Privacy Policy

Information regarding the processing and protection of customers’ personal data

Fulfilment of the information obligation prior to the processing of personal data within the meaning of Article 13 of the GDPR.

Legislation

• Act no. 18/2018 on the protection of personal data and the amendment of certain laws,

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals regarding the processing of personal data and the free movement of such data (hereinafter referred to as “GDPR“).

Identification of the personal data administrator

The operator of the portal www.dionid.com is the company DIONID a. s., IČO: 53 021 193, with its registered office at Bárdošova 30, 831 01 Bratislava (hereinafter referred to as “we” or administrator“), which processes your data as an administrator, i.e. determines how personal data will be processed, for what purpose and for how long.

Rights of the persons concerned

According to Art. 15 to 22 of the GDPR and § 19 to §29 of the Personal Data Protection Act, the following apply:

The rights of the persons concerned:

Right of access to personal data

Each person concerned has the right to have the administrator confirm whether he or she processes the personal data provided to him or her concern. If the administrator processes the personal data of the data subject, the data subject has the right to access them and other information on:

  • the purpose of personal data processing;
  • the category of personal data processed;
  • the recipient in a third country or an international organization, if possible; if personal data are transferred to a third country or an international organization;
  • retention period of personal data; if this is not possible, information on the criteria for its determination,
  • just request the correction of personal data, their deletion or restriction of their processing, or the right to object to the processing of personal data;
  • the right to file a motion to initiate proceedings under Section 100 of the Personal Data Protection Act or to file a complaint according to Art. 15 letter f) GDPR;
  • sources of personal data, if personal data were not obtained from the data subject;
  • the existence of automated individual decision-making, including the profiling of the transfer of personal data to third countries or international organizations, and of adequate safeguards under Art. 46 GDPR or § 48 of the Personal Data Protection Act.

The administrator is obliged to provide the data subject with copies of his data which he processes. The administrator may charge a reasonable fee for the repeated provision of copies of personal data, corresponding to the administrative costs. The administrator is obliged to provide personal data in the manner required.

The right to correct personal data

The data subject has the right to have the administrator correct incorrect personal data concerning him without undue delay. Depending on the purpose of the processing of personal data, the data subject has the right to complete his or her incomplete personal data.

The right to delete personal data

The data subject has the right to have the administrator delete the personal data concerning him without undue delay, under the conditions laid down in Art. 17 GDPR or § 23 of the Personal Data Protection Act.

If the data subject requests the administrator to delete his data, the administrator is obliged to delete them in the following cases:

  • personal data are no longer needed for the purpose for which they were obtained or otherwise processed;
  • the data subject withdraws the consent based on which the administrator processes his data, and there is no other legal basis for the processing of personal data;
  • the data subject will object to the processing of personal data under Art. 21 par. 1 GDPR or § 27 par. 1 of the Personal Data Protection Act and do not outweigh any legitimate reasons for the processing of personal data or will object to the processing of personal data for direct marketing, including profiling to the extent that it is related to direct marketing;
  • personal data is processed illegally;
  • the reason for the deletion is the fulfilment of an obligation stipulated by legal order;
  • personal data were obtained in connection with the offer of information society services under Art. 8 par. 1 GDPR or § 15 par. 1 of the Personal Data Protection Act.

If the administrator has published the personal data of the data subject and is obliged to delete them based on the above conditions, he is also obliged concerning the available technology and costs inform other administrators who process its data, to those administrators deleted references to personal data and copies or copies thereof.

The administrator is not obliged to delete the personal data of the data subject if necessary:

  • to exercise the right to freedom of expression or the right to information;
  • to fulfil an obligation under a law or an international treaty or to fulfil a task carried out in the public interest or the exercise of public authority entrusted to the administrator;
  • for reasons of public interest in the field of public health;
  • for archiving purposes, for scientific purposes, for historical research purposes or for statistical purposes, where erasure is likely to make it impossible or seriously difficult to achieve the objectives of such processing;
  • to assert a legal claim.

The right to restrict the processing of personal data

The data subject has the right to have the administrator restrict the processing of his or her data if:

  • objects to the accuracy of her data; the administrator limits the processing of such personal data to the period of verification of their accuracy;
  • the processing of personal data is illegal, and instead of erasing, the data subject requests that restrictions on their use;
  • the administrator no longer needs personal data for processing personal data, but needs the data subject to assert a legal claim;
  • the data subject objects to the processing of personal data; the administrator shall restrict the processing of his data until it is verified that the legitimate reasons on the part of the administrator outweigh the legitimate reasons of the data subject.

If the processing of personal data has been restricted, in addition to the storage, the administrator may process personal data only with the consent of the data subject or to assert a legal claim, to protect the rights of another natural or legal person or for reasons of public interest.

The administrator is obliged to inform the data subject before the restriction on the processing of personal data is lifted.

The notification obligation concerning the correction, deletion, or restriction of the processing of personal data:

The administrator is obliged to notify the recipient (anyone to whom personal data has been provided) of the correction of personal data, deletion of personal data, or restrictions on the processing of personal data if it does not prove impossible or does not require a disproportionate effort.

Right to portability of personal data

He shall have the right to obtain personal data concerning the data subject which the data subject has provided to the administrator in a structured, commonly used, and machine-readable format.

