Privacy Policy

INFORMATION ON PERSONAL DATA PROTECTION AND COOKIES

Personal data protection principles and information provided by the Data Controller to Data Subjects in connection with personal data collection along with the information about the cookies used by the vionelle.eu e-shop

 

1. Data Controller

 

• Identity and contact details of the Data Controller (hereinafter only the “Controller”):

 

Business name: MARCO INVEST s.r.o.
Registered office: Dunajské nábr. 2529/38, Komárno 945 01, Slovak Republic

Registered in the Business Register of the Nitra District Court, section Sro, file number 47821/N
Company registration number: 52287955

Tax ID number: 2120971490

VAT ID number: SK2120971490
Bank account: SK4775000000004026981845

the Controller is a value added tax payer

 

1.2. Controller’s email address and telephone number:

 

Email: info@vionelle.eu

Telephone number: +421 917 544 455

 

1.3. Mailing address:

 

MARCO INVEST s.r.o., Dunajské nábr. 2529/38, Komárno 945 01, Slovak Republic

 

1.4. Pursuant to Article 13 (1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter only the “GDPR”), Act 18/2018 on personal data protection and on amendments to certain laws, and Act 452/2021 on electronic communications, as amended, the Controller hereby provides the Data Subject (Buyer), from whom the Controller (Seller) obtains his or her personal data, with the following information, instructions, and explanations:

 

1. References

 

2.1. These Personal Data Protection Principles and related information form part of the General Terms and Conditions published on the Seller’s Website.

2.2. The Merchant hereby informs Consumers that there are no special relevant codes of conduct the Merchant has undertaken to comply with; a code of conduct means an arrangement or a set of rules defining a seller’s conduct, which the seller has undertaken to comply with in relation to one or several special business practices or sectors, where such rules are not set by an act or legal regulation or measure issued by a public administration authority, which the seller has undertaken to comply with, and on the manner in which they can become acquainted with such rules or where they can obtain their texts.

 

III. Retention period

3.1. The Controller retains personal data of the Data Subject only for the period necessary to fulfil a contract and to archive such data under statutory periods prescribed for the Controller by legal regulations. Where the Data Subject has consented to receiving advertising emails and similar offers, the Data Subject’s personal data are processed for those purposes until the Data Subject withdraws his or her consent, but no longer than for ten (10) years.

 

1. Personal data subject to processing

 

4.1. The Controller processes via their website the following personal data: name, surname, address, email address, home phone number, mobile phone number, invoicing address, delivery address, and IP address collected through cookies and IP address.

 

1. Contact details of the Data Protection Officer

 

5.1. In accordance with the GDPR, the Controller has appointed a data protection officer. Contact details: email:info@vionelle.eu, phone number: +421 917 544 455

 

5.2. The Controller acts as the Seller as defined in the General Terms and Conditions of the Website.

 

1. Purposes and period of processing the Data Subject’s personal data

 

6.1. The purposes of processing of the Data Subject’s personal data include primarily:

 

6.1.1. registration, preparation, and processing of contracts and processing of client data for the purposes of conclusion of contracts with third parties,

 

6.1.2. processing of accounting documents and other documents relating to the Controller’s business activities,

 

6.1.3. compliance with the legal regulations governing retention of documents and evidence under Act 431/2002 on accounting, as amended, and other applicable regulations,

 

6.1.4. the Controller’s activities necessary to comply with a request, order, contract, and other similar affairs of the Data Subject,

 

6.1.5. newsletters, marketing, and similar advertising activities of the Controller where the Data Subject has granted his or her consent to the Controller to carry out marketing and similar advertising activities,

 

6.1.6. the Controller’s activities relating to their activities on social media, e. g. Facebook, Instagram, Twitter, etc. where the Data Subject has granted his or her consent to the Controller to carry out marketing and similar advertising activities,

 

6.1.7. the Controller’s online activities such as promotion targeting though Facebook Ads, Google Ads, etc. where the Data Subject has granted his or her consent thereto.

 

VII. Legal basis for processing of the Data Subject’s personal data

 

7.1. Where the Controller is to process the Data Subject’s personal data on the basis of his or her consent, the processing will start only after the Data Subject grants the consent.

