Company's information obligation under the Personal Data Protection Act

Identification data of the operator:

Company LUXESSE - fitness s.r.o.
ID: 55 670 814
DIC: 212 206 2074
Zvončeková 3, Košice 040 11
Tel: 0918 748 450
info@luxesse.store (hereinafter referred to as "Company") acts as an information systems controller (hereinafter referred to as " controller ") when processing the personal data of its employees, clients, customers or business partners (hereinafter referred to as " data subject ").IS").

Legal basis for processing of personal data of data subjects:

When processing personal data, the company proceeds in accordance with Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments and Supplements to Certain Regulations (hereinafter referred to as "Data Protection Act"). The legal basis for the processing of personal data is the Personal Data Protection Act, specific legislation and consent to the processing of personal data, depending on the purpose of the processing of personal data.

If the purpose of the processing of personal data, the range of data subjects and the list of personal data is provided for by a directly enforceable act of the European Union, an international treaty to which the Slovak Republic is bound, the Personal Data Protection Act or a special law, the company is entitled to process personal data without the consent of the data subject within the meaning of the Personal Data Protection Act.

The Company processes personal data without the consent of the data subject if the purpose of processing personal data, the range of data subjects and the list of personal data or their scope is provided for by a directly enforceable legally binding act of the European Union, an international treaty to which the Slovak Republic is bound or this Act. If the list or scope of personal data is not established, the company may process personal data only to the extent and in the manner necessary to achieve the established purpose of processing, while complying with the basic obligations under the Personal Data Protection Act.

The company further processes personal data without the consent of the data subject if the purpose of processing personal data, the range of data subjects and the list of personal data is provided for by a special law and only to the extent and in the manner provided for by the special law. The personal data processed may be disclosed, made available or published from the information system only if a special law provides for the purpose of disclosure, disclosure or publication, the list of personal data that may be disclosed, disclosed or published, as well as the third parties to whom the personal data are disclosed or the range of recipients to whom the personal data are disclosed, unless otherwise provided for in the law on the protection of personal data.

The company also processes personal data without the data subject's consent if:

(a) the processing of personal data is necessary for the performance of a contract to which the data subject acts as one of the contracting parties or in pre-contractual relations with the data subject or in negotiations for the amendment of a contract which are carried out at the request of the data subject,

(b) the processing of personal data is necessary to protect the life, health or property of the data subject,

c) the subject of the processing is exclusively the title, name, surname and address of the data subject without the possibility of assigning other personal data to them and their use is intended exclusively for the needs of the controller in the postal contact with the data subject and the registration of these data,

(d) personal data are processed which have already been disclosed in accordance with the law and have been duly identified by the controller as having been disclosed; the person who claims to be processing disclosed personal data shall, on request, demonstrate to the Authority that the personal data being processed have already been lawfully disclosed,

(e) the processing of personal data is necessary for the protection of the rights and legitimate interests of the controller or of a third party, except where such processing of personal data is overridden by the fundamental rights and freedoms of the data subject which are subject to protection under this Act.

If, in view of the purpose of processing personal data as laid down in a directly enforceable legally binding act of the European Union, an international treaty by which the Slovak Republic is bound, the Personal Data Protection Act and a special act, the individual personal data to be processed cannot be specifically determined in advance, the list of personal data may be replaced by a range of personal data.

The Company is obliged to comply with the Personal Data Protection Act when processing personal data in this way, except for those controllers who process personal data for the purposes of and in connection with legal proceedings.

If the Personal Data Protection Act does not apply to the processing of personal data, the company as the controller is only entitled to process personal data with the consent of the data subject.

The company obtains the data subject's consent without coercion or compulsion, as well as without conditioning it on the threat of refusal of the contractual relationship, the services provided or the obligations arising for the controller from legally binding acts of the European Union, an international treaty to which the Slovak Republic is bound or a law.

In the event of refusal to provide personal data to the company for the purposes necessary for the provision of services or the fulfilment of legal obligations, the company is entitled to warn the data subject of the possible consequences of not providing personal data.

The data subjects consent to the Company entrusting the processing of personal data to an intermediary who processes personal data on behalf of the Company. After the end of the purpose of the processing of personal data, the Company shall dispose of such lawfully obtained personal data of the Data Subjects within the time limit set by applicable law and in accordance with the Company's internal regulations.

Purpose of processing of personal data of data subjects:

The company respects your privacy and considers the personal data you provide to be confidential.

The company needs to know certain personal data of the data subjects for the quality of its services and needs to provide it to other recipients in order to comply with its legal obligations and to provide the highest quality services.

