General Information on Personal Data Processing

1. Parties

Data subject – buyer / website visitor
Controller – operator of the online store silkbase.eu: Silkbase s.r.o., Trieda KVP 1, Košice 04023

2. Recipients of personal data

• GLS General Logistics Systems Slovakia s.r.o. (performance of contract)

• Packeta Slovakia s.r.o. (performance of contract)

• SuperFaktura, s.r.o. (issuing accounting documents)

• Petra Service, s.r.o. (accounting services)

3. Contact and DPO information

Given the scope and nature of its activities, the Controller is not obliged under Section 44 of Act No. 18/2018 Coll. on the protection of personal data to appoint a data protection officer. However, if you have any questions regarding your personal data, contact us at: shop@silkbase.eu, or call: +421 902 532 885.

The website operator is responsible for the processing of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”). The data subject has the right, based on a written request to the Controller, to request information about their personal data being processed, or to request the deletion or correction of their personal data by the Controller.

4. Accuracy of data and rights

The data subject is obliged to provide true and up-to-date personal data. The rights of the data subject are governed by Chapter 3 of the GDPR. The data subject has the right to: lodge a complaint with a supervisory authority, object to processing, request access to personal data concerning them, request rectification or erasure or restriction of processing, and the right to data portability.

---

Information on the Rights of the Data Subject

The data subject has the right, based on a written request, to require from the Controller:

a) confirmation whether personal data concerning them are being processed or not,
b) in a generally understandable form, information about the processing of personal data in the information system in the scope of: identification data of the controller and processor (if appointed); purpose of processing; list or scope of processed personal data; information on whether providing personal data is voluntary or mandatory; duration of consent or information on the legal regulation requiring the provision of personal data; third parties to whom personal data are to be provided; categories of recipients to whom personal data are to be disclosed; form of publication if personal data are to be published; third countries if personal data are to be transferred there,
c) in a generally understandable form, precise information about the source from which the Controller obtained the personal data,
d) in a generally understandable form, a list of their personal data that are being processed,
e) correction or deletion of incorrect, incomplete, or outdated personal data that are being processed,
f) deletion of personal data for which the purpose of processing has ended; if official documents containing personal data are processed, you may request their return,
g) deletion of personal data being processed if the law has been violated,
h) blocking of personal data due to withdrawal of consent before its expiry, if the Controller processes personal data on the basis of consent.

Requests, information about a personal data breach, or other serious matters related to processing may be addressed to the Controller at the address above, by phone: +421 902 532 885, or by e-mail: shop@silkbase.eu.

---

Right of access to personal data

As a data subject, you have the right to obtain from the Controller confirmation as to whether personal data concerning you are being processed. If your personal data are processed, you have the right to access them and obtain further information about: the purpose of processing; categories of personal data concerned; recipients or categories of recipients; in particular recipients in third countries or international organisations; where personal data are transferred to a third country or an international organisation, the appropriate safeguards; the retention period, or if not possible, the criteria used to determine it; the right to request rectification, erasure or restriction; the right to object; the right to lodge a complaint; the source of personal data if not obtained from you; and the existence of automated decision-making, including profiling.

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a person, in particular relating to work performance, financial situation, health, personal preferences, interests, reliability, behaviour, location or movement. In such cases, the Controller will provide information about the method used and the significance and envisaged consequences for the data subject.

The Controller is obliged to provide you with the personal data it processes. For repeated provision, the Controller may charge a reasonable fee corresponding to administrative costs. The Controller must provide personal data in the manner requested by you. The right to obtain personal data must not adversely affect the rights of other natural persons.

---

Right to rectification

As a data subject, you have the right to have the Controller rectify inaccurate personal data concerning you without undue delay. Depending on the purpose of processing, you have the right to have incomplete personal data completed.

---

Right to object to processing

You have the right to object to processing of your personal data on grounds relating to your particular situation, if the Controller carries out profiling or processes your personal data based on:

– processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority,
– processing necessary for the purposes of legitimate interests pursued by the Controller or by a third party.

The Controller may no longer process your personal data unless it demonstrates compelling legitimate grounds which override your rights or interests, or grounds for the establishment, exercise or defence of legal claims.

You have the right to object to processing of personal data concerning you for direct marketing purposes, including profiling to the extent that it is related to direct marketing. If you object, the Controller may no longer process your personal data for direct marketing.

You also have the right to object on grounds relating to your particular situation when your personal data are processed for scientific research, historical research or statistical purposes, except where processing is necessary for the performance of a task carried out for reasons of public interest.

---

Right to erasure (“right to be forgotten”)

As a data subject, you have the right to obtain from the Controller the erasure of personal data concerning you without undue delay. The Controller must erase personal data if:

a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
b) you withdraw consent and there is no other legal ground,
c) you object and there are no overriding legitimate grounds, or you object to direct marketing including related profiling,
d) the personal data have been unlawfully processed,
e) erasure is necessary to comply with a legal obligation,
f) the personal data were collected in relation to the offer of information society services under Section 15(1) of the Act.

Where the Controller has made the personal data public and is obliged to erase them, it must, taking account of available technology and costs, inform other controllers processing the data to erase links to, copies or replications of those personal data.

