PROTECTION OF PERSONAL DATA AND COOKIE NOTICE
/ Privacy Policy and Information on Personal Data Protection
provided by the Controller to the data subject when obtaining personal data from
the data subject and the cookie notice of the roy.eu Online Store /
I. Controller
1.1. The identity and contact details of the Controller are:
Business name: ROY.SK s.r.o.
Registered office: Vlkanovská 127, Vlkanová 976 31, Slovak Republic
Registered in the Commercial Register of the District Court Banská Bystrica, Section Sro, Insert No.
26201/S
Company ID (IČO): 47614030
Tax ID (DIČ): 2023982488
VAT ID (IČ DPH): SK2023982488
Bank account: SK52 0900 0000 0052 2386 5100
The Seller is a VAT payer.
1.2. Email and telephone contact for the Controller:
Email: info@roy.sk
Tel.: +421911734775
1.3. Controller’s address for sending correspondence:
ROY.SK s.r.o., Vlkanovská 127, Vlkanová 976 31, Slovak Republic
1.4. In accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European
Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of
personal data and on the free movement of such data, repealing Directive 95/46/EC
(General Data Protection Regulation, the “Regulation”), as well as Act No. 18/2018 Coll.
on the protection of personal data and on amendment of certain acts,
as amended, and Act No. 452/2021 Coll. on electronic
communications, as amended, the Controller provides the Data Subject (Buyer) from whom the
Controller (Seller) obtains personal data concerning them with the following information,
notices and explanations:
II. References
2.1. This Privacy Policy and information notice form part of the General
Terms and Conditions published on the Seller’s Website.
2.2. Pursuant to §3(1)(n) of Act No. 102/2014 Coll., the Seller informs
the consumer that there are no specific applicable codes of conduct to which the
Seller has committed. A code of conduct means an agreement or
a set of rules that define the behaviour of the seller who has committed to follow this
code of conduct in relation to one or more specific commercial practices or
business sectors, where these are not established by law or other legal regulation
or a measure of a public authority, and the manner in which the consumer may learn about them or obtain their wording.
III. Personal data protection and the use of cookies. Information and explanation of
cookies, scripts, and pixels
3.1. The website operator provides this brief explanation of the function of cookies,
scripts and pixels:
3.1.1. Cookies are text files that contain a small amount of information that
are downloaded to your device when you visit a website. Thanks to this file, the website
stores information about your actions and preferences (such as
login name, language, font size and other display settings) for a certain period, so that you do not need to enter them again
on your next visit to the website or when browsing its individual pages.
A script is a piece of program code used for the proper and interactive functioning
of websites. This code runs on the operator’s server or on your device.
A pixel is a small, invisible text or image on a website that is used to
monitor website traffic. To enable this, various data are stored via pixels.
3.1.2. Cookies are divided into:
Technical or functional cookies – ensure the proper functioning of the Controller’s website
and its use. These cookies are used without consent.
Statistical cookies – the Controller obtains statistics regarding the use of its
website. These cookies are used only with consent.
Marketing / Advertising cookies – used to create advertising profiles
and similar marketing activities. These cookies are used only with consent.
Performance cookies – collect information on how the site is used – which pages
the visitor opens most and whether they receive error messages from any page. These cookies
do not store any information that allows user identification.
3.2. How to control cookies:
3.2.1. You can control and/or delete cookies at your discretion – see details at
aboutcookies.org. You can delete all cookies stored on your
computer or other device and you can set most browsers to prevent
their storage.
3.3. The Controller’s website uses the following cookies:
All cookies used by the Controller can be found at
https://www.cookieserve.com/ by entering the Controller’s web address
https://www.roy.sk
Technical or functional cookies – the information is accessed by the website operator.
Cookie duration: 2 years.
Statistical cookies – the information is accessed by the website operator. Cookie duration: 2 years.
Marketing and advertising cookies – the information is accessed by the website operator.
Cookie duration: 2 years.
