Personal Data Policy of LIOVELA s.r.o.

Table of Contents:

1. Data Controller

2. Principles of Personal Data Processing – purposes, legal bases and retention periods

3. Your Rights under the GDPR

4. Cookie Policy and Related Technologies

5. Recipients of Data and Transfer of Data Outside the EEA

6. Automated Processing and Profiling

7. Contact Details and the Data Protection Officer

8. Updates to the Privacy Policy

1. Data Controller

The entity responsible for processing your personal data is LIOVELA s.r.o., with its registered address at: ul. Dlhá 561/67, 08901 Svidník, Slovakia, IČO: 53177321, DIČ: 2121296199, IČ DPH: SK2121296199, registered in the Commercial Register of the District Court in Prešov, file no. 43240/P.

LIOVELA s.r.o. is the owner of the website www.liovela.com.

The Controller independently determines the purposes and means of processing your personal data.

You can contact the Controller electronically at: liovela@liovela.com

For matters related to personal data protection, you may also write to the Data Protection Officer: privacy@liovela.com

Privacy is our priority

This Privacy Policy explains how we protect your privacy and process the personal data entrusted to us, as well as indicating the purposes, scope and legal bases of such processing. We apply adequate technical and organisational measures, selected in light of possible risks and data categories.

In particular, we take into account the risk arising from:

•       accidental or unlawful destruction of data;

•       loss, modification or unauthorised disclosure of data;

•       unauthorised access to personal data.

Legal bases for processing data:

•       Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR)

•       Act on the Protection of Personal Data

2. Principles of Personal Data Processing – purposes, legal bases and retention periods

The scope of data we process depends on which services and features of the store you use.

Your data is necessary for us to be able to:

•       fulfil the orders you place;

•       send service-related notifications;

•       process payments;

•       handle any delivery issues;

•       create and maintain your account in the store.

Providing data is voluntary; however, without it, we will be unable to accept and fulfill your order or create an account. In certain cases, the obligation to provide data arises directly from legal regulations – for example, data required for invoicing.

Detailed information on data processing in the purchasing process:

By making a cashless payment, you consent to the transfer of your data to payment operators or entities offering various forms of financing. Once the data is transferred, the operator becomes an independent controller thereof, while we process only the information about the chosen payment method.
The payment operator is obliged to inform you about the rules of processing your data – this may be done within the payment form as an attachment or by referring you to the appropriate section of their website.

Details of data processing for cashless payments:

Data processing by our business partners – sales via e-commerce platforms (marketplaces).

Our products are also available through trading platforms such as Allegro, eBay and Amazon. In such cases, the personal data necessary to process the order is provided to us by the partner platform, which acts as a separate controller of that data.

Contact form and other customer communication channels

We process your data when you contact us through the available communication channels.

Detailed summary of such processing:

Processing of data for marketing purposes

We also process personal data for marketing purposes – based on your consent or our legitimate interest. You may withdraw your consent at any time; however, such withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

We may send you commercial information electronically (e.g., Newsletter) or by telephone – depending on the chosen form of communication and the consent obtained.

Your data may also be processed as part of promotional campaigns and dedicated special programs. Each such event has its own terms and conditions specifying the scope of processed data.
Marketing activities may be linked to profiling, i.e. the automatic analysis of your behaviour in order to optimise the offer and prepare personalised proposals.

Based on the data collected, we may create customer profiles, personalise advertisements and improve our product range. If you consent to cookies, we may use the information they contain for statistical, analytical and advertising purposes.

Processing of data within marketing activities:

Data processing in connection with the fulfillment of requests resulting from the GDPR (Articles 15–22, Article 7(3)).

The third part of this Policy describes the rights you hold under the GDPR. Upon receiving your request, we process the personal data contained therein and retain its content for evidentiary purposes.

We will not delete data if we are fulfilling your order, clarifying a matter related to purchases made, or if legal provisions require us to retain it for a specified period.

