Privacy Policy

PRIVACY POLICY

Last updated: June 11, 2019

 

As the controller, MD elements s.r.o. is committed to protecting the privacy and security of your personal data. Therefore, the company developed the following Privacy Policy, which describes in detail how your personal data is processed.

 

1. Introductory provisions

At MD elements s.r.o., we value the trust of you, our customers, suppliers and others who communicate with us, and we make sure that we respect your privacy and the confidentiality of the data we receive, including personal data.

We guarantee full protection of your personal data against misuse. All the data you provide about your person is protected. In accordance with the requirements of the applicable legislation, we take all necessary security, technical and organizational measures to protect your personal data. Your data is encrypted wherever technically possible.

At the same time, we continuously monitor the legislation applicable in the field of personal data protection, but also related recommendations, trends and technological innovations in this area. We pay attention to the compliance of our personal data protection with the valid legal regulations, especially the Act on Personal Data Protection and on the amendment and supplementation of certain Acts No. 18/2018 Coll. and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”).

In connection with the processing of your personal data, within the meaning of Article 13 of the Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, we hereby disclose the following information. It will help you to clarify what kinds of data we collect regarding product sales and provision of our services, visiting and using our website, and performing other activities and how we process this type of information.

 

 

2. Controller identification and contact details:

MD elements s.r.o.
Jantárová 31
940 02  Nové Zámky
Slovak Republic

Company ID No.: 51 806 274
VAT ID No.: SK2120789880
Tax ID No.: 2120789880

Bank details: Tatra Banka
Account Number:
IBAN: SK38 1100 0000 0029 4405 9527
SWIFT: TATRSKBX
The company is registered in the Commercial Register of the District Court Nitra section Sro, Insert No. 46060/N

homepage: www.insahar.com
e-mail: info@insahar.com

 

 

3. Identification and contact details of the person supervising the processing of personal data of the controller

MD elements s.r.o. has entrusted the responsible person with the supervision of security and protection of your personal data. If you have any questions concerning this Policy or any other suggestion or interest in exercising your right, please feel free to contact us and we will be happy to assist you.

 

Ing. Michal Decsi
Phone No.: +421 907 835 926
e-mail: info@insahar.com

 

4. Definition of Basic Terms

Act No. 18/2018 Coll. on Personal Data Protection considers personal data as: “any information relating to an identified or identifiable natural person, such a person being one who can be identified, directly or indirectly, in particular by reference to an identifier of general application or by reference to one or more characteristics or factors specific to his physical, physiological, psychological, mental, economic, cultural or social identity.

In particular, this includes data such as your name, title, address, birth date, age, gender, phone number, and your e-mail address.

According to Article 4(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”): “personal data are any information relating to an identified or identifiable natural person; an identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier, or by reference to one or more elements that are specific to physical, physiological, genetic, mental, economic, cultural or social identity of that individual”.

Thus, according to the GDPR, online identifiers of persons (for example, IP address, cookies, mobile device identifiers) are also considered personal data – for example, if the IP address can be used to determine the location of the individual, it is considered personal data.

Controller is anyone who, alone or together with others, defines the purpose and means of processing personal data and processes personal data in their own name; the controller or specific requirements for their designation may be stipulated in a special regulation or an international treaty the Slovak Republic is bound by if such a provision or this treaty establishes the purpose and means of processing personal data.

The data subject is any natural person whose personal data are processed.

Authorized person is a natural person getting in contact with personal data at a controller in the course of performing his/her work duties, obligations or similar relationship with the controller (based, for example, on an authorization, appointment, election or in the exercise of public office), and performing processing operations with personal data assigned by the controller. A natural person becomes an authorized person on the day of his / her instruction.

 

 

5. Basic principles relating to personal data processing

MD elements s.r.o. is governed in accordance with Article 5 GDPR and Sections 6 to 12 of the Personal Data Protection Act when processing personal data by these principles:

 

The principle of legality – personal data can only be processed in a lawful manner and in such a way that the fundamental rights of the data subject are not violated.

