Privacy Policy and Cookie Notice

Principles and Information on Personal Data Protection
provided by the Controller to the Data Subject at the time of obtaining personal data from the Data Subject, and information on the use of cookies on this website.

I. Controller

1.1. Identity and Contact Details of the Controller:
Business name: Nomus s.r.o.
Registered office: Havlíčkova 16, 811 04 Bratislava – Staré Mesto District
Registered in: Commercial Register of the District Court Bratislava III, Section: Sro, Insert No. 159202/B
Company ID (IČO): 54489750
Tax ID (DIČ): 2121693387
VAT ID (IČ DPH): SK2121693387
Email: office@nomus.sk

1.2. Email and telephone contact for the Controller:
Email: office@nomus.sk
Phone: +421 911 959 999

1.3. Address of the Controller for delivery of correspondence:
Havlíčkova 16, 811 04 Bratislava – Staré Mesto District

1.4. In accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter the “Regulation”), as well as in accordance with Act No. 18/2018 Coll. on Personal Data Protection, as amended, and Act No. 452/2021 Coll. on Electronic Communications, as amended, the Controller hereby provides the Data Subject (the Buyer), from whom the Controller (the Seller) obtains personal data relating to them, with the following information, instructions, and explanations:

II. References

2.1. These Principles and Information on Personal Data Protection form an integral part of the General Terms and Conditions published on the Seller’s website.

2.2. Pursuant to §3(1)(n) of Act No. 102/2014 Coll., the Seller hereby informs the consumer that there are no special codes of conduct to which the Seller has committed to adhere. A code of conduct shall mean an agreement or set of rules defining the behaviour of a seller who has undertaken to comply with such a code in relation to one or more specific commercial practices or business sectors, provided these are not established by law or another legal regulation or measure of a public authority. The Seller has not committed to follow any such code of conduct, nor are there any such codes available for the consumer to review or obtain.

III. Personal Data Protection and Use of Cookies – Information and Explanation on Cookies, Scripts, and Pixels

3.1. The website operator provides the following brief explanation of the function of cookies, scripts, and pixels:

3.1.1. Cookies are text files containing a small amount of information that are downloaded to your device when you visit a website. These files allow the website to store information about your actions and preferences (such as login name, language, font size, and display settings) for a certain period, so you do not need to re-enter them each time you visit the site or browse its pages.
A script is a piece of program code used to ensure proper and interactive functionality of websites. This code runs either on the operator’s server or on your device.
A pixel is a small, invisible text or image element on a webpage used to monitor website traffic. To enable this, various data are stored through pixels.

3.1.2. Cookies are divided into:

  • Technical or functional cookies – ensure the correct operation and usability of the Controller’s website. These cookies are used without consent.
  • Statistical cookies – allow the Controller to obtain statistics about website usage. These cookies are used only with consent.
  • Marketing / advertising cookies – used to create advertising profiles and for similar marketing activities. These cookies are used only with consent.

3.2. How to control cookies:

3.2.1. You can control and/or delete cookies at your discretion – details are available at aboutcookies.org. You can delete all cookies stored on your computer or device, and most browsers can be set to prevent cookies from being stored.

3.3. The Controller’s website uses the following cookies:
All cookies used by the Controller can be found at https://www.cookieserve.com/ by entering the Controller’s website address.

  • Technical or functional cookies – accessed by the Controller; cookie duration: 5 years.
  • Statistical cookies – accessed by the Controller; cookie duration: 5 years.
  • Marketing and advertising cookies – accessed by the Controller; cookie duration: 5 years.

3.3.1. Cookies shared with third parties:

Facebook Pixels – Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Further information on privacy: Facebook Privacy

Google Analytics, Google Ads – Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information on privacy: Google Analytics Privacy

IV. Processed Personal Data

4.1. The Controller processes the following personal data on its website: first name, last name, residence, email address, home phone number, mobile phone number, billing address, delivery address, data obtained from cookies, and IP addresses.

V. Contact Details of the Data Protection Officer

5.1. The Controller has appointed a Data Protection Officer in accordance with Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data. Contact details: see above.