At the same time, he has the right to transfer this personal data to another operator, if technically possible and if the processing of her data is carried out by automated means (i.e. electronically), whereas personal data are processed either:

  • with the consent of the person concerned,
  • or are necessary for the performance of a contract to which the person concerned is a party or to implementation of the measure before the conclusion of the contract at the request of the person concerned.

This right must not adversely affect the rights of others.

The right of portability does not apply to the processing of personal data necessary for the performance of the task carried out in the public interest or the exercise of official authority conferred on the administrator.

The right to initiate proceedings for the protection of personal data

If a citizen would be directly affected by his or her rights established by the Personal Data Protection Act, he or she has the right to submit a proposal to initiate proceedings on personal data protection, respectively, under Section 100 of the Personal Data Protection Act or GDPR complaint. The purpose of the proceedings is to determine whether the rights of natural persons have been violated in the processing of their data or the law has been violated and, if deficiencies are found, if justified and expedient, to impose remedial measures or a fine for violating the law.

The office shall publish a model of the proposal on its website. The application must contain evidence in support of the allegations made in the application and a copy of the document or other evidence proving the exercise of the right by the administrator (right of access to personal data, right to request correction of personal data, right to delete or restrict processing of personal data, right to object to personal data processing, the right to the transfer of personal data) if such a right has been exercised by the data subject or an indication of reasons worthy of special consideration for not exercising the right in question.

The proposal in question must, by the provisions of § 100 par. 3 of the Personal Data Protection Act to contain:

  1. name, surname, correspondence address and signature of the petitioner,
  2. an indication of the person against whom the application is directed, giving his name, surname, permanent residence; or name, registered office and identification number, if assigned,
  3. the subject of the proposal with an indication of the rights which should have been violated during the processing of personal data,
  4. evidence in support of the claims made in the proposal,
  5. a copy of the document or other evidence proving the exercise of the right under the second part of Title II of this Act or a special regulation, if such a right has been exercised by the person concerned, or an indication of the reasons worthy of special consideration for not applying the law in question, if the proposal filed by the person concerned.

The office shall then decide on the petitioner’s application within 90 days from the day of the commencement of the proceedings. In justified cases, the office may extend this period accordingly, but by a maximum of 180 days. The office shall inform the participants in the proceedings in writing about the extension of the time limit.

The right to object to the processing of personal data

The data subject has the right to object to the processing of his or her data because the administrator carries out profiling or processes his or her data on the following legal grounds:

• the processing of personal data is necessary for the performance of a task carried out in the public interest or the exercise of official authority entrusted to the administrator;

• the processing of personal data is necessary for the legitimate interests of the administrator or of a third party.

The administrator may not further process personal data unless he demonstrates the necessary legitimate interests for the processing of personal data which outweigh the rights or interests or the reasons for the assertion of a legal claim.

Everyone has the right to object to the direct processing of personal data concerning him or her marketing, including profiling, to the extent that it relates to direct marketing.

If the data subject objects to the processing of personal data for direct marketing, the administrator may not further process personal data for direct marketing.

Furthermore, the data subject has the right to object to the processing of personal data concerning him on grounds relating to its specific situation, where personal data are processed for a scientific purpose,  historical research or statistical purposes, except where the processing of personal data is necessary for the performance of the task for reasons of public interest.

Filling in the order form

By filling out the order form, clicking on the consent to the processing of personal data and sending the form, we collect your data in the range of name and surname, permanent residence address, delivery address (if different from the permanent residence address), e-mail and phone so we can send you ordered goods. We store the personal data provided by you based on your consent.

Filling in the contact form

By filling out the contact form, clicking on the consent to the processing of personal data and sending the form, we collect your data in the range of e-mail, so that we can answer your questions. We store the personal data provided by you based on your consent.

Filling in the price request form

By filling in the price request form, clicking on the consent to the processing of personal data and sending the form, we collect your data in the range of e-mail and phone number so that we can provide you with the price of the product. We store the personal data provided by you based on your consent.

Creating a client account

By creating a client account, by clicking on the consent to the processing of personal data, we collect your data in the range of name and surname, e-mail, and password to facilitate your next purchase. You can simply cancel a client account by logging in to the client zone and clicking the “delete account” option.

Consent to receive a newsletter

By entering your e-mail address, clicking on the consent to the processing of personal data and consent to sending the newsletter, you authorize us to send newsletters to the e-mail address entered by you. Consent to receive newsletters can be easily cancelled by clicking on the link provided in the newsletter e-mails. By sending newsletters, we process your data in the range of e-mail addresses.

Contact details in case of questions regarding the processing of personal data

If you have any questions regarding the protection of your data, do not hesitate to contact us at the e-mail address: <support@dionid.com>, and we will respond to your questions within 7 days.

Withdrawal of consent to the processing of personal data

You have the right to revoke your consent to the processing of your data at any time in writing by a message sent to the e-mail address: <support@dionid.com>. In such a case, we will delete your data within 15 days of receiving your revocation of consent to the processing of personal data.

Protection of your data

The administrator declares that the processed personal data will not be transferred to a third country or an international organization that does not guarantee an adequate level of personal data protection following the GDPR and the Personal Data Protection Act.

Your data is processed under § 13 par. 1 letter f) of the Personal Data Protection Act for a period of 5 years.