Privacy and data processing principles of the company and information provided by the controller
in accordance with the GDPR (“General Data Protection Regulation”) Regulation (EU) 2016/679 of the European Parliament and of the Council, in force and effective as of 25.05.2018 and 18/2018 of the Personal Data Protection Act hereinafter referred to as (“Act and GDPR”) and (hereinafter also referred to as “Conditions”)
- controller under these Conditions means:
Sound Healing Slovakia s.r.o., Pod Válkom 10181/12, 83107 Bratislava – Vajnory ID: 53300025, TAX ID: 2121353366, VAT ID: SK2121353366 on behalf of which act the executive directors Mgr. Lucia Nosko and Mgr. Martin Nosko (hereinafter referred to as the “controller”).
We follow the rules and therefore the protection of your personal data hereinafter referred to as (“PII”) is important for us. We process PII in accordance with these conditions.
By giving consent to the processing of PII on the portal https://soundhealingslovakia.sk/ the data subject provides the consent in a serious and freely given, specific, informed and unambiguous expression of his or her will in the form of an unambiguously affirmative act within the meaning of the GDPR and the law.
1.1 The data subject under these conditions means:
A visitor to the website in question, a prospective customer, a customer or any natural person whose PII is processed by the controller.
- Purpose of the processing of PII, legal basis, category of PII, period for erasure and disclosure.
No. | Category of PII | Purpose of processing | Legal basis of processing | Period for erasure of PII | Publication of PII |
1. | Photographs, videos | IS marketing The purpose of the processing of personal data is to publish photographs for the purpose of making vibration work more accessible. Photographs are also a form of presentation and promotion of the controller | Pursuant to Article 6(1)(a) of the Regulation – consent of the data subject Pursuant to Art. 6(1)(f) legitimate interest | 5 years since the given consent | Website, social networks |
2 | Name, surname, title, email, telephone contact, signature, address (data provided in the application) | IS exercise of rights and data subjects The purpose of the processing of personal data is to process requests from natural persons aimed at exercising their rights as data subjects within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. | Pursuant to Art. 6(1)(c) of the Regulation | 5 years since the processing of the request | Shall not be disclosed |
3 | Name and surname, e-mail, telephone number |
Creation of a reservation The purpose of the processing of personal data is to make a booking or order for the service of the controller. | Pursuant to Art. 6(1)(b) of the Regulation | For a period of 5 years | shall not be disclosed |
4 | Name and surname, e-mail, telephone, password, order overview, when logging in via the social network you can modify the settings, we process the name (listed on Facebook), e-mail, profile photo |
Registration The customer has the possibility to register on the website https://soundhealingslovakia.sk/. The customer is also allowed to register for individual lessons without registration. If you choose to make orders via registration, we will process your PII as follows: You protect your account with a password. By logging in to your account you will receive information about your orders, you can edit your PII. Please protect your password, the controller is not responsible for misuse of the password. By creating this account you will get an overview of your bookings. Information about season tickets. If, however, you have changed your mind and do not want to continue to be registered, you can delete the registration in your account. You can order our services on the website anytime also as a non-registered customer, i.e. as a guest. You can also register via social media. | Pursuant to Art. 6(1)(a) of the Regulation | We process personal data for a period of 1 year since the last registration. | Shall not be disclosed |
5. | Name, surname, address, contact details, details provided in the application |
Complaints
The purpose is to exercise the right of liability for defects in the goods or services provided to the customer (client) who requests a specific remedy or compensation. Ensuring the functioning of the legal relationship between the controller and the person concerned, in the handling of complaints relating to the accuracy and quality of goods and services provided by the controller.
| Pursuant to Art. 6(1)(c) of the Regulation | For a period of 10 years | Shall not be disclosed |
6. | Name, surname, title, maiden name, address, place of residence, date of birth, bank – account number, number of ID |
IS Contracts
The purpose of the processing of personal data within the scope of the agenda in question is the preparation of draft contracts (offers), their conclusion (acceptance) and the records of contractual relations of various kinds.
