Privacy Policy

Privacy Policy

 

Basic provisions

1. Personal data controller in accordance with Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), repealing Directive 95/46/EC (General Data Protection Regulation) and in accordance with Act No 18/2018 Coll. on the Protection of Personal Data and on Amendments and Additions to Certain Acts, as in force and effective from 01 December 2018 and pursuant to Section 5(o) of Act No 18/2018 Coll. Krásno nad Kysucou 1960, 023 02 Krásno nad Kysucou, ID No.: 46 772 669, VAT ID No.: 2023574883, VAT ID No.: SK2023574883 (hereinafter referred to as the "Operator").
2. The contact details of the Operator are:

Phone: +421 918 262 648

Email: info@bigboxobaly.sk

1. Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or by reference to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (hereinafter referred to as 'Personal Data').
2. The Controller has not appointed a Data Protection Officer.
3. Processing of Personal Data covers activities that are performed with Personal Data, such as: obtaining, recording, organizing, retrieving, storing, disclosing, disseminating, combining, deleting, etc., regardless of whether it is performed by automated means or by persons.
4. The data subject is any natural person whose data is processed (hereinafter referred to as the "Data Subject"). The Data Subject shall have the rights guaranteed by the applicable law in the protection of his or her Personal Data.
5. Personal data will be collected and further processed by the Controller on the basis of generally applicable legal regulations or on the basis of the consent of the Data Subject. The legal basis for processing for purposes where the Data Subject's consent is not required is in particular the purpose of concluding and performing the legal-obligation relationship established by filling in the online contact form available at https://www.bigboxobaly.sk (hereinafter referred to as the "Contact Form") for the purpose of providing services and products, fulfilling obligations under generally binding legislation or protecting our rights and the legally protected interests of the Operator. The Data Subject's personal data for marketing purposes is processed by the Operator solely on the basis of his or her demonstrable explicit consent - expressed interest in being sent - via its website, email, Facebook. The Data Subject may withdraw his/her consent to the sending of marketing information at any time. The Data Controller guarantees that it will not disclose the Personal Data provided by the Data Subject to third parties (recipients who are not authorised to process it) without the Data Subject's unambiguous and demonstrable consent, nor will it disclose it in any form without the Data Subject's consent (photographs, references, etc.).

 Sources and Categories of Personal Data Processed

1. The Controller processes Personal Data provided by the Data Subject or Personal Data obtained by the Controller on the basis of the completion of the Contact Form and the fulfilment of the order.
2. For the purposes set out above, the Controller processes, in accordance with the minimisation requirement of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "GDPR Regulation"), Personal Data in the following scope: first name, last name, address, e-mail, telephone. Sensitive Personal Data (e.g. information about the health of the data subject, etc.) shall not be processed by the Controller.

Lawful basis and purpose for processing Personal Data

1. The lawful basis for processing Personal Data is

• the performance of the contractual obligation between the Data Subject and the Controller pursuant to Section 13(1)(b) of the Act,
• the legitimate interest of the Controller in providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to § 13 (1) (f) of the Act,
• the Data Subject's consent to processing for the purposes of direct marketing (in particular for sending commercial communications and newsletters) pursuant to Section 13(1)(a) of the Act in the absence of an order for goods or services.

1. The purpose of processing Personal Data is

• processing the request of the Data Subject and exercising the rights and obligations arising from the contractual relationship between the Data Subject and the Operator; when filling in the Contact Form, Personal Data are required which are necessary for the successful processing of the request or order (name and email address), the provision of Personal Data is a necessary requirement for the processing of the request, conclusion and performance of the contract, and without the provision of Personal Data it is not possible to process the request, conclude or perform the contract on the part of the Operator,
• sending commercial announcements and carrying out other marketing activities.

1. There is no automatic individual decision-making on the part of the Operator within the meaning of § 28 of the Act.

 Retention Period of Personal Data

1. The Controller stores Personal Data

• for the time necessary to exercise the rights and obligations arising from the processing of the Data Subject's request, from the contractual relationship between the Data Subject and the Controller and the exercise of claims arising from these contractual relationships.
• for as long as consent to the processing of Personal Data for marketing purposes is withdrawn, up to a maximum of 5 years if the Personal Data is processed on the basis of consent.

2. The Controller will not store personal data for longer than necessary. The processing process ends when the purpose for which the Personal Data was obtained is achieved and the time limits set by generally binding legal regulations, in particular Act No. 395/2002 Coll. on archives and registers and on the amendment and modification of certain acts, have expired. If it is not necessary to keep the Personal Data for another purpose or for other reasons, the Personal Data shall be destroyed by the Data Controller. The destruction shall be carried out by erasing the Personal Data from all systems, including backups, and shredding the documentary documents.

Recipients of Personal Data (subcontractors of the Controller)

1. Recipients of Personal Data are persons

• Involved in the delivery of goods/services/making payments under the contract,
• providing services for the operation of the Operator's website (https://www.bigboxobaly.sk/),
• providing marketing services.

1. The controller intends to transfer Personal Data to a third country (a country outside the EU) or to an international organisation. Recipients of Personal Data in third countries are mailing service providers / cloud service providers.
2. The processed Personal Data may also be disclosed to third parties - however, only provided that this is necessary for the performance of the Controller's obligation towards the Data Subject, clients or for the provision of services or the processing of requests. The Personal Data of the Data Subject may be processed in countries of the European Union and countries that are party to the Agreement on the European Economic Area. Transfers of Personal Data may only occur to third countries whose legal regime is considered by the European Commission to provide an adequate level of protection for Personal Data.
3. In the case of transfer of Personal Data to third countries, the Controller verifies whether the institution or company in question has guaranteed an adequate level of protection of Personal Data. Cross-border transfer of Personal Data is also exceptionally carried out if the Controller is bound by a contract - even then, however, the Controller verifies the adequate level of protection of Personal Data.

