Information on Personal Data Protection and Use of Cookies

PERSONAL DATA PROTECTION AND COOKIE POLICY / Principles and Guidelines on Personal Data Protection

provided by the Controller to the Data Subject upon collection of personal data from the Data Subject, and information on cookies

of the Online Store www.moristrade.com /

I. Controller

1.1. The identity and contact details of the Controller are:

Business Name: LENOX pharm s. r. o.

Registered Office: LENOX pharm s.r.o., Miloša Janošku 369/13, Štrba 059 38, Slovak Republic

Registered in the Commercial Register of the District Court Prešov, Section Sro, Entry No. 31036/P

Company ID: 47976764

Tax ID: 2024167750

VAT ID: SK2024167750

Bank Account: SK41 8330 0000 0029 0297 9368

Permit for distribution of consumer packaging of alcohol in tax-free circulation: Registration number: 627332500012

The Seller is a VAT payer /Value Added Tax/

1.2. Email and telephone contact for the Controller are:

Email: info@moristrade.com

Tel. No.: +421 908 777 390

1.3. Controller’s address for correspondence:

LENOX pharm s.r.o., Miloša Janošku 369/13, Štrba 059 38, Slovak Republic

1.4. The Controller hereby, in accordance with Article 13 para. 1. and 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 May 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “Regulation”), provides the Data Subject, from whom the Controller obtains personal data concerning them, with the following information, instructions, and explanations:

II. References

2.1. These Privacy Policy principles and guidelines form part of the General Terms and Conditions published in the Seller’s Online Store.

2.2. Pursuant to Section 3, para. 1, letter n) of Act No. 102/2014 Coll., the Seller informs the consumer that there are no specific relevant codes of conduct to which the seller has committed to adhere, whereas a code of conduct means an agreement or a set of rules defining the conduct of the seller who has committed to comply with this code of conduct in relation to one or more specific business practices or business sectors, if these are not stipulated by law, or other legal regulation or measure of a public administration body), which the seller has committed to comply with, and on how the consumer can become acquainted with them or obtain their wording.

III. Personal Data Protection and Use of Cookies. Cookie Policy and Explanation

3.1. The Controller provides this brief explanation of the function of cookie files:

3.1.1. Cookie files are text files that contain a small amount of information, which are downloaded to your computer, mobile, or other electronic device you use to browse a web domain when you visit a website.

Cookie files allow the Controller’s web domain not only to recognize the user’s device but also to grant the user access to functions on the page.

Cookie files are divided into two basic types:

Persistent cookies – these cookie files remain on the user’s device for the period specified in the cookie file. They are activated whenever the user visits the web domain that created the cookie file.

Session cookies – these files allow the web domain operator to link user activities from when the user opens a browser window until the browser window is closed. Session cookies are created temporarily. After closing the browser, all session cookies are deleted.

3.2. Explanation of Cookie Files

3.2.1. A cookie file is a small text file that a website stores on your computer or mobile device when you browse it. Thanks to this file, the website retains information about your actions and preferences (such as login name, language, font size, and other display settings) for a certain period, so you do not have to re-enter them when you visit the website again or browse its individual pages.

3.3. Information on the Use of Cookie Files

3.3.1. The Controller’s internet domain uses cookie files to store:

3.3.1.1. the fact that you have already responded to a survey displayed in a separate window (pop-up), through which you can express your opinion on the content of the page (it will not be displayed again);

3.3.1.2. whether you have agreed (or disagreed) to our use of cookie files on this website.

3.3.1.3. Marketing and Remarketing

Similarly, some subpages that are part of the Controller’s pages use cookie files for anonymous collection of statistical data about who referred to our internet domain and how you reached it.

Allowing the use of cookie files is not strictly necessary for the proper functioning of the website, but it will provide you with a better user experience. You can delete or block cookie files.

Information stored in cookie files will not be used for your personal identification, and the data structure is fully under our control. Cookie files are not used for purposes other than those stated in this text. Some of our pages or sub-locations may use additional or different cookie files than those mentioned in the preceding text. In such a case, detailed information about their use will be provided on the relevant page in a separate cookie notice.