 

The purpose limitation principle – personal data may only be obtained for a specific, explicit and legitimate purpose and may not be further processed in a manner incompatible with that purpose; further processing of personal data for the purpose of archiving, for scientific purposes, for the purpose of historical research or for statistical purposes, if it is in accordance with a special regulation and if adequate safeguards for the protection of the data subject’s rights pursuant to Section 78(8) of the Act are respected, is not considered incompatible with the original purpose.

 

The principle of personal data minimization – the personal data must be adequate, relevant and limited to the necessary scope given for the purpose for which they are processed.

 

The principle of accuracy – the personal data must be accurate and kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

 

The storage limitation principle – personal data must be stored in a form that allows the data subject to be identified as long as necessary for the purpose for which the personal data are processed; personal data may be stored longer if they are to be processed solely for the purpose of archiving, for scientific purposes, for the purpose of historical research or for statistical purposes on the basis of a special regulation, and if adequate safeguards for the protection of the data subject’s rights under Section 78 (8) of the Act are respected.

 

The principle of integrity and confidentiality – personal data must be processed in a manner that, through appropriate technical and organizational measures, ensures adequate security of personal data, including protection against unauthorized processing of personal data, unlawful processing of personal data, accidental loss of personal data, destruction or damage of the personal data.

 

The liability principle – The controller is responsible for compliance with the basic principles of personal data processing, conformity of the personal data processing with the principles of processing the personal data and is obliged to prove this conformity of the principles of personal data processing at the request of the Office.

 

6. Method of personal data processing

MD elements s.r.o. keeps records of its processing activities, both manual and automated, and has in place appropriate technical and organizational measures in the area of information security to prevent unauthorized or unlawful disclosure, access, accidental or unlawful loss or destruction, alteration, transmission or other damage to your personal data. Such measures include the use of firewalls, secure server spaces, encryption, appropriate access rights management systems and processes, a thorough selection of processors, and other technically and commercially justified measures to provide adequate protection of your personal data from unauthorized use or disclosure. As appropriate, MD elements s.r.o. may also make backup copies and use other similar means to prevent accidental damage or destruction of your personal data. These measures provide a sufficient level of security in relation to the risks naturally associated with the process and nature of the personal data that is protected. Your secure personal data will be made available exclusively to selected authorized and instructed employees of MD elements s.r.o.

 

7. Categories of personal data, the purpose of processing, legal basis and processing time

In order to protect the personal data of you and others (“data subjects”), we try to minimize their use to only the necessary data. Nevertheless, the processing of some personal data is necessary, whether legally required or necessary for the provision of products, services, and communication with you.

We use your personal data to process your orders, including the delivery of products and services associated with your order, to process your payments, to answer your questions, or to send our newsletter if you have given us your consent.

MD elements s.r.o. processes these categories of personal data of its customers (and potential customers):

Purpose	Legal Basis	Personal Data Category	Storage Period
the realization of the contractual relationship with customer, preparations prior to entering the contractual relationship, registration of the contractual relationship, delivery of goods realization, performance of contracts control	performance of the contract pursuant to Section 13 (1b) Act No. 18/2018 Coll. on Personal Data Protection and Article 6 (1b) GDPR	address, IP address, cookies, phone, e-mail	5 years
communication via the contact form on the controller’s website	performance of the contract pursuant to Section 13 (1b) Act No. 18/2018 Coll. on Personal Data Protection and Article 6 (1b) GDPR	name, surname, address, telephone, e-mail	5 years
bookkeeping, processing of accounting documents for the introduction and performance of pre-contractual and contractual relations	performance of the contract pursuant to Section 13 (1b) Act No. 18/2018 Coll. on Personal Data Protection and Article 6 (1b) GDPR	name, surname, title, address, bank account number, telephone, e-mail	10 years
sending marketing information -newsletter	the consent of the data subject pursuant to Section 13 (1b) Act No. 18/2018 Coll. on Personal Data Protection and Article 6 (1a) GDPR	name, surname, e-mail	until the withdrawal of consent
implementation and evaluation of marketing surveys	legitimate interest of the controller pursuant to Section 13 (1f) Act No. 18/2018 Coll. on Personal Data Protection and Article 6 (1f) GDPR,	name, surname, title, address, IP address, cookies, phone, e-mail	5 years
processing requests from natural persons to exercise their rights as the data subjects under Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.	fulfilment of the statutory obligation pursuant to Section 13 (1c) Act No. 18/2018 Coll. on Personal Data Protection and Article 6 (1c), in accordance with Article 15 to 22 and 34 GDPR	name, surname, address, telephone, e-mail	1 year (from the date of processing the application)