| Pursuant to Art. 6(1)(b) of the Regulation | For a period of 10 years | Shall not be disclosed |
7 | Title, name, surname, address and in the case of a foreigner (type of residence), bank account number, payment details, telephone number, e-mail, signature |
IS ccounting documents Bookkeeping is a standard economic information system, the core of which is accounting. The IS in question also includes the processing of orders, incoming invoices and invoicing to customers, liaison with the bank, cash management, provision of cash receipts and expenditures, warehouse management, recording of fixed assets (including automatic depreciation) and small assets, keeping single/double entry accounting of the organisation, carrying out audits | Pursuant to Art 6(1)(c) of the Regulation | 10 years | Shall not be disclosed |
8 | Name, surname, title, signature, occupational, functional or service classification, department, place of work, telephone number (company), fax number (company), e-mail (company), employer’s identification data | IS register of employee representatives customers and suppliers
Managing of a database of employee representatives suppliers and customers for the purpose of fulfilling their professional, official and functional duties and ensuring smooth supplier-customer relations. | Pursuant to Art 6(1)(f) of the Regulation | 10 years since the end of the contractual relationship | Shall not be disclosed |
- ONLINE ENVIRONMENT
The controller is responsible for the collection of the data and, in part, the operators of the social networking platforms. In certain processing operations, we act as joint controllers within the meaning of Article 26(4) of the Regulation.
The controller operates the following funpages on these platforms:
The operators of these social networks have their own adopted rules, service infrastructure and their own privacy provisions. The operating and contractual conditions of the aforementioned companies apply to the protection of data subjects’ PII. Users of social networks are responsible for their content and their profiles. For more detailed information on the processing of personal data by the data controller, please see below:
– Facebook: https://www.facebook.com/privacy/explanation
– Instagram: https://help.instagram.com/519522125107875
The purpose of the processing of personal data is to operate FUN PAGE’s own profiles on social networks and to communicate with you as citizens, interacting on topics in the community as well as answering relevant questions in comments e.g. Facebook/Instagram.
We may collect anonymous statistical data about your visits through a feature called Facebook Insight, which is provided to us free of charge by Facebook under immutable terms of use. This data is collected via hidden files (hereinafter referred to as “cookies (ID)”), each of which contains a unique user code that is active for a period of two years and is stored by Facebook on the hard drive of the computer or other device of visitors to the fan page. The user code, which can be associated with the connection data of users registered on Facebook, is collected and processed when the fan pages are opened.
The legal basis for the processing of personal data is Article 6(1)(f) legitimate interest.
The personal data you post on our “FUN PAGE” social networking pages such as comments, likes, videos, pictures, etc. will be published via the social networking platform. We do not process the personal data subsequently for any other purpose. The operator reserves the right to delete such comments and other content such as videos, images, etc. if they are in violation of applicable legislation (hateful comments, snide comments, racist or otherwise violating fundamental human rights and freedoms) this content and the right to share your posts if you communicate via social networks.
Posts are kept on our “timeline” page indefinitely or until you delete them as a commenting citizen, or until we delete them as the controller.
The website also contains social networks plugins. The data is not collected unless the data subject clicks on the logos and thus no data will be transferred to the social networks. By clicking on these logos, the data subject accepts communication with the social network servers, thereby creating a link.
- THIRD PARTIES
4.1 The PII is processed by our employees who have been duly instructed on how to handle the PII as well as signed a confidentiality agreement.
4.2 Your PII may be disclosed to third parties. During the processing of an order and the performance of a contract, data is also disclosed to third parties such as banks, accounting companies, partners and the like, e.g.:
- Google LLC – Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (tools for online marketing),
- Google Analytics – Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (statistics),
- Facebook, Inc. (tools for online marketing), Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, United States,
- Facebook Pixel, Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, United States,
- INSTAGRAM (marketing), Instagram LLC, ATTN: Arbitration Opt-out 1601 Willow Rd. Menlo Park, CA 94025, United States,
- Microsoft Corporation, Redmont 980 52 Washington, United States (LINKEDIN social network),
- YOUTUBE, (marketing), YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, United States,
- The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, United States (Mailchimp application),
- Reservio, s.r.o., with registered office at Hlinky 995/70, Staré Brno, 603 00 Brno, Czech Republic.