3.3.1. Cookies made available to third parties:
Google Analytics, Google Ads: Google Ireland Limited, Gordon House, Barrow Street,
Dublin 4, Ireland. More information on privacy can be found at
https://support.google.com/analytics/topic/2919631?hl=sk&ref_topic=1008008
META Pixels: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2,
Ireland. More information on privacy can be found at
https://www.facebook.com/about/privacy/
IV. Personal data processed
4.1. The Controller processes the following personal data on its website: first name, last name,
residential address, email address, home telephone number, mobile telephone number, billing
address, delivery address, data obtained from cookies, IP addresses.
V. Contact details of the person responsible for supervision of personal data protection
5.1. The Controller has appointed a Data Protection Officer in accordance with
Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement
of such data. Contact: Email: info@roy.sk, Tel.: +421911734775
5.2. The Controller is also the Seller within the meaning defined in the General
Terms and Conditions of this website.
VI. Purposes of processing the Data Subject’s personal data and the period of processing
personal data
6.1. The purposes of processing the Data Subject’s personal data include, in particular:
6.1.1. recording, creation and processing of contracts and client data for the purpose of concluding contracts
with third parties.
6.1.2. processing accounting documents and documents related to the business activity
of the Controller.
6.1.3. compliance with legal regulations related to the archiving of documents and records,
e.g., under Act No. 431/2002 Coll., the Accounting Act, as amended, and other
relevant regulations.
6.1.4. activities of the Controller related to fulfilling a request, order, contract
and similar instruments of the Data Subject.
6.1.5. newsletter, marketing and similar advertising activities of the Controller, if the
Data Subject has given consent to the Controller for marketing and similar
advertising activities.
6.2. The Controller stores the Data Subject’s personal data only for the period strictly necessary
for the purposes of performing the contract and its subsequent archiving within the statutory time limits
imposed on the Controller by legal regulations. If the Data Subject has consented to
receiving marketing emails and similar offers, the Data Subject’s personal data are
processed for these purposes until the Data Subject withdraws their consent, but no longer
than 10 years.
VII. Legal basis for processing the Data Subject’s personal data
7.1. If the Controller performs processing of personal data based on the Data Subject’s consent,
such processing will begin only after the Data Subject has granted such consent.
7.2. If the Controller processes the Data Subject’s personal data for the purposes of pre-contractual
negotiations and conclusion and performance of a purchase contract, and the related
delivery of goods, products or services, the Data Subject is obliged to provide personal data
for proper performance of the purchase contract; otherwise, performance cannot be ensured.
Personal data for this purpose are processed without the Data Subject’s consent.
VIII. Recipients or categories of recipients of personal data
8.1. Recipients of the Data Subject’s personal data will be, or may at least include:
8.1.1. the statutory bodies or their members of the Controller.
8.1.2. persons performing work activity in an employment or similar relationship for
the Controller.
8.1.3. the Controller’s sales representatives and other persons cooperating
with the Controller in fulfilling the Controller’s tasks. For the purposes of this document, all natural persons
performing dependent work for the Controller on the basis of an employment contract or agreements on work performed
outside an employment relationship shall be considered employees of the Controller.
8.1.4. Recipients of the Data Subject’s personal data will also include the Controller’s collaborators,
business partners, suppliers and contractual partners, in particular: an accounting
company, a company providing services related to the development and maintenance of software,
a company providing legal services to the Controller, a company providing
consultancy to the Controller, companies providing transport and delivery of products
to buyers and third parties, marketing companies, companies operating social networks,
companies providing payment gateways and other payment methods.
8.1.5. Recipients of personal data will also include courts, law enforcement authorities, the tax office
and other state authorities, if required by law. Personal data will be
provided by the Controller to such authorities and state institutions on the basis of and in accordance
with the legal regulations of the Slovak Republic.