5.2. The Controller is also the Seller as defined in the General Terms and Conditions of this website.

VI. Purposes and Retention Period of Personal Data Processing

6.1. The purposes of processing the Data Subject’s personal data include, in particular:

6.1.1. Recording, creating, and processing contracts and client data for the purpose of concluding contracts with third parties.

6.1.2. Processing accounting documents and records related to the Controller’s business activities.

6.1.3. Compliance with legal regulations regarding the archiving of documents and records, e.g., pursuant to Act No. 431/2002 Coll., the Accounting Act, as amended, and other relevant legislation.

6.1.4. Activities of the Controller in connection with fulfilling the request, order, contract, or similar instruments of the Data Subject.

6.1.5. Newsletters, marketing, and similar advertising activities of the Controller. In the event that the Data Subject has given consent to the Controller for marketing and similar advertising activities, personal data are processed for these purposes until the Data Subject withdraws consent, but for no longer than 10 years.

6.2. The Controller retains the Data Subject’s personal data only for the period necessary to fulfil the contract and subsequently archive them in accordance with the statutory retention periods imposed by law. If the Data Subject has consented to the receipt of marketing emails or similar offers, the personal data will be processed for these purposes until the consent is withdrawn, but in any case, for a maximum of 10 years.

VII. Legal Basis for Processing the Data Subject’s Personal Data

7.1. If the Controller processes personal data based on the consent of the Data Subject, such processing shall commence only after the Data Subject has given the respective consent.

7.2. If the Controller processes the Data Subject’s personal data for the purposes of negotiating pre-contractual relations, concluding and performing a purchase agreement, and the related delivery of goods, products, or services, the Data Subject is obliged to provide personal data necessary for proper performance of the purchase agreement. Otherwise, performance cannot be ensured. Personal data for this purpose are processed without the Data Subject’s consent.

VIII. Recipients or Categories of Recipients of Personal Data

8.1. Recipients or potential recipients of the Data Subject’s personal data may include:

8.1.1. Statutory bodies or their members of the Controller.

8.1.2. Persons performing work under an employment or similar relationship for the Controller.

8.1.3. Sales representatives of the Controller and other persons cooperating with the Controller in performing the Controller’s tasks. For the purposes of this document, all natural persons performing dependent work for the Controller under an employment contract or agreements on work performed outside employment shall be considered employees of the Controller.

8.1.4. Collaborators of the Controller, its business partners, suppliers, and contractual partners, in particular: accounting companies, companies providing services related to software development and maintenance, companies providing legal services to the Controller, companies providing consultancy services to the Controller, companies providing transport and delivery of products to buyers and third parties, marketing companies, companies operating social networks, companies providing payment gateways and other payment methods.

8.1.5. Courts, law enforcement authorities, tax authorities, and other public authorities, if required by law. Personal data will be provided to such authorities in accordance with the legal regulations of the Slovak Republic.

8.1.6. List of third parties – intermediaries and recipients processing the Data Subject’s personal data:

Packeta Slovakia s.r.o., with registered office at Kopčianska 3338/82A, 851 01 Bratislava, Company ID: 48136999 – third-party service provider of delivery services

Direct Parcel Distribution SK, s.r.o., with registered office at Technická 7, 82104 Bratislava, Company ID: 35834498 – third-party service provider of delivery services

IX. Information on the Transfer of Personal Data to Third Countries and Retention Periods

9.1. Not applicable. The Controller does not transfer personal data of individuals to third countries.

X. Information on the Data Subject’s Relevant Rights

10.1. The Data Subject has, among others, the following rights:

10.1.1. The rights listed in section 10.1 do not affect any other rights of the Data Subject.

10.1.2. Right of access (Article 15 of the Regulation):
The Data Subject has the right to obtain from the Controller confirmation as to whether personal data concerning them are being processed, and if so, to obtain access to such data. The Data Subject also has the right to obtain information about the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom the data have been or will be disclosed, particularly in the case of recipients in third countries or international organizations, the envisaged retention period of personal data or, if not possible, the criteria used to determine it, the existence of the right to request rectification or erasure of personal data or restriction of processing, the right to object to such processing, the right to lodge a complaint with a supervisory authority, if the data were not obtained from the Data Subject, any available information as to their source, the existence of automated decision-making including profiling referred to in Articles 22(1) and (4) of the Regulation, and in such cases at least meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the Data Subject, and the safeguards under Article 46 of the Regulation regarding the transfer of personal data if the data are transferred to a third country or international organization.