The company processes the personal data provided for several purposes.

Firstly, it deals with personal data of job applicants and personal data of its employees for the purposes of the personnel and payroll agenda and related legal obligations arising from specific legislation.

The Company also processes personal data of its clients, customers and business partners for the purpose of ensuring its business activities taking into account the interests of its clients, customers and business partners.

The processing of personal data for other purposes does not occur in the company, which means that the company collects, stores and processes only the personal data of the data subjects that it needs in order to fulfill its services. The personal data provided is strictly protected against misuse by unauthorised third parties by means documented in the adopted security project and security directive in accordance with the Data Protection Act.

When processing the personal data of data subjects, the company complies with the basic obligations of the controller under the Personal Data Protection Act, which include the following obligations.

The company always uses the personal data provided for a predetermined purpose of processing, which is clear, unambiguous and specific, in accordance with the Constitution of the Slovak Republic, constitutional laws, laws and international treaties to which the Slovak Republic is bound.

The company always defines the conditions for processing personal data in such a way as not to restrict the rights of the data subject provided for by law.

The company only collects personal data of the data subjects which, in terms of their scope and content, correspond to the purpose of the processing and are necessary for its achievement.

The company ensures that the personal data of the data subjects are processed only in a manner that is consistent with the purpose for which they were previously collected.

The company as the controller is obliged to process only correct, complete and, where necessary, updated personal data in relation to the purpose of processing. Incorrect and incomplete personal data shall be blocked by the controller and rectified or supplemented without undue delay; if they cannot be rectified or supplemented so that they are correct, the company shall clearly mark and destroy the personal data without undue delay.

The Company shall ensure that the personal data of the data subjects are processed in a form which permits the identification of individual data subjects for no longer than is necessary to achieve the purpose of the processing.

The Company shall dispose of in the prescribed manner those personal data whose purpose of processing has ceased. After the end of the defined purpose, the company is entitled to process the personal data to the extent necessary for research or statistical purposes in their anonymised form. Personal data processed in this way may not be used by the controller to support measures or decisions taken against the data subject to restrict his or her fundamental rights and freedoms.

Intermediaries:

The Company does not disclose your personal data to third parties in violation of the Data Protection Act and for the purpose of collecting it, contrary to your interests or instructions, and it is only disclosed to the third party within the scope of the above-mentioned purpose.

In its business activities, the company cooperates with several intermediaries whose aim is to provide quality services, and these entities process the personal data of data subjects in the performance of their contractual activities for the company.

The company declares on its honour that when selecting individual processors, it has taken care of their professional, technical, organisational and personal competence and their ability to guarantee the security of the personal data processed by the security measures taken in accordance with the Personal Data Protection Act.

At the same time, when selecting a suitable intermediary, the company has acted in such a way as not to jeopardise the rights and legitimate interests of the data subjects.

The company as a controller has concluded written contracts with processors under the Personal Data Protection Act to ensure the protection of personal data processed by the processors it has entrusted with the processing of personal data of data subjects only to the extent, under the conditions and for the purpose agreed in the contract and in the manner provided for in the Personal Data Protection Act.

Scope and list of personal data processed:

The company processes personal data of data subjects in its information systems to the extent necessary to achieve the stated purpose. This is the scope of the personal data provided for by specific legislation or to the extent of the data subject's consent to the processing of his or her personal data.

The company only processes personal data that have been provided to it voluntarily and to the extent necessary by the data subject. The provision of personal data to the company beyond the scope of specific laws is voluntary.

Conditions and method of processing of personal data of data subjects:

The company processes personal data of data subjects in its information systems by automated and non-automated means of processing.

The Company does not disclose the personal data processed, except where required by a specific legal regulation or by a decision of a court or other public authority.

The Company will not process your personal data without your explicit consent or other lawful legal basis for any other purpose or to a greater extent than is stated in this information and the registration sheets of the individual information systems of the controller.

The rights of the data subject related to the processing of his or her personal data:

The data subject shall have the right, upon written request from the company, to request:

(a) confirmation of whether or not personal data about him or her are processed,

(b) in a generally comprehensible form, information on the processing of personal data in the information system within the scope of the Personal Data Protection Act; when a decision is issued pursuant to the Personal Data Protection Act, the data subject shall be entitled to acquaint himself with the procedure for processing and evaluating operations,

(c) in a generally comprehensible form, precise information about the source from which he or she obtained his or her personal data for processing,

(d) in a generally comprehensible form, a list of its personal data subject to processing,

(e) the rectification or destruction of their incorrect, incomplete or outdated personal data subject to processing,

(f) the destruction of his or her personal data for which the purpose of the processing has ceased; where official documents containing personal data are the subject of the processing, he or she may request their return,

(g) the destruction of its personal data subject to processing where there has been a breach of the law,

(h) blocking of his or her personal data due to withdrawal of consent before the expiry of its validity period, if the company processes personal data on the basis of the data subject's consent.