Processing of data in connection with claims by parties

Personal data may also be processed by us in connection with the handling of claims – both those directed against us and those pursued by us. The scope of the processed data is adapted to the subject matter of the case in each instance.

Security of services and compliance with terms and conditions

We continually monitor our systems and website in order to ensure the safety of customers using our store. For this purpose, we may collect personal data transmitted by browsers or applications while using the website www.liovela.com , which enables the detection of threats and protection of traffic.

We also continually verify whether users of the service comply with legal provisions and the terms and conditions. Any attempts to circumvent these rules, fraudulent activities or those violating accepted standards will be blocked, and consequences will be applied to such users.

Disclaimer of liability

We are not liable for the improper processing of personal data or the consequences thereof if your personal data was disclosed to unauthorised persons as a result of at least one of the following situations:

•       the data you provided was incorrect (e.g. an incorrect email address, phone number or delivery address);

•       you used a publicly accessible device or one operating under another user's settings;

•       your email inbox was taken over (e.g. as a result of a cyberattack), enabling a third party to access the account password;

•       a data breach occurred due to your negligence (e.g. leaving an active session, sharing a password, using one password across multiple services, presence of malicious software);

•       you shared your data with third parties for the purpose of placing an order, filing a complaint or carrying out another process, which resulted in an incident;

•       the breach occurred due to the fault of our partners who acted as controllers of your data in a given process, e.g. carriers, couriers, banks.

3. Your Rights under the GDPR

We exercise the rights resulting from the GDPR, in particular those specified in Articles 15–22.

To exercise your rights, please contact the Data Protection Officer at privacy@liovela.com or via another method of your choice. Contact details can be found in section seven.

Right of access by the data subject – Art. 15 GDPR

You may at any time find out which of your personal data we process, their scope, the purposes and legal bases on which they are processed, to whom they are disclosed and the expected retention period. You may also request a copy of your data.

Right to rectification – Art. 16 GDPR

You have the right to request correction or completion of data if it is incomplete or inaccurate.

Right to erasure (right to be forgotten) – Art. 17 GDPR

You may request the erasure of your personal data at any time. Exceptions to this rule occur when:

•       your order is being processed or has been partially dispatched;

•       we are awaiting the recording of your payment;

•       we are obliged to secure data on the basis of a request from an authorised state body;

•       the data is necessary for the establishment, exercise or defence of legal claims.

Right to restriction of processing – Art. 18 GDPR

You may request the restriction of processing of your data when:

•       you do not consent to the processing of data based on the legitimate interest of the Controller, and we consider your rights to be overriding;

•       you contest the accuracy of your personal data – we will restrict the processing for a period enabling us to verify the accuracy;

•       processing is unlawful and instead of erasure you request restriction;

•       your data is no longer needed by us, but is required by you for the establishment or exercise of legal claims.

Notification obligation regarding rectification or erasure of personal data or restriction of processing – Art. 19 GDPR

•       Upon your request, we will inform you about the recipients of your data. We are obliged to notify each recipient to whom the personal data have been disclosed of any rectification or erasure of personal data or restriction of processing carried out pursuant to Art. 16, Art. 17(1), and Art. 18 GDPR – unless this proves impossible or involves disproportionate effort.

Right to data portability – Art. 20 GDPR

If we process your data automatically based on consent or a concluded contract, you may request a copy of it in a structured, commonly used and machine-readable format. We may transmit the copy directly to you or to another entity designated by you.

Right to object – Art. 21 GDPR

You have the right to object to the processing of your data where it is based on the legitimate interest of the Controller. The objection should be reasoned. Once lodged, we will suspend processing pending clarification of whether your rights are overriding. You do not need to justify an objection in the case of direct marketing, including profiling.

