Proceed to cart
Customer support:+421 911 999 145onsaplus@onsaplus.eu
    Currency
    EUR
    Language
    English
    Home / Privacy policy

    Privacy policy

     General information on the processing of personal data

     

    1. Data subject – buyer/visitor of the website,

        Controller – ONSA Plus s.r.o., Južná trieda 119, 040 01 Košice, ICO: 36 234 150
    2. Recipients of personal data

    - GoPay - payment gateway provider for online payments
    - PayPal - online wallet provider for online payments
    - Packeta - aggregator of shipment collections for multiple carriers
    - PPL - courier carrier for parcel delivery
    - DPD - courier carrier for parcel delivery
    - DHL - courier carrier for parcel delivery
    - Raben - carrier for oversized shipments
    - DSV - carrier for oversized shipments
    - DB Schenker - carrier for oversized shipments
    - Heureka - price comparison portal for better price overview
    - Smartsupp - tool for communicating with customers via chat
    - Google - anonymous access statistics (Google Analytics) and marketing activities within the Google network
    - Seznam - marketing activities within the Seznam advertising network
    - Facebook - marketing activities within the Facebook network
    - Ecomail - provider of a tool for mailing marketing communication
    - Shoptet - e-commerce platform provider
    - Retino - tool for seamless processing of returns and complaints
    - Raynet - CRM application provider

     

     

    1. The controller, considering the scope and subject of its activities, is not required under § 44 of Act No. 18/2018 Coll. on the protection of personal data to appoint a data protection officer. However, if you have any questions regarding your personal data, please write to us at the email: onsaplus@onsaplus.sk, call us at the phone number: +421 911 999 145, or visit us in person at the address of the controller provided above.

     

    The website controller is responsible for the processing of personal data in accordance with the regulation of the European Parliament and Council (EU) 2016/679, of April 27. 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data, (hereinafter referred to as GDPR) The data subject has the right to request information from the controller regarding their personal data that is subject to processing or deletion, or to request the correction of their personal data by the controller.

    1. The data subject is obliged to provide truthful and up-to-date personal data. The rights of the data subject are governed by Chapter 3 of the GDPR. The data subject has the right to: lodge a complaint with a supervisory authority, object to processing, request access from the controller to personal data concerning the data subject, request rectification or deletion, or restriction of processing of personal data, as well as the right to data portability.

     

    Information on the rights of the data subject

    The data subject has the right to request from the controller, based on a written request:

    and, confirmation of whether or not personal data about her is being processed,

    b, in a generally understandable form, information about the processing of personal data in the information system, including the identification details of the controller and processor (if appointed); the purpose of processing personal data; a list or scope of processed personal data; information about the voluntary or mandatory nature of providing the requested personal data, the duration of consent, or notification of which legal regulation imposes the obligation to provide personal data; third parties to whom personal data may be provided; the category of recipients to whom personal data may be made accessible; the form of disclosure of personal data, if personal data is to be disclosed; third countries, if the transfer of personal data to these countries is to take place,

    c, in a generally understandable form, accurate information about the source from which the controller obtained her personal data for processing,

    d, in a generally understandable form, a list of her personal data that is subject to processing,

    e, the correction or deletion of her incorrect, incomplete, or outdated personal data that is subject to processing,

    f, the deletion of her personal data for which the purpose of processing has ended; if official documents containing personal data are subject to processing, you may request their return,

    g, the deletion of her personal data that is subject to processing if there has been a violation of the law,

    h, the blocking of her personal data due to the withdrawal of consent before the expiration of its validity if the controller processes personal data based on her consent. The aforementioned request or information about the breach of personal data or other serious facts concerning the processing of personal data by the controller may be addressed to the controller at the above address or by phone: +421 911 999 145, respectively. at the email address: onsaplus@onsaplus.sk

     

    Right of access to personal data

    As a data subject, you have the right to request the controller to confirm whether it is processing personal data concerning you. If the controller is processing your personal data, you have the right to access it and obtain further information about the purpose of processing your personal data, the categories of personal data being processed, to whom your personal data have been or will be disclosed, particularly regarding recipients in a third country or an international organization, if applicable; if personal data are transferred to a third country or an international organization, you have the right to be informed about the appropriate safeguards required by law, the retention period of personal data; if this is not possible, information about the criteria for its determination, the right to request the rectification of your personal data, their deletion, or the restriction of their processing, or the right to object to the processing of personal data, the right to lodge a complaint regarding the protection of personal data, the sources of personal data if they were not obtained from you, the existence of automated individual decision-making, including profiling. Profiling is any form of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects concerning an individual, primarily related to work performance, economic status, health, personal preferences, interests, reliability, behavior, location, or movement. In such cases, the controller shall provide the data subject with information, particularly about the procedure used, as well as the significance and anticipated consequences of such processing of personal data for the data subject. The controller is obliged to provide you with your personal data that it processes. For repeated provision of personal data, the controller may charge a reasonable fee corresponding to administrative costs. The controller is obliged to provide you with personal data in the manner you requested. The right to obtain personal data must not adversely affect the rights of other individuals.