8.1.6. List of third parties – processors and recipients – who process the Data Subject’s personal data:
Slovenská pošta, a.s., Partizánska cesta 9, 975 99 Banská Bystrica, IČO: 36631124 – third party
providing transport services
Direct Parcel Distribution SK, s.r.o., Technická 7, 82104 Bratislava, IČO:
35834498 – third party providing transport services
Packeta Slovakia s. r. o., Sliačska 1E, 831 02 Bratislava – city district Nové Mesto,
IČO: 48136999 – third party providing transport services
Slovak Parcel Service s.r.o., Senecká cesta 1, 900 28 Ivanka pri Dunaji,
IČO: 31329217 – third party providing transport services
STRIPE PAYMENTS EUROPE, LIMITED, C/O A & L Goodbody, IFSC, North Wall Quay,
Dublin, D01 H104, Ireland – third party providing a payment gateway
GoPay s.r.o., Planá 67, 370 01 Planá, Czech Republic, IČO: 26046768 – third party
providing a payment gateway
Money Services BB, s.r.o., Továrenská 475/50, 976 31 Vlkanová – third party providing
accounting services
Amazon /Slovakia/ s.r.o., Mlynské Nivy 10, 821 09 Bratislava – city district Staré Mesto –
third party providing intermediation of product sales
Internet Mall Slovakia s.r.o., Galvaniho 6, 821 04 Bratislava – city district Ružinov – third
party providing intermediation of product sales
Kaufland Marketplace GmbH, Stiftsbergstraße 1, 74172 Neckarsulm, Federal Republic of Germany – third party providing intermediation of product sales
Allegro sp. z o.o., ul. Wierzbięcice 1B, 61-569 Poznań, Poland – third party providing intermediation of product sales
MINET s.r.o., L. Svobodu 552/46, 976 32 Badín – third party providing monitoring of
satisfaction with the functioning of the website
Heureka Shopping s.r.o., Karolinská 650/1, 186 00 Prague 8 – Karlín, Czech Republic, IČO: 02387727 –
third party providing monitoring of satisfaction with the functioning of the website
and providing the “Verified by Customers” service
8.2. The e-shop operator determines purchase satisfaction via email questionnaires within the
“Verified by Customers” program, in which the Controller’s e-shop is enrolled. The Controller sends the
Data Subject (Buyer) a questionnaire each time the Data Subject (Buyer) makes a purchase
in the Controller’s e-shop, unless, under Act No. 452/2021 as amended, the Data Subject (Buyer)
has refused the sending of electronic mail for direct marketing purposes.
Processing of personal data for sending the questionnaires within the “Verified by Customers”
program is performed by the Controller on the basis of the Controller’s legitimate interest,
which consists in determining the Data Subject’s (Buyer’s) satisfaction with a purchase
through the Seller’s e-shop. To send questionnaires, evaluate the Data Subject’s (Buyer’s) feedback and perform market position analyses,
the Controller uses a processing intermediary, namely the operator of the portal Heureka.sk, to whom the Controller may provide information on the purchased
goods and the Data Subject’s (Buyer’s) email address for these purposes. The Data Subject’s (Buyer’s)
personal data are not provided to any third party for its own purposes when sending the email questionnaires.
The Data Subject (Buyer) may object at any time to the sending of questionnaires within the “Verified by Customers” program by refusing
further questionnaires via the link in the email with the questionnaire. In the event of an objection by the Data Subject (Buyer),
the Controller will no longer send the questionnaire to the Data Subject (Buyer).