- Accounting company, attorney’s office
- Application – Google, IOS, Apple
- Programmers, web hosting (Websupport).
- Slovak Post.
- UNDER THE AGE OF 16
In connection with the offer of information society services, the controller lawfully processes PII on the basis of the data subject’s consent if the data subject has reached the age of 16. This portal is not directly addressed to persons under the age of 16.
- PROCESSING PERIOD
The controller shall only process PII for the necessary period of time and shall comply with the principles of processing of PII. If consent has been given, this shall be for the period of time during which consent is given or withdrawn. When we process PII on the basis of law, e.g. the accounting documents, we process these for 10 years.
Data collected for marketing purposes via cookies is processed by the controller for the duration of the consent to the use of cookies, it means for the period, for which you allow the storage of cookies in your browser, or until the period when an objection is raised against the processing of your data for this purpose.
Further processing of PII beyond the aforementioned time limits is only carried out by the controller if this is necessary to comply with the obligations arising from the applicable legislation. The exact specification is set out in Article 2 for each individual purpose of PII processing.
- TRANSFER TO A THIRD COUNTRY
The controller does not intend to transfer PII to a third country or an international organisation, including the identification of the country or international organisation. However, some of the recipients may have servers located outside the EU (Google, Facebook). These servers may be located in the United States of America (USA). Companies based in the USA that have access to PII are certified under a privacy protection scheme called Privacy Shield and are considered to be the companies that provide an adequate level of protection.
This transfer only takes place subject to strict compliance with the GDPR.
- AUTOMATED PROFILING
The controller uses automated profiling, namely via Facebook Pixel and by using the Google Analytics measurement code. The controller uses these applications in order to optimize its sites.
Google Analytics is an analytical tool that helps websites and apps owners understand how their visitors use these resources. It is possible to use a set of cookies and collect information and statistics about the use of the website without personally identifying individual visitors in the Google service. For more information about cookies, see paragraph 11.
The Facebook Pixel is a code that is placed on our website. With the help of cookies, which are placed automatically in the customer’s browser, we are able to track your behavior on your website. The Facebook Pixel offers us information about conversions from your Facebook ads, offers the possibility of remarketing to customers who have already visited our website, but is also suitable for audience building. For more information about “cookies”, see paragraph 11.
- IP ADDRESS
Is a set of numbers uniquely identifying a device on a computer network.
An IP address can be regarded as data relating to an identifiable person from the point of view of the protection of PII.
The IP address becomes PII if:
The IP address is PII if it is processed by an Internet service provider together with another identification (name, email…),
- the static IP addresses used by natural persons/individuals should be considered as personal data,
- the dynamic IP address will be considered as PII if the online service provider processes other identifiers considered as PII together with the dynamic IP address (e.g. first name, last name, email, etc.).
- SECURE DATA TRANSFER
Your PII is transmitted securely due to encryption. The SSL (Secure Socket Layer) encryption system is most commonly used for secure communication with web servers. PII in our systems as well as the website are secured by appropriate technical and organisational measures against loss, destruction, alteration and further dissemination of data by unauthorised persons.
- RIGHTS OF THE DATA SUBJECT
The data subject has the right under the GDPR to (i) the right to rectification, (ii) the right to erasure, (iii) the right to data portability, (iv) the right to object, (v) the right to withdraw consent, (vi) the right of access to information.
- Right to rectification.
The data subject has the right to have incorrect PII relating to him or her corrected by the controller without undue delay and to have incomplete PII completed.
- Right to erasure.
The data subject has the right to have the controller erase PII concerning him or her without undue delay. The controller shall delete such PII without undue delay if one of the following grounds is met:
- PII is no longer necessary for the purpose for which it was obtained or processed,
- the data subject withdraws consent to the processing of PII for at least 1 specific purpose, or the consent is invalid if its provision is precluded by a specific regulation,
- the data subject objects to the processing of PII when it relates to direct marketing, including profiling,
- PII is processed unlawfully,
- the ground for erasure is the fulfilment of an obligation under this Act, a special regulation or an international treaty, to which the Slovak Republic is bound, or
- PII was collected in connection with the offer of information society services the data subject is under the age of 16 years.
