This privacy policy contains information about the processing of personal data of data subjects by Alluringbeauty s.r.o. with registered office at Jelenia 3141/7 811 05 Bratislava – Staré Mesto district, Company ID: 52617289, registered in the Commercial Register of Bratislava III District Court, File No. 141796/B (hereinafter referred to as the “Operator“), on the website www.alluringbeauty.sk or on the company’s social media profiles (hereinafter referred to as the “website“). All personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR Regulation“) and in accordance with Act No. 18/2018 Coll. on personal data protection and on amendments to certain acts (hereinafter referred to as the “Act”) and other relevant regulations on personal data protection.
The purpose of these principles is to provide you with answers about the purpose for which your personal data is processed, how it is processed, and what your rights and obligations are in connection with personal data processing. These Principles also provide you with other relevant information about the processing of your personal data and thus represent the fulfillment of the Operator’s information obligation under Art. 13 and Art. 14 of the GDPR Regulation regarding personal data processing on the website. The conditions for personal data processing that occurs outside the website are regulated in the Operator’s general privacy policy and other internal Operator regulations on personal data protection.
Your personal data is processed by Alluringbeauty s.r.o. with registered office at Jelenia 3141/7 811 05 Bratislava – Staré Mesto district, Company ID: 52617289, registered in the Commercial Register of Bratislava III District Court, File No. 141796/B.
Name: Veronika Przewlocka
Email: alluringbeautybratislava@gmail.com
Phone contact: +421 911 555 070
We process your personal data exclusively for the specified purpose, in the specified manner and by the specified means, and only for the period necessary for the purpose of their processing. We process your personal data in a way that prevents unauthorized access to your personal data, unauthorized transfer, loss, destruction, or other unauthorized processing. When processing your personal data, we comply with technical and organizational measures to ensure the highest level of security with regard to all possible risks. All persons authorized to process your personal data are bound by confidentiality regarding information obtained in connection with the processing of such personal data.
The Operator processes your personal data always in accordance with the principle of minimization so that it fulfills any contractual and legal requirements, processes personal data in which it has a legitimate interest, or processes your personal data if you give consent to their processing, always only to the extent necessary to fulfill the specified purpose of processing. This means that the Operator does not require personal data from you that is not necessary for the specific purpose of processing.
The Operator processes your personal data in the scope of ordinary personal data including: name, surname, mobile phone number, email, contact address, online identifiers (IP address, website activity) and other personal data you provide.
We process your personal data according to Art. 6(1)(b) of the GDPR Regulation, meaning the processing of your personal data is necessary for the performance of a contract, or to take steps at the request of the data subject prior to entering into a contract.
In accordance with the above legal basis, we proceed when receiving and processing orders for provided services, specifically when you order services we provide through a message sent via the contact form on our website, a message on social networks, a contact email address, or by phone. The retention period for this personal data is until the complete settlement of legal and other claims arising from the contractual relationship, at least 3 years from the date of termination of the contractual relationship.
We process your personal data according to Art. 6(1)(a) of the GDPR Regulation, meaning the processing of your personal data is based on your consent.
In accordance with the above legal basis, we proceed when you contact us with your request through a message sent via the contact form on our website or through a message on social networks. The retention period for this personal data is 3 months from the date of receipt of the request or until its resolution, whichever occurs first.
We also need your consent for measuring traffic on our website and for advertising targeting carried out through analytical and marketing cookies. The retention period for this personal data is until the data subject withdraws consent, but no longer than 2 years.
We also process your personal data according to Art. 6(1)(c) of the GDPR Regulation, meaning the processing of your personal data is necessary to comply with legal obligations.
In accordance with the above legal basis, we proceed when you send us a request or exercise any of the data subject’s rights. The retention period for this personal data is until the request is processed.
In certain cases, the Operator is obliged to provide your personal data to public authorities or other recipients who are authorized to process your personal data. These recipients include courts or law enforcement authorities.
Other recipients of your personal data also include companies operating social networks if you contact the Operator through a message on a social network (Facebook Inc) and Google, LLC, which is the provider of the Google Analytics service used to measure website traffic of the Operator.
In connection with ensuring proper operations, the Operator has concluded cooperation agreements with Processors. The Operator has selected Processors who come into contact with your personal data so that your personal data is secure and that these Processors meet the personal data protection conditions required by the GDPR Regulation and the Act. We have concluded personal data processing agreements with Processors, including confidentiality provisions.
Processors are business companies and natural persons – entrepreneurs with whom the Operator cooperates and who provide services (web hosting services, accounting processing), a company providing online accounting and invoicing software, a company providing online cloud storage services.
When processing your personal data by the Operator, in some cases your personal data is transferred to third countries:
The transfer of your personal data in all the above cases is secured through standard contractual clauses, which are, in accordance with the terms of use of the above services, part of the personal data processing authorization agreements concluded with the above-specified entities.
The security of your personal data is our priority. To ensure the protection of your personal data, we have implemented the necessary technical and organizational measures. As technologies improve, we also improve these security systems, using virus detection, antivirus programs, and firewalls.