 

 

8. Categories of personal data recipients

MD elements s.r.o.  sro also uses professional and specialized services of other entities to fulfil its commitments and obligations under the contracts. If these entities process personal data transmitted by MD elements s.r.o., they have the status of processors who process personal data only on the basis of the Personal Data Processing Agreement concluded in accordance with Article 28 (3) GDPR and Section 34 (3) of Act No. 18/2018 Coll. on Personal Data Protection, only within the instructions of MD elements s.r.o. and may not use them otherwise.

These include, in particular, the categories of information system operators, marketing support tools, sales, customer service and accounting, cloud platform operators, postal services operators, experts, lawyers, auditors, suppliers of other sub-contracting activities and sub-services where the processing of personal data is necessary. For example, MD elements s.r.o. submits personal data to:

 

Processor	Personal data that is shared and why
Slovenská pošta, a. s.	Delivery of documents
Google	marketing purposes – website analysis data obtained through cookies for marketing purposes and improving our services
Microsoft	provision of services – data required to configure and manage Microsoft services
Avast Software sro	provision of services – data necessary for providing security solutions
	–

 

MD elements s.r.o.  transmits personal data to the administrative authorities and authorities designated by applicable legislation as part of its legal obligations.

With the consent of the data subject or by his/her order, personal data may be provided to other recipients.

 

9. Transfer of personal data to a third country or international organization

MD elements s.r.o. can only transmit personal data to countries that provide an adequate level of personal data protection. MD elements s.r.o. will not authorize the processing of personal data by an entity abroad.

The protection of personal data processed by MD elements s.r.o. by the controller, transferred to the territory of the Slovak Republic from entities established or permanently resident in third countries, is performed in accordance with the applicable legislation and internal regulations of the company.

 

10. Information on the existence of automated processing of personal data

In accordance with Article 22 of the GDPR, MD elements s.r.o. does not use any fully automated decision-making process to establish a business relationship. If MD elements s.r.o. decided to use this method in rare cases, it will inform you in advance where required by law.

MD elements s.r.o. uses automatic methods partially to process your data in order to evaluate certain personal aspects (profiling). The client profiling process is used by MD elements s.r.o., for example, for the targeted provision of products you might be interested in.

 

11. Storage, destruction, archiving, registry and personal data protection

Personal data are stored on backed-up servers of MD elements s.r.o. Access to them is limited to authorized persons.

Personal data is after processing or achieving the specified purpose of personal data processing destroyed in accordance with the internal regulations of MD elements s.r.o.

Although the processing of your personal data is terminated by MD elements s.r.o., in the case of certain categories of documents, such as contractual documents and accounting documents, it is necessary to store these documents in the form of registry records for the period specified by the relevant legislation and the company’s registry plan until their disposal in accordance with Act No. 431/2002 Coll. on Accounting as amended and Act No. 395/2002 Coll. on Archives and Registries and on the amendment of certain Acts, as amended.

 

12. Visiting the website and security measures

During your visit to the website of MD elements s.r.o. we process only the information that you provide about yourself and which will be sent to us, collected and stored on a protected server and processed to the extent that you permit or is permitted by law. You may disagree with the processing of some information or not disclose it, but this may mean that you will not be able to take advantage of some of our offers or the functionality of the website may be limited.

Personal data that we need to process your order are processed for this purpose without your further special consent, you grant the consent automatically, e.g. by submitting your order.