    Right to rectification of personal data

    As a data subject, you have the right to have the controller rectify inaccurate personal data concerning you without undue delay. Depending on the purpose of processing personal data, you have the right to complete your incomplete personal data.                                                  

    Right to object to the processing of personal data

    You have the right to object to the processing of your personal data on grounds relating to your particular situation, if the controller is profiling or processing your personal data on the following legal bases:

     - processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,

     - processing of personal data is necessary for the purposes of legitimate interests pursued by the controller or a third party. The controller may not further process your personal data unless they demonstrate necessary legitimate interests in the processing of personal data that override your rights or interests or reasons for asserting a legal claim. You have the right to object to the processing of personal data concerning you for the purpose of direct marketing, including profiling to the extent that it is related to direct marketing. If you object to the processing of personal data for the purpose of direct marketing, the controller must not further process personal data for the purpose of direct marketing. You have the right to object to the processing of personal data concerning you on grounds relating to your particular situation, if your personal data is being processed for scientific purposes, for historical research purposes, or for statistical purposes, except where the processing of personal data is necessary for the performance of a task carried out in the public interest.                                                                 

    The right to deletion of personal data

    As a data subject, you have the right to request the controller to delete personal data concerning you without undue delay. If you request the controller to delete your personal data, the controller is obliged to delete them in the following cases:

    a, personal data are no longer necessary for the purposes for which they were collected or otherwise processed,

    b, you withdraw consent on which the controller processes your personal data and there is no other legal basis for the processing of personal data,

    c, you will object to the processing of personal data and there are no overriding legitimate grounds for the processing of personal data, or you will object to the processing of personal data for the purpose of direct marketing, including profiling, to the extent that it relates to direct marketing,

    d, personal data is processed unlawfully,

    e, the reason for deletion is the fulfillment of a legal obligation,

    f, personal data was obtained in connection with the offering of information society services pursuant to § 15 para. 1. According to the law, if the controller has disclosed your personal data and is obliged to delete it based on the aforementioned conditions, they also have the obligation, considering the available technology and costs, to inform other controllers who process your personal data, so that these controllers delete links to your personal data and their copies or transcripts. The controller is not obliged to delete your personal data if it is necessary

    and, on the exercise of the right to freedom of expression or the right to information,

    b,on the basis of a legal obligation or an international treaty, or to fulfill a task carried out in the public interest, or in the exercise of public authority entrusted to the controller,

    c,for reasons of public interest in the area of public health,

    d, for the purpose of archiving, for scientific purposes, for historical research, or for statistical purposes, if it is likely that deletion would prevent or seriously impede the achievement of the objectives of such processing, or

    e, to assert a legal claim.

    Right to restriction of processing of personal data

    You have the right for the controller to restrict the processing of your personal data if

    a, you contest the accuracy of your personal data; the controller will restrict the processing of your personal data for the period necessary to verify its accuracy,

    b, the processing of your personal data is unlawful and instead of erasure, you request the restriction of its use,

    c,the controller no longer needs the personal data for the purposes of processing, but you need it for the establishment, exercise, or defense of legal claims, or

    d, you object to the processing of personal data;

    e, the controller will restrict the processing of your personal data until it is verified whether the legitimate grounds of the controller outweigh your legitimate grounds. If the processing of personal data has been restricted, the controller may process personal data only with the consent of the data subject or for the purpose of establishing a legal claim, protecting individuals, or for reasons of public interest, in addition to storage. The controller is obliged to inform you before the restriction of processing personal data is lifted.