The above-mentioned rights of the data subject pursuant to points (e) and (f) may be restricted only if such restriction results from a specific law or if its application would violate the protection of the data subject or would infringe the rights and freedoms of other persons.

Pursuant to the Personal Data Protection Act, the data subject has the right, upon written request to the company, to object to:

(a) the processing of his or her personal data which he or she believes is or will be processed for direct marketing purposes without his or her consent, and to request its destruction,

(b) the use of personal data referred to in the Data Protection Act for the purposes of direct marketing in the postal sector; or

(c) the provision of personal data referred to in the Data Protection Act for direct marketing purposes.

Pursuant to the Personal Data Protection Act, the data subject shall have the right to object at any time to the processing of personal data in cases under the Personal Data Protection Act by submitting legitimate grounds or by submitting evidence of unjustified interference with his or her rights and legally protected interests which are or may be harmed by such processing of personal data, on the basis of a written request addressed to the company or in person, if the matter cannot be delayed; unless prevented by lawful grounds and the objection of the data subject is proven to be justified, the company shall block and delete the personal data to which the data subject has objected without undue delay and as soon as the circumstances permit.

Pursuant to the Personal Data Protection Act, the data subject shall have the right at any time, on the basis of a written request addressed to the company or in person if the matter cannot be delayed, to object and not to submit to a decision of the company that would have legal effects or significant impact on him or her, if such decision is made solely on the basis of automated processing operations of his or her personal data. The data subject shall further have the right to request the company to review the decision issued by a method other than automated processing, and the company shall comply with the data subject's request, with the authorised person playing a decisive role in the review of the decision; the controller shall inform the data subject of the method of review and the result of the finding within the time limit provided for in the Personal Data Protection Act. The data subject shall not have this right only if a specific law providing for measures to safeguard the data subject's legitimate interests so provides, or if, in the context of a pre-contractual relationship or during the existence of a contractual relationship, the controller has issued a decision granting the data subject's request, or if the controller has taken other appropriate measures on the basis of a contract to safeguard the data subject's legitimate interests.

If the data subject exercises his or her right:

(a) in writing and the content of his or her request indicates that he or she is exercising a right, the request shall be deemed to have been made under the Personal Data Protection Act; a request made by e-mail or fax shall be delivered in writing by the data subject no later than three days from the date of its dispatch,

b) in person orally in the form of a record, from which it must be clear who has exercised the right, what is claimed and when and who has drawn up the record, his signature and the signature of the person concerned; the company is obliged to give a copy of the record to the person concerned,

(c) in the case of an intermediary referred to in point (a) or (b), the intermediary shall be obliged to hand over the application or the minutes to the company without undue delay.

If the data subject suspects that his or her personal data is being unlawfully processed, he or she may file a petition for initiation of a personal data protection procedure with the Office for Personal Data Protection of the Slovak Republic, located at Hraničná 12, 820 07 Bratislava 27, Slovak Republic or contact the Office via its website http://www.dataprotection.gov.sk.

If the data subject lacks full legal capacity, his or her rights may be exercised by a legal representative.

If the person concerned is deceased, his or her rights under this Act may be exercised by a person close to him or her.

The request of the data subject under the Personal Data Protection Act shall be processed by the company free of charge.

The request of the data subject pursuant to the Personal Data Protection Act shall be processed by the company free of charge, except for the payment of an amount which may not exceed the amount of the reasonably incurred material costs associated with the making of copies, the procurement of technical media and the sending of information to the data subject, unless a special law provides otherwise.

The company is obliged to deal with the data subject's request in writing in accordance with the Personal Data Protection Act no later than 30 days from the date of receipt of the request.

The company shall notify the data subject and the Office for Personal Data Protection of the Slovak Republic in writing without undue delay of the restriction of the data subject's rights under the Personal Data Protection Act.

