+421 903 308 133   |    info@jachta.sk

Privacy policy

PERSONAL DATA PROTECTION AND COOKIE POLICY

/ Principles and information on personal data protection

provided by the Controller to the Data Subject when obtaining personal data from the Data Subject and information about cookies of the Online Store jachta.sk /

 

I. Controller

 

  • The identity and contact details of the Controller are:

 

Business name: jachta.sk, s.r.o.

Registered office: Smreková 3091/5 010 07 Žilina, Slovak Republic

Registered in the Commercial Register of the District Court Žilina, Section: Sro, File number: 59103/L Company ID: 46290036

 

1.2. The email and telephone contact for the Controller is:

 

Email: info@jachta.sk

Tel.: 0903308133

 

1.3. Address of the Controller for correspondence:

 

jachta.sk, s.r.o., Smreková 3091/5 010 07 Žilina, Slovak Republic

 

II. References

 

2.1. The Controller hereby, in accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 May 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “Regulation”), further in accordance with Act No. 18/2018 Coll. on Personal Data Protection and on Amendments and Supplements to Certain Acts, as amended, and in accordance with Act No. 452/2021 Coll. on Electronic Communications, as amended, provides the Data Subject from whom the Controller obtains personal data concerning them with the following information, instructions and explanations:

 

III. Personal Data Protection and Use of Cookies. Information and explanation of cookies, scripts, and pixels

3.1. The website operator provides the following brief explanation of the function of cookies, scripts and pixels:

3.1.1. Cookies are text files that contain a small amount of information which is downloaded to your device when you visit a website. Thanks to this file, the website stores information about your steps and preferences (such as login name, language, font size and other display settings) for a certain period of time, so you do not have to re-enter them the next time you visit the website or browse its individual pages.

A script is a piece of program code used for the proper and interactive functioning of websites. This code runs on the operator’s server or on your device.

A pixel is a small, invisible text or image on a website that is used to monitor website traffic. For this purpose, various data are stored through pixels.

3.1.2. Cookies are divided into:

Technical or functional cookies – ensure the proper functioning of the Controller’s website and its use. These cookies are used without consent.

Statistical cookies – the Controller obtains statistics regarding the use of its website. These cookies are used only with consent.

Marketing / Advertising cookies – used to create advertising profiles and similar marketing activities. These cookies are used only with consent.

  • How to control cookies:

3.2.1. You can control and/or delete cookies at your discretion – for details see aboutcookies.org. You can delete all cookies stored on your computer or other device and most browsers can be set to prevent them from being stored.

  • The Controller’s website uses the following cookies:

All cookies used by the Controller can be found at https://www.cookieserve.com/ by entering the Controller’s website address https://www.jachta.sk

 

Technical or functional cookies – the information is accessed by the website operator. Cookie duration: 5 years.

Statistical cookies – the information is accessed by the website operator. Cookie duration: 5 years.

Marketing and advertising cookies – the information is accessed by the website operator. Cookie duration: 5 years.

3.3.1. Cookies made available to third parties:

Google Analytics, Google ADS: Google Ireland Limited, Gordon House, Barrow Street,

Dublin 4, Ireland. More information on privacy protection can be found at

https://support.google.com/analytics/topic/2919631?hl=sk&ref_topic=1008008

META Pixels: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2,

Ireland. More information on privacy protection can be found at https://www.facebook.com/about/privacy/

 

IV. Processed Personal Data

 

4.1. On its website, the Controller processes the following personal data: first name, last name, residence, email address, home telephone number, mobile phone number, billing address, delivery address, data obtained from cookies, IP addresses, date and place of birth, ID card and passport number, captain’s license number and VHF license number.

 

V. Contact details of the person responsible for supervising personal data protection

 

5.1. The Controller has appointed a responsible person for personal data protection in accordance with Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Contact: Email: info@jachta.sk, Tel.: 0903308133

 

VI. Purposes of processing the Data Subject’s personal data and duration of processing

 

  • The purposes of processing the Data Subject’s personal data are mainly:

 

6.1.1. registration, creation and processing of contracts and client data for the purpose of concluding contracts with third parties.

