Skip to content

General Data Protection Notice

pursuant to Article 13 of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL dated 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and Act no. 18/2018 Coll., on the Protection of Personal Data, as amended.

  1. Controller Identification Data:

Controller: ST. NICOLAUS – trade, a.s., with its registered office at Trnavská cesta no. 100, 821 01 Bratislava, registration number 35 680 261, VAT ID no. SK2020326583 (hereinafter the “Controller”)

  1. Purpose of Processing Personal Data by the Controller:

Data processing for the purposes of communication with the customer regarding the sale of the company’s products via the contact form at the website www.destilaty.sk and the processing of applications of data subjects,

  1. List of Personal Data :
  • name, surname, title,
  • telephone number, e-mail address,
  1. Additional Information
  1. Personal data within the scope of name, surname, and email address processed for the purpose of communication with the customer regarding the sale of the company’s products via the contact form at the website www.destilaty.sk within the meaning of Article 6, para. 1 (b) of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) Processing of personal data is necessary for performance of contact, to which the data subject is a contractual party, or to take pre-contractual measures at the request of the data subject.
  2. Personal data within the scope of Article C processed for the purpose of processing requests of data subjects within the meaning of Article 6, para. 1 (c) of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) – processing of personal data is necessary pursuant to a special regulation or international agreement by which the Slovak Republic is bound.
  1. Personal data will be provided to third parties as defined by law and to intermediaries and companies (hereinafter the “Intermediaries”), under a contract.
  2. Personal information will not be used to make automated individual decisions, including profiling.
  3. The Controller declares that when selecting intermediaries, they have paid due attention to their professional, technical, organisational, and personnel competence and their ability to guarantee the security of processed personal data by measures defined by Act no. 18/2018 Coll., on the Protection of Personal Data and Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
  4. The Controller declares that they have taken all appropriate measures in accordance with Act no. 18/2018 Coll., on the Protection of Personal Data and Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and hereby undertakes to protect such data against accidental as well as unlawful damage and destruction, accidental loss, alteration, unauthorised access, and inadmissible forms of processing in accordance with the measures taken in the privacy impact assessment.
  5. The Intermediary undertakes to process personal data only to the extent and under the conditions agreed in the Intermediary’s authorisation to process personal data.
  6. The Controller declares that it will not provide personal data to Intermediaries other than those specified in this notice.
  7. The Controller declares that it will collect personal data to the extent necessary to fulfil the specified purpose and process it only in accordance with the purpose for which it was collected.
  8. The Controller is obliged to maintain confidentiality about the personal data it processes. The duty of confidentiality continues even after the processing of personal data has ended.
  9. A responsible person has been appointed at the company. Contact details: Ing. Andrej Hronský, tel. 033/7352102
  1. Personal Data Protection Period:
  2. Agenda: Communication with the customer regarding the sale of the company’s products – 5 years,
  3. Agenda: Management and processing of applications of data subjects – 10 years
  1. Information on the Rights of the Data Subject:

Right to Access

  1. The data subject shall have the right to obtain confirmation from the Controller as to whether personal data concerning him or her is being processed and, if so, to have access to that personal data and the following information:
  2. the purposes of processing;
  3. the categories of personal data concerned;
  4. the recipients or categories of recipients to whom personal data has been or will be provided, in particular, recipients in third countries or international organisations;
  5. if possible, the expected retention period of personal data or, if this is not possible, the criteria for determining the retention period;
  6. the existence of the right to request from the Controller the rectification, deletion, or restriction of processing of personal data concerning the data subject, or the right to object to such processing;
  7. the right to lodge a complaint to the supervisory authority;
  8. if personal data has not been obtained directly from the data subject, any available information as to their source;
  9. the existence of automated decision-making, including profiling referred to in Article 22 para. 1 and 4 of the Regulation and in these cases at least meaningful information on the procedure used, as well as the significance and expected consequences of such processing for the data subject.
  10. If personal data is transferred to a third country or an international organisation, the data subject has the right to be informed of the adequate safeguards under Article 46 of the Regulation concerning the transfer.
  11. The Controller shall provide a copy of the personal data being processed. The Controller may charge a reasonable fee corresponding to the administrative costs for any additional copies requested by the data subject. If the data subject has submitted the request by electronic means, the information shall be provided in a commonly used electronic format, unless the data subject has requested another method.
  12. The right to obtain the copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

Right to Rectification

The data subject has the right to have the Controller correct incorrect personal data concerning him or her without undue delay. With regard to the purposes of processing, the data subject has the right to supplement incomplete personal data, including by providing a supplementary declaration.