If the controller has disclosed PII and is obliged to erase it, he shall also take appropriate security measures, including technical measures, taking into account the available technology and the costs of implementing them, in order to inform other controllers who process the data subject’s PII of his request that those controllers erase references to his PII and copies or copies thereof.
- Right to data portability.
The data subject has the right to obtain PII concerning him or her that he or she has provided to the controller in a structured, commonly used and machine-readable format and has the right to transfer that PII to another controller – the vendor, if technically feasible and if:
- PII are processed on the basis of the data subject’s consent, the contract and the data subject’s consent, which is invalid if its provision is excluded by a specific regulation,
- the processing of PII is carried out by automated means.
- Right to object
The data subject shall have the right to object to the processing of PII concerning him or her for the purpose of direct marketing, including profiling to the extent that profiling is related to direct marketing, the controller shall explicitly inform the data subject of his or her rights at the latest at the time of the first communication with him or her, and this right shall be clearly and separately indicated from any other information. The data subject may exercise his or her right to object by automated means using technical specifications.
- Withdrawal of consent
The data subject has the right to withdraw consent to the processing of PII concerning him or her at any time. Withdrawal of consent shall not affect the lawfulness of the processing of PII based on consent prior to its withdrawal; the data subject must be informed of this fact before consent is given. The data subject may withdraw consent in the same way as he or she gave consent.
- Right of access to information.
The data subject shall have the right to obtain confirmation from the controller as to whether PII relating to him or her is being processed. If the controller processes such PII, the data subject has the right to obtain access to that PII and information about:
- the purpose of the processing of the PII,
- the category of PII processed – in our case, this is ordinary PII, the controller does not process a special category of PII,
- the identification of the recipient or the category of recipient to whom PII has been or is to be disclosed, in particular a recipient in a third country or an international organisation, if applicable,
- the period of retention of PII; if this is not possible, information on the criteria for its determination,
- the right to request the controller to rectify, erase or restrict the processing of PII relating to the data subject, or the right to object to the processing of PII,
- the right to submit the proposal for proceeding
- the source of PII if PII was not obtained from the data subject,
- the existence of automated individual decision-making, including profiling in these cases, the controller shall provide the data subject with information, in particular on the procedure used as well as on the significance and the envisaged consequences of such processing of PII for the data subject.
The controller is obliged to provide information on the basis of this request within 30 days of receipt of this request. The controller may extend this period by a further 60 days, and we will inform you of any postponement.
The controller may charge a reasonable fee corresponding to the administrative costs for the repeated provision of PII requested by the data subject. The controller is obliged to provide the data subject with PII in the manner in which he or she has requested or according to his or her request.
The controller reserves the right to verify the data subject and to ascertain whether the data subject is a specific data subject. Verification consists in providing additional information, e.g. by means of control questions. Verification is important in order to provide information about PII processed by the controller for the protection of PII.
- The right to submit the proposal for proceeding by the data subject.
The data subject can make a complaint to the supervisory authority, which is the Office for the Protection of Personal Data of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27; tel. number: +421 /2/ 3231 3214; email: statny.dozor@pdp.gov.sk, https://dataprotection.gov.sk. In the case of electronic submission, it is necessary to comply with the requirements of Section 19(1) of Act No. 71/1967 Coll. on Administrative Proceedings (administrative fee), or to file a petition to initiate proceedings pursuant to Section 100 of the Act.
- COOKIES
12.1 In accordance with § 55 paragraph 5 of Act No. 351/2011 Coll. of National Council of the Slovak Republic (NRSR) on Electronic Communications, as amended, we would like to inform you about the use of cookies and draw your attention to the possibility of changing the settings of your internet browser in case the current setting of the use of cookies does not suit you.
This policy contains information on how the collector uses cookies and similar technologies (hereinafter referred to as “cookies” or “cookies file”).
