Familiarization with the Processing of Personal Data (Cookies)
under Article 13. REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “the Regulation”) and Act No. 18/2018 Coll. on the protection of personal data and on amending and supplementing certain acts (hereinafter referred to as the “Act”).
Identification data of the Controller:
Controller: ST. NICOLAUS – trade, a.s. so sídlom Trnavská cesta 100, 821 01 Bratislava, ID No: 35 680 261, Slovak Republic, (hereinafter referred to as the “Controller”).
- What are cookies?
A cookie is a short, simple file that is sent with pages of this website and stored by your browser on your computer’s or other device’s hard drive. The information stored there may be sent back to our servers or to the servers of relevant third parties during your next visit.
- What cookies do we use?
Necessary cookies – they are absolutely necessary for the proper functioning of the website. These cookies anonymously provide the basic functions and security features of the website.
Functional cookies – they help perform certain user functions, such as sharing website content on social media platforms, collecting feedback and other third-party features.
Performance cookies – we use these cookies to provide statistical information about our website – they are used to measure and improve its performance.
Analytical cookies – used to understand how visitors interact with the website. These cookies help us to provide information about visitor metrics, exit rates, traffic source, etc.
Advertising cookies – used to deliver relevant advertisements and marketing campaigns to visitors. These cookies track the visitor across different websites and collect information for us to deliver tailored advertisements to customers.
Social media buttons – we display Facebook and Instagram buttons on our website to promote the website (e.g. “like”, “pin”) or to share on these social networks. These buttons use pieces of code that come directly from Facebook and Instagram. The code stores cookies. Social media buttons can also store and process certain information so that you can be shown personalised advertising. Please read the privacy policies of these social networks (which may change from time to time) to see how they treat your personal data that they process using these cookies. The data collected is anonymised as far as possible. Facebook and Instagram are located in the US.
Other uncategorized cookies – those that are being analysed and have not yet been categorised in any of the above categories.
- Purpose of the processing of cookies by the controller:
We process cookies for the purposes described in the individual categories of cookies described in Point 2 above.
In summary, the processing of cookies on our website is used for the purposes of generating and analyzing statistics, measuring traffic to our website (e.g. how long you stay on the site and which website you come from) in order to optimize the appearance and functionality of the services. Also, these cookies are processed through automated profiling in order to display targeted advertising to the client. We use the third-party solutions listed in Point 4 below to provide these analytical, statistical and advertising services.
- Recipients of cookies and the retention period of each cookie:
5. List of personal data collected when collecting cookies:
- IP address
- These cookies are only stored on your terminal device and subsequently processed on the basis of your consent within the meaning of Article 6 para. 1(a) of the Regulation. You are not obliged to give this consent, except for necessary (essential) cookies.
- You can withdraw your consent at any time or modify your consent settings by clicking on the “Manage Consent” bar in the bottom right corner of the website. Withdrawal of consent does not affect the lawfulness of the processing of cookies based on consent granted before its withdrawal.
- You can use your web browser to automatically or manually delete cookies from your terminal device. You can also specify that some cookies may not be stored on your end device. Another option is to change your browser settings so that you receive a message whenever a cookie is placed on your end device. For more information on these options, please refer to the instructions in the “help section of your browser”.
- Please note that if you refuse to consent to the processing of functional cookies or disable all cookies in your browser, our website may not function properly when you use it. If you delete cookies in your browser, they will be stored again the next time you visit our website after your consent.
- Personal data will not be used for automated decision-making.
- The Controller declares that it has taken all measures in accordance with the Act and the Regulation and hereby undertakes to protect this data against accidental as well as unlawful damage and destruction, accidental loss, alteration, unauthorized access and disclosure as well as against any other impermissible forms of processing in accordance with the measures adopted in the personal data protection impact assessment.
- The Controller declares that it will process personal data to the extent necessary for the fulfilment of the stated purpose and process only in accordance with the purpose for which it was collected.
- The Controller is obliged to maintain the confidentiality of the personal data they process. The obligation of confidentiality continues after the processing of personal data has been terminated.