Conditions for processing personal data

1. Personal Data Controller:
The personal data controller, i.e. the entity that processes the personal data of the data subject
of a person is a company:
LUXESSE - fitness s.r.o.
Zvončeková 3, 04011 Košice
ID: 55 670 814
(hereinafter referred to as the "Operator").
We value the privacy of all individuals and respect their right to data protection.
The controller proceeds with the processing of personal data in accordance with Act No. 18/2018 Coll,
on the protection of personal data and on amendment and supplementation of certain laws of data subjects
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to
processing of personal data and on the free movement of such data (General Data Protection Regulation
data protection), (hereinafter referred to as "the Act").
In connection with our activities, we process personal data for various purposes. Mostly
the processing of personal data is necessary pursuant to a special regulation or international
of a treaty by which the Slovak Republic is bound.
The controller processes personal data only on the following lawful legal grounds: - performance of a contract
or pre-contractual measures, - the fulfilment of our legal obligation under a specific regulation; -
the performance of a task carried out in the public interest, - the fulfilment of our legitimate interests
interests unless those interests are overridden by the legitimate interests of the data subject, - where it is
necessary to protect the life, health or property of the data subject or another natural person
persons.In other cases, we process the personal data of data subjects only with the consent of
of the data subject, which may be revoked by the data subject at any time.
2. Purposes and legal basis for the processing of personal data:
In the event of the existence of a contractual relationship of the data subject with the Controller, the Controller shall
processes the personal data of data subjects on the basis of a legal contract, exclusively in
to the extent necessary to fulfil the purposes of this contract.
The controller processes for the purpose of dealing with complaints, deficiencies and surveys
personal data of data subjects on the basis of a legitimate interest or consent
of the data subject, exclusively in the scope of name, surname, address, e-mail, telephone number,
the processing of which is necessary to achieve the above.

In the event that the data subject voluntarily, without the prior intervention of the Controller
notifies the Data Controller of his or her personal data, such personal data will be the Data Controller's
processed to the extent necessary on the basis of a legitimate interest (in particular for
for the purpose of assessing the data subject's request and providing a response to the data subject).

Personal data processed by LUXESSE - fitness s.r.o. , Zvončeková 3, 040 11 Košice, ID no:
55 670 814 for the purpose of
- invoicing of goods and services supplied
- sending email offers of products of the company: LUXESSE - fitness s.r.o. , Zvončeková 3,
040 11 Košice, ID No: 55 670 814
Personal data company: LUXESSE - fitness s.r.o. , Zvončeková 3, 040 11 Košice, ID No.: 55 670 814
shall not be disclosed to third parties, except: GLS General Logistics Systems Slovakia s.r.o.
Budča 1039, 962 33 Budča
- Competitions on social networks:
Some competitions may take the form of data sharing, in particular comments, through
social media profiles of data subjects (e.g. the data subject's reaction to a fun page
of the Operator via its profile on the social network Facebook or Instagram). V
in this case, the Controller will, for the purpose of the data subject's participation in the competition and possible
announcement/publication of the winner of the competition (on the Operator's profile page on the social network)
and contacting him/her for the purpose of handing over the prize (via direct messages on social
network) to process the personal data of the data subjects, in particular the login name. Legal
the basis for the processing of personal data for the purposes is the consent of the data subject in the form of
voluntary participation in the competition. The Operator may, for the purpose of handing over the prize
the winners also process other personal data in the range of name, surname, and residence, which are
necessary to achieve the purpose of handing over the prize, on the legal basis of the consent of the person concerned
persons. The data subject may withdraw the consent at any time by contacting the contacts below
Operator. The Controller will process this personal data for the period necessary for
to achieve the purpose of the competition or until the consent of the data subject is withdrawn. After withdrawal of consent
the Controller will no longer process the personal data for the purpose to which the withdrawal of consent relates.
However, the controller may continue to process the personal data of the data subject even after the withdrawal of consent
persons to a limited extent on the legal basis of legitimate interest, for a period of
strictly necessary to demonstrate the lawfulness of the processing of personal data; or
to assert legal claims or to fulfil obligations arising from generally binding
legal regulations (as a rule, for a period of 3 years from the withdrawal of consent to the processing of personal
data).

3. Retention period of personal data:
All personal data is processed only to the extent necessary for the purposes set out in
in clause 2 of these Terms and Conditions and only for as long as is necessary to achieve the stated purposes, not exceeding
however, for a period of time determined by or in accordance with the relevant legislation.