10.1.3. The right to obtain a copy of the personal data undergoing processing, provided that the right to receive a copy does not adversely affect the rights and freedoms of others.

10.1.4. Right to rectification (Article 16):
The Data Subject has the right to require the Controller to rectify inaccurate personal data concerning them without undue delay, and to complete incomplete personal data, including by providing a supplementary statement. The Data Subject also has the right to request the erasure of personal data (“right to be forgotten”) pursuant to Article 17 of the Regulation.

10.1.5. Right to erasure (Article 17):
The Data Subject has the right to obtain the erasure of personal data concerning them without undue delay if one of the following applies:

  • personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • the Data Subject withdraws consent on which the processing is based, provided no other legal basis for processing exists;
  • the Data Subject objects to processing pursuant to Article 21(1) and no overriding legitimate grounds exist;
  • the Data Subject objects to processing pursuant to Article 21(2);
  • personal data have been unlawfully processed;
  • erasure is required to comply with a legal obligation under EU or national law;
  • personal data were collected in connection with the offer of information society services under Article 8(1).

10.1.6. Right to notify other Controllers:
Where the Controller has made personal data public, the Data Subject may require the Controller, taking available technology and the cost of implementation into account, to take reasonable measures, including technical measures, to inform other Controllers processing the data that the Data Subject requests the deletion of all links to, copies, or replications of those personal data. This right does not apply where processing is necessary:

10.1.7. for exercising the right of freedom of expression and information;

10.1.8. to comply with a legal obligation under EU or national law, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;

10.1.9. for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) of the Regulation.

10.1.10. For purposes of archiving in the public interest, scientific or historical research, or statistical purposes pursuant to Article 89(1) of the Regulation, provided it is likely that the rights referred to in Article 17(1) would make it impossible or seriously impair the achievement of the objectives of such processing; or for establishing, exercising, or defending legal claims.

10.1.11. Right of the Data Subject to restriction of processing pursuant to Article 18 of the Regulation.

10.1.12. The Data Subject has the right to require the Controller to restrict processing in the following cases:

  • the accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the data;
  • processing is unlawful and the Data Subject objects to erasure of the personal data and requests restriction instead;
  • the Controller no longer needs the personal data for the purposes of processing, but the Data Subject requires them for the establishment, exercise, or defense of legal claims;
  • the Data Subject has objected to processing under Article 21(1) until it is verified whether the legitimate grounds of the Controller override those of the Data Subject.

10.1.13. Where processing has been restricted, such restricted personal data may be processed only with the Data Subject’s consent or for establishing, exercising, or defending legal claims, protecting the rights of another natural or legal person, or for reasons of important public interest of the EU or a Member State.

10.1.14. Right to be informed in advance of the lifting of the restriction on processing.

10.1.15. Right to notification to recipients pursuant to Article 19 of the Regulation, i.e., the right to have the Controller inform each recipient to whom personal data have been disclosed of any rectification, erasure, or restriction of processing carried out under Articles 16, 17(1), and 18, unless this proves impossible or involves disproportionate effort, and the right to be informed by the Controller about these recipients upon request.

10.1.16. Right to data portability (Article 20):
The Data Subject has the right to receive personal data concerning them, which they have provided to the Controller, in a structured, commonly used, and machine-readable format and the right to transmit those data to another Controller without hindrance from the Controller, provided that:
a) processing is based on the Data Subject’s consent under Article 6(1)(a) or Article 9(2)(a), or on a contract under Article 6(1)(b), and
b) processing is carried out by automated means.