 

6.1.2. processing of accounting documents and documents related to the Controller’s business activities.

 

6.1.3. compliance with legal regulations in connection with the archiving of documents and records, e.g. pursuant to Act No. 431/2002 Coll., the Accounting Act, as amended, and other relevant regulations.

 

6.1.4. the Controller’s activities in connection with fulfilling a request, order, contract and similar instruments of the Data Subject.

 

6.1.5. Newsletter, marketing and similar advertising activities of the Controller, in the event that the Data Subject grants consent to the Controller for marketing and similar advertising activities.

 

6.2. The Controller stores the Data Subject’s personal data only for the period strictly necessary for the purposes of contract performance and subsequent archiving in accordance with statutory periods imposed on the Controller by legal regulations. If the Data Subject has consented to receiving advertising emails and similar offers, the Data Subject’s personal data are processed for these purposes until the Data Subject withdraws their consent. However, no longer than 5 years.

 

VII. Legal basis for processing the Data Subject’s personal data

 

7.1. If the Controller processes personal data based on the Data Subject’s consent, such processing will begin only after the consent has been granted by the Data Subject.

 

7.2. If the Controller processes the Data Subject’s personal data for the purposes of negotiating pre-contractual relations and concluding and performing a purchase contract, including the related delivery of goods, products or services, the Data Subject is obliged to provide personal data for the proper performance of the purchase contract; otherwise, performance cannot be ensured. Personal data for this purpose are processed without the Data Subject’s consent.

 

VIII. Recipients or categories of recipients of personal data

 

  • The recipients of the Data Subject’s personal data will or at least may be:

 

8.1.1. statutory bodies or their members of the Controller.

 

8.1.2. persons performing work activities in an employment or similar relationship for the Controller.

 

8.1.3. the Controller’s business representatives and other persons cooperating with the Controller in fulfilling the Controller’s tasks. For the purposes of this document, employees of the Controller shall be considered all natural persons performing dependent work for the Controller on the basis of an employment contract or agreements on work performed outside an employment relationship.

 

8.1.4. Recipients of the Data Subject’s personal data will also include the Controller’s collaborators, business partners, suppliers and contractual partners, namely: accounting company, company providing services related to the creation and maintenance of software, company providing legal services to the Controller, company providing advisory services to the Controller, companies ensuring transport and delivery of products to buyers and third parties, marketing companies, companies operating social networks, companies ensuring payment gateways and other payment methods.

 

8.1.5. Recipients of personal data will also be courts, law enforcement authorities, tax authorities and other state authorities, if required by law. Personal data will be provided by the Controller to these authorities and state institutions on the basis of and in accordance with the legal regulations of the Slovak Republic.

 

  1. Information on the provision of personal data to third countries and the period of their retention:

 

9.1. Not applicable. The Controller does not transfer personal data to third countries.

 

  1. Information on the existence of the Data Subject’s relevant rights:

 

  • The Data Subject has, among others, the following rights, whereby:

 

10.1.1. Point 10.1 does not affect other rights of the Data Subjects.

 

10.1.2. The Data Subject’s right of access to data pursuant to Article 15 of the Regulation, the content of which is:

 

the right to obtain confirmation from the Controller as to whether personal data concerning the Data Subject are being processed, and if so, to what extent. At the same time, if they are being processed, the Data Subject has the right to find out their content and request from the Controller information about the reason for their processing, in particular information about: the reason for their processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, the envisaged period for which the personal data will be stored or, if that is not possible, the criteria used to determine that period, the existence of the right to request from the Controller rectification or erasure of personal data concerning the Data Subject or restriction of processing and the existence of the right to object to such processing, the right to lodge a complaint with a supervisory authority, where the personal data are not collected from the Data Subject, any available information as to their source, the existence of automated decision-making, including profiling referred to in Article 22(1) and (4) of the Regulation and, in such cases, at least meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing of personal data for the Data Subject, and information about appropriate safeguards pursuant to Article 46 of the Regulation relating to the transfer of personal data, where personal data are transferred to a third country or an international organisation.

 

10.1.3. the right to obtain a copy of the personal data being processed, provided that the right to obtain a copy of the processed personal data does not adversely affect the rights and freedoms of others.

