Information obligation of the data controller towards customers about processed personal data according to the Act of the National Assembly of the Slovak Republic No. 18/2018 Coll. on the protection of personal data and on amending and supplementing certain acts.
In this document, you will find all the information about how we protect your personal data, how we collect it, how we use it, with whom we share it, how you can control the processing, the measures we have taken to do so, and your rights in this respect.
WHO ARE WE?
The operator of this website is the company APEX GAMING SK s.r.o., registration number: 36638447, with registered office at Ligetská 2, 972 51 Handlová, Slovakia, which operates the website on its behalf, i.e. determines the purpose and means of processing customers’ personal data and is primarily responsible for the processing of their personal data.
HOW TO CONTACT US ABOUT PRIVACY ISSUES?
You may at any time contact the Company as the data controller in any of the following ways regarding the processing of personal data and the exercise of your rights:
in writing, at the postal address of the registered office: APEX GAMING SK s.r.o., Ligetská 2, 972 51 Handlová, Slovakia
by e-mail: firstname.lastname@example.org
WHAT DATA DO WE PROCESS?
We need the processed data for the successful processing of your inquiries or orders. These are mainly: name and surname, delivery address, billing data, e-mail address, telephone number. Without these necessary data, it is not possible to process your inquiry or order so that it can be processed and subsequently prepared, dispatched, and delivered successfully.
We also consider the content of your purchases to be personal data (the note you enter, the items, the method of transport and payment, etc.); information regarding your complaints, the content of our communication messages; the reviews and ratings you write on products; loyalty points and their use if you are a member of a loyalty program; and other statistical data that would be meaningless without your identification using the basic data mentioned above.
ON WHAT LEGAL BASIS DO WE PROCESS PERSONAL DATA?
The legal bases we process your personal data on are:
Contract fulfillment – in the case of ordering and setting up a user account, or in the case of your participation in a consumer competition.
Consent – in particular in connection with the marketing and sending commercial communications about news and current offers or other forms of marketing. Any consent given is voluntary and can be withdrawn at any time, but this does not affect the lawfulness of the processing before its withdrawal.
Our legal obligations – when storing data about you, your order, or inquiry in our accounting records or when disclosing data to governmental and other authorities that supervise or resolve disputes or enforce decisions.
Our legitimate interest – in improving and personalizing our services, certain marketing activities, or concerning security and rights protection as we have set out above. In these cases, we will always carefully consider whether the processing will constitute a disproportionate interference with your rights.
PROCESSING OF COOKIES
WHO PROCESSES YOUR PERSONAL DATA AND FOR WHAT
Operator and intermediaries
The operator may use the services of intermediaries who carry out specific tasks on its behalf and its instructions and provide additional added value and services to customers directly or indirectly. For this purpose, they process the personal data of customers to the extent available to the controller. Intermediaries process customers’ personal data based on a contract with the operator, on the operators’ behalf, and the basis of the operators’ instructions.
The personal data processed is held by the delivery companies, suppliers of technical and software solutions of the e-shop, who provide them for the operator based on instructions and following the security documentation. Another type of intermediaries are entities that provide an evaluation of the previous purchase and the experience with it, to provide future improvements to the operator’s services.
Intermediaries are carefully selected, while they are obliged to comply with all necessary security, technical and organizational measures to provide your personal data with adequate protection.
Disclosure and transfer of personal data
As an online shop operator, we do not transfer personal data to third countries outside the European Union / European Economic Area.
We do not disclose, share or provide the personal data we process to any other entities, except in the following situations:
- We disclose or make available personal data if you request us to do so. We make disclosures when you post your review, comment, or rating.
- We make disclosures to third parties in the case of the delivery service you selected when you placed your order.
- We may also retain your data for reasons or disclose it to others to comply with our obligations under the law, to comply with requests from governmental and other authorities, to assert our claims, or to defend ourselves in proceedings where others assert claims against us in return. The categories of third parties to whom we disclose personal data for these reasons include, for example, courts, governmental and other authorities competent to exercise control over our activities, to settle disputes or to enforce decisions, or, in this context, our legal, accounting advisors and auditors.
HOW LONG DO WE STORE YOUR PERSONAL DATA?
We keep personal data related to your user account while your account is set up, as we must be able to process your orders or inquiries and provide you with the corresponding services. If you do not have an account (you did not create one when you placed your order or inquiry), we will retain your personal data relating to the order or inquiry you have placed for as long as necessary, for example for tax reasons.
If the customer has not withdrawn his consent to be informed about current promotional offers via the relevant communication channels (in particular by e-mail), we process his personal data for these purposes until his consent is withdrawn or his registration is terminated.
WHAT ARE YOUR RIGHTS CONCERNING YOUR PERSONAL DATA?
