In order to process your order, we need your personal information. The security and lawful processing of your data are paramount to us. Here, you will learn how we process your personal data and how we ensure their security.
1. Who are we?
Your personal data are processed by our company:
Dr. Sandra Ltd.
811 01 Bratislava
Represented by: MUDr. Alexandra Rozborilová, PhD., Managing Director
(hereinafter referred to as the “controller”).
2. What personal data do we process?
To process your order and fulfill all legal obligations associated with it, we process your personal data, including: title, first name, last name, delivery address, billing address, order details, payment information, contact person, phone number, email.
To handle your complaint, we process personal data including: title, first name, last name, date of birth, address and type of residence, delivery address, billing address, details of the complained product, bank account number, payment details, complaint resolution method, phone number, email, signature, name and last name of the contact person, contact person’s phone number.
With your consent, we process your personal data including: title, first name, last name, email, phone number, IP address, cookies.
If you come in person to pick up goods at our clinic, your image may be recorded as the premises are monitored by a camera system.
3. What is the purpose of processing your personal data?
We process your personal data for the purpose of concluding an online contract and fulfilling it. This includes accepting and registering orders, processing orders, shipping goods, issuing invoices, handling contract cancellations, and any complaints.
We process your personal data to handle your complaint and fulfill our legal obligations.
We process your personal data to fulfill our obligations under special legal regulations related to accounting.
With your consent, we process your personal data to create a user account.
We process your personal data to take care of you as a customer, provide information about products and services, and conduct market research, using your preferred method of communication. We process your personal data for this purpose only if you have given us your consent.
With your consent, we also process your IP address and cookies. These are used to improve the functionality of the website and for advertising and remarketing purposes.
If you participate in a consumer competition organized by us, we process your personal data to manage your participation and award prizes. If the controller processes personal data based on consent via the website, these services are not intended for individuals under 16 years of age.
4. What is our legitimate interest?
We use the camera system to protect our property within this building and to protect the personal data we process.
5. How can you give us your consent?
You can give us your consent for processing your personal data by checking the relevant checkbox.
6. How can you withdraw your consent?
You can withdraw your consent for the processing of your personal data at any time by:
7. To whom do we provide your data?
In order to fulfill contractual obligations, we provide your personal data to the carrier. Based on a mediation agreement concluded in accordance with GDPR, we provide your personal data to an external accounting company and the web hosting and advertising services related to the website.
8. How long do we keep your personal data?
Accounting documents are kept for 10 years. Purchase agreements concluded through the online store are kept for the duration of order processing and for a necessary period for the assertion of rights, e.g., complaints. Documents related to complaints are kept for 5 years. We process your personal data for marketing purposes until you revoke your consent. In the case of your participation in a competition, we keep your personal data for the duration of the competition and information about the winners for a maximum of 2 years.
9. Where do we transfer your personal data?
We do not transfer your personal data to any third country. Your personal data are transferred to the Czech Republic, where the server is located.
10. Who can you contact?
If you have any questions or concerns regarding personal data, you can contact the responsible person:
Name and Surname: Karin Lovecká
Phone: 0917 125 992
11. Not satisfied?
If you are not satisfied with how we process your personal data, you can let us know by emailing email@example.com
. You also have the option to lodge a complaint with the Office for Personal Data Protection if you believe that we are processing your personal data unlawfully.
12. How do we process your personal data?
We process your personal data in electronic and paper form. We do not use any means of automated individual decision-making. Your personal data are processed in the administration of the website. The website is hosted on a server in the Czech Republic and is managed by wbx, s.r.o.
13. How do we ensure the protection of your personal data?
The security of your personal data is of utmost importance to us. To ensure the protection of your personal data, we have implemented the necessary technical and organizational measures. The controller has introduced a strong password policy. Personal data are encrypted. Paper documents are stored in lockable cabinets in the premises of the controller, which are secured with an alarm and camera system.
14. What are your rights?
a) Right to access data
You have the right to know if we process your personal data. If we do, you can request access to your data. Upon your request, we will provide a confirmation with information about the processing of your personal data by our company.
b) Right to rectification
You have the right to have your personal data processed by us to be accurate, complete, and up-to-date. If your personal data are inaccurate or outdated, you can request rectification or supplementation.
c) Right to erasure
Under certain circumstances, you have the right to have your personal data erased by us. You can request the erasure of your data at any time. We will erase your personal data if:
d) Right to restriction of processing
- we no longer need your personal data for the purpose for which you provided them;
- you withdraw your consent;
- you object to the processing of your personal data;
- we process your personal data unlawfully;
- personal data must be erased to fulfill a legal obligation;
- if you are a child or a parent of a child who has consented to the processing of personal data over the internet.
You can ask us to restrict the processing of your personal data. If your request is granted, we will only keep and not further process your personal data. Processing of your data will be restricted if:
e) Right to data portability
- you notify us that your personal data are incorrect, until we verify their accuracy;
- we process your personal data unlawfully, but you do not consent to their erasure and instead request that we only restrict the processing of your personal data;
- we no longer need your data, but you need them to establish, exercise, or defend your legal claims;
- you object to the processing of your personal data, until we verify whether our legitimate interests override your reasons.
You have the right to request that we provide you with your personal data in electronic format (e.g., XML or CSV file) that allows you to easily transfer the data to another company. You can also ask us to transfer your personal data directly to a chosen company. We will comply with your request if you provided us with your personal data directly and gave your consent for their processing.
f) Right to object
You have the right to object to the processing of your personal data. If we process your personal data for direct marketing purposes, you can object to such processing at any time. Upon objection, we will erase your personal data. You can object to the processing of your personal data in the following cases:
15. How can you exercise these rights?
- for the performance of a task carried out in the public interest or in the exercise of official authority;
- for our legitimate interests;
- for the creation of a customer profile;
- if you have personal reasons for objecting to the processing of your personal data.
You can submit your request to us in one of the following ways:
by sending a notification to the email address firstname.lastname@example.org
by sending a notification by post to the address Partizánska 2, 811 01 Bratislava.
We will address all your requests and inform you of the outcome in the same way you submit your request.
16. Final Provisions
These personal data protection principles are effective from May 25, 2018. We reserve the right to amend these principles in case of changes in the processing of personal data in our company.
Terms and Conditions
Right of Withdrawal
Personal Data Protection Principles