Personal data processed by the Controller on the basis of the data subject's legal consent are
processed until the consent is withdrawn; however, the controller may, even after the withdrawal of consent, process some
process such data if it has another lawful reason to do so (e.g. to demonstrate the accuracy and
the lawfulness of the processing of personal data or for the possibility of defending against legal
claims).
Personal data processed by the Controller on the basis of a legitimate interest or
personal data processed by the Controller for the purpose of direct marketing are processed
until the data subject lodges an objection to the processing of his or her personal data.
4. Identification of recipients of personal data:
The controller may disclose the personal data of data subjects to third parties only in the following cases,
when required or permitted to do so by law or with the consent of the data subject.
The controller shall only make personal data available to the usual extent to processors or others
beneficiaries:
- suppliers of external services for the Operator (in particular programming or other
technical support services, server services, e-mail distribution, services related to
measuring traffic to our site and tailoring content to preferences
users),
- operators of backup servers or operators of technologies used by
To the controllers who process them to ensure the functionality of the relevant
services of the Operator,
- legal, economic and tax advisors to the extent necessary
Controller and the Controller's auditors who process them for the purpose of
the provision of consulting services to the Operator.
5. Rights of data subjects:
Right of access to personal data The data subject shall have the right to require the Controller to
on request, confirmation of whether or not personal data of the data subject are
processed and, if so, to request information about the processing of personal
the data relating to the data subject.
The data subject shall have the right to rectification of personal data concerning him or her and with regard to the purpose of
the processing of personal data and to complete incomplete personal data.
In the case of processing of personal data on the basis of a legal contract or on the basis of a legal
consent of the data subject, the data subject shall have the right to the portability of the personal data concerning him or her
relating to and provided to the Operator, in a structured commonly used and machine
in a readable format, if the processing of the data subject's personal data takes place
in an automated form and before the expiry of the retention period of the personal data. Application of this
rights must not adversely affect the rights of other persons.
The data subject has the right to the destruction of personal data (the right to erasure of personal data).
data) which are subject to processing if:
1. personal data are processed in breach of the law or

2. on the basis of withdrawal of the data subject's consent (in the case of processing of personal data from
the legal title of the data subject's consent) or
3. the data subject objects to the processing of personal data processed on legal grounds
the legitimate interest of the Controller and are not overridden by the Controller's legitimate reasons for
processing of personal data or
4. the personal data are no longer necessary for the purpose for which they were collected or for which they are otherwise
processed or
5. after the expiry of the retention period of the personal data.
The right to the destruction of personal data pursuant to point 5(d) shall not apply if the processing is
personal data necessary for the Controller to:
1. the exercise of the right to freedom of expression or
2. exercise of the right to information,
3. compliance with the obligations under Act No 18/2018 on the protection of personal data and on the amendment of the Act No 18/2018 on the protection of personal data and on the amendment of the Act No 18/2018 on the protection of personal data.
amendments to other laws (effective from 25.5.2018) or a special regulation,
4. assertion of a legal claim
5. for archival, scientific, historical research or statistical purposes
under section 78(8) where the right under paragraph 1 is likely to render impossible or seriously
in such a way as to make it more difficult to achieve the objectives of such processing.
The right to restrict the processing of personal data if:
1. the data subject objects to the accuracy of the personal data during a period allowing
the controller to verify the accuracy of the personal data and any updates to the personal data
Data,
2. the processing of the personal data is unlawful and the data subject objects to the erasure of the personal data
of the data and asks instead for restrictions on its use,
3. the controller no longer needs the personal data for the purpose of processing the personal data, but
the data subject needs them to assert a legal claim, or
4. the data subject objects to the processing of personal data pursuant to Article 27(1) of Act No 18/2018 on
protection of personal data and on amendment and supplementation of other laws (effective from 25.5.2018), and
pending verification that the legitimate grounds on the part of the controller outweigh
the legitimate grounds of the data subject.
Right to object to the processing of personal data:
The data subject shall have the right to object to the processing of personal data concerning him or her in all
where the legal basis for processing personal data is a legitimate interest
Operator. The data subject shall have the right to object to the processing of personal data concerning him or her
also applies if the personal data is processed for the purpose of direct marketing, including
profiling, insofar as it relates to direct marketing.
If the data subject suspects that personal data are being unlawfully processed, he or she has the right to lodge a
a petition to the Data Protection Authority to initiate data protection proceedings.
If the legal ground for processing the personal data of the data subject is his or her consent, he or she may
the data subject may withdraw such consent at any time free of charge at the email address below.
Withdrawal of consent shall not affect the lawfulness of processing based on consent that has been

given before his removal. The data subject shall have the right to withdraw consent at any time
by e-mail at info@luxesse.sk or in writing to the Operator's address,
which is: LUXESSE - fitness s.r.o. , Zvončeková 3, 040 11 Košice, ID No.: 55 670 814.

 

Close My Cart
Close Wishlist
Close

Close
Navigation
Categories