Privacy policy

Privacy Policy and Data Protection Information

Provided by the Controller to the Data Subject when collecting personal data from the Data Subject and information about cookies of the online store www.dommsi.com /

I. Controller

1.1. Identity and contact details of the Controller are:

Business name: Dominika Šimová
Place of business: 92401 Galanta, Železničiarska 1423/26, Slovak Republic

Registered in the trade register: District Office Galanta, Trade Register Number: 220-37783
Company ID (IČO): 54537720
Tax ID (DIČ): 1125317127
VAT ID (IČ DPH): SK1125317127
Bank account: SK59 1100 0000 0029 4413 8786

The Seller is a VAT payer.

1.2. Email and phone contact for the Controller:

Email: dommsirings@gmail.com
Tel.: +421904646507

1.3. Address of the Controller for sending correspondence:

Dominika Šimová, Nová doba 921/6, 92401 Galanta, Slovak Republic

1.4. The Controller hereby, in accordance with Article 13 paragraphs 1 and 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 May 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”), further in accordance with Act No. 18/2018 Coll. on Personal Data Protection and amendments to certain laws, as amended, and in accordance with Act No. 452/2021 Coll. on Electronic Communications, as amended, provides the Data Subject (Buyer) from whom the Controller (Seller) obtains personal data relating to them with the following information, instructions, and explanations:

II. References

2.1. These privacy principles and instructions form part of the General Terms and Conditions published on the Seller’s website.

2.2. Pursuant to §3, paragraph 1, letter n) of Act No. 102/2014 Coll., the Seller informs the consumer that there are no special relevant codes of conduct that the Seller has committed to comply with. A code of conduct means an agreement or a set of rules that define the behavior of the Seller, who has committed to comply with this code regarding one or more specific business practices or sectors, if these are not established by law or other legal regulation or public authority measure, and about how the consumer can familiarize themselves with or obtain the wording of such codes.

III. Personal Data Protection and Use of Cookies. Explanation of Cookies, Scripts, and Pixels

3.1. The Controller of the website provides the following brief explanation of the function of cookies, scripts, and pixels:

3.1.1. Cookies are text files that contain a small amount of information downloaded to your device when you visit a website. Thanks to these files, the website stores information about your actions and preferences (such as login name, language, font size, and other display settings) for a certain time so that you do not have to re-enter them when revisiting or browsing individual pages.

A Script is a piece of programming code used for the proper and interactive function of websites. This code runs on the Controller’s server or your device.

Pixels are small, invisible text or images on a website used to monitor website traffic. Through pixels, various data are stored to enable this monitoring.

3.1.2. Cookies are divided into:

  • Technical or functional cookies – ensure the proper functioning and use of the Controller’s website. These cookies are used without consent.

  • Statistical cookies – The Controller obtains statistics on website usage. These cookies are used only with consent.

  • Marketing / Advertising cookies – Used to create advertising profiles and similar marketing activities. These cookies are used only with consent.

3.2. How to control cookies:

3.2.1. You can control and/or delete cookies as you wish – details are available at aboutcookies.org. You can delete all cookies stored on your computer or other device, and most browsers can be set to prevent cookie storage.

3.3. The Controller’s website uses the following cookies:

All cookies used by the Controller can be found at https://www.cookieserve.com/ by entering the Controller’s web address https://www.dommsi.com

  • Technical or functional cookies – accessed by the Controller. Cookie duration 2 years.

  • Statistical cookies – accessed by the Controller. Cookie duration 2 years.

  • Marketing and advertising cookies – accessed by the Controller. Cookie duration 2 years.

IV. Processed Personal Data

4.1. The Controller processes the following personal data on its website: first name, last name, residence, email address, home phone number, mobile phone number, billing address, delivery address, data obtained from cookies, IP addresses.

