Personal Data Protection and Cookies

I. Controller

1.1. The identity and contact details of the Controller are:

Trading name: Mário Harman

Registered address: 92041 Leopoldov, Záhradnícka 698/38, Slovak Republic

Entered in the register of the District Office Trnava, Sole Trader, registration No.: 250-54454

Company registration No.: 55276270

Tax registration No.: 1085920121

Bank account: SK39 0900 0000 0052 0034 1961

The Seller is not registered for VAT (value-added tax).

1.2. The Controller's email and telephone contact are as follows:

Email: powerofwarrior2019@gmail.com

Phone No.: +421908109914

1.3. The correspondence address of the Controller is:

Mário Harman – www.pow.sk, Záhradnícka 698/38, 920 41 Leopoldov, Slovak Republic

1.4. The Controller, pursuant to Section 13 (1) and (2) of Regulation (EU) 2016/679 of the

European Parliament and Council of Europe from 27 th May 2016 on the protection of natural

persons with regard to the processing of personal data and the free movement of such data, the

repeal of Directive 95/46/EC (General Data Protection Regulation) (hereinafter the

"Regulation"), further pursuant to Act No. 18/2018 Coll. on personal data protection and

amending certain laws as amended and pursuant to Act No. 452/2021 Coll. on electronic

communications as amended provides the Data Subject (Buyer), from whom the Controller

(Seller) collects personal data pertaining thereto, this information, instructions and

explanations:

II. References

2.1. These principles and instructions on personal data protection form part of the General

Commercial Terms and Conditions published on the Seller's website.

2.2. Pursuant to Section 3 (1) (n) of Act No. 102/2014 Coll., the Seller hereby informs the

consumer that there are no relevant special codes of conduct that the Seller has agreed to

adhere to; a code of conduct is an agreement or collection of rules which define the behaviour

of a seller, who has agreed to adhere to such a code of behaviour with regard to one or several

special business practices or commercial sectors, that as such are not stipulated by law, or any

other legal regulation or decree by a public administration authority, which the seller has

agreed to adhere to, and how the consumer may familiarise themselves with the same or

access its wording.

3.1. The Controller of the website provides the following brief explanation of the function of

cookies, scripts and pixels:

3.1.1. Cookies are text files which contain a small amount of information that are downloaded

onto your device when you visit the website. Thanks to this file the website stores, for a

certain period of time, information on your navigation around the site and your preferences

(such as login name, language, font size and other display settings), so that you do not need to

enter them again during your next visit to the website or when viewing its individual pages.

A script is a part of the program code which is used to ensure the correct and interactive

function of websites. This code will run on the Controller's server or on your device.

Pixels are a small, invisible piece of text or image on the website which is used to monitor the

number of visits to the website. To allow this various data is stored within the pixels.

3.1.2. Cookies are further divided into

Technical or functional cookies – they ensure the Controller's website operates correctly.

These cookies are used without user consent.

Statistical cookies – the Controller gathers statistical information regarding the use of its

websites. These cookies are only used with user consent.

Marketing/Advertising cookies – these are used to create advertising profiles and inform

marketing activities. These cookies are only used with user consent.

3.2. How to manage or delete cookies:

3.2.1. Cookies may be managed and/or deleted at your discretion – for more detail, visit the

site: aboutcookies.org. You can delete all the cookies stored in your computer or in any other

device and you can configure most browsers to disallow the storge and use of cookies.

3.3. The Controller's website uses the following cookies:

All the cookies used by the Controller may be found on the site https://www.cookieserve.com/

by entering the Controller's website address https://www.pow.sk

Technical or functional cookies – the Controller of the website is able to access the

information. The cookies are stored for a period of 5 years.

Statistical cookies – the Controller of the website is able to access the information. The

cookies are stored for a period of 5 years.

Marketing and advertising cookies – the Controller of the website is able to access the

information. The cookies are stored for a period of 5 years.

3.3.1. The cookies are made available to the following third parties:

Google Analytics and Google Ads:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

For more information on privacy protection see:

https://support.google.com/analytics/topic/2919631?hl=sk&ref_topic=1008008

IV. Processing of Personal Data

4.1. On their website, the Controller processes the following personal data: name, surname,

address, email address, home phone number, mobile phone number, billing address, delivery

address, data received from the cookies and IP address.

V. Contact Details for the Data Protection Officer

5.1. The Controller has appointed a data protection officer, pursuant to Regulation 2016/679

on the protection of natural persons with regard to the processing of personal data and the free

movement of such data. Contact: Email: powerofwarrior2019@gmail.com, Phone No.:

+421908109914

5.2. The Controller is simultaneously the Seller within the meaning of the term as defined in

the General Commercial Terms and Conditions of this website.