 

7.2. Where the Controller is to process the Data Subject’s personal data for the purposes of negotiating pre-contractual relationships and conclusion and fulfilment of a purchase contract and related delivery of goods, product, or service, the Data Subject is obliged to provide his or her personal data to allow due fulfilment of the purchase contract, failing which such fulfilment cannot be arranged. In this case, personal data are processed without the Data Subject’s consent.

 

VIII. Recipients or categories of recipients of personal data

 

8.1. Recipients of the Data Subject’s personal data are or can be:

 

8.1.1. the Controller’s statutory bodies or members thereof,

 

8.1.2. persons working for the Controller on the basis of employment or similar relationship,

 

8.1.3. business agents of the Controller and other persons cooperating with the Controller in fulfilling the Controller’s tasks. For the purposes of this document, the Controller’s employees mean all natural persons performing work for the Controller on the basis of an employment contract or agreement for work performed outside employment,

 

8.1.4. the recipients of the Data Subject’s personal data also include the Controller’s coworkers, business partners, suppliers, and contractual partners, in particular: an accounting company, company providing software development and maintenance services, company providing the Controller with legal services, company providing the Controller with consultancy services, companies securing transport and delivery of products to buyers and third parties, marketing companies, companies operating social networks, and companies operating payment gateways or securing other payment methods,

 

8.1.5. further recipients of personal data may include courts, law enforcement bodies, tax authorities and other public bodies where required by law; the Controller will disclose personal data to such authorities and public institutions only in compliance with legal regulations of the Slovak Republic.

 

8.1.6. List of third parties – processors and recipients processing personal data of Data Subjects:

 

Slovenská pošta, a.s., Partizánska cesta 9, 975 99 Banská Bystrica, CRN: 36631124 – third party providing shipping services

 

Direct Parcel Distribution SK, s.r.o., registered office: Technická 7, 82104 Bratislava, CRN: 35834498 – third party providing shipping services

 

General Logistics Systems Slovakia s.r.o., Budča 1039, 962 33 Budča, Slovenská Republika – third party providing shipping services

 

Packeta Slovakia s. r. o., registered office: Sliačska 1E 831 02 Bratislava – Nové Mesto, CRN: 48136999 – third party providing shipping services

 

Slovak Parcel Service s.r.o., registered office: Senecká cesta 1, 900 28 Ivanka pri Dunaji

IČO: 31329217 – third party providing shipping services

 

STRIPE PAYMENTS EUROPE, LIMITED, C/O A & L Goodbody, Ifsc, North Wall Quay, Dublin, D01 H104, Ireland – third party providing payment gateway services

 

1. Information on the transfer of personal data to third countries and retention periods

 

9.1. The Controller transfers personal data in the form of cookies to the following entities in third countries:

 

Google HQ, 1600 Amphitheatre Parkway. Mountain View, California 94043, USA. For more detailed information on privacy visit: https://support.google.com/analytics/topic/2919631?hl=sk&ref_topic=1008008

META Pixels: Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland. For more detailed information on privacy visit: https://www.facebook.com/about/privacy/

Google LLC, D/B/A YouTube, 901 Cherry Ave. San Bruno, California 94066, USA. For more detailed information on privacy visit: https://support.google.com/analytics/topic/2919631?hl=sk&ref_topic=1008008

 

1. Information on rights of Data Subjects:

 

10.1. In addition to other rights, the Data Subject also has the following rights:

 

10.1.1. Clause 10.1 shall be without prejudice to other rights of Data Subjects.

 

10.1.2. The right of access to personal data under Article 15 of the GDPR as follows:

 

the right to obtain confirmation from the Controller whether or not his or her personal data is being processed, and if so, the information about the scope of such processing. If such data are subject to processing, the Data Subject has the right to be informed about their content and request that the Data Controller provide the information on the purpose of their processing and, in particular, the information on: the purpose of data processing, categories of personal data concerned, recipients or categories of recipients to whom personal data have been or will be disclosed, in particular as concerns recipients in third countries or international organisations, expected period of retention of personal data or, if it is not possible, information on the criteria serving to determine the retention period; the right to request that the Controller correct the personal data of the Data Subject of erase the data or restrict processing thereof; the right to object to such processing; the right to lodge a complaint with a supervisory authority if the personal data have not been obtained from the Data Subject; the right to receive any available information on the source of personal data and on automated decision-making and profiling as specified in Article 22 (1) and (4) of the GDPR, reasonable information on the procedure applied, importance and assumed consequences of such processing for the Data Subject, and adequate guarantees under Article 46 of the GDPR for the personal data where the data is to be transferred to a third country or international organization,