We have taken extensive measures to secure your data on our website. The data you provide to us and which you entered on our website via the contact form are encrypted using SSL (Secure Socket Layer) and are transmitted via a public data network to MD elements s.r.o. where they are stored and processed. SSL is currently the most common and secure way to transfer data on the Internet.

You can recognize the encrypted connection by the fact that the line in the browser changes from “https://” to “https://” and the lock icon appears in the browser line.

If the SSL encryption is active, third parties cannot read the data you send us.

Every time you access our website, our system automatically collects data and information from the computer system of the computer accessing the website.

The following data is collected:

•         internet protocol,
•         IP address,
•         date and time of access,
•         browser type and operating system,
•         the page you visited,
•         the amount of data transmitted,
•         access status,
•         duration and frequency of use.

This data is never stored with other user’s personal data.

 

There is a contact form on our website that you can use when you want to contact us electronically. If the user selects this option, the data he enters in the input mask is transferred and stored. These data include:

•         name
•         e-mail address
•         phone number (optional)
•         message

 

In addition, the following information is stored when you send your message:

•         user’s IP address,
•         date and time the message was sent.

 

You can also contact us via the e-mail addresses provided. In this case, the personal data that the user has sent in the e-mail will be stored.

 

13. Cookie Processing Policy

In order to ensure the proper functioning of the website, its full browsing potential for visitors and for the purpose of making the company’s marketing activities more effective, the company MD elements s.r.o. uses so-called cookies.

By using the website operated by MD elements s.r.o. you express your consent to the use of cookies in accordance with the browser settings.

If you visit the website of MD elements s.r.o. and at the same time you enable cookies in the browser, it is considered as consent to their use and acceptance of the terms of their use.

A cookie is a small text file that a website stores on your computer or mobile device while browsing. With this file, the site keeps track of your steps and preferences (such as login name, language, font size, and other display settings) for some time, so you don’t need to re-enter them when you visit or browse each site again. Therefore, cookies are important since, without them, web-browsing would be a lot more difficult.

Cookies cannot scan your computer or other devices or read data stored on them.

Temporary cookies (session cookies) are always activated when you visit a website and are automatically deleted when you finish browsing.

Long term cookies remain stored on your computer or another device after browsing the website.

The website of MD elements s.r.o. uses cookies to remember user settings, safe search preferences, also to customize ads to the interest of visitors, track the number of site visitors, protect user data, and to ensure the necessary website functionality.

In general, cookies can generally be divided into four categories – essential, functional, analytical and advertising.

Necessary cookies allow you to use the website in general and use its basic features. These cookies do not collect any data about you that could be used for marketing purposes and they do not store your Internet browsing history. With the help of the necessary cookies, we detect your identity when you sign in to the site, ensuring that we have the necessary service on our website, even if we reorganize our website in some way, etc. Without their use, we cannot guarantee the full functionality of our site.

Functional cookies serve to provide services or to remember settings to ensure maximum convenience when using the website. With the use of functional cookies, we remember what settings you have chosen, such as your preferred language, remember whether you have already given your consent, e.g. confirming the Cookies Policy, or pre-fill your data in forms, etc.

Analytical Cookies – they collect the data about how you use our website, e.g. which pages you visit, whether you have encountered any unwanted errors, e.g. in forms. These cookies do not collect any data that can be used to identify your identity. All data collected is anonymous and serves to let us know our website traffic, to analyse visitor behaviour, and to find out what content and information is interesting to our visitors. With analytical cookies, we get statistics about how you use our website, we can identify errors and remove them to improve the website, etc. Any analytical information stored is anonymous and used exclusively for our own technical and marketing purposes.

We use Google Analytics, an analytical service provided by Google, Inc., on the MD elements s.r.o.  website. (“Google”). Google Analytics uses cookies to analyse user behaviour and access location to our website. The information generated by the cookie about the use of the website (including your IP address) is sent and stored by Google on servers in the United States. On behalf of the website provider, Google will use this information to evaluate your use of our websites, compile website activity reports, and provide other services related to website optimization and customer user behaviour.

