Most cookies have a unique identifier, Cookie ID. This is a string of characters assigned by the website and servers to the browser that saved the cookie. This allows websites and servers to distinguish and identify individual browsers. Cookies are used to improve the operation of websites, evaluate their traffic, and to better target marketing activities. if the Data subject browses the Controller website, Data subject also agrees to the use of these files.

Third countries: States outside the European Economic Area, which mainly include European Union Member States and Iceland, Liechtenstein and Norway.

 

2. Defined categories of Personal data

The Controller and the Processor process the following Personal data and / or categories of Personal data, based on their respective legal title and purpose of processing:

1. identification and address data: eg name, surname, delivery or other contact address;
2. electronic contact details: eg. phone number, email address;
3. other electronic data: IP address, cookies;
4. other Personal data related with the contractual relationship: bank account number, order history;
5. other Personal data: data provided by the costumer in order form, other documents or provided in communication with the Controller, including later updates.

 

3. What is the origin of Personal data?

The Controller process personal information, provided by the Data subject for example when ordering goods, registering a user account, communicating with the Controller or subscribing to newsletters.

Typically:

• identification and address data;
• electronic contact details;
• other personal information related with the contractual relationship

And the other personal data, collected by the Controller automatically by browsing the website.

Mostly:

• Other electronic data:
• cookies
• the website from which you came to our website;
• IP address;
• date of access and time of access;
• search queries;
• http and https response code;
• transferred data groups;
• information about your computer’s browser and operating system.

 

4. Why are Personal data processed?

Your Personal data may be processed only for the following purposes:

1. Closing the contract and performance of the contractual relationship (Purchase contract), which also include:

• Costumers account management,
• Communication with customers, customers satisfaction survey, publish reviews, arrangement and settlement of suggestions, complaints and claims of the customers,
• Accounting and tax purposes.

The Controller states the following. When the Data subject uses the e-shop purchase service of the Controller, Data subject in position of the buyer provides by ordering goods on the Controller’s website his name and surname, residential address or other delivery address including postal code, telephone number, e-mail address to the Controller in position of the seller. The bank account number will be provided by Data subject when making a purchase through a payment gateway. Data subject provides Personal data voluntarily and freely. Without the Personal data of the Data subject, it is not possible to conclude a Purchase Contract and fulfill the all legal obligations contained and estimated in the Purchase Contract. The purpose of processing Personal data is to issue a tax document, pre-contractual relations, identification of the Data subject, order confirmation (by phone or email), delivery of goods, registration in the online e-shop on the Website. Data subject voluntarily provides the correct and true Personal data. Data subject declares that he/she is aware of the consequences of providing false data intentionally, especially that such action could be classified as a crime. The legal basis for the processing of Personal data is the performance of the Purchase Contract.

 

2. Marketing and advertising activities, which also include:

• Sending newsletters and offering our products or services,
• Direct marketing and creation of personalized content and advertising,
• Improving the quality of our products and services, analysing the traffic to Website and your behaviour on the Website.

The Controller processes the Personal data of the Data subjects for the purposes of discount programs, receiving the newsletter, which is considered as direct marketing and also for the purposes of public opinion survey but only after a clear and voluntary consent of Data subject in accordance with § 13 para. 1, par. a) of the Act and Art. 6 of the Regulation of GDPR. The Data subject shall give his consent or dissent to the processing of Personal data by ticking the appropriate option on the Website and/or during the registration or during the ordering the goods on Website or by any other appropriate means. In the case that Data subject does not tick the consent spot, the Controller is not authorized to process Personal data for marketing purpose or for the purpose of public opinion survey. The Data person is entitled to revoke this consent any time after that consent to the processing of Personal data for marketing or public opinion survey has been granted. The Controller shall immediately ensure that Personal data of the Data subject are not further processed for that purposes. The Personal data provided so far will be deleted from the marketing systems and from the research of public opinion systems according of Data subject’s right to be forgotten. The legal basis for the processing of Personal data is consent.