 

10.1.3. the right to receive a copy of the personal data provided however that the right to receive a copy of the personal data subject to processing is without prejudice to the rights and freedoms of other persons,

 

10.1.4. the right to correction under Article 16 of the GDPR, i.e. the Controller shall correct inaccurate personal data of the Data Subject without undue delay; the right to complement incomplete personal data of the Data Subject and this including through the Data Subject’s additional statement; the right to erasure (so-called “right to be forgotten”) under Article 17 of the GDPR, which means:

 

10.1.5. the Data Subject has the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the Data Subject withdraws consent on which the processing is based and where there is no other legal ground for the processing; the Data Subject objects to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article (2) of the GDPR; the personal data have been unlawfully processed; the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject; the personal data have been collected in relation to the offer of information society services referred to in Article (1) of the GDPR,

 

10.1.6. the right to request that the Controller, who has made the Data Subject’s personal data public, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the Data Subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data; the right to erasure and the rights under Article 17 (1) and (2) of the GDPR shall not apply where personal data processing is necessary:

 

10.1.7. for exercising the right of freedom of expression and information,

 

10.1.8. for compliance with a legal obligation which requires processing by European Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller,

 

10.1.9. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 (2) as well as Article 9 (3) of the GDPR,

 

10.1.10. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) of the GDPR in so far as the right referred to in Article 17 (1) of the GDPR is likely to render impossible or seriously impair the achievement of the objectives of that processing; or for the establishment, exercise or defence of legal claims,

 

10.1.11. the right to restriction of personal data processing under Article 18 of the GDPR, pursuant to which the Data Subject has:

 

10.1.12. the right to request that the Controller restrict processing of his or her personal data in the following cases: the accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the personal data; the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead; the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;

the Data Subject has objected to processing pursuant to Article 21 (1) pending the verification whether the legitimate grounds of the Controller override those of the Data Subject,

 

10.1.13. where personal data processing has been restricted, such personal data shall, with the exception of storage, only be processed with the Data Subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State,

 

10.1.14. the right to be informed by the Controller before the restriction of processing is lifted,

 

10.1.15. the right under Article 19 of the GDPR, i.e. the Controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 (1), and Article 18 of the GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it,

 

10.1.16. the right under Article 20 of the GDPR, i.e. the Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller to whom the personal data have been provided, where:

 

a/ the processing is based on the Data Subject’s consent pursuant to Article 6 (1)(a) or Article 9 (2)(a) of the GDPR or on a contract pursuant to Article 6 (1) (b) of the GDPR; and

 

b/ the processing is carried out by automated means, and

 

10.1.17. where the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller, will be without prejudice to the rights and freedoms of other persons,

 

10.1.18. the right to have the personal data transmitted directly from one controller to another, where technically feasible,

 

10.1.19. the right to object under Article 21 of the GDPR as follows:

 

10.1.20. the Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1), including profiling based on those provisions,

 

10.1.21. where the Data Subject exercises the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1) of the GDPR, including profiling based on those provisions, the Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims,

 

10.1.22. where personal data are processed for direct marketing purposes, the Data Subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. If the Data Subject objects to the processing for direct marketing purposes, the personal data shall no longer be processed for such purposes,

 

10.1.23. in the context of the use of information society services, the Data Subject may exercise his or her right to object by automated means using technical specifications,

 

10.1.24. where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) of the GDPR, the Data Subject, on grounds relating to his or her particular situation, shall have the right to object to the processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest,

 

10.1.25. the right relating to automated individual decision-making under Article 22 of the GDPR, i.e.:

 

10.1.26. the Data Subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, except the cases under Article 22 (2) of the GDPR where such a decision is (a) necessary for entering into, or performance of, a contract between the Data Subject and the Controller,

 

10.1.27. is authorised by European Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests is based on the Data Subject’s explicit consent.

