Data Privacy Policy


INTRODUCTION

The Category Management S.r.o  ("Data Controller") considers the protection and confidentiality of personal data to be important. The Data Controller acknowledges the content of this legal notice to be binding. The Data Controller undertakes that the data management in connection with its service complies with the requirements set forth in this policy and in the applicable laws. It takes all security, technical and organizational measures that guarantee the security of the data.

Except for the data transfers specified in this Privacy Policy the data obtained by the Data Controller shall not be disclosed to third parties under any circumstances, except for the cases specified by law. 

During the period of validity of this documentation, the data will be collected and stored only for the Data Controller’s own purposes. If the User decides that he or she does not want to be contacted henceforth based on the provided data, the Data Controller will act in accordance with the User's decision.

The Data Controller reserves the right to change this data management documentation at any time, provided that the data subjects are informed in due time.

DATA COLLECTION

When the data subject visits the website or contacts the Data Controller, the Data Controller may request information about the data subject, including name, e-mail address, telephone number and IP address. This information is collectively referred to as Personal Data in this Privacy Policy document.

The transfer of Personal Data to the Data Controller during the contact is voluntary, so it is not obligatory, the data processing is based on consent. However, if the data subject does not provide certain information to the Data Controller, it is possible that the Data Controller will not be able to achieve the goals included in this document and to provide services.

DATA MANAGEMENT

The Data Controller's data management is based on voluntary consent. In some cases, however, the handling, storage and transmission of a certain set of data is required by law.

We hereby draw the attention of those providing data to the Data Controller that in the cases of not providing their own personal data, the data provider is obliged to obtain the consent of the actual data subject.

Traffic measurement
-    Contact
-    Communication
-    Marketing functionalities
-    Invoicing, payment

DATA RETENTION

The Data Controller shall retain the Personal Data for as long as is necessary for the purposes specified in this document or until the data subject withdraws his or her consent to the processing of his or her Personal Data.

TRANSFER OF PERSONAL DATA

Personal Data are only accessible within the Data Controller's organization by those who specifically need it to achieve the purposes set forth in this document, including internal control functions.

The Data Controller will not sell, commercialize, make available to third parties or use in any form the Personal Data provided by the data subject, unless the data subject consents to it deliberately and in advance.

The Data Controller may share Personal Data with the following third parties: professional consultants (including accountants, auditors, legal advisors and other similar professional advisors), authorities and public entities (authorities with power over the Data Controller, such as regulatory authorities, other authorities, governmental entities and courts), and member companies, affiliates and subsidiaries of the Category Management S.r.o .

TERMS OF COOKIE USE

The Data Controller uses the standard ‘cookie’ technology in order to obtain information about the means users use the Website.

The use of cookies and web server log files allows the Data Controller to monitor the traffic of each of its websites and to tailor their content to the personal needs of the data subjects, as well as to publish targeted advertisements on third party websites. 

A cookie is a file that often carries a unique name, type, and content associated with a website. When a person visits a website, the website asks his or her computer for permission to store that file in a section of the computer's hard drive that is specifically designed to store cookies. Each website that you visit may send a cookie to your computer if the settings of the browser you are using allow it.

However, in order to protect the data of data subjects, the data subject's browser only allows the given website to access the cookie that this given website has sent to the computer, ie. a website does not unilaterally access the cookies sent by other websites.

Browsers are usually set to accept cookies. However, if the data subject does not intend to accept cookies, it’s possible to set the browser to refuse or to accept only certain cookies. In this case, some elements of the site may not work effectively when the data subject is browsing it. Cookies cannot retrieve other information from your computer's hard drive and do not carry viruses.

Based on the section above, the Data Controller uses the following cookies:
-    Functional cookies for purchase monitoring (order_id)

SECURITY

The Data Controller applies security measures to prevent unauthorized access to your Personal Data and to prevent unlawful data processing, destruction or damage to the Data.

The storage devices of the Data Controller that contain personal data are stored in premises with separate physical protection and are not left unattended.

Personal Data (including the mail servers of the Category Management S.r.o ) is stored by the Data Controller on servers located in the European Union. The virtual server is located on a physical server that is placed in a sealed container in the server room. The data is not accessible to other users.

There are several links on the Data Controller's websites that may direct you to websites operated by others than the Data Controller and that are not in accordance with the Data Controller's privacy policy. Please note that these sites are not covered by this Privacy Policy. We encourage you to review the privacy policies relevant to such sites before disclosing any of your personal information. The Data Controller is not liable for any damage caused by the illegal data processing of the operators of these websites or the violation of data security requirements, as well as for the violation of personal rights.

RIGHTS OF DATA SUBJECTS

At the request of the data subject, the Data Controller shall provide information on the data processed by him, or by the processor contracted by the Data Controller; on the purpose, legal basis, duration of the data processing; on the name, address (headquarters) and activities related to the data processing of the contracted data processor; and on who and for what purpose receives or have received the data. The Data Controller shall provide the information in writing in a comprehensible form as soon as possible after the submission of the request, but maximum within 30 days. This disclosure of information shall be free of charge if the requestor has not yet submitted a request to the Data Controller related to the same area in the current year.

The Data Controller deletes the personal data if its processing is illegal or requested by the data subject, as well as if the purpose of the data processing has ceased.

The Data Controller shall notify the data subject of the rectification and deletion, as well as all those to whom the data has previously been transmitted for the purpose of data processing. The notification may be skipped if it does not harm the legitimate interests of the data subject with regard to the purpose of the processing.

The data subject may object to the processing of his or her personal data if the processing (transfer) of the personal data is necessary only for the enforcement of the right or legitimate interest of the Data Controller or the data recipient, unless the data processing has been ordered by law, or the use or transfer of personal data is for the purpose of direct business acquisition, opinion polling or scientific research. The exercise of the user's right to object is otherwise permitted by law.

The Data Controller may not delete the data of the data subject if the data processing has been ordered by law. However, the data may not be transferred to the data recipient if the Data Controller has agreed to the objection or the court has established the legitimacy of the objection.

If the data subject's rights are violated, he or she may take legal action against the Data Controller. The Data Controller shall indemnify the damage caused to others by the unlawful processing of the data subject's data or by violating the requirements of technical data protection. The Data Controller shall be released from liability if the damage was caused by an unavoidable cause outside the scope of data processing. There is no need to compensate for the damage if it was caused by the victim's intentional or severely negligent conduct.

LEGAL REMEDY OPTIONS

All comments to the Category Management S.r.o  are welcomed by post to Biskupa Királya 1097/2 945 05 Komárno, Slovakia.

Effective from 1st of January 2022.