6.1. The Data Subject's personal data is processed for the following purposes:

6.1.1. record keeping, the creation and processing of contracts and the client's data with the

intent of concluding contracts with third parties.

6.1.2. processing of accounting documents and documents related to the Controller's business

activities.

6.1.3. to adhere to the legal regulations related to the archiving of documents, e.g., pursuant to

Act No. 431/2002 Coll. on accounting as amended and other relevant regulations.

6.1.4. activities carried out by the Controller in relation to fulfilling a request, order, contract

or similar documents for the Data Subject.

6.1.5. to provide newsletters, marketing and similar advertising activities of the Controller, if

the Data Subject has given their consent to the Controller to use their data for these purposes.

6.2. The personal data of the Data Subject may only be stored by the Controller for the period

of time necessary for the fulfilment of a contract and the subsequent need to archive the data

for the required period as imposed on the Controller by the relevant regulations. If the Data

Subject agreed to receive email advertisements and similar offers, the Data Subject's personal

data will be processed for such purposes until the Data Subject revokes their consent. This

will be for a maximum period of 10 years.

VII. The Legal Basis for the Processing of the Data Subject's Personal Data

7.1. If the Controller performs personal data processing based on the consent of the Data

Subject, such processing shall only commence after the Data Subject has granted consent.

7.2. If the Controller processes the Data Subject's personal data to allow negotiations for pre-

contractual relationships, the conclusion and performance of sale contracts and the delivery of

goods, products or service related thereto. The Data Subject is obliged to provide personal

data to provide the requisite information for a sales contract; otherwise, it is not possible to

provide a contract. The processing of Personal data for these purposes is done without the

consent of the Data Subject.

VIII. Recipients or Categories of Recipients of Personal Data

8.1. A Recipient of the personal data of the Data Subject is or may be:

8.1.1. Statutory authorities or their members.

8.1.2. Employees, or people with a similar relationship, of the Controller.

8.1.3. Sales representatives and other persons that work with the Controller to fulfil the role of

the Controller. For the purposes of this document employees of the Controller shall be taken

to mean every natural person that carries out activities for the Controller under an

employment contract or an agreement on works performed outside of an employment

contract.

8.1.4. Recipients of the personal data of the Data Subject may also third parties with whom

the Controller cooperates, their business partners, suppliers and contractual partners, in

particular the organisations that provide the following services: accountancy, software

creation and maintenance, legal services, consultancy, transport and delivery of products to

buyers and third parties, marketing, social media operations, payment portals and other

payment methods.

8.1.5. Other recipients of personal data might be the courts, law enforcement bodies, tax

office and other state authorities, as stipulated by law. The Controller shall provide the

personal data to the relevant authorities and state institutions based on and pursuant to the

legal regulations of the Slovak Republic.

8.1.6. List of third-party entities – intermediaries and Recipients which process the personal

data of the Data Subject:

Packeta Slovakia s. r. o., registered address: Kopčianska 3338/82A, 851 01 Bratislava,

Company reg. No.: 48136999 – third party entity that provides transport services

Global Payments s. r. o., Vajnorská 100/B, 831 04 Bratislava-Nové Mesto, Company reg.

No.: 50 010 301 – third party entity that operates a payment portal

Alena Pagáčová – EKOTEAM, Cintorínska 30, 91935 Hrnčiarovce nad Parnou – third party

entity that provides accountancy services

IX. The Transfer of Personal Data to a Third Countries and the Period of Storage:

9.1. This does not apply. The Controller does not transfer an individual's personal data to a

third countries.

X. The Rights of the Data Subject:

10.1. The Data Subject has, inter alia, the following rights, and:

10.1.1. Point 10.1. shall not prejudice any of the other rights of the Data Subject.

10.1.2. The Data Subject has the right to access data under Article 15 of the Regulation, the

content whereof is:

the right to obtain confirmation from the Controller as to whether or not it processes the

personal data of the Data Subject, and if yes, to what extent. If it is processed, the Data

Subject has the right to know what is shared and the Controller, by request, must provide

information on why it has been processed, especially information concerning: why it has

been processed, the categories of personal data concerned, the recipients or categories of

recipients to which the personal data has or will be provided, in particular recipients in third

countries or international organisations, the period for which it is envisaged the personal data

will be stored, or, if this is not possible, information on the criteria for the determination

thereof. The Data Subject has the right to request that the Controller rectifies, erases or

restricts the processing of their personal data and object to such processing. The Data Subject

also has the right to lodge a complaint with the supervisory authority if the personal data held

was not collected from the Data Subject, and the Controller must provide all available

information as to its source and the existence of automated decision-making, including

profiling, as referred to in Article 22 (1) and (4) of the Regulations and, in such cases, as a

minimum, meaningful information about the logic involved, as well as the significance and

the envisaged consequences that such activity may have for the Data Subject, along with

information on the appropriate safeguards pursuant to Article 46 of the Regulation related to

personal data transfer, if they are transferred to a third country or international organisation.