 

1. Information on the Data Subject’s right to withdraw his or her consent to personal data processing:

 

11.1. The Data Subject shall have the right to withdraw his or her consent to personal data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

The Data Subject has the right to withdraw the consent to processing of his or her personal data either in full or partially. A partial withdrawal of the consent may apply to a specific type of processing activity(ies) without prejudice to the lawfulness of the processing of personal data to the extent of remaining processing activities, or to a specific purpose(s) of the processing of personal data without prejudice to the lawfulness of other purposes of the processing of personal data. The Data Subject may withdraw the consent to the processing of his or her personal data by a letter sent to the Controller’s address registered in the Commercial Register as their seat at the time of the withdrawal of the consent to the processing of personal data or by electronic means (an email sent to the Controller’s email address specified in the Controller Identification Section hereof).

 

XII. Information on the Data Subject’s right to lodge a complaint with a supervisory authority:

 

12.1. Without prejudice to any other administrative or judicial remedy, the Data Subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the Data Subject – complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

 

12.2. The supervisory authority in the Slovak Republic is Úrad na ochranu osobných údajov Slovenskej republiky (Office of the Slovak Republic for Personal Data Protection), Budova Park one, Námestie 1. mája 18, 811 06 Bratislava.

Telephone number: + 421 2 32 31 32 14, Email: statny.dozor@pdp.gov.sk,

 

 

 

XIII. Information on automated decision-making, including profiling:

 

13.1. Since the Controller does not process personal data of Data Subjects through automated decision-making and/or profiling under Article 22 (1) and (4) of the GDPR, the Controller is not obliged to provide the information under Article 13 (2)(f) of the GDPR, i.e. on the existence of automated decision-making, including profiling, the significance and the envisaged consequences of such processing for the Data Subject.

 

XIV. Personal data protection and use of cookies. Information and explanations relating to cookies, scripts, and pixels

14.1. The Website Operator provides the following brief explanation regarding functions of cookies, scripts, and pixels:

14.1.1. Cookies are text files that contain a small amount of information that is downloaded to your device when you visit a website. This file allows the website to retain information about your steps and preferences (such as your login name, language, font size, and other display settings) for a period of time, so that you do not have to re-enter them the next time you visit the website or browse its individual pages.

A script is a piece of programming code that is used to make a website function correctly and interactively. This code is run on the operator’s server or on your device.

A pixel is a small, invisible text or image on a website that is used to monitor website traffic. To make this possible, pixels store various data.

14.1.2. Categories of cookies

Necessary cookies – ensure the proper functioning of the Controller’s website and its use. These cookies are used without your consent.

Functional cookies – refer to the choices users make regarding the use of cookies on the website, including the ability to accept, reject or adjust cookie settings based on their privacy preferences.

Statistical cookies – the Controller collects statistics on the use of its website. These cookies are only used with your consent.

Advertising cookies – serve to create advertising profiles and similar marketing activities. These cookies are only used with your consent.

14.2. How to control cookies:

14.2.1. You can check and/or delete cookies at your discretion – check out the details on aboutcookies.org. You can delete all cookies stored on your computer or other device, and you can set most browsers to prevent them from saving them.

14.3.1. Cookies made available to third parties:

Google HQ, 1600 Amphitheatre Parkway. Mountain View, California 94043, USA. For more detailed information on privacy visit: https://support.google.com/analytics/topic/2919631?hl=sk&ref_topic=1008008

META Pixels: Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland. For more detailed information on privacy visit: https://www.facebook.com/about/privacy/

1. Final Provisions

15.1. These Personal Data Protection Principles and Information on Cookies form integral part of the General Terms and Conditions and the Complaint Procedure Rules applicable to this Website, which are available on the Seller’s Website.

15.2. These Personal Data Protection Principles become valid and take effect on the date of their publication on the Seller’s Website, i.e. 18 June 2025

 

 

This e-shop is certified https://www.pravoeshopov.sk