    Notification obligation regarding the correction, deletion, or restriction of processing of personal data

    The controller is obliged to notify the recipient (anyone to whom your personal data has been provided) of the correction of your personal data, deletion of personal data, or restriction of processing of personal data, unless this proves impossible or requires disproportionate effort. If you request it, the controller will inform you about these recipients.                                                               

    Right to data portability

    You have the right to obtain personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transfer this personal data to another controller, if technically feasible and if the processing of your personal data is carried out by automated means (i.e., electronically), provided that the personal data is processed either

    and, based on your consent,

    b, or are necessary for the performance of a contract to which you are a party, or for taking steps at your request prior to entering into a contract. This right must not adversely affect the rights of others. The exercise of the right to data portability does not affect the right to erasure of personal data. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.                                          

    The right to file a proposal for the initiation of proceedings for the protection of personal data

    In the event that you are directly affected in your rights established by the Personal Data Protection Act, you have the right under § 100 of this Act to submit a proposal to the Office for Personal Data Protection of the Slovak Republic for the initiation of proceedings for the protection of personal data. The purpose of the proceedings is to determine whether there has been a violation of the rights of individuals in the processing of their personal data or whether there has been a violation of the law, and in the event of identifying deficiencies, if it is justified and purposeful, to impose corrective measures or a fine for the violation of the law. The template proposal is published by the Office on its website. The proposal to initiate proceedings must include evidence to support the claims made in the proposal and a copy of the document or other evidence demonstrating the exercise of rights with the controller (the right of access to personal data, the right to request rectification of personal data, the right to deletion or restriction of processing of personal data, the right to object to the processing of personal data, the right to data portability), if such rights have been exercised by the data subject, or the reasons worthy of special consideration for not exercising the relevant right.

    The aforementioned rights (except for the right to file a proposal to initiate proceedings for the protection of personal data) may be exercised by email or in writing by post to the controller who supervises the processing of personal data. The controller may also be notified of a personal data breach or other serious circumstances related to the processing of personal data by the controller.

    The data subject, if suspecting that their personal data is being processed unlawfully, may file a proposal to initiate proceedings for the protection of personal data with the Office for Personal Data Protection of the Slovak Republic, located at Hraničná 12, 820 07 Bratislava 27, Slovak Republic, or contact the office through its website http://www.dataprotection.gov.sk.

     

    If the data subject is not fully capable of legal acts, their rights may be exercised by a legal representative. If the data subject is deceased, their rights under this law may be exercised by a close person.

    The request of the data subject under the data protection law will be processed by the controller free of charge, except for a fee that may not exceed the amount of the necessary incurred material costs associated with the preparation of copies, the acquisition of technical carriers, and the sending of information to the data subject, unless a special law provides otherwise. The controller is obliged to respond to the request of the data subject in writing no later than 30 days from the date of receipt of the request. The controller shall notify the data subject and the Office for Personal Data Protection of the Slovak Republic in writing without undue delay of any restriction of the rights of the data subject under the Personal Data Protection Act.

     

    The controller hereby informs you, as the data subject, about the protection of your personal data and educates you about your rights regarding the protection of personal data within the scope of this written information obligation.

     

    Processing of personal data for the purposes of order fulfillment and complaint handling

     

    1. Purposes of processing personal data: issuing a tax document, contacting the customer regarding the order, performance of a contract, handling claims for defects in sold products – arising from the performance of the contract.
    2. Legal basis for processing personal data: a) Processing of personal data (first name, surname, title, street and number, postal code, city) is necessary according to a special regulation or international treaty binding the Slovak Republic. In particular, according to Act No. 222/2004 Coll. on Value Added Tax. b) Processing of personal data (email, phone contact) is necessary for the performance of a contract.
      3. The retention period for personal data is ten years.
      4. The provision of personal data is a contractual obligation.

     

    Processing of personal data for the purpose of sending marketing information

     

    For the processing of personal data for the purpose of sending marketing information, the general information on the processing of personal data stated above applies, as well as:

    1. Purposes of processing personal data: sending marketing information
    2. Legal basis for the processing of personal data: Article 6(1)(b). a) GDPR - the data subject has given consent to the processing of their personal data for one or more specific purposes
    3. The retention period for personal data is ten years.
    4. The provision of personal data based on legitimate interest is mandatory to achieve this legitimate interest. When processing is based on consent, the provision of personal data is voluntary.

     

    Automated individual decision-making including profiling

     

    The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

     

    Processing of personal data for the purposes of processing cookies

     

    For the processing of personal data for the purposes of processing cookies, the general information on the processing of personal data mentioned above applies, as well as:

    • Ensuring the functionality of the e-shop (e.g., storing the contents of the cart, logging into the user account).
      • Shoptet Premium
    • Personalization of advertisements through platforms such as:
      • Google Ads,
      • Facebook Ads,
      • Instagram Ads,
      • TikTok Ads,
      • LinkedIn Ads.
    • Analysis of website traffic and performance using:
      • Google Analytics,
      • Looker Studio,
      • Hotjar,
      • Smartlook.
    • Measuring and evaluating marketing campaigns through:
      • Google Ads,
      • Facebook Ads,
      • Google Merchant Center (GMC),
      • Heureka.sk,
    • Automation and management of mailing campaigns using tools such as:
      • Ecomail,
    • Improving user experience through tools such as:
      • Smartsupp (online chat for communication with customers),
      • Raynet.