12.2 What are cookies?
Cookies are small text files that may be sent to your internet browser when you visit a website and stored on your device (computer or other internet-enabled device, such as a smartphone or tablet). Cookies are stored in your browser’s file folder. Cookies usually contain the name of the website from which they originate, their validity and value. The next time you visit the site, your web browser will reload the cookies and send this information back to the website that originally created the cookie. The cookies we use do not harm your computer.
Category 1 | Necessary / essential cookies |
These cookies are necessary for the use of our websites and the use of their features. Without these cookies, services such as the shopping cart or electronic invoicing cannot function. Cookies in this category must be enabled at all times. They are essential for the basic functioning of the web application and its secure operation. It is therefore not possible to turn it off and no consent is required for their storage. | |
Category 2 | Functional cookies |
These cookies are used to enhance functionality and personalisation, they allow our websites to remember your browsing choices. For example, we may store your geographical location in the cookie to ensure that we display websites localised to your area. We may also remember elements such as text size, fonts and other customizable elements of the site. These cookies may also be used to keep track of what products you have already browsed to avoid unnecessary repetition. The information collected by these cookies does not personally identify you. | |
Category 3 | Performance (statistics) |
These cookies are used to collect information about how you use our websites. They help us determine, which pages you visit the most often. We use the data to optimise our websites and make it easier to navigate. These cookies are also used to inform our partners that you have visited one of our websites from a partner’s site and if your visit continued with the purchase of product or service from us, the cookies also include details of the product or service purchased. All information collected by these cookies is aggregated and is therefore anonymous. | |
Category 4 | Third party cookies |
The sites link to and integrate content from other websites. Therefore, cookies may be created during the use of our websites that are not subject to control. An example of this is if the viewed website uses an analysis or marketing automation tool from a third party (e.g. Google tools) or displays the content from third-party websites, e.g. YouTube or Facebook. This results in the acceptance of cookies from these third-party services. The website can neither control the storage of, nor have access to, these cookies. If you want to know how these third parties use cookies, please read the privacy policy and cookie policy of these third parties. |
12.3 I don’t want to use cookies, how can I change it?
You can set the cookies that are used on the website of the operator in your web browser. Most web browsers are initially set to automatically accept cookies. You can change this setting by blocking cookies or by notifying if cookies are to be sent to your device.
Instructions for changing cookies can be found in each browser’s help. If you use different devices to access the sites (e.g., computer, smartphone, tablet), we recommend that you adjust each browser on each device to your cookie preferences. You can delete cookies in the browser individually or all at once, either directly (if it is known where they are stored) or by using the browser.
Procedure for removing cookies:
In Internet Explorer:
- In the “Tools” menu, select “Internet options”.
- Click on the “Privacy” tab.
- Now you can set the security settings for the Internet zone. Here you set whether and which cookies are to be accepted or rejected.
- Use the “OK” button to confirm your settings.
In Google Chrome:
- In the browser symbol bar, click on the Chrome menu on the right side of the screen.
- Now select “Settings”.
- Symbol bar will open in the left corner of the screen, click on “Settings” again and click on “Advanced”.
- Under “Security and Privacy”, click on “Content Settings”.
- In the “Cookies” section, you can make the following settings for cookies.
- Delete cookies.
- Block cookies by default.
- Delete cookies and website data by default when you exit the browser.
We use these cookies.
Cookie | Description | Duration | Type |
muxData | This cookie is used to enable certain video player functionalities associated with Vimeo. | 19 years | Functional |
vuid | null | 2 years | Other |
- DO YOU HAVE ANY QUESTIONS?
If you have any questions or comments regarding the processing of PII, you can contact us, we will be happy to answer your questions.
Contact details of the controller:
company name: Sound Healing Slovakia s.r.o.
registered office: Pod Válkom 10181/12/, 83107 Bratislava – Vajnory
ID: 51 152 258
TAX ID: 2121353366
VAT ID: SK2121353366
Contact details: e-mail/phone number.: info@soundhealingslovakia.sk / +421 905 261 460
The responsible person has not been appointed.
- FINAL PROVISIONS
This updated information comes into force and effect on 01.01.2022 The Controller reserves the right to change these conditions in the event of a change in the processing of PII in the company and in the event of a legislative change.