 

10.1.4. the Data Subject’s right to rectification pursuant to Article 16 of the Regulation, the content of which is the right for the Controller to rectify without undue delay inaccurate personal data concerning the Data Subject; the right to have incomplete personal data of the Data Subject completed, including by means of providing a supplementary statement; the Data Subject’s right to erasure of personal data (the so-called “right to be forgotten”) pursuant to Article 17 of the Regulation, the content of which is:

 

10.1.5. the right to obtain from the Controller the erasure without undue delay of personal data concerning the Data Subject where one of the following grounds applies:

the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; the Data Subject withdraws consent on which the processing is based and there is no other legal ground for the processing; the Data Subject objects to the processing pursuant to Article 21(1) of the Regulation and there are no overriding legitimate grounds for the processing or the Data Subject objects to the processing pursuant to Article 21(2) of the Regulation; the personal data have been unlawfully processed; the personal data must be erased for compliance with a legal obligation under European Union law or Member State law to which the Controller is subject; the personal data have been collected in relation to the offer of information society services pursuant to Article 8(1) of the Regulation;

 

10.1.6. the right for the Controller who has made the Data Subject’s personal data public, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform other controllers processing the personal data that the Data Subject has requested the erasure of any links to, or copies or replications of, those personal data; however, the right to erasure of personal data under Article 17(1) and (2) of the Regulation shall not arise where processing is necessary:

 

10.1.7. for exercising the right of freedom of expression and information.

 

10.1.8. for the fulfillment of a legal obligation that requires processing under European Union law or the law of a Member State to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

 

10.1.9. for reasons of public interest in the area of public health in accordance with Article 9(2)

(h) and (i) of the Regulation, as well as Article 9(3) of the Regulation.

 

10.1.10. for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the Regulation, insofar as the right referred to in Article 17(1) of the Regulation is likely to render impossible or seriously impair the achievement of the objectives of such processing of personal data; or for the establishment, exercise or defense of legal claims;

 

10.1.11. the right of the Data Subject to restriction of processing of personal data pursuant to Article 18 of the Regulation, the content of which is:

 

10.1.12. the right to have the Controller restrict the processing of personal data in one of the following cases: the Data Subject contests the accuracy of the personal data, for a period enabling the Controller to verify the accuracy of the personal data; the processing of personal data is unlawful and the Data Subject opposes the erasure of the personal data and requests instead the restriction of their use; the Controller no longer needs the personal data for the purposes of processing, but the Data Subject requires them for the establishment, exercise or defense of legal claims; the Data Subject has objected to processing pursuant to Article 21(1) of the Regulation, pending the verification whether the legitimate grounds on the part of the Controller override those of the Data Subject;

 

10.1.13. the right that, where processing of personal data has been restricted, such restricted personal data shall, with the exception of storage, be processed only with the consent of the Data Subject or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State;

 

10.1.14. the right to be informed in advance of the lifting of the restriction of processing of personal data;

 

10.1.15. the right of the Data Subject regarding the notification obligation towards recipients pursuant to Article 19 of the Regulation, the content of which is: the right for the Controller to notify each recipient to whom the personal data have been disclosed of any rectification or erasure of personal data or restriction of processing carried out pursuant to Article 16, Article 17(1) and Article 18 of the Regulation, unless this proves impossible or involves disproportionate effort; the right for the Controller to inform the Data Subject about those recipients if the Data Subject so requests;

 

10.1.16. the right of the Data Subject to data portability pursuant to Article 20 of the Regulation, the content of which is: the right to receive the personal data concerning the Data Subject, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the Controller, if:

 

a/ the processing is based on the consent of the Data Subject pursuant to Article 6(1)(a) of the Regulation or Article 9(2)(a) of the Regulation, or on a contract pursuant to Article 6(1)(b) of the Regulation, and at the same time b/ the processing is carried out by automated means, and at the same time:

 

10.1.17. the right to receive personal data in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the Controller shall not adversely affect the rights and freedoms of others;

 

10.1.18. the right to have personal data transmitted directly from one controller to another, where technically feasible;