V. Contact Details of the Data Protection Officer

5.1. The Controller has appointed a Data Protection Officer in accordance with Regulation 2016/679 on the protection of natural persons regarding personal data processing and the free movement of such data. Contact: Email: dommsirings@gmail.com, Tel.: +421904646507

5.2. The Controller is also the Seller as defined in the General Terms and Conditions of this website.

VI. Purposes and Duration of Processing Personal Data of the Data Subject

6.1. The purposes of processing the Data Subject’s personal data are mainly:

  • 6.1.1. Recordkeeping, creation, and processing of contracts and client data for the purpose of concluding contracts with third parties.

  • 6.1.2. Processing accounting documents and documents related to the Controller’s commercial activities.

  • 6.1.3. Compliance with legal regulations related to document and record archiving, e.g., according to Act No. 431/2002 Coll., Accounting Act, as amended, and other applicable laws.

  • 6.1.4. Activities related to fulfilling requests, orders, contracts, and similar legal acts of the Data Subject.

  • 6.1.5. Newsletter, marketing, and similar advertising activities of the Controller. If the Data Subject consents to marketing and advertising activities, the Controller will process personal data for these purposes.

6.2. The Controller stores personal data of the Data Subject only for the necessary time required to fulfill the contract and subsequent archiving according to legal deadlines imposed by law. If the Data Subject consents to receiving marketing emails and similar offers, the personal data are processed for these purposes until the Data Subject withdraws consent, but no longer than 10 years.

VII. Legal Basis for Processing the Data Subject’s Personal Data

7.1. If the Controller processes personal data based on the Data Subject’s consent, such processing will begin only after the Data Subject has given that consent.

7.2. If the Controller processes personal data for the purpose of negotiating pre-contractual relationships and concluding and fulfilling a purchase contract and related delivery of goods, products, or services, the Data Subject is obliged to provide personal data for proper fulfillment of the contract; otherwise, fulfillment cannot be ensured. Personal data for this purpose are processed without the Data Subject’s consent.

VIII. Recipients or Categories of Recipients of Personal Data

8.1. Recipients of the personal data of the Data Subject will be or at least may be:

8.1.1. Statutory bodies or their members of the Controller.

8.1.2. Persons performing work activities in an employment or similar relationship for the Controller.

8.1.3. Commercial representatives of the Controller and other persons cooperating with the Controller in fulfilling the Controller’s tasks. For the purposes of this document, all natural persons performing dependent work for the Controller based on an employment contract or agreements on work performed outside employment shall be considered employees of the Controller.

8.1.4. Recipients of the personal data of the Data Subject will also be collaborators of the Controller, its business partners, suppliers, and contractual partners, especially: accounting company, company providing services related to software development and maintenance, company providing legal services to the Controller, company providing consultancy services to the Controller, companies ensuring transport and delivery of products to buyers and third parties, marketing companies, companies operating social networks, companies providing payment gateways and other payment methods.

8.1.5. Recipients of the personal data will also include courts, law enforcement authorities, tax offices, and other state authorities if required by law. Personal data will be provided by the Controller to these authorities and state institutions based on and in accordance with the legal regulations of the Slovak Republic.

8.1.6. List of third parties – processors and recipients processing personal data of the Data Subject:

  • Slovenská pošta, a.s., Partizánska cesta 9, 975 99 Banská Bystrica, ID No.: 36631124 – third party providing transportation services

  • Packeta Slovakia s. r. o., Kopčianska 3338/82A, 851 01 Bratislava, ID No.: 48136999 – third party providing transportation services

  • PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24, Boulevard Royal, 2449, LUXEMBOURG, Luxembourg – third party providing payment gateway