Instructions on the Data Subject’s Rights Concerning Personal Data:
Right of Access
- The Data Subject shall have the right to obtain confirmation from the Controller as to whether personal data relating to him or her are being processed and, if so, to obtain access to those personal data and that information:
- processing purposes;
- the data category of the data subject;
- the recipients or the categories of recipients to whom the personal data have been or will be provided, mainly recipients in third countries or international organizations;
- when possible, for the expected retention period of the personal data or, if that is not possible, the criteria for its determination;
- the existence of the right to require the Controller to correct personal data relating to the Data Subject or delete or restrict the processing or to oppose such processing;
- the right to file a grievance with a supervisory authority;
- if personal data have not been obtained from the Data Subject, any available information concerning their source;
- the existence of automated decision-making, including the profiling specified in Article 22, Paragraph 1 and 4 of the GDPR and, in such cases, at least meaningful information on the used procedure, as well as the significance and foreseeable results of such processing for the Data Subject.
- Where personal data are transferred to a third country or an international organization, the Data Subject has the right to be informed of the appropriate safeguards under Article 46 of the Regulation relating to the transfer.
- The Controller shall provide a copy of the personal data being processed. For any further copies requested by the Data Subject, the Controller may charge a reasonable fee corresponding to the administrative cost. If the Data Subject has made the request through electronic means, the information shall be provided in a commonly used electronic form, unless the Data Subject has requested a different method.
- The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
Right of Correction
The Data Subject shall have the right to have inaccurate personal data concerning him or her rectified by the Controller without undue delay. With regard to processing purposes, the Data Subject is entitled to supplement incomplete personal data, also through the provision of a supplementary statement.
Right of Deletion (Right to be “Forgotten”)
- The Data Subject shall also have the right to obtain from the Controller the deletion of personal data concerning him or her without undue delay and the Controller shall erase the personal data without undue delay if one of the following grounds is met:
- personal data are no longer needed for the purposes for which they were obtained or otherwise processed;
- the Data Subject revokes the consent under which the processing is performed in accordance with Article 6, Paragraph 1(a) of the Regulation or Article 9(1)(a) of the Regulation. 2(a) of the Regulation and where there is no other legal basis for the processing;
- the Data Subject objects to the processing according to Article 21, Paragraph 1 and there are no overriding legitimate grounds for processing or the data subject objects to processing pursuant to Article 21(1). 2 Regulations;
- the personal data was unlawfully processed;
- the personal data must be deleted in order to meet a legal obligation according to the law of the Union or the law of the Member State to which the Controller is subject;
- the personal data were obtained in connection with the provision of information society services according to to Article 8, Paragraph 1 of the Regulation.
- Where a Controller has disclosed personal data and is required to erase the personal data pursuant to paragraph 1, he or she shall, taking into account the technology available and the cost of implementing the measures, take reasonable measures, including technical measures, to inform the Controllers carrying out the processing of the personal data that the Data Subject has requested them to erase all references to those personal data, or a copy or replicas thereof.
- Paragraphs 1 and 2 shall not apply insofar as the processing is necessary:
- for the exercising of the right to freedom of expression and information;
- for meeting a legal obligation requiring processing according to Union law or the law of the Member State to which the Controller is subject, or in order to meet a task implemented in the public interest or in the exercising of public authority entrusted to the Controller;
- due to public interest in the field of public health, in accordance with Article 9, Paragraph 2(h) and (i) of the Regulation, as well as Article 9(2)(h) and (i) of the Regulation. 3 of the Regulations;
- for the purpose of archiving in the public interest, for the purposes of scientific or historical research or for statistical purposes according to Article 89, Paragraph 1 of the Regulation where the right referred to in paragraph 1 is likely to render impossible or seriously impede the achievement of the purposes of such processing, or
- to prove, enforce or defend legal claims.
