Personal data processing principles and data protection system under the GDPR
The data controller (controller) of your personal data pursuant to Article 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as GDPR) is the company WAMAK s.r.o., Orovnica 252, 966 52 Orovnica, ID No.: 36 628 972.
The contact details of the controller are :
Telephone: +421 918 396 879
What is personal data?
Personal data is data relating to an identified natural person or an identifiable natural person who can be identified, directly or indirectly, in particular by reference to a generally applicable identifier, to another identifier such as a first name, surname, identification number, location data or online identifier, or to one or more characteristics or attributes that constitute his or her physical identity, physiological identity, genetic identity, psychological identity, mental identity, economic identity, cultural identity or social identity.
What is the processing of personal data?
Processing of personal data means a processing operation or set of processing operations concerning personal data or sets of personal data, in particular the obtaining, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise, alignment or combination, restriction, erasure, whether or not by automated or non-automated means.
The Controller (Controller) is not obliged to appoint/designate a Responsible Person.
Sources and categories of personal data:
The Controller processes personal data (directly from you) that you have provided to it or personal data that it has obtained as a result of fulfilling your order.
Your identification and contact data and data necessary for the performance of the contract.
Lawful basis and purpose of processing:
The lawful basis for processing is:
Your consent to the processing of your personal data for the purpose of providing direct marketing pursuant to Article 6(1)(a) of the GDPR.
Performance of a contract between you and the controller pursuant to Article 6(1)(b) of the GDPR.
The processing is necessary for compliance with a legal obligation of the controller pursuant to Article 6(1)(c) GDPR.
The legitimate interest of the controller to monitor the premises with a CCTV system for the purpose of protecting property pursuant to Article 6(1)(f) GDPR.
The purpose of the processing of personal data is:
To process your order and to exercise the rights and obligations arising from the contractual relationship between you and the controller. When placing an order, the personal data required for the successful processing of the order (name, surname, address, contact, or company details) pursuant to Article 6(1)(b) of the Regulation (this includes the subsequent payment, delivery of goods, handling of complaints, etc.); the processing of the customer's personal data takes place without the customer's consent, since the legal basis for the processing of their personal data for the purposes of the performance of the contract is the specific order between the customer and the operator. The provision of personal data is a necessary requirement for the conclusion and execution of the order; without the provision of personal data, it is not possible to create an order or for the operator to fulfil its terms and conditions.
Provision of the agreed service in the field of production and sale of heat pumps.
The controller declares that it does not handle the records in any way and does not disclose them to third parties or entities.
The controller shall retain the personal data:
For as long as necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller and to assert a claim arising from that contractual relationship.
After the expiration of the retention period of the personal data resulting from Act No. 395/2002 Coll., the Act on Archives and Registers and on the amendment of certain acts, the controller shall delete the personal data.
Recipients of personal data
Who is the recipient?
The recipient is anyone to whom the personal data is provided, regardless of whether they are a third party. A public authority which processes personal data on the basis of a special regulation is not considered to be a recipient.
They are persons who are involved in the delivery of goods, services, making payments under a contract.
The controller does not provide, disclose or make available personal data to third countries.
Conditions for the security of personal data
The controller declares that it has taken appropriate personal, technical and organisational measures to ensure the protection of personal data.
The controller has taken technical measures to secure data storage and storage of personal data in file form.
The controller declares that the personal data can be accessed only by persons authorised by the controller.
Under the terms of the GDPR, you have:
- The right of access to your personal data under Article 15 of the GDPR
- The right to rectification of your personal data under Article 16 GDPR
- Right to restriction of processing
- The right to erasure under Article 17 GDPR
- Right to object under Article 21 GDPR
- Right to transfer personal data under Article 21 GDPR
- Right to withdraw consent (electronically or to a correspondence address)
- The right to lodge a complaint with the Data Protection Authority if you believe that your data protection rights have been violated.
You also have the right to lodge a complaint with the Data Protection Authority if you believe that your data protection rights have been violated
How can you exercise your rights?
Right of access to data
You have the right to know whether we are processing your personal data. If we are processing it, you can ask us for access to it. Upon your request, we will issue a confirmation with information about the processing of your personal data. You can submit your request electronically, to the email address,
Right to rectification
You have the right to have your personal data processed by us correct, complete and up-to-date. If your personal data is incorrect or outdated, you can ask us to correct or complete it electronically at the following email address:
Right to erasure
Under certain circumstances you have the right to have your personal data erased. You can ask us to delete your data at any time. We will delete your personal data if:
- We no longer need your personal data for the purpose for which you provided it to us,
- you withdraw your consent,
- you object to the processing of your personal data,
- we are processing your personal data unlawfully,
- the personal data must be erased in order to comply with a legal obligation,
- if you are a child or the parent of a child who has consented to the processing of personal data via the internet.
Right to restriction of processing
You can ask us to restrict the processing of your personal data. If we comply with your request, we will only store your personal data and will not process it further. Restriction of the processing of your data will occur if:
- You notify us that your personal data is incorrect until we have verified its accuracy,
- we are processing your personal data unlawfully, but you do not consent to the erasure of your personal data and instead request that we restrict the processing of your personal data,
- we no longer need your data but you need it to establish, exercise or defend your rights
- you object to the processing of your personal data until we have verified that our legitimate interests outweigh your reasons.
Right to data portability
You have the right to request that we provide you with your personal data in an electronic format (e.g. an XML or CSV file) that allows you to easily transfer your data to another company. You can also ask us to transfer your personal data directly to the company of your choice. We will comply with your request if you have provided us with the personal data directly and have given us your consent to process it.
Right to object
You have the right to object to us processing your personal data. If we process your personal data in the following cases:
- For our legitimate interest,
- creating a customer profile,
- you can object to the processing if you have personal reasons to do so.
How can you exercise these rights?
You can contact us with your request in any of the following ways:
If you believe that your rights to the protection of personal data have been violated, you have the right to lodge a complaint with the supervisory authority, the Office for the Protection of Personal Data, at the following address
820 07 Bratislava 27
+421 /2 3231 3214
In view of the epidemiological situation in the Slovak Republic, the Office recommends making submissions by mail or electronic services (www.slovensko.sk). Personal submissions from 29.11.2021 onwards can only be made in unavoidable cases no later than 12:00.
What are cookies?
You can prevent cookies from being set by adjusting the settings in your browser (see the Help section of your browser to find out how to do this). Please note that disabling cookies will affect the functionality of this and many other websites you visit. Disabling cookies will usually also have the effect of disabling certain functions and features of this site. It is therefore recommended that you do not disable cookies.
Cookies that we set
When you enter information through forms, such as those found on contact pages or comment forms, cookies may be set to remember user information for future correspondence.
Third party cookies
We hope this has cleared things up for you, and as mentioned above, if there is something where you are unsure whether you need it or not, it is usually safer to leave cookies enabled in case they interact with any of the features of our website. If you are still interested in more information, you can contact us via any of our preferred methods.