IX. Information on the Provision of Personal Data to Third Countries and Duration of Storage

9.1. Not applicable. The Controller does not transfer personal data of individuals to third countries.

X. Information on the Existence of Relevant Rights of the Data Subject

10.1. The Data Subject has, among others, the following rights, whereby:

10.1.1. The provisions of point 10.1 do not affect other rights of the Data Subjects.

10.1.2. The right of the Data Subject to access data under Article 15 of the Regulation, which includes:

  • The right to obtain from the Controller confirmation whether personal data concerning the Data Subject are being processed, and if so, to what extent. If processed, the right to know their content and request information from the Controller about the reason for processing, especially information about: the reasons for processing, categories of personal data concerned, recipients or categories of recipients to whom personal data were or will be disclosed, especially recipients in third countries or international organizations, the expected duration of storage or, if not possible, the criteria used to determine it, the existence of the right to request correction, deletion, or restriction of processing of personal data concerning the Data Subject, the right to object to such processing, the right to lodge a complaint with a supervisory authority, if the data were not obtained from the Data Subject, any available information about their source, the existence of automated decision-making including profiling as referred to in Article 22 paragraphs 1 and 4 of the Regulation and, in such cases, at least meaningful information about the procedure used and the significance and expected consequences of such processing for the Data Subject, and appropriate safeguards under Article 46 of the Regulation concerning transfers of personal data to third countries or international organizations.

10.1.3. The right to receive a copy of the personal data being processed, provided that such right does not adversely affect the rights and freedoms of others.

10.1.4. The right of the Data Subject to rectification under Article 16 of the Regulation, which means the right of the Controller to promptly correct inaccurate personal data relating to the Data Subject, the right to complete incomplete personal data including by providing a supplementary statement of the Data Subject, and the right to erasure ("right to be forgotten") under Article 17 of the Regulation, which includes:

10.1.5. The right to obtain from the Controller without undue delay the deletion of personal data concerning the Data Subject where one of the following grounds applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed

  • The Data Subject withdraws consent on which processing is based, and there is no other legal ground for processing

  • The Data Subject objects to processing pursuant to Article 21(1) of the Regulation and there are no overriding legitimate grounds for processing

  • The personal data were unlawfully processed

  • The personal data must be erased to comply with a legal obligation under Union or Member State law

  • The personal data were collected in relation to the offer of information society services under Article 8(1) of the Regulation

10.1.6. The right of the Data Subject to require the Controller who has made personal data public to take reasonable steps, including technical measures, to inform other Controllers processing the data to erase any links, copies, or replications of those personal data, considering available technology and costs; provided that the right to erasure under Article 17 paragraphs 1 and 2 of the Regulation shall not apply if processing is necessary for:

10.1.7. Exercising the right of freedom of expression and information.

10.1.8. Compliance with a legal obligation under Union or Member State law or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

10.1.9. Reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) of the Regulation.

10.1.10. Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes according to Article 89(1) of the Regulation, where the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of such processing; or for the establishment, exercise, or defense of legal claims.

10.1.11. The right of the Data Subject to restriction of processing under Article 18 of the Regulation, which includes:

10.1.12. The right to obtain restriction of processing when:

  • The accuracy of the personal data is contested by the Data Subject during the verification period

  • Processing is unlawful and the Data Subject opposes erasure and requests restriction instead

  • The Controller no longer needs the data for processing but the Data Subject requires them for legal claims

  • The Data Subject objects to processing under Article 21(1) until it is verified whether the Controller’s legitimate grounds override those of the Data Subject

10.1.13. The right to have restricted personal data processed only with the consent of the Data Subject or for the establishment, exercise, or defense of legal claims, or for the protection of rights of others, or for important reasons of public interest.

10.1.14. The right to be informed before the restriction is lifted.

10.1.15. The right to notification obligation towards recipients under Article 19 of the Regulation, including the right to be informed about recipients unless this proves impossible or requires disproportionate effort.

10.1.16. The right to data portability under Article 20 of the Regulation, including the right to receive personal data concerning the Data Subject in a structured, commonly used, and machine-readable format and the right to transmit those data to another Controller without hindrance if:

a) The processing is based on consent under Article 6(1)(a) or Article 9(2)(a) or on a contract under Article 6(1)(b), and

b) The processing is carried out by automated means.

10.1.17. The right to obtain personal data in a structured, commonly used, and machine-readable format and to transfer them to another Controller without adversely affecting others.