Right of Restriction of Processing
- The Data Subject has the right to restrict the processing by the Controller for one of the following cases:
- the Data Subject asserts the accuracy of the personal data during a period allowing the Controller to verify the accuracy of the personal data;
- the processing is unlawful and the Data Subject objects to the deletion of personal data and requests restrictions on their usage instead;
- the Controller no longer needs personal data for processing but needs the Data Subject for the proving, application or defense of legal claims;
- the Data Subject objected to the processing according to Article 21, Paragraph 1 of the Regulation, pending verification that the legitimate grounds on the part of the controller override those of the Data Subject.
- Where processing has been restricted pursuant to paragraph 1, such personal data shall, with the exception of storage, be processed only with the consent of the Data Subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
- The Controller shall inform the Data Subject who has obtained the restriction of processing pursuant to paragraph 1 before the restriction of processing is lifted.
Right to Portability
- The Data Subject shall have the right to obtain the personal data concerning him or her which he or she has provided to the Controller in a structured, commonly used and machine-readable format and shall have the right to transmit those data to another Controller without being prevented by the Controller to whom the personal data have been provided if:
- the processing is based on consent pursuant to Article 6(1) of Directive 95/46/EC 1(a) of the Regulation or Article 9(1)(a) of the Regulation. 2(a) of the Regulation, or on a contract pursuant to Article 6(2)(a) of the Regulation, or on a contract pursuant to Article 6(2)(a) of the Regulation. 1(b) of the Regulation, and
- where the processing is carried out by automated means.
- When exercising his or her right to data portability pursuant to paragraph 1, the Data Subject shall have the right to have the personal data transmitted directly from one controller to another controller, insofar as this is technically feasible.
- The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17 of the Regulation. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
- The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
Right to Object
- The Data Subject shall have the right at any time to object, for reasons relating to his or her concrete situation against the processing of personal data concerning him/her, which is performed pursuant to Article 6, Paragraph 1(e) or (f) of the Regulation, including objections to profiling based on those provisions. The Controller may not further process personal data unless it demonstrates the necessary authorized reasons for processing, which outweigh the interests, rights and freedoms of the Data Subject or reasons for proving, applying or defending legal claims.
- If the personal data are processed for the purposes of direct marketing, the Data Subject has the right at any time to object to the processing of personal data relating to him/her for the purposes of such marketing, including profiling in the range related to such direct marketing.
- If the Data Subject opposes the processing for purposes of direct marketing, the personal data may no longer be processed for such purposes.
- The Data Subject shall be explicitly reminded of the right referred to in par. 1 and 2 at the latest at the first communication with her, presenting this right clearly and separately from any other information.
- In the context of the use of information society services, and notwithstanding Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on Privacy and Electronic Communications), the Data Subject may exercise his or her right to object by automated means using technical specifications.
- Where personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 par. 1 of the Regulation, the data subject shall have the right to object, on grounds relating to his or her particular situation, to processing of personal data concerning him or her, except where the processing is necessary for the performance of a task carried out for reasons of public interest.
Notification to Third Parties
The Controller shall notify each recipient to whom the personal data have been disclosed of any rectification or deletion of personal data or restriction of processing carried out pursuant to Article 16, Article 17(1) or (2) of Directive 95/46/EC. 1 and Article 18 of the Regulation, unless this proves impossible or involves disproportionate effort. The Controller shall inform the Data Subject of these recipients if the Data Subject so requests.
Initiation of Proceedings at the Request of the Data Subject
The Data Subject has the right to file a petition under §100 of the Act if he or she is directly affected by his or her rights provided for in this Act. The Authority shall consider the complaint within 30 days from the date of receipt of the complaint. The Authority shall inform the complainant of the manner in which the complaint has been dealt with within 30 days from the date of receipt of the complaint.
In order to exercise these rights as well as in case of comments or questions regarding this Cookie Notice, please contact us using the following contact details:
Address: : ST. NICOLAUS – trade, a.s. so sídlom Trnavská cesta 100, 821 01 Bratislava
Phone number: +421 905 799 100
This version of the Cookie Notice applies from 1.2.2022.
For further information on the processing of personal data by the Data Controller, please click on: Information on the processing of personal data.