Google Analytics – Address: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

For more information about privacy protection, visit:

https://support.google.com/analytics/topic/2919631?hl=sk&ref_topic=1008008

 

Advertising Cookies – they allow to displaying targeted advertising on our website by tracking your behaviour and Internet search by identifying your browser settings. These cookies do not identify a specific person, but the settings and preferences of the anonymous user of a particular computer. Advertising cookies are also used to evaluate the effectiveness of a particular advert.

Use of cookies can be enabled (and disabled) in your web browser settings. Most browsers automatically accept cookies in their initial settings.

If you do not want our website to store cookies in your browser, you can change this setting directly in your browser. Instructions to change cookies settings are in the “help” option of each browser.

The majority of browsers offer configuration options, e.g. enable saving cookies, viewing saved cookies, disabling all or selected cookies. Instructions for deleting cookies in individual browsers can be found here:

•         Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
•         Google Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
•         Internet Explorer: https://support.microsoft.com/sk-sk/help/17442/windows-internet-explorer-delete-manage-cookies
•         Safari: https://www.apple.com/
•         Opera: https://help.opera.com/en/latest/web-preferences/#cookies

You can delete all cookies stored on your computer, and you can set most browsers to prevent them from being saved. In this case, however, you may need to manually adjust some settings each time you visit a website, and some services and features will not work.

For more information on cookies, visit www.allaboutcookies.org, https://www.whatarecookies.com/

 

14. Use of personal data for marketing purposes

If you are a customer with whom MD elements s.r.o. has been in a previous contractual relationship (previous purchase of goods), MD elements s.r.o. may, for marketing purposes, process the contact information you provided, that being name, surname, e-mail address. MD elements s.r.o. can send you news about its products, current discounts, promotions and competitions.

All personal data used for marketing purposes (working with existing customers, promoting goods or services after a previous purchase) is used for legal purposes of legitimate interest, and for marketing purposes, we keep it for 5 years from your last order.

If you are a new customer of MD elements s.r.o.  and wish to subscribe to the newsletter, MD elements s.r.o. can only grant it to you on the basis of a voluntarily granted consent by subscribing to the newsletter.

If you wish to receive the above information via e-mail, you can express your voluntary consent by entering an e-mail address in the website panel called “News via e-mail -Newsletter” and checking the “I agree” box.

By agreeing, you voluntarily authorize MD elements s.r.o. to send news and other business and marketing information to your e-mail address, while confirming that you are an authorized user of the e-mail address you have entered and that you are authorized to grant such consent, that is, you are a natural person who is 16 years of age or older, or if you are under the age of 16, have the legal guardian’s consent.

In addition to the address you have entered, we also store the date and time of granting the consent.

You have the right to withdraw your consent to the processing of your personal data at any time. Withdrawal of the consent does not affect the lawfulness of the processing of personal data based on consent prior to its withdrawal. You may withdraw your consent in the same manner as you granted your consent.

 

You can withdraw your consent in the following ways:

a) by sending an e-mail message with the subject line “DO NOT SEND” to the e-mail address gdpr@insahar.com,

b) by inserting an e-mail address into a website panel called “News via e-mail – Newsletter”, where the system detects that your e-mail address exists and offers you the option to unsubscribe.

 

15. Rights of the Data Subjects

As the data subject of which we process the personal data, you have several rights under the law that allow you to change how we process your personal data.

You can file your application for exercising your rights in writing at the address of the registered office of MD elements s.r.o. or by sending an e-mail to gdpr@insahar.com.

 

15.1 Right to access the personal data

According to Article 15 GDPR, as the data subject, you have the right to access personal data that includes the right to obtain from MD elements s.r.o.:

1.       confirmation of processing personal data
2.       information on the purposes of the processing, the categories of personal data concerned, the recipients to whom the personal data have been or will be made available, the scheduled processing time, the existence of the right to require the controller to rectify or destroy personal data relating to the data subject or to limit their processing or to object to such processing, on filling a complaint to the Authority, all available information on the source of personal data, unless it is obtained from the data subject itself, the fact that there is automated decision making, including profiling, on appropriate safeguards when providing data outside the EU,
3.       if the rights and freedoms of other persons are not adversely affected, as well as a copy of personal data.

