GDPR

  1. The controller of personal data according to § 5 letter o) of Act no. 18/2018 Coll. on the protection of personal data, as amended (hereinafter referred to as the “Act”) is Karpatika, s.r.o.
  2. The contact details of the controller are: Karpatika, s.r.o., Smolenícka 3, SK – 851 05 Bratislava
  3. Personal data means any information relating to an identified or identifiable natural person;
    an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as name, identification number, location data, network identifier or by reference to one or more specific elements of physical, physiological, genetic, mental, economic, cultural or the social identity of that natural person.
  4. The controller processes personal data provided by the customer or personal data obtained by the operator on the basis of the fulfillment of a specific order.
  5. The controller processes the identification and contact data and the data necessary for the performance of the contract.
  6. The legal reason for processing personal data is the fulfillment of the contract between the customer and the operator according to § 13 par. 1 letter b) of the Act
  7. The purpose of processing personal data is to process the order and exercise the rights and obligations arising from the contractual relationship between the customer and the controller; when ordering, personal data are required, which are necessary for successful processing of the order (name and address, contact), providing personal data is a necessary requirement for concluding and fulfilling the contract, without providing personal data it is not possible to conclude the contract or perform it by the controller.
  8. There is no automatic individual decision by the controller in accordance with Section 28 of the Act.
  9. The controller retains personal data for the time necessary to exercise the rights and obligations arising from the contractual relationship between the customer and the controller and the assertion of claims from these contractual relationships (for a maximum period of 10 years from the termination of the contractual relationship).
  10. After the expiry of the personal data retention period, the controller shall delete the personal data.
  11. Recipients of personal data are persons involved in the delivery of our services / execution of payments on the basis of a contract. The exceptions are visas, which are processed on the basis of consent to the processing of personal data and are subject to a special regime. This consent can be revoked at any time, and its revocation will result in the termination of the visa process.
  12. Under the conditions set out in the Act, the client has the right to access his personal data pursuant to § 21 of the Act, the right to correct personal data pursuant to § 22 of the Act, or the restriction of processing pursuant to § 24 of the Act, the right to delete personal data pursuant to § 23 raise an objection to the processing pursuant to § 27 of the Act, the right to data portability pursuant to § 26 of the Act.
  13. The client has the right to file a complaint with the Office for Personal Data Protection if he believes that your right to personal data protection has been violated.
  14. The controller declares that it has taken all appropriate technical and organizational measures to secure personal data.
  15. The controller has taken technical measures to secure data repositories and repositories of personal data in paper form and limited access to them.
  16. The controller declares that only persons authorized by him have access to personal data.
  17. By sending an order from the online order form, customer confirms that he is familiar with the conditions of personal data protection and that he accepts them in full.
  18. The controller is entitled to change these conditions. It will publish a new version of the privacy policy on its website.
  19. It shall take effect on 1.9.2020.