The delivery of smoking-related goods is possible only within Slovakia, for example, to delivery boxes near the borders.
Proceed to cart
Customer support:info@good-buy.sk
    Language
    English
    Home / Privacy policy

    Privacy policy

    Privacy Policy

    I. Data Controller

    1. The data controller under § 5(o) of Act No. 18/2018 Coll. on Personal Data Protection as amended (hereinafter referred to as the "Act") is Good Buy s.r.o., Company ID (IČO): 54396344, with its registered office at Svätovavrinecká 13920/10, 83101 Bratislava, Slovakia (hereinafter referred to as the "Controller").

    2. Controller's Contact Information:
      Address: Svätovavrinecká 13920/10, 83101 Bratislava, Slovakia
      Email: info@good-buy.sk

    3. Personal data refers to any information about an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, an online identifier, or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

    4. The Controller has (not) appointed a Data Protection Officer. The contact details of the Data Protection Officer are: [to be specified if appointed].

    II. Sources and Categories of Processed Personal Data

    1. The Controller processes personal data provided by you or obtained by the Controller in connection with fulfilling your order.

    2. The Controller processes your identification and contact details as well as data necessary for contract fulfillment.

    III. Legal Grounds and Purpose of Personal Data Processing

    1. The legal grounds for processing personal data include:

      • Fulfillment of a contract between you and the Controller under § 13(1)(b) of the Act.
      • Legitimate interests of the Controller in providing direct marketing (especially for sending commercial communications and newsletters) under § 13(1)(f) of the Act.
      • Your consent to processing for direct marketing purposes (especially for sending commercial communications and newsletters) under § 13(1)(a) of the Act.

    2. The purposes of personal data processing are:

      • Fulfilling your order and exercising rights and obligations arising from the contractual relationship between you and the Controller. Personal data required for successfully processing the order (name, address, contact) is necessary for the conclusion and fulfillment of the contract. Without providing personal data, it is not possible to conclude the contract or fulfill it on the part of the Controller.
      • Sending commercial communications and conducting other marketing activities.

    3. The Controller does (not) engage in automated individual decision-making under § 28 of the Act. Such processing occurs only with your explicit consent.

    IV. Retention Period for Personal Data

    1. The Controller retains personal data:

      • For the duration necessary to exercise rights and obligations arising from the contractual relationship between you and the Controller and to enforce claims from these contractual relationships (15 years from the termination of the contractual relationship).
      • Until consent for marketing purposes is revoked, but no longer than [timeframe not specified].

    2. After the retention period expires, the Controller will delete the personal data.

    V. Recipients of Personal Data (Controller's Subcontractors)

    1. Recipients of personal data include:

      • Persons involved in the delivery of goods/services and payment realization based on a contract.
      • Providers of e-shop operation services (e.g., Shoptet) and other services related to e-shop operation.
      • Providers of marketing services.

    2. The Controller does (not) intend to transfer personal data to third countries (outside the EU) or international organizations. Recipients of personal data in third countries include providers of mailing or cloud services.

    VI. Your Rights

    1. Under the conditions stipulated in the Act, you have the right to:

      • Access your personal data under § 21 of the Act.
      • Correct personal data under § 22 of the Act or restrict processing under § 24 of the Act.
      • Erase personal data under § 23 of the Act.
      • Object to processing under § 27 of the Act.
      • Data portability under § 26 of the Act.
      • Revoke consent to processing in writing or electronically to the Controller's address or email provided in Article III of these conditions.

    2. Additionally, you have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.

    VII. Conditions for Securing Personal Data

    1. The Controller declares that it has implemented all appropriate technical and organizational measures to secure personal data.

    2. The Controller has adopted technical measures to secure data storage and personal data records in physical form, including [specific measures to be described].

    3. The Controller declares that access to personal data is limited to authorized personnel only.

    VIII. Final Provisions

    1. By submitting an order via the online order form, you confirm that you have read this privacy policy and fully accept it.

    2. You agree to this privacy policy by checking the consent box on the online form. By checking the box, you confirm that you have read and fully accept the privacy policy.

    3. The Controller reserves the right to amend this policy. A new version of the privacy policy will be published on its website, and a copy will be sent to your email address provided to the Controller.

    This policy is effective as of May 25, 2018.

    Používáme ověření věku Adulto