10.1.18. The right to direct transmission of personal data from one Controller to another where technically feasible.

10.1.19. The right to object under Article 21 of the Regulation, including:

10.1.20. The right to object at any time for reasons related to their particular situation to processing based on Article 6(1)(e) or (f), including profiling based on these provisions.

10.1.21. Where the right to object is exercised under Article 6(1)(e) or (f), the Controller shall no longer process the personal data unless demonstrating compelling legitimate grounds overriding the interests, rights, and freedoms of the Data Subject or for establishment, exercise, or defense of legal claims.

10.1.22. The right to object at any time to processing for direct marketing purposes, including profiling related to direct marketing; if the Data Subject objects, personal data shall no longer be processed for such purposes.

10.1.23. The right to object to processing by automated means using technical specifications in the context of information society services.

10.1.24. The right to object for reasons related to their particular situation to processing for scientific or historical research or statistical purposes under Article 89(1), except where processing is necessary for public interest.

10.1.25. The right related to automated individual decision-making under Article 22 of the Regulation, which includes:

10.1.26. The right that the Data Subject shall not be subject to a decision based solely on automated processing of personal data, including profiling, which produces legal effects concerning them or similarly significantly affects them, except in cases pursuant to Article 22(2) of the Regulation [i.e., except in cases where the decision is: (a) necessary for entering into or performance of a contract between the Data Subject and the Controller,

10.1.27. permitted by European Union law or the law of the Member State to which the Controller is subject, which also lays down suitable measures to safeguard the rights, freedoms, and legitimate interests of the Data Subject, or (c) based on the explicit consent of the Data Subject.

XI. Instruction on the right of the Data Subject to withdraw consent to the processing of personal data:

11.1. The Data Subject is entitled to withdraw their consent to the processing of personal data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

The Data Subject is entitled to withdraw their consent to the processing of personal data at any time – in whole or in part. Partial withdrawal of consent to the processing of personal data may concern a certain type of processing operation(s), whereby the lawfulness of the processing of personal data for the remaining processing operations remains unaffected. Partial withdrawal of consent to the processing of personal data may also concern a certain specific purpose(s) of personal data processing, whereby the lawfulness of the processing for other purposes remains unaffected.

The right to withdraw consent to the processing of personal data can be exercised by the Data Subject in written form addressed to the Controller’s registered office as recorded in the commercial register at the time of withdrawal of consent, or electronically by electronic means (by sending an email to the Controller’s email address provided in the identification of the Controller in this document).

XII. Instruction on the right of the Data Subject to lodge a complaint with the supervisory authority:

12.1. The Data Subject has the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or place of the alleged infringement, if they consider that the processing of personal data concerning them is in breach of the Regulation, all without prejudice to any other administrative or judicial remedy.

The Data Subject has the right to be informed by the supervisory authority to which the complaint has been lodged about the progress and outcome of the complaint, including the possibility of judicial remedy pursuant to Article 78 of the Regulation.

12.2. The supervisory authority in the Slovak Republic is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, Slovak Republic. Tel. contact: +421 /2 3231 3214, Email: statny.dozor@pdp.gov.sk.

XIII. Information related to automated decision-making including profiling:

13.1. Since, in the case of the Controller, the processing of personal data of the Data Subject does not involve automated decision-making including profiling as referred to in Article 22(1) and (4) of the Regulation, the Controller is not obliged to provide information under Article 13(2)(f) of the Regulation, i.e., information about automated decision-making including profiling and the logic involved, as well as the significance and expected consequences of such processing of personal data for the Data Subject. This does not apply.

XIV. Final provisions:

14.1. These Principles and instructions on the protection of personal data and on cookies form an integral part of the General Terms and Conditions and the Complaints Procedure. The documents – General Terms and Conditions and Complaints Procedure of this Website are published on the domain of the Seller’s Website.

14.2. These Data Protection Principles shall become valid and effective upon their publication on the Seller’s Website on 23.11.2023.

This e-shop is certified at http://www.pravoeshopov.sk