10.1.3. the right to be provided with a copy of the processed personal data, under the

condition that the right to receive a copy of the processed personal data shall not adversely

affect the rights and freedoms of others.

10.1.4. The Data Subject's right to rectification under Article 16 of the Regulation, which

means that the Controller must, without undue delay, correct any inaccurate personal data

related to the Data Subject. Any incomplete personal data must be completed; this includes by

amending a supplementary statement provided by the Data Subject. If the Data Subject wishes

they have the right to have their personal data erased ("the right to be forgotten") under

Article 17 of the Regulation, which means:

10.1.5. On request, the Controller must erase all the personal data related to the Data Subject

without undue delay, where one of the following grounds applies:

the personal data is no longer required for the purposes that they were originally collected or

processed. The Data Subject withdraws the consent on which the processing was based and

where there are no other legal grounds for the processing. The Data Subject objects to

processing of data pursuant to Article 21 (1) of the Regulation and there are no overriding

legitimate grounds for processing, or the Data Subject objects to processing of personal data

pursuant to Article 21 (2) of the Regulation, the personal data has been unlawfully processed,

the personal data must be erased to comply with a legal obligation within the European Union

or a member state to whose laws the Controller is subject or the personal data has been

collected in relation to the offer of information society services referred to in Article 8 (1) of

the Regulation,

10.1.6. where the Controller has made the personal data public, taking into account the

available technology and the cost of implementation, the right to have the Controller take

reasonable steps, including technical measures, to inform other controllers, who have

processed the personal data, that the Data Subject has requested the erasure, by all controllers

of any links to, copy or replication of, of that personal data, and the right to the erasure of

personal data under Article 17 (1) and (2) of the Regulation shall not arise if the

personal data processing is necessary:

10.1.7 to exercise the right of freedom of expression and information.

10.1.8. to comply with a legal obligation which requires data processing by the European

Union or a member state to which the Controller is subject, or for the performance of a task

carried out in the public interest or in the exercise of the official authority vested in the

Controller.

10.1.9. for the public interest in the area of public health in accordance with points (h) and (i)

of Article 9 (2) as well as Article 9 (3) of the Regulation.

10.1.10 to archive the data in the public interest or for scientific, historical or statistical

research purposes in accordance with Article 89 (1) of the Regulation, in so far as the right

referred to in Article 17 (1) of the Regulation is likely to render the achievement of the

objectives of the research is impossible or seriously impaired; or for the establishment,

exercise or defence of legal claims.

10.1.11. under the right of the Data Subject to restrict personal data processing under Article

18 of the Regulation, the content whereof is:

10.1.12. the right to restrict the Controller from processing personal data where one of the

following applies: the accuracy of the personal data is contested by the Data Subject, for a

period of time to enable the Controller to verify the accuracy of the personal data, the

processing is unlawful and the Data Subject opposes the erasure of the personal data and

instead requests a restriction of its use, the Controller no longer needs to process the personal

data, but they are required, by the Data Subject, for the establishment, exercise or defence of

legal claims, the Data Subject has objected to processing pursuant to Article 21 (1) of the

Regulation, pending verification of whether the legitimate grounds of the Controller override

those of the Data Subject;

10.1.13. where processing has been restricted, the right to have such personal data, with the

exception of storage, processed only with the consent of the Data Subject or for the

establishment, exercise or defence of legal claims, for the protection of the rights of another

natural or legal person or for reasons of important public interest of the European Union or a

member state;

10.1.14. the right to be informed, by the Controller, before any restriction on processing is

lifted;

10.1.15. the right for the Data Subject to fulfil the notification obligation towards Recipients

under Article 19 of the Regulation, the content of which is: the right to have the Controller

communicate any rectification or erasure of personal data or restriction of processing carried

out in accordance with Article 16, Article 17 (1) and Article 18 of the Regulation to each

Recipient to whom the personal data has been disclosed, unless this proves impossible or

involves disproportionate effort and the right to be informed by the Controller of all data

Recipients if the Data Subject requests it;

10.1.16 the Data Subject has the right to data portability under Article 20 of the Regulation,

the content of which is: the right to receive personal data concerning the Data Subject, which

they provided to the Controller, in a structured, commonly used and machine-readable format,

and the right to transmit that data to another controller without hindrance, if:

a) the processing is based on the consent of the Data Subject pursuant to point (a) of Article 6

(1) or point (a) of Article 9 (2) of the Regulation or on a contract pursuant to point (b) of

Article 6 (1) of the Regulation; and

b) the processing is carried out through automated means, and:

10.1.17. the right to receive the personal data in a structured, commonly used and machine-

readable format and the right to transmit that data to another controller without hindrance

shall not adversely affect the rights and freedoms of others;

10.1.18 the right to have the personal data transmitted directly from one controller to another,

where technically feasible;

10.1.19 the right of the Data Subject to object under Article 21 of the Regulation, the content

of which is:

10.1.20. the right to object at any time, on grounds that relates to the particular situation of the

Data Subject, to the processing of their personal data which is based on points (e) or (f) of

Article 6 (1) of the Regulation, including profiling based on those provisions of the

Regulation;

10.1.21 if the right to object at any time to processing of personal data concerning them which

is based on point (e) or (f) of Article 6 (1) of the Regulation is exercised, on grounds that

relate to the particular situation of the Data Subject, including profiling based on those

provisions of the Regulation, the Controller shall no longer have the right to process the Data

Subject's personal data unless the Controller demonstrates compelling legitimate grounds for

processing of the data which override the interests, rights and freedoms of the Data Subject or

for the establishment, exercise or defence of legal claims

10.1.22. the right to object at any time to the processing of personal of the Data Subject for

direct marketing purposes, including profiling, to the extent that it is related to direct

marketing; where the Data Subject objects to the processing for direct marketing purposes, the

personal data shall no longer be processed for such purposes;

10.1.23. in the context of its use by information society services, the right to exercise the right

to object to the processing of personal data by automated means using technical

specifications;

10.1.24 the right to object to processing of the personal data of the Data Subject on grounds

relating to the Data Subject's particular situation where the personal data is processed for

scientific, historical or statistical research purposes pursuant to Article 89 (1) of the

Regulation, unless the processing is necessary for the performance of a task carried out for in

the public interest;

10.1.25. the right of the Data Subject related to automated individual decision-making under

Article 22 of the Regulation, the content of which is:

10.1.26 the right not to be subject to a decision based solely on the automated processing of

personal data, including profiling, which produces a legal outcome that significantly affects

them, with the exception of cases that come under Article 22 (2) of the Regulation (ergo, with

the exception of the cases when the decision: (a) is necessary to enter into, or for the

performance of, a contract between the Data Subject and the Controller,

10.1.27 is permitted by a European Union or member state, to which the Controller is subject,

law or regulation, that also lays down suitable measures to safeguard the rights, freedoms and

legitimate interests of the Data Subject, or (c) is based on the Data Subject's explicit consent.

11.1. The Data Subject has the right to withdraw their consent to the processing of personal

data at any time, without it this having any effect on the lawfulness of processing based on

consent before it was withdrawn.

The Data Subject has the right to withdraw their consent to the processing personal data at

any time – fully or partially. Partial withdrawal of consent to personal data processing may

relate to a specific type of processing operation(s), and the lawfulness of the personal data

processing within the scope of the remaining processes shall not be affected. Partial

withdrawal of consent to personal data processing may relate to the specific purposes(s) of

that form of personal data processing, and the lawfulness of personal data processing for other

purposes shall not be affected.

The Data Subject may exercise their right to withdraw their consent to personal data

processing in written form to the Controller's registered address, as per the register of Sole

Traders, as was valid at the time of withdrawal of consent or in an electronic form by

electronic means (by sending an email to the Controller's email address as stated in the

contact details for the Controller).

XII. The Data Subject's Right to Lodge a Complaint with the Supervisory Authority:

12.1. The Data Subject has the right to lodge a complaint with the supervisory authority,

particularly the one in their member state of usual residence, place of work or in the place of

the alleged breach if the Data Subject believes that the personal data processing which

concerns them is in breach of the Regulation, without prejudice to any other administrative or

judicial means of correction.

The Data Subject has the right to be informed of the progress and result of the complaint they

have lodged by the supervisory authority with which they lodged it, including the option to

lodge a judicial remedy under Article 78 of the Regulation.

12.2. The supervisory authority in the Slovak Republic is the Office for Personal Data

Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, Slovak Republic.

Phone No.: +421 /2 3231 3214, Email: statny.dozor@pdp.gov.sk,

XIII. Automated Decision-making including Profiling

13.1. In this case the automated decision-making including profiling of the personal data of

the Data Subject, in the form of stated in Article 22 (1) and (4) of the Regulation, does not

take place, the Controller is not obliged to provide the information required under Article 13

(2) (f) of the Regulation.

XIV. Final Provisions

14.1. This document, Personal Data Protection and Cookies form an integral part of the

General Commercial Terms and Conditions and the Warranty Terms and Conditions. All of

the above mentioned documents can be found on the on the Seller's website.

13.4. This document, Personal Data Protection and Cookies, shall come into force and effect

through their publication on the Seller's website on 21 st April 2023.

This e-shop is certified byhttps://www.pravoeshopov.sk