Privacy Policy

Privacy Policy

Dear customer, In order to process your order, we need your personal information. The security and lawful processing of your data are paramount to us. Here, you will learn how we process your personal data and how we ensure their security. 1. Who are we? Your personal data are processed by our company:

Dr. Sandra Ltd.
Partizánska 2
811 01 Bratislava

Represented by: MUDr. Alexandra Rozborilová, PhD., Managing Director
Email: objednavky@doktorkasandra.sk (hereinafter referred to as the “controller”). 2. What personal data do we process? E-shop To process your order and fulfill all legal obligations associated with it, we process your personal data, including: title, first name, last name, delivery address, billing address, order details, payment information, contact person, phone number, email. Complaints Register To handle your complaint, we process personal data including: title, first name, last name, date of birth, address and type of residence, delivery address, billing address, details of the complained product, bank account number, payment details, complaint resolution method, phone number, email, signature, name and last name of the contact person, contact person’s phone number. Marketing With your consent, we process your personal data including: title, first name, last name, email, phone number, IP address, cookies. Camera System If you come in person to pick up goods at our clinic, your image may be recorded as the premises are monitored by a camera system. 3. What is the purpose of processing your personal data? E-shop We process your personal data for the purpose of concluding an online contract and fulfilling it. This includes accepting and registering orders, processing orders, shipping goods, issuing invoices, handling contract cancellations, and any complaints. Complaints Register We process your personal data to handle your complaint and fulfill our legal obligations. Accounting We process your personal data to fulfill our obligations under special legal regulations related to accounting. User Account With your consent, we process your personal data to create a user account. Marketing Communication We process your personal data to take care of you as a customer, provide information about products and services, and conduct market research, using your preferred method of communication. We process your personal data for this purpose only if you have given us your consent. Cookies With your consent, we also process your IP address and cookies. These are used to improve the functionality of the website and for advertising and remarketing purposes. Consumer Competition If you participate in a consumer competition organized by us, we process your personal data to manage your participation and award prizes. If the controller processes personal data based on consent via the website, these services are not intended for individuals under 16 years of age. 4. What is our legitimate interest? We use the camera system to protect our property within this building and to protect the personal data we process. 5. How can you give us your consent? You can give us your consent for processing your personal data by checking the relevant checkbox. 6. How can you withdraw your consent? You can withdraw your consent for the processing of your personal data at any time by: 7. To whom do we provide your data? In order to fulfill contractual obligations, we provide your personal data to the carrier. Based on a mediation agreement concluded in accordance with GDPR, we provide your personal data to an external accounting company and the web hosting and advertising services related to the website. 8. How long do we keep your personal data? Accounting documents are kept for 10 years. Purchase agreements concluded through the online store are kept for the duration of order processing and for a necessary period for the assertion of rights, e.g., complaints. Documents related to complaints are kept for 5 years. We process your personal data for marketing purposes until you revoke your consent. In the case of your participation in a competition, we keep your personal data for the duration of the competition and information about the winners for a maximum of 2 years. 9. Where do we transfer your personal data? We do not transfer your personal data to any third country. Your personal data are transferred to the Czech Republic, where the server is located. 10. Who can you contact? If you have any questions or concerns regarding personal data, you can contact the responsible person: Name and Surname: Karin Lovecká Email: objednavky@doktorkasandra.sk Phone: 0917 125 992 11. Not satisfied? If you are not satisfied with how we process your personal data, you can let us know by emailing objednavky@doktorkasandra.sk. You also have the option to lodge a complaint with the Office for Personal Data Protection if you believe that we are processing your personal data unlawfully. 12. How do we process your personal data? We process your personal data in electronic and paper form. We do not use any means of automated individual decision-making. Your personal data are processed in the administration of the website. The website is hosted on a server in the Czech Republic and is managed by wbx, s.r.o. 13. How do we ensure the protection of your personal data? The security of your personal data is of utmost importance to us. To ensure the protection of your personal data, we have implemented the necessary technical and organizational measures. The controller has introduced a strong password policy. Personal data are encrypted. Paper documents are stored in lockable cabinets in the premises of the controller, which are secured with an alarm and camera system. 14. What are your rights? a) Right to access data You have the right to know if we process your personal data. If we do, you can request access to your data. Upon your request, we will provide a confirmation with information about the processing of your personal data by our company. b) Right to rectification You have the right to have your personal data processed by us to be accurate, complete, and up-to-date. If your personal data are inaccurate or outdated, you can request rectification or supplementation. c) Right to erasure Under certain circumstances, you have the right to have your personal data erased by us. You can request the erasure of your data at any time. We will erase your personal data if:
  • we no longer need your personal data for the purpose for which you provided them;
  • you withdraw your consent;
  • you object to the processing of your personal data;
  • we process your personal data unlawfully;
  • personal data must be erased to fulfill a legal obligation;
  • if you are a child or a parent of a child who has consented to the processing of personal data over the internet.
d) Right to restriction of processing You can ask us to restrict the processing of your personal data. If your request is granted, we will only keep and not further process your personal data. Processing of your data will be restricted if:
  • you notify us that your personal data are incorrect, until we verify their accuracy;
  • we process your personal data unlawfully, but you do not consent to their erasure and instead request that we only restrict the processing of your personal data;
  • we no longer need your data, but you need them to establish, exercise, or defend your legal claims;
  • you object to the processing of your personal data, until we verify whether our legitimate interests override your reasons.
e) Right to data portability You have the right to request that we provide you with your personal data in electronic format (e.g., XML or CSV file) that allows you to easily transfer the data to another company. You can also ask us to transfer your personal data directly to a chosen company. We will comply with your request if you provided us with your personal data directly and gave your consent for their processing. f) Right to object You have the right to object to the processing of your personal data. If we process your personal data for direct marketing purposes, you can object to such processing at any time. Upon objection, we will erase your personal data. You can object to the processing of your personal data in the following cases:
  • for the performance of a task carried out in the public interest or in the exercise of official authority;
  • for our legitimate interests;
  • for the creation of a customer profile;
  • if you have personal reasons for objecting to the processing of your personal data.
15. How can you exercise these rights? You can submit your request to us in one of the following ways: by sending a notification to the email address objednavky@doktorkasandra.sk, by sending a notification by post to the address Partizánska 2, 811 01 Bratislava. We will address all your requests and inform you of the outcome in the same way you submit your request. 16. Final Provisions These personal data protection principles are effective from May 25, 2018. We reserve the right to amend these principles in case of changes in the processing of personal data in our company. Terms and Conditions
Complaints Procedure
Right of Withdrawal
Personal Data Protection Principles