 

5. How long have Personal data been processed?

Personal data of the Data subject is processed:

• for the period of time necessary to exercise the rights and obligations arising from the contractual relationship between the Data subject and the Controller and to assert claims arising from these contractual relations (4 years);
• for the period of time necessary to fulfill the legal obligations of the Controller (accounting documents 5 years, tax documents 10 years) ;
• for the period of time of our legitimate interest in receiving newsletters (2 years from the last opening of the newsletter);

 

6. To whom are Personal data disclosed?

The following categories of the Controller´s  partners (recipients) may have access to Personal data of the Data subject:

• Goods transport providers
• Providers of accounting and tax advice
• IT and hosting providers.
• Providers of security and integrity of our services and websites.
• Analytical service providers.
• Providers of customer support assistance services.
• Payment gateway providers (payment card providers)
• Print and mail service providers.
• Legal service providers, attorneys.
• Public authority

During the pre-contractual negotiations with Processor, the Controller shall ensure its professional, technical, organizational and personnel competence and its ability to guarantee the security of the processed Personal data and to protect the rights of the Data subjects.

 

7. Are Personal data sold outside the EU?

The controller will provide Personal data within the European Union, if necessary, as the transfer of Personal data to EU Member States is fully guaranteed by the Act and the Regulation of GDPR without any restrictions. The Controller does not transfer the Personal data of the Data subject outside the European Union and the European Economic Area.

 

8. How are Personal data processed?

Personal data is processed manually and automatically. The Controller records of all processing activities in accordance with Act.

Data subject is not subject to any decision based solely on automated processing, including profiling, that would have legal effects or be of significant concern to Data subject. The Controller does not create profiles from Personal data of the Data subject to analyse or predict preferences, interests, economic situation, reliability, location or movement of the Data subject (a typical example of profiling is monitoring the behaviour of website visitors to track their preferences so that the in the future with a tailor-made offer).

 

9. Fundamental Rights of Data subject:
   1. Right of access to Personal data:

The Data subject is entitled to be informed prior to the processing of Personal data as well as any time during the processing of his / her Personal data whether his / her Personal data is processed, if so, the extent and categories of his/her Personal data, purpose of the processing, identification of the recipient, processing time as well as other rights, such as mentioned below (such as the right to erasure and liquidate, the right to rectification). The Data subject is entitled to request a confirmation of the above-mentioned fact. The first confirmation is not charged and it will be provided to the Data subject in the manner and form according to his/her requirements. Any further confirmation will be for a fee of 5 Euros. The confirmation will be provided to the Controller only if it does not have unfavourable consequences for the rights of other natural persons.

2. Right to information of the Data subject, if this person had not provided them:

The Data subject has the right to be informed before the processing of Personal data by the Controller if he has not obtained the Personal data directly from the Data subject, about the Controller as a person, scope and categories of his/her Personal data, purpose of processing, identification of the recipient, identification of the source from which he had received the Personal data of the affected person, the period of their storage as well as other rights, such as those listed below (right to erasure and liquidation, right to rectification). Information will be provided within one month from the receipt of personal data at the latest or during first communication with the Data subject if Personal data could be used to communicate with this person. If the Controller intends to use Personal data for purposes other than they had been obtained for, he is obliged to inform the Data subject about it and to ask him/her for consent with this new purpose of processing of his/ her Personal data.

 

3. Right to rectification:

The Controller shall, without undue delay, rectify and / or modify incorrect Personal data of the Data subject or add any incomplete Personal data. The data subject has the right and the possibility to update or request to correct his / her Personal data directly in the online mode on the Operator’s Web Store Website after logging into the Data subject’s account.

 

4. Right to erasure:

The Data subject is entitled that the Controller erases his/her Personal data without undue delay. The Controller has this obligation under the condition, if

– Personal data is no longer needed for the purpose for which they had been acquired or processed

– Data subject revokes the consent given to the Controller

– Data subject objects to processing and does not have any legitimate reason to process the personal data

– Personal data are processed illegally.