If our systems were to be attacked by hackers, or if our system were otherwise compromised, or if any other security incident occurred creating even a threat of data leakage and damage to your rights, you will be informed of the measures taken within 72 hours, and at the same time we will inform the supervisory authority for personal data protection in the Slovak Republic, which is the Office for Personal Data Protection, within the same period.
As a Data Subject whose personal data the Operator processes, you have the right to be informed about all the above facts, as well as that you have the following rights:
a) the right to request access from the Operator to the personal data it processes about you
If you want to know which personal data the Operator processes about you, we will be happy to provide it upon request. Simply send your request to: alluringbeautybratislava@gmail.com and we will process it without delay, but no later than 30 days from the receipt of your request.
b) the right to rectification of your personal data
If the data you have provided is outdated, has changed, contains any inaccuracies, or is incomplete, please let us know at our email address alluringbeautybratislava@gmail.com and we will correct it without delay. At the same time, we will inform all our Processors who process your personal data so that they also correct your personal data, and we will give you feedback that this correction of your personal data has been made.
c) the right to erasure of your personal data
If you are not satisfied with how we process your personal data, you also have the right to have your personal data erased. You also have the right to be forgotten – the right to have provided personal data erased after the purpose of its provision has been achieved, i.e., after the fulfillment of the contract, or after the end of the mandatory retention period under special regulations of the Slovak Republic. The right to erasure of your personal data is therefore not absolute. If we need your data to fulfill our legal obligations, we will have to continue processing them for this purpose. We do not further process or store personal data that has fulfilled its purpose. We will inform you about the erasure of your personal data.
d) the right to restriction of processing of your personal data
As a data subject, you have the right to request restriction of processing of your personal data if you contest the accuracy of personal data, during the period of verifying the accuracy of data; or if the processing of personal data is unlawful and instead of erasing the data, you request restriction of their processing; and also if the Operator does not need your personal data for the stated purpose, but you need them to establish, exercise or defend legal claims. When processing of personal data is restricted, your data will remain in our systems, but we will no longer use them for our purposes. We will inform you that we have restricted the processing of your personal data.
e) the right to object to processing of your personal data
As a data subject, you have the right to object to the processing of your personal data for reasons relating to your particular situation, carried out pursuant to § 13(1)(e) or (f), including profiling based on these provisions. If your data were to be processed on the basis of legitimate interest, the Operator is obliged to demonstrate that its legitimate interests in processing personal data outweigh the rights or interests of the data subject, or the grounds for exercising a legal claim, otherwise it may not further process such personal data.
f) the right to portability of your personal data
You also have the right to request the transfer of your personal data to another Operator, whose details you will notify us in writing. Technically, such transfer is possible on our part in the case of transferring an email address; other data, given the different purpose of their processing compared to processing of email address (see above), will be provided to you depending on the circumstances of the case. The Operator is entitled to refuse the data subject’s request for data transfer if the requested transfer could have adverse consequences for the rights and freedoms of others and the legal conditions for exercising the right to transfer under the GDPR Regulation are not met.
If you are not satisfied with how we process your personal data, you can inform us at email alluringbeautybratislava@gmail.com . You also have the option to file a complaint or a proposal to initiate proceedings at the Office for Personal Data Protection if you believe we are processing your personal data unlawfully. You can find the application template on the website of the Office for Personal Data Protection. The contact details for the Office for Personal Data Protection of the Slovak Republic are as follows: address Hraničná 12, 820 07 Bratislava 27; website: dataprotection.gov.sk, phone: 02 3231 3214; email: statny.dozor@pdp.gov.sk.
When processing your personal data, the Operator does not use profiling and does not process personal data through any form of automated individual decision-making that would involve evaluating your personal aspects.
When providing services to the Operator’s clients (hereinafter referred to as “clients“), the processing of personal data of data subjects by the Operator on behalf of its clients may occur. When processing personal data of data subjects on behalf of clients, the Operator acts as a processor of personal data pursuant to Art. 4(8) of the GDPR Regulation, with the controller determining the purposes and means of processing personal data being the client when the Operator processes personal data as a processor.
The Operator concludes personal data processing authorization agreements with its clients, which set out the conditions for processing personal data of data subjects by the Operator as a processor on behalf of its clients, and the obligations regarding ensuring an adequate level of protection of processed personal data.
The purposes, legal bases, scope, and range of recipients of personal data processed by the Operator as a processor on behalf of clients is determined by clients, with the Operator, when processing personal data of data subjects on behalf of its clients, acting exclusively according to the instructions of its clients and applicable legal regulations, fulfilling the obligations of a processor under the provisions of the GDPR Regulation and the Act, and not performing any other processing operations with personal data other than those arising from the concluded personal data processing authorization agreement and processing purposes determined by the client.
This updated Privacy Policy is valid and effective from 16.6.2021. Given that updates to the information on personal data processing contained in this Privacy Policy may be required in the future, the Operator is entitled to change and update this Privacy Policy at any time. In such case, the Operator will inform you appropriately.