10.1.17. The right to obtain personal data in a structured, commonly used, and machine-readable format and to transfer it to another Controller without hindrance must not adversely affect the rights and freedoms of others.

10.1.18. Right to transmit personal data directly from one Controller to another where technically feasible.

10.1.19. Right to object under Article 21 of the Regulation.

10.1.20. Right to object at any time, for reasons related to the Data Subject’s particular situation, to the processing of personal data concerning them, carried out under Article 6(1)(e) or (f), including profiling based on these provisions.

10.1.21. In exercising the right referred to in 10.1.20, the Data Subject may require the Controller to cease processingpersonal data, unless the Controller demonstrates compelling legitimate grounds for processing that override the interests, rights, and freedoms of the Data Subject, or for establishing, exercising, or defending legal claims.

10.1.22. Right to object at any time to the processing of personal data concerning the Data Subject for direct marketing purposes, including profiling to the extent it is related to such marketing. If the Data Subject objects, personal data shall no longer be processed for these purposes.

10.1.23. Right to object using automated means when using information society services, in accordance with technical specifications.

10.1.24. Right to object for reasons relating to the particular situation of the Data Subject if personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), except where processing is necessary for the performance of a task carried out for reasons of public interest.

10.1.25. Right of the Data Subject relating to automated individual decision-making, including profiling, pursuant to Article 22 of the Regulation.

10.1.26. The Data Subject has the right not to be subject to a decision based solely on automated processing of personal data, including profiling, which produces legal effects concerning them or similarly significantly affects them, except in cases referred to in Article 22(2) of the Regulation, i.e., except where the decision is:
(a) necessary for entering into or performing a contract between the Data Subject and the Controller,

10.1.27. (b) permitted under Union or Member State law to which the Controller is subject, which also lays down suitable measures to safeguard the Data Subject’s rights, freedoms, and legitimate interests; or
(c) based on the Data Subject’s explicit consent.

XI. Right to Withdraw Consent to the Processing of Personal Data

11.1. The Data Subject has the right to withdraw their consent to the processing of personal data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
The Data Subject may withdraw consent either in full or in part. Partial withdrawal may concern a specific type of processing operation(s), while the lawfulness of processing operations not affected by the partial withdrawal remains intact. Partial withdrawal may also concern a specific purpose or purposes of data processing, while the lawfulness of processing for other purposes remains intact.
The right to withdraw consent can be exercised in writing to the Controller’s address registered in the business register at the time of withdrawal, or electronically via electronic means (e.g., by sending an email to the Controller’s email address provided in this document).

XII. Right to Lodge a Complaint with a Supervisory Authority

12.1. The Data Subject has the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or place of the alleged infringement, if they believe that the processing of personal data concerning them violates the Regulation. This is without prejudice to any other administrative or judicial remedies.
The Data Subject has the right to be informed by the supervisory authority with which the complaint has been lodged about the progress and outcome of the complaint, including the possibility to seek judicial remedy under Article 78 of the Regulation.

12.2. The supervisory authority in the Slovak Republic is:
Office for Personal Data Protection of the Slovak Republic
Hraničná 12, 820 07 Bratislava 27, Slovakia
Phone: +421 2 3231 3214
Email: statny.dozor@pdp.gov.sk

XIII. Information Related to Automated Decision-Making, Including Profiling

13.1. Since the Controller does not carry out automated decision-making, including profiling, within the meaning of Article 22(1) and (4) of the Regulation, the Controller is not required to provide information pursuant to Article 13(2)(f) of the Regulation, i.e., information about automated decision-making, including profiling, the process used, and the significance and anticipated consequences of such processing for the Data Subject. Not applicable.

XIV. Final Provisions

14.1. These Principles and Information on Personal Data Protection and Cookies form an integral part of the General Terms and Conditions and the Complaints Procedure. The documents – General Terms and Conditions and Complaints Procedure of this website – are published on the domain of the Seller’s website.

14.2. These Principles and Information on Personal Data Protection come into effect upon publication on the Seller’s website on 18 November 2022.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.