IX. Information on transfers of personal data to third countries and on the retention period:
9.1. Not applicable. The Controller does not transfer personal data to third countries.
X. Information on the existence of relevant rights of the Data Subject:
10.1. The Data Subject has, among others, the following rights, whereby:
10.1.1. The following does not affect other rights of Data Subjects.
10.1.2. The Data Subject’s right of access under Article 15 of the Regulation, which includes:
the right to obtain from the Controller confirmation as to whether or not personal data concerning the Data Subject are being processed, and if so,
in what scope. At the same time, if processed, the Data Subject has the right to find out their content and to request from the Controller information on the reason for their processing, in particular information on: the reason for processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period, the existence of the right to request from the Controller rectification or erasure of personal data concerning the Data Subject or restriction of processing and the existence of the right to object to such processing, the right to lodge a complaint with a supervisory authority, where the personal data have not been obtained from the Data Subject, any available information as to their source, the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the Regulation and, in such cases, at least meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject, and the appropriate safeguards under Article 46 of the Regulation relating to transfers of personal data, if personal data are transferred to a third country or international organisation.
10.1.3. the right to obtain a copy of the personal data undergoing processing, provided that the right to obtain a copy must not adversely affect the rights and freedoms of others.
10.1.4. the Data Subject’s right to rectification under Article 16 of the Regulation, which includes the right for the Controller without undue delay to rectify inaccurate personal data concerning the Data Subject; the right to have incomplete personal data completed, including by means of providing a supplementary statement by the Data Subject; the Data Subject’s right to erasure of personal data (“right to be forgotten”) under Article 17 of the Regulation, which includes:
10.1.5. the right to obtain from the Controller the erasure of personal data concerning the Data Subject without undue delay where one of the following grounds applies:
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
the Data Subject withdraws consent on which the processing is based and there is no other legal ground for the processing,
the Data Subject objects to the processing pursuant to Article 21(1) of the Regulation and there are no overriding legitimate grounds for the processing, or the Data Subject objects to the processing pursuant to Article 21(2) of the Regulation,
the personal data have been unlawfully processed,
the personal data have to be erased for compliance with a legal obligation under Union or Member State law to which the Controller is subject,
the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the Regulation;
10.1.6. the right that a Controller which has made the personal data public, taking account of available technology and the cost of implementation, takes reasonable steps, including technical measures, to inform controllers which are processing the personal data that the Data Subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data; provided that the right to erasure with the content of the rights under Article 17(1) and (2) of the Regulation shall not arise where processing is necessary:
10.1.7. for exercising the right of freedom of expression and information;
10.1.8. for compliance with a legal obligation which requires processing under Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
10.1.9. for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) of the Regulation as well as Article 9(3) of the Regulation;
10.1.10. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the Regulation, in so far as the right referred to in Article 17(1) of the Regulation is likely to render impossible or seriously impair the achievement of the objectives of that processing; or for the establishment, exercise or defence of legal claims;
10.1.11. the Data Subject’s right to restriction of processing under Article 18 of the Regulation, which includes:
10.1.12. the right to have the Controller restrict processing where one of the following applies: the Data Subject contests the accuracy of the personal data, for a period enabling the Controller to verify the accuracy of the personal data; the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead; the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims; the Data Subject has objected to processing pursuant to Article 21(1) of the Regulation pending the verification whether the legitimate grounds of the Controller override those of the Data Subject;
10.1.13. the right that where processing has been restricted, such personal data shall, with the exception of storage, be processed only with the Data Subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State;
10.1.14. the right to be informed in advance of the lifting of the restriction of processing;
10.1.15. the Data Subject’s right to fulfilment of the notification obligation regarding rectification or erasure of personal data or restriction of processing under Article 19 of the Regulation, which includes: the right to have the Controller communicate to each recipient to whom the personal data have been disclosed any rectification or erasure of personal data or restriction of processing carried out pursuant to Article 16, Article 17(1) and Article 18 of the Regulation, unless this proves impossible or involves disproportionate effort, and the right to have the Controller inform the Data Subject about those recipients, if the Data Subject requests it;