    Cookies are small amounts of data that servers send to the browser. The browser stores them on the user's computer. With each subsequent visit to the website, the browser then sends this data back to the server.

    1. Legal basis for the processing of personal data: Article 6(1)(b). a) GDPR - the data subject has given consent to the processing of their personal data for one or more specific purposes
    2. The retention period of personal data – Cookies used on our website can be divided into two basic types based on their duration. Short-term so-called 'session cookies,' which are temporary and remain stored in your browser only until you close the browser, and long-term so-called 'persistent cookies,' which remain stored on your device for a longer period or until you manually delete them, with the duration of cookies remaining on your device depending on the settings of the cookie itself and your browser settings.
    3. The provision of personal data is necessary to achieve the purpose.

     

     

    Conditions and methods of processing personal data of data subjects

    The controller processes personal data of data subjects in its information systems using both automated and non-automated processing means. The controller does not disclose processed personal data, except in cases where required by a specific legal regulation or a court decision or other state authority. The controller will not process your personal data without your explicit consent or another legal basis for a different purpose, nor to a greater extent than stated in this information and the records of individual information systems of the controller.

     

     

    Automated individual decision-making including profiling Cookies

    The controller uses an analytical tool to monitor its websites, which prepares a data string and tracks how visitors use the sites on the internet. When someone browses the page, the system generates cookies to record information related to the visit (visited pages, time spent on our pages, browsing data, exit from the page, etc.), but this data must not be linked to the visitor's identity. This tool is designed to improve the ergonomic design of the website, to create a user-friendly website, and to enhance the online experience of visitors. Most internet browsers accept cookies, but visitors have the option to delete them or automatically refuse them. Because each browser is different, visitors can individually set their cookie preferences using the browser's toolbar. If you choose not to accept cookies, you will not be able to use some features on our website.

     

    Type of cookies

    Usage

    Validity of cookies

     

     

    Essential/Basic

    for the most important functions necessary/basic for the website, enabling the proper functioning of the website

    - remembers the username, providing you with quick login during your next visit to the site

    - these cookies do not collect any information about you that could be used for marketing purposes

    1 year

     

    Functional

    - used to improve the service for the user, customizing the user interface

    - information about preferences is recorded according to content selection

    - cookies can remember items you have added to the e-shop shopping cart, or errors you have encountered

    After leaving the page

     

    Performance cookies and targeting cookies - analytical cookies

    analytical tools from third parties (Google Analytics) are used to improve quality - analytical cookies for content for site visitors - statistical data is collected such as the number of visits to the web page and links to our page and the number of visits

    - they help understand how visitors behave on the website

    - using cookies improves the performance of the website

    - these cookies do not collect any

    information to determine your identity - they are anonymous

    Automatically deleted after 10 years from the last visit to the website

     

     

     

    Sharing on - utilization of

    social networks

    - utilization of third-party social media that allows sharing content on social media from our sites, using buttons years since the last

    ,,I like" and „share"

    - cookies are required for easier use of their services

    - they record data about your activity on the internet and on the websites you use

    Automatically deleted after 10 years from the last visit to the website

     

    Quality display

    built-in cookies that improve performance for faster content loading and assist with compatibility

    Deleted after

    closing

    the browser

    the website owner

    according to the given website settings

    - can be ,,read" only by the given website (the number of visitors to the site, where they come from, and which parts of the sites they visited)

    10 years

     

    The controller uses the advertising program Google AdWords, through which it has the opportunity to create online advertisements and reach people precisely when they are interested in the products and services that the controller provides. The Remarketing or Similar Audiences features in AdWords allow us to reach people who have previously visited your website. It allows the display of advertisements in search results, on YouTube, and in emails. Dynamic remarketing enables users to see ads for products or services they have previously viewed. Cookies that ensure remarketing codes can be disabled by website visitors through appropriate settings in their browser.

     

    The controller can also be contacted via facebook. The purpose of data management is to share the content of the websites of the controller and to present the controller. Guests can learn about news, current special offers from the controller through the Facebook page, and also view photos from selected projects of the controller. By clicking "like" on the controller's Facebook page, subjects agree that the controller may post their news and offers on their Facebook wall. The controller also publishes photos/videos from various events on their Facebook page.

     

    The controller publishes these personal data only if prior written consent has been obtained. Further information on data management from the Facebook page can be found in the guide and privacy policy at www.facebook.com. For the purpose of presentation, the controller also has its profile on the social network Instagram, where it showcases selected projects along with a description of the photos. By clicking on "follow," you agree to the display of photographs published by the controller.