 

10.1.19. the right of the Data Subject to object pursuant to Article 21 of the Regulation, the content of which is:

 

10.1.20. the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning the Data Subject which is based on Article 6(1)(e) or (f) of the Regulation, including profiling based on those provisions of the Regulation;

 

10.1.21. where exercising the right to object at any time on grounds relating to the particular situation of the Data Subject to processing of personal data concerning him or her which is based on Article 6(1)(e) or (f) of the Regulation, including profiling based on those provisions of the Regulation, the right for the Controller no longer to process the personal data of the Data Subject unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject, or grounds for the establishment, exercise or defense of legal claims

 

10.1.22. the right at any time to object to the processing of personal data concerning the Data Subject for the purposes of direct marketing, including profiling to the extent that it is related to direct marketing; in this regard, if the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for such purposes;

 

10.1.23. in connection with the use of information society services, the right to exercise the right to object to the processing of personal data by automated means using technical specifications;

 

10.1.24. the right to object, on grounds relating to the particular situation of the Data Subject, to the processing of personal data concerning the Data Subject, where the personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the Regulation, except where the processing is necessary for the performance of a task carried out for reasons of public interest;

 

10.1.25. the right of the Data Subject related to automated individual decision-making pursuant to Article 22 of the Regulation, the content of which is:

 

10.1.26. the right not to be subject to a decision based solely on automated processing of personal data, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, except in the cases pursuant to Article 22(2) of the Regulation [i.e. except where the decision: (a) is necessary for entering into, or performance of, a contract between the Data Subject and the Controller,

 

10.1.27. is authorized by European Union law or the law of a Member State to which the Controller is subject and which also lays down suitable measures to safeguard the rights and freedoms and legitimate interests of the Data Subject, or (c) is based on the explicit consent of the Data Subject.

 

  1. Information on the right of the Data Subject to withdraw consent to the processing of personal data:

 

11.1. The Data Subject is entitled at any time to withdraw his or her consent to the processing of personal data, without this affecting the lawfulness of the processing of personal data based on consent granted prior to its withdrawal.

The Data Subject is entitled at any time to withdraw his or her consent to the processing of personal data – in full or only in part. A partial withdrawal of consent to the processing of personal data may concern a certain type of processing operation/processing operations, while the lawfulness of the processing of personal data within the scope of the remaining processing operations shall remain unaffected. A partial withdrawal of consent to the processing of personal data may concern a specific purpose of processing personal data/specific purposes of processing personal data, while the lawfulness of the processing of personal data for other purposes shall remain unaffected.

The right to withdraw consent to the processing of personal data may be exercised by the Data Subject in written form sent to the address of the Controller registered as its registered office in the commercial register at the time of withdrawal of consent to the processing of personal data, or in electronic form by electronic means (by sending an e-mail to the Controller’s e-mail address specified in the identification of the Controller in this document).

 

XII. Information on the right of the Data Subject to lodge a complaint with a supervisory authority:

 

12.1. The Data Subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or the place of the alleged infringement, if he or she believes that the processing of personal data concerning him or her is contrary to the Regulation, without prejudice to any other administrative or judicial remedies. The Data Subject has the right for the supervisory authority with which the complaint has been lodged to inform him or her, as the complainant, of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the Regulation.

 

12.2. The supervisory authority in the Slovak Republic is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, Slovak Republic. Tel. contact: +421 /2 3231 3214, Email: statny.dozor@pdp.gov.sk,

 

XIII. Information related to automated decision-making including profiling:

 

13.1. Since, in the case of the Controller, there is no processing of the Data Subject’s personal data in the form of automated decision-making, including profiling referred to in Article 22(1) and (4) of the Regulation, the Controller is not obliged to provide information pursuant to Article 13(2)(f) of the Regulation, i.e. information about automated decision-making including profiling and the procedure used, as well as the significance and the envisaged consequences of such processing of personal data for the Data Subject. Not applicable.

 

XIV. Final provisions

14.1. These Personal Data Protection Principles become valid and effective upon their publication on the Website on 12 December 2023

 

© 2026 jachta.sk | Privacy policy