 

In the case of a repeated request, MD elements s.r.o. is entitled to charge a reasonable fee for the provision of copies of the processed personal data.

 

15.2 Right to rectify incorrect data

According to Article 16 GDPR, as the data subject, you have the right to rectify inaccurate personal data processed by MD elements s.r.o.. The customer of MD elements s.r.o. is also obliged to report changes to his or her personal data and to prove that such a change has occurred. At the same time, you are obliged to provide MD elements s.r.o. with assistance if it is found that personal data we process about you are not accurate. We will rectify the data without undue delay, but always with regard to the technical possibilities.

 

15.3 Right to erasure

According to Article 17 GDPR, as the data subject, you have the right to erase personal data relating to you if MD elements s.r.o. does not substantiate the legitimate reasons for processing this personal data. MD elements s.r.o. has set up mechanisms to ensure automatic anonymization or erasure of personal data in case if they are no longer needed for the purpose for which they were processed.

 

15.4 Right to the restriction of processing

According to Article 18 GDPR, as the data subject, you have the right to restrict processing if you deny the accuracy of your personal data, the reasons for processing it or if you object to its processing until the particular complaint is resolved.

 

15.5 Right to notify rectification or erasure of personal data or restriction of processing

According to Article 19 GDPR, as the data subject, you have the right to be notified by MD elements s.r.o. in case of rectification, erasure or restriction of the processing of personal data. If personal data are rectified or erased, MD elements s.r.o.  will inform the individual recipient, unless this proves impossible or requires a disproportionate effort. At the request of the data subject, we can provide information about these recipients.

 

15.6 Right to data portability

According to Article 20 GDPR, as the data subject, you have the right to transfer the data concerning you that you have provided to MD elements s.r.o. in a structured, commonly used and machine-readable format, and the right to request MD elements s.r.o. to transmit such data to another controller.

If you provide, as the data subject, MD elements s.r.o. with personal data as part of the performance of the contract or by consent, you have the right to receive such data from MD elements s.r.o. in a structured, commonly used and machine-readable format. If technically possible, MD elements s.r.o. may also transfer the data to a designated controller, provided that the duly appointed person acting as the relevant controller is authorized.

If the exercise of this right could adversely affect the rights and freedoms of third parties, your request cannot be accepted.

 

15.7 Right to object to the processing of personal data

According to Article 21 GDPR, as the data subject, you have the right to object to the processing of your personal data due to the legitimate interest of MD elements s.r.o..

If MD elements s.r.o. does not prove that there is a serious justified reason for processing that prevails over the interests or rights and freedoms of the data subject, MD elements s.r.o. will terminate the processing on the basis of an objection without undue delay.

 

15.8 Right to withdraw consent to the processing of personal data

Granted consent to the processing of personal data may be withdrawn at any time. The withdrawal must be made by explicit, understandable and certain expression of will (with a precise indication of the consent given to the request).

Cookie data processing can be avoided by changing settings in the web browser.

 

15.9 Automated individual decision-making, including profiling

The data subject has the right not to be subject to any decision based solely on automated processing, including profiling, which would have legal effects on him or her, or have a significant impact on him or her in a similar way. MD elements s.r.o.  states that it does not make automated decision-making without the influence of human assessment with legal effects on the data subjects.

 

15.10 Right to contact the Office for Personal Data Protection

In the event that you violate your rights when processing personal data or violated Act No. 18/2018 Coll. on Personal Data Protection or a special regulation in the field of personal data protection, and in the case of finding deficiencies, you have the right to file a make a proposal to initiate proceedings pursuant to Section 100 of Act No. 18/2018 Coll. on Personal Data Protection to the Office for Personal Data Protection.

(https://dataprotection.gov.sk/uoou/en).

 

16. Final Provisions

MD elements s.r.o.  may change this Privacy Policy at any time. MD elements s.r.o. will notify all changes to the Privacy Policy by posting them on its website, or via appropriate communication channels.