Rights of the Data Subject

1. Under the conditions set out in the Act, the Data Subject shall have

• the right to access your Personal Data pursuant to Section 21 of the Act,
• the right to rectification of Personal Data pursuant to Section 22 of the Act, or restriction of processing pursuant to Section 24 of the Act,
• the right to erasure of Personal Data pursuant to Section 23 of the Act,
• the right to object to processing pursuant to Section 27 of the Act,
• the right to portability of Personal Data pursuant to Section 26 of the Act,
• the right to withdraw consent to processing in writing or electronically to the address or email of the Controller indicated at the beginning of these conditions.

2. In accordance with the principles set out above (after the expiry of the statutory periods), the Data Subject has the right to "forget", i.e. to request the erasure of your Personal Data from the information systems and documentary archives of the Controller if the purpose of the processing has expired, if consent has been withdrawn (in the case of processing based on consent), if the Personal Data have not been processed in a lawful manner, or if required by law. In the event of a security incident, the Data Subject has the right to be informed whether Personal Data relating to him or her has been leaked and whether there is a potential risk of harm. He or she may exercise his or her rights in relation to the protection of Personal Data by contacting the Data Controller at the following email address: info@bigboxobaly.sk. She also has the right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic.

 

Personal Data Security Terms and Conditions

1. The Controller declares that it has taken all appropriate technical and organisational measures to secure Personal Data.
2. The Operator has taken technical measures to secure data storage and storage of Personal Data, in particular by securing computers and networks with passwords, anti-virus protection, backups on its own storage facilities.
3. The Controller declares that only persons authorised by the Controller have access to the Personal Data.

Cookies

1. This website uses cookies to adapt https://www.bigboxobaly.sk/ (hereinafter referred to as the "Website") to the needs of the Data Subject. A "cookie" is information that the Website stores on the user's system to remember certain information about the Data Subject the next time he or she visits the Website or related sites. This file extends the functions available on the Website and allows a more accurate analysis of their use. For example, the Operator's server may create a cookie file to prevent the re-entry of a password during a single visit. However, regardless of the method of use, these files will not collect personally identifiable information. The person concerned may also set his or her web browser to either accept or reject these files. If he or she chooses to decline them, however, he or she may not be able to make good use of interactive features which the Website of the Operator may contain. Cookies are only processed if the cookie option is enabled in the web browser (they are processed to improve the operation of the Website and Internet advertising). If the Provider provides this information further, it will only be provided in an anonymised form (i.e. it will no longer be Personal Data).
2. Cookies are small text files that can be sent to your browser when you visit the Website and then stored on your device (computer or other device with internet access, such as a smartphone or tablet). Cookies are stored in the browser's file folder and usually contain the name of the Website from which they originate, their validity and value. The next time you visit the Website, the browser will reload the cookies and send this information back to the Website. Our cookies do not harm your computer.
3. Cookies are used by the Operator in order to optimally create and continuously improve its services, to adapt them to the interests and needs of its clients, and to improve their structure and content. On the Website of the Operator, temporary and permanent cookies may be used. Temporary ones are stored on the Client's device until he/she leaves the Website. Permanent cookies remain on the device until their expiration or until they are manually deleted. The period for which the information is retained by the Operator depends on the type of cookies.
4. First of all, these are "necessary cookies" (JSESSIONID, PHPSESSIONID) that help to build the Website by using basic functions such as navigating the pages and accessing security areas of the Website. We recommend accepting them, the Website may not function properly without them. Furthermore, "statistical cookies - Google Analytics" (dc_gtm_UA-#, _ga, _gat, _gid) help Website owners understand how visitors interact with the Website by collecting anonymous statistics. There are also "marketing cookies", i.e. Google Analytics (collect), Facebook and others, which are used to track the movement of visitors on different websites. The idea is to display ads that are relevant and individually tailored to each user, making them more valuable to publishers and third-party advertisers. Information about how you use the Website is shared with Google, Facebook and others for the purpose of creating site traffic analyses and for tracking the movement of visitors on different websites.
5. The first time you visit the Website, you will be presented with a consent to the use of cookies on the Website with a link to detailed information.
6. Cookies can be controlled and/or deleted at our discretion - see aboutcookies.org for details. It is also possible to delete all cookies stored on your computer and most browsers can be disabled from storing them. However, in this case, you may need to manually adjust some settings each time you visit the Website, and some services and features may not work properly.
7. If a person does not wish to receive cookies from the Website, he or she may limit the extent to which these cookies are accepted through the settings of the Internet browser.
8. It is also possible to disable cookies completely and delete those that are already stored on your computer. However, this may reduce the user experience when visiting the Website. Browser vendors provide information on their websites about the options for managing cookies.
9. Google Analytics: collection of anonymised statistical data about the use of the Website. This information is stored for 24 months.

Final provisions

1. By completing and submitting the Contact Form, the Data Subject confirms that he/she is familiar with the terms and conditions of the Personal Data Protection and that he/she accepts them in their entirety.
2. The Data Subject also agrees to these terms and conditions by ticking the consent box via the Contact Form. By ticking the consent box, the Data Subject confirms that he/she is aware of the terms and conditions of the Personal Data Protection Policy and that he/she accepts them in their entirety.
3. The Operator is entitled to change these conditions. The new version of the Personal Data Protection Terms and Conditions will be published on the Website.

These terms and conditions come into force on 9 February 2026