Right to withdraw consent
As a data subject, you have the right to withdraw any of the consents granted during the registration at any time. If the withdrawal of consent concerns data necessary for the provision of a specific service (e.g. name, surname, date of birth in the loyalty program for the application of the birthday discount), you will lose this benefit, which we will inform you about when withdrawing consent.
Right to request access to your processed personal data
The data subject has the right to request confirmationfrom us, as the operator, as to whether personal data relating to him or her is being processed and, if so, to obtain access to that personal data as well as other information within the meaning of the GDPR (Article 15).
Right to rectification
The data subject has the right to have inaccurate personal data concerning him or her rectified by us as operator without undue delay. Concerning the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by providing a supplementary declaration.
Right to restriction of processing
The data subject has the right to have us, as the operator, restrict the processing of his or her personal data in respect of one of the following cases:
- the data subject contests the accuracy of the personal data, during a period allowing the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead of the restriction of its use;
- the operator no longer needs the personal data for the processing but the data subject needs them to establish, exercise, or defend legal claims;
- the data subject has objected to the processing according to Article 21(1) of the GDPR based on a legitimate interest of the operator (this applies where we process personal data based on legitimate interest), pending verification that the legitimate grounds on the part of the operator outweigh the legitimate grounds of the data subject.
Where the processing is restricted, such personal data shall, except for storage, be processed only with the consent of the data subject or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person, or reasons of substantial public interest of the European Union or a Member State thereof. The operator shall inform the data subject who has obtained the restriction of processing before the restriction of processing is lifted.
Right to portability of personal data
The data subject has the right to obtain the personal data concerning him or her which he or she has provided to the operator (in particular, the personal data he or she provided when registering). In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one operator to another operator, insofar as this is technically feasible. This right shall not adversely affect the rights and freedoms of others. The right to data portability shall not apply to data that the operator obtains or creates through its own activities, its own know-how, i.e. derived data and analyses of the provided or derived data.
Right to erasure
The data subject shall also have the right to obtain from the operator the erasure of personal data concerning him or her without undue delay, and the operator shall be obliged to erase the personal data without undue delay if one of the following grounds is met:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- the data subject withdraws the consent based on which the processing is carried out and there is no other legal basis for the processing;
- the data subject objects to the processing based on a legitimate interest of the operator (where the operator processes personal data based on a legitimate interest, e.g. to protect the rights of the operator in any litigation initiated by the data subject) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing based on a legitimate interest for direct marketing purposes (where the operator processes customers’ personal data for direct marketing purposes based on legitimate interest);
- the personal data have been unlawfully processed;
- the personal data must be erased to comply with a legal obligation under Union law or the law of a Member State to which the operator is subject;
- the personal data have been collected in connection with the offer of information society services to a child according to Article 8(1). GDPR.
Where the operator has disclosed personal data and is obliged to erase the personal data, taking into account the technology available and the cost of implementing the measures, the operator shall take reasonable steps, including technical measures, to inform operators processing the personal data that the data subject requests them to erase any reference to, copy or replica of those personal data.
Requests for the exercise of these rights by the data subject shall be fulfilled by the operator free of charge. Where the data subject’s requests are manifestly unfounded or excessive, in particular, because of their repetitive nature, the operator may either:
- charge a reasonable fee, taking into account the administrative costs of providing the information or notification or of carrying out the requested action; or
- refuse to act on the request.
The operator shall provide the data subject with information on the measures taken in response to his or her request without undue delay and in any event within one month of receipt of the request. That period may be extended by a further two months if necessary, taking into account the complexity of the request and the number of requests. The operator shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for missing the deadline. Where the data subject has requested by electronic means, the information shall, where possible, be provided by electronic means, unless the data subject has requested otherwise.
Right to object to the processing of personal data
If we, as the operator, process personal data based on a legitimate interest (e.g. for direct marketing purposes), the data subject shall have the right to object to such processing, and the operator may no longer process his or her personal data based on the legitimate interest unless he or she demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Right to complain
If the customer believes that his/her rights have been violated in connection with the processing of his/her personal data, he/she has the right to complain with the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, website: https://www.dataprotection.gov.sk/uoou/ or with the data protection authority in the Member State of his/her habitual residence or place of work (hereinafter referred to as the “Supervisory Authority”).
The supervisory authority to which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of seeking judicial redress.
Right to be represented
The data subject shall have the right to authorize a non-profit body, organization, or association which has been duly constituted under the law of a Member State, the objectives of which, according to its statutes, are in the public interest and which is active in the field of the protection of the rights and freedoms of data subjects concerning the protection of their personal data, to lodge a complaint on his or her behalf, to exercise on his or her behalf the aforementioned rights to lodge a complaint with a supervisory authority and to seek judicial redress, and to exercise on his or her behalf the right to claim compensation for damages as a result of a breach of the GDPR by the operator or processor, where this is permitted by the
law of a Member State.
Validity and effectiveness of the document: from 1. 2. 2022