Right not to be subject to automated processing, including profiling – Art. 22 GDPR

You may refuse consent to automated decision-making concerning your data, including profiling that produces legal effects on you or similarly significantly affects you. To effectively exercise this right, log out of all devices and delete all cookies (the process may take up to 48 hours). Detailed instructions can be found in the Cookie Policy.

Right to lodge a complaint with a supervisory authority – Art. 77 GDPR

If you believe that your data is being processed unlawfully, you may lodge a complaint with the Personal Data Protection Office -  Úrad na ochranu osobných údajov Slovenskej republiky, Hraničná 12, 820 07 Bratislava (details can be found on the Office's website). You may also contact us directly at any time.

Right to refuse consent and to withdraw it at any time

In situations where the processing of data requires your consent (e.g. marketing), you have the right not to provide it. You may also withdraw previously given consent at any time under Art. 7(3) GDPR. However, please note that withdrawal does not affect the lawfulness of processing that occurred prior to that date.

4. Cookie Policy and Related Technologies

The Controller uses technologies that enable the collection of cookies and IP addresses. Detailed information on the principles of their use is described in a separate Cookie Policy.

5. Recipients of Data and Transfer of Data Outside the European Economic Area

We may share your data with entities providing specific services to us. These entities process the data on the basis of a contract concluded with us and solely within the scope instructed by us.
These include entities that:

•       send SMS messages and purchase notifications;

•       maintain ICT systems (including sales platforms, marketing systems, helpdesk, accounting, analytical and other IT solutions) and handle internal and external communications and requests;

•       store, pack and deliver the products we sell;

•       ensure secure storage of data in electronic form;

•       entities providing permanent destruction of data carriers – both paper and electronic;

•       provide consulting, legal, marketing and other services supporting our processes;

•       measure and analyse customer traffic on the website;

•       provide review services, maintain rankings of sellers, products and prices;

•       acting as sales platforms – we provide them with your data if you purchase the equipment we offer through their services.

Your data may also be transferred to entities acting as independent controllers:

•       courier companies delivering orders;

•       entities from the financial sector – payment operators and financial service providers;

•       platforms collecting reviews about products and stores

Under legal provisions, we are obliged to share data with public institutions conducting proceedings in connection with potential violations of the law, in particular:

•       the police, prosecution services, courts;

•       court enforcement officers;

•       tax offices and customs services;

•       government agencies and institutions, including EU bodies combating terrorism and organised crime;

•       other authorised state institutions.

In the event of detecting a potential crime, we may also approach such institutions on our own initiative.

Personal data may be transferred by us both within European Union member states and outside the European Economic Area, provided there is an adequacy decision (Art. 45 GDPR) or appropriate safeguards are in place (e.g. standard contractual clauses).

Data may be transferred outside the EEA to, among others:

•       Microsoft Corporation z siedzibą w Redmond, Waszyngton – w związku z korzystaniem z produktów MS, w tym chmurowych;

•       Google Ireland Limited z siedzibą w Dublinie – w związku z narzędziami reklamowymi Google Ads;

•       Google LLC z siedzibą w Mountain View, Stany Zjednoczone – w związku z mechanizmem Google reCAPTCHA.

6. Automated Processing and Profiling

Upon your consent, we may automatically process your data, including profile it in accordance with Art. 22 GDPR. You may withdraw your consent at any time without affecting the lawfulness of prior processing.

How does automated decision-making and profiling work?

Based on your consent, we may prepare a personalised offer for you, based for example on your purchase history. This process is fully automated, without human involvement.

7. Contact Details and Data Protection Officer

For all matters related to privacy and personal data protection, you may contact us by writing to: privacy@liovela.com

You may also send postal correspondence to: LIOVELA s.r.o., ul. Dlhá 561/67, 08901 Svidník, Slovakia, marked: Data Protection Officer.

8. Updates to the Privacy Policy

Where necessary, we may make changes to this Policy. We will inform you of each planned change with adequate notice. The current version of the Privacy Policy will always be available on our website in the Privacy Policy tab.