This does not apply if the processing of Personal data is necessary for the exercise of a legal right of the Controller.

 

5. Right to restrict the processing:

The Data subject has the right to ask the Controller to restrict the processing of Personal data if:

– Data subject complains about the correctness of the Personal data during the period that allows the Controller to verify the accuracy of the personal data,

– The processing of Personal data is illegal and the Data subject objects to the erasure of Personal data and asks, instead, to limit their use,

– The Controller no longer requires Personal data in order to process them but the Data subject needs them in order to exercise a legal claim, or

– Data subject objects to the processing of Personal data in accordance with, up until the verification whether legitimate reasons on the part of the Controller surpass the legitimate reasons of the affected person.

If there is a restriction, with an exception of storing, the Controller may process Personal data only with the consent of the Data subject or for the purpose of exercising a legal claim. The Controller must inform the Data subject that the restriction to the Personal data processing has been cancelled.

 

6. Right to object to the processing:

The Data subject has the right to object to the processing of his or her Personal data due to his / her particular situation if he/she is not certain of the lawfulness of processing under § 13, section 1, letter f) (relating to the Controller’s legitimate interests), including profiling based on that provision. The Controller must not further process Personal data unless he demonstrates the necessary legitimate interests in the processing of Personal data that outweigh the rights or interests of the Data subject or the grounds for exercising a legal claim.

 

The Data subject has the right to object to the processing of Personal data relating to him/her for a direct marketing purpose, including profiling to the extent it relates to direct marketing. If the Data subject objects to the processing of Personal data for direct marketing purposes, the Controller may not process Personal data for these purposes.

 

7. The right of the Data subject to file a motion to initiate proceedings under § 100 of Act No. 18/2018 Coll. on Personal Data Protection

The Data subject has the right to file a motion to initiate a procedure to verify whether his/her Personal data are being processed legally and safely. The proceedings shall be initiated upon a proposal from the Data subject or a person claiming to be directly affected in terms of his/her rights.

 

The Controller shall notify the Data subject of his/her rights at the first contact with him/her and, if the Controller has obtained his/her Personal data from a third party, the Controller shall promptly notify him/her of this, request his/her consent and inform him/her.

 

If the Controller processes the Personal data of the Data subject on the basis of the provided consent, the Data subject has the right to withdraw such consent at any time.

 

The Data subject has the right to file a complaint with the supervisory authority in Slovak republic, which is the Office for Personal Data Protection, with registered address Hraničná street No. 4826/12, Bratislava, postal code: 820 07, Slovak republic, telephone number: 00421 323 132 14, web: dataprotection.gov.sk/uoou.

 

10. How are cookies processed?

Processed cookies can be devided according to validity to:

• temporary cookies (session cookies) that remain stored in Data subject‘s browser until he/she close your browser,
• persistent cookies that remain stored in your browser for a long time until they expire or until Data subject manually delete them (the time it takes to store cookies in your browser depends on the settings of the cookie itself and your browser settings).

And by function on:

• essential, which are essential for the functionality of the Controller’s website,
• preferential, which allows our Websites to remember information that changes how the Website behaves (e.g. your preferred language or region where you are), these cookies are not necessary for the functioning of the Controller’s Website, but increase functionality and the practicality of using them,
• analytics that help us analyse experience of Data subject on Website of the Controller (called „User Experience”) to understand how Data subject use website of the Controller.

We do not use third-party cookies that track multiple websites to provide Data subject with personalized content and advertising on third-party websites.

 

11. Conclusion

Legislation as well as our business strategy and related ways of processing your Personal data may change. If we choose to update this privacy policy, we will post changes to our website and inform you of these changes. The Collector declares that processing of Personal data undertake in accordance with the Act and Regulations of GDPR and in accordance with the good manners and will act in a manner that does not contradict the Act or other generally binding legal regulations.