10.1.16. the Data Subject’s right to data portability under Article 20 of the Regulation, which includes: the right to receive the personal data concerning the Data Subject, which they have provided to the Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the Controller, if:
a) the processing is based on the Data Subject’s consent pursuant to Article 6(1)(a) of the Regulation or Article 9(2)(a) of the Regulation, or on a contract pursuant to Article 6(1)(b) of the Regulation, and simultaneously
b) the processing is carried out by automated means, and simultaneously:
10.1.17. the right to receive the personal data in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the Controller shall not adversely affect the rights and freedoms of others;
10.1.18. the right to have the personal data transmitted directly from one controller to another, where technically feasible;
10.1.19. the Data Subject’s right to object under Article 21 of the Regulation, which includes:
10.1.20. the right to object at any time, on grounds relating to the Data Subject’s particular situation, to processing of personal data concerning them which is based on Article 6(1)(e) or (f) of the Regulation, including profiling based on those provisions;
10.1.21. where the right to object at any time, on grounds relating to the Data Subject’s particular situation, to processing of personal data concerning them which is based on Article 6(1)(e) or (f) of the Regulation, including profiling based on those provisions, is exercised, the right to have the Controller no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims;
10.1.22. the right to object at any time to processing of personal data concerning the Data Subject for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing; in such case, where the Data Subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes;
10.1.23. in the context of the use of information society services, the right to object to processing of personal data by automated means using technical specifications;
10.1.24. the right to object, on grounds relating to the Data Subject’s particular situation, to processing of personal data concerning the Data Subject for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the Regulation, unless the processing is necessary for the performance of a task carried out for reasons of public interest;
10.1.25. the Data Subject’s rights related to automated individual decision-making, including profiling, under Article 22 of the Regulation, which includes:
10.1.26. the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the Data Subject or similarly significantly affects them, except in the cases referred to in Article 22(2) of the Regulation [i.e., except where the decision is: (a) necessary for entering into, or performance of, a contract between the Data Subject and the Controller,
10.1.27. authorised by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests; or (c) based on the Data Subject’s explicit consent].
XI. Information on the Data Subject’s right to withdraw consent to the processing of personal data:
11.1. The Data Subject has the right to withdraw their consent to the processing of personal data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
The Data Subject may withdraw their consent to the processing of personal data at any time—in full or in part. Partial withdrawal of consent may concern a certain type of processing operation(s), in which case the lawfulness of processing for the remaining processing operations shall remain unaffected. Partial withdrawal may also concern a specific purpose(s) of processing personal data, in which case the lawfulness of processing for other purposes shall remain unaffected.
The right to withdraw consent to the processing of personal data may be exercised by the Data Subject
in writing to the Controller’s address recorded as its registered office in the Commercial Register
at the time of withdrawal of consent to the processing of personal data, or electronically
by electronic means (by sending an email to the Controller’s email address
provided in the Controller’s identification in this document).
XII. Information on the Data Subject’s right to lodge a complaint with a supervisory authority:
12.1. The Data Subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement, if the Data Subject considers that the processing of personal data concerning them infringes the Regulation, without prejudice to any other administrative or judicial remedy.
The Data Subject has the right to be informed by the supervisory authority to which the complaint has been lodged of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the Regulation.
12.2. The supervisory authority in the Slovak Republic is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, Slovak Republic. Tel.: +421 /2 3231 3214, Email: statny.dozor@pdp.gov.sk,
XIII. Information related to automated decision-making, including profiling:
13.1. Since the Controller does not process the Data Subject’s personal data in the form of automated decision-making, including profiling within the meaning of Article 22(1) and (4) of the Regulation, the Controller is not obliged to provide the information under Article 13(2)(f) of the Regulation, i.e., information on automated decision-making, including profiling, and on the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject. Not applicable.
XIV. Final provisions
14.1. This Privacy Policy and cookie notice form an integral part of the General Terms and Conditions and the Complaints Procedure.
The documents – General Terms and Conditions and Complaints Procedure of this Website –
are published on the Seller’s domain of the Website.
14.2. This Privacy Policy becomes valid and effective upon its publication
on the Seller’s Website on 30/10/2024
Názov s.r.o. (TREBA ZMENIŤ)