The Controller is not obliged to erase personal data if they are necessary:
a) for exercising freedom of expression and information,
b) for compliance with a legal obligation or for a task carried out in the public interest / official authority,
c) for reasons of public interest in the area of public health,
d) for archiving in the public interest, scientific or historical research or statistical purposes, where erasure is likely to render impossible or seriously impair the achievement of that processing, or
e) for the establishment, exercise or defence of legal claims.

---

Right to restriction of processing

You have the right to obtain from the Controller restriction of processing if:

a) you contest the accuracy of personal data (restriction for the period enabling verification),
b) processing is unlawful and you oppose erasure and request restriction instead,
c) the Controller no longer needs the data, but you require them for legal claims,
d) you have objected to processing; restriction applies pending verification whether the Controller’s legitimate grounds override yours.

Where processing has been restricted, personal data may, apart from storage, be processed only with your consent, for legal claims, for the protection of persons, or for reasons of public interest. The Controller must inform you before lifting the restriction.

---

Notification obligation regarding rectification/erasure/restriction

The Controller shall communicate any rectification, erasure or restriction to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. If you request it, the Controller shall inform you about those recipients.

---

Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the Controller, in a structured, commonly used and machine-readable format, and to transmit those data to another controller where technically feasible, if processing is carried out by automated means and is based on:

a) your consent, or
b) necessity for the performance of a contract or pre-contractual measures at your request.

This right must not adversely affect the rights of others. Exercising portability does not affect the right to erasure. Portability does not apply to processing necessary for tasks in the public interest or official authority.

---

Right to lodge a complaint / initiate proceedings

If your rights are affected, you have the right under Section 100 of the Act to submit a proposal to initiate proceedings to the Office for Personal Data Protection of the Slovak Republic. The purpose is to determine whether there has been a breach and, if justified, to impose corrective measures or a fine.

A template is published by the Office on its website. The proposal must include evidence supporting the claims and proof that you exercised your rights with the Controller, or reasons for not doing so.

These rights (except the right to initiate proceedings) may be exercised by e-mail or in writing by post with the Controller. Data breaches or serious matters may also be reported to the Controller.

You may contact the Office at: Námestie 1. mája 18, 811 06 Bratislava, Slovak Republic, or via: http://www.dataprotection.gov.sk.

If the data subject lacks full legal capacity, their rights may be exercised by a legal representative. If the data subject is deceased, a close person may exercise the rights.

The Controller processes requests free of charge, except for reimbursement of material costs for copies, technical media and sending the information, unless otherwise provided by law. The Controller must respond in writing within 30 days. Any restriction of rights shall be communicated without undue delay in writing to the data subject and to the Office.

The Controller hereby informed you, as a data subject, about the protection of your personal data and instructed you about your rights within the scope of this written information duty.

---

Processing of Personal Data for the Purpose of Completing an Order

1. Purposes

Issuing tax documents, contacting the customer regarding the order, performance of the contract, handling liability for defects of sold products – arising from contract performance.

2. Legal basis

a) Processing of personal data (first name, last name, title, street and number, postal code, city) is necessary under a specific regulation or international treaty binding on the Slovak Republic, primarily Act No. 222/2004 Coll. on Value Added Tax.
b) Processing of personal data (e-mail, telephone contact) is necessary for the performance of the contract.

3. Retention period

10 years

---

Processing of Personal Data for Marketing Communications

For marketing communications, the general information above applies, and also:

• Purpose: sending marketing information

• Legal basis: Article 6(1)(a) GDPR – consent of the data subject for one or more specific purposes

• Retention period: 10 years

---

Processing of Personal Data for Cookies

For cookies, the general information above applies, and also:

1. Purposes

Improving our services, Heureka questionnaire. We do not run ads on the website.

Cookies are small amounts of data that servers send to a browser, which stores them on the user’s device. Each time the website is visited again, the browser sends these data back to the server.

2. Legal basis

Article 6(1)(a) GDPR – consent

3. Retention period

Cookies can be divided into two basic types by duration:

• short-term “session cookies”, stored only until the browser is closed, and

• long-term “persistent cookies”, stored for a longer period or until manually deleted, depending on cookie settings and your browser settings.

---

Automated Individual Decision-Making Including Profiling

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

---

Conditions and Method of Processing Personal Data

The Controller processes personal data in its information systems by automated and non-automated means. The Controller does not publish processed personal data, except where required by law or by a court/authority decision. The Controller will not process your personal data without your explicit consent or other lawful basis for a different purpose or in a wider scope than stated in this information and in the records of the Controller’s information systems.

---

Cookies and Analytics / Monitoring Tool

The Controller uses an analytical tool to monitor its website that generates a data string and tracks how visitors use the website. When someone browses the website, the system generates cookies to record visit-related information (visited pages, time spent, browsing data, leaving the website, etc.), but these data must not be linked to the visitor’s identity.

This tool serves to improve website ergonomics, create a user-friendly website and enhance visitors’ online experience. Most browsers accept cookies, but visitors can delete them or refuse them automatically. Since each browser is different, visitors can manage cookie preferences via their browser toolbar/settings. If you choose not to accept cookies, you may not be able to use some functions of the website.

---

Cookie Types