Right to Deletion (“erasure”)

  1. The data subject shall also have the right to have the personal data concerning them deleted by the Controller without undue delay, and the Controller shall be obliged to delete the personal data without undue delay if any of the following reasons are met:
  2. the personal data is no longer required for the purposes for which obtained or otherwise processed;
  3. the data subject withdraws his or her consent on the basis of which the processing is being carried out in accordance with Article 6, para. 1 (a) of the Regulation or Article 9, para. 2 (a) of the Regulation and, if there is no other legal basis for processing;
  4. the data subject objects to the processing pursuant to Article 21, para. 1 and no legitimate grounds for processing prevail or the data subject objects to the processing pursuant to Article 21, para. 2 of the Regulation;
  5. personal data was unlawfully processed;
  6. personal data must be deleted in order to comply with a legal obligation under EU law or by law of the Member State to which the Controller is subject;
  7. personal data was collected in connection with an offer from information society services pursuant to Article 8, para. 1 of the Regulation.
  8. Where the Controller has disclosed personal data and is required to delete personal data pursuant to paragraph 1, it shall take appropriate measures, including technical measures, while also taking into account the technology available and the cost of implementing the measures, to inform Controllers that the data subject requests they delete all references to such personal data or copies or replicas thereof.
  9. Paragraphs 1 and 2 shall not apply where the processing is necessary:
  10. to exercise the right to freedom of expression and information;
  11. to fulfill a legal obligation requiring processing under applicable EU law or by law of the Member State to which the Controller is subject, or to fulfil a task carried out in the public interest or in the exercise of official authority entrusted to the Controller;
  12. on grounds of public interest in the field of public health in accordance with Article 9, para. 2 (h) and (i) of the Regulation as well as Article 9, para. 3 of the Regulation;
  13. for archival purposes in the public interest, for scientific or historical research purposes, or for statistical purposes pursuant to Article 89, para. 1 of the Regulation, where the law referred to in paragraph 1 is likely to make it impossible or very difficult to achieve the objectives of such processing; or
  14. to prove, assert, or defend legal claims.

Right to Restrict Processing

  1. The data subject shall have the right to restrict the Controller’s processing in one of these cases:
  2. the data subject challenges the accuracy of the personal data, in which case the restriction will last for a period that allows the Controller to verify the accuracy of the personal data;
  3. the processing is unlawful and the data subject objects to the deletion of personal data and calls for the data’s use instead of its deletion;
  4. the Controller no longer needs the personal data for processing purposes, but the data subject needs them to prove, assert, or defend his or her own legal claims;
  5. the data subject objected to processing by invoking Article 21, para. 1 of the Regulation, in which case the restriction will last until it is verified that the legitimate grounds on the part of the Controller outweigh the legitimate grounds of the data subject.
  6. Where processing has been restricted pursuant to paragraph 1, such personal data shall, with the exception of storage, be processed only with the consent of the data subject or to establish, assert, or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.
  7. The data subject who attained a processing restriction pursuant to paragraph 1 shall be informed by the Controller ahead of time that the processing restriction is to be lifted.

Right to Portability

  1. The data subject shall have the right to obtain personal data concerning him or her which he or she has provided to the Controller, in a structured, commonly used, and machine-readable format, and shall have the right to transfer such data to another Controller without being prevented by the Controller to whom the personal data was provided, if:
  2. the processing is based on the consent referred to in Article 6, para. 1 (a) of the Regulation or Article 9, para. 2 (a) of the Regulation, or in the contract pursuant to Article 6, para. 1 (b) of the Regulation, and
  3. if processing is performed by automated means.
  4. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to transfer personal data directly from one Controller to another, and as far as technically possible.
  5. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17 of the Regulation. That right shall not apply to the processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
  6. The right referred to in paragraph 1 may not adversely infringe upon the rights and freedoms of others.

Right to Object

  1. At any time, the data subject shall have the right to object to the processing of his or her personal data carried out pursuant to Article 6, para. 1 (e) or (f) of the Regulation on grounds relating to his or her particular situation, including objections to profiling based on those provisions. The Controller must cease the further processing of personal data unless it can demonstrate the necessary legitimate reasons for processing that outweigh the interests, rights, and freedoms of the data subject, or the reasons for proving, asserting, or defending legal claims.
  2. Where personal data is processed for the purposes of direct marketing, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for the purposes of such marketing, including profiling to the extent that they relate to such direct marketing.
  3. If the data subject objects to processing for direct marketing purposes, personal data may no longer be processed for such purposes.
  4. The data subject shall be expressly informed of the right referred to in para. 1 and 2 at the latest at the time of the first communication with him or her, whereby this right is presented clearly and separately from any other information.
  5. With regard to the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
  6. If personal data is processed for the purposes of scientific or historical research or for statistical purposes pursuant to Art. 89, para. 1 of the Regulation, the data subject shall have the right to object to the processing of personal data concerning him or her on grounds relating to his or her particular situation, except where such processing is necessary for the performance of a task in the public interest.

Notification to Third Parties

The Controller shall notify any recipient to whom personal data has been provided of any rectification or erasure of personal data or restrictions on processing carried out pursuant to Article 16, Article 17 para. 1, and Article 18 of the Regulation, unless this proves impossible or requires a disproportionate effort. The Controller shall inform the data subject of these recipients if the data subject so requests.

Initiation of Proceedings at the Request of the Data Subject

Pursuant to §100 of Act 18/2018 Coll., the data subject has the right to file a motion to institute proceedings in the event that his or her rights have been directly affected as stipulated under this Act. The authorities shall assess the complaint within 30 days from the date the complaint is delivered. The authorities shall inform the applicant of the method of handling the complaint within 30 days from the date the complaint is delivered.

TO ACCESS OUR WEBSITE
YOU MUST BE OF LEGAL DRINKING AGE IN YOUR COUNTRY OF ACCESS OR OLDER.