3.4. How to Control Cookie Files

3.4.1. You can control and/or delete cookie files at your discretion – for details, see aboutcookies.org. You can delete all cookie files stored on your computer, and most browsers can be set to prevent their storage.

IV. Processed Personal Data

4.1. The Controller processes the following personal data on its website: name, surname, address, email address, telephone number, data obtained from cookie files, IP addresses.

V. Contact Details of the Person Responsible for Personal Data Collection and Processing, Controller’s Representative

5.1. The Controller has not appointed a person responsible for the collection and processing of personal data.

5.2. The Controller has not appointed its representative for the collection and processing of personal data.

5.3. The Controller is also the Seller within the meaning of the term established in the General Terms and Conditions of this website.

VI. Purposes of Personal Data Processing of the Data Subject

6.1. The purposes of processing the Data Subject’s personal data include, in particular:

6.1.2. registration, creation, and processing of contracts and client data for the purpose of concluding contracts with third parties

6.1.3. processing of accounting documents and documents related to the Controller’s business activities

6.1.4. compliance with legal regulations regarding the archiving of documents and records, e.g., pursuant to Act No. 431/2002 Coll., the Accounting Act as amended, and other relevant regulations

6.1.4. marketing and similar advertising activities of the Controller

6.1.5. activities related to the Controller’s operations on social networks, for example: Facebook, Instagram, Twitter, and others.

6.1.6. Controller’s activities related to internet activities such as targeting advertisements via Facebook Ads, Google Ads, and others.

6.1.7. Controller’s activities related to the fulfillment of requests, orders, contracts, and similar instruments of the Data Subject.

VII. Legal Basis for Personal Data Processing of the Data Subject

7.1. The legal basis for processing the personal data of Data Subjects is, depending on the specific personal data processed and the purpose of their processing, the consent of the Data Subjects to the processing of personal data.

VIII. Recipients or Categories of Personal Data Recipients

8.1. The recipients of the Data Subject’s personal data will be or at least may be:

8.1.1. statutory bodies or their members of the Controller

8.1.2. persons performing work activities in an employment or similar relationship for the Controller.

8.1.3. business representatives of the controller and other persons cooperating with the Controller in fulfilling the Controller’s tasks. For the purposes of this document, all natural persons performing dependent work for the Controller based on an employment contract or agreements on work performed outside an employment relationship will be considered employees of the Controller.

8.1.4. Recipients of the Data Subject’s personal data will also include the Controller’s collaborators, business partners, suppliers, and contractual partners, specifically: accounting companies, companies providing software development and maintenance services, companies providing legal services to the controller, companies providing consulting services to the controller, companies ensuring transport and delivery of products to buyers and third parties, marketing companies, and companies operating social networks.

8.1.5. Recipients of personal data will also include courts, law enforcement authorities, tax authorities, and other state authorities, if so stipulated by law. Personal data will be provided by the Controller to the respective authorities and state institutions based on and in accordance with the legal regulations of the Slovak Republic.

IX. Information on the Provision of Personal Data to Third Countries and Their Retention Period:

9.1. Not applicable. The Controller does not transfer personal data of individuals to third countries.

9.2. Personal data will be stored in accordance with legal regulations for the necessary period for the purposes of contract fulfillment and their subsequent archiving.

X. Information on the Existence of Relevant Rights of the Data Subject:

10.1. The Data Subject has, among others, the following rights, whereas:

10.1.1. Point 10.1 does not affect other rights of Data Subjects.

10.1.2. The Data Subject’s right of access to data according to Article 15 of the Regulation, the content of which is:

the right to obtain from the Controller confirmation as to whether personal data concerning the Data Subject are being processed, and if so, to what extent. Furthermore, if they are being processed, the Data Subject has the right to ascertain their content and request information from the Controller about the reason for their processing, specifically information on: the reason for their processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly in the case of recipients in third countries or international organizations, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, the existence of the right to request from the Controller rectification or erasure of personal data concerning the Data Subject or restriction of processing, and the right to object to such processing, the right to lodge a complaint with a supervisory authority, if the personal data were not collected from the Data Subject, any available information as to their source, the existence of automated decision-making, including profiling, referred to in Article 22 para. 1. and 4 of the Regulation and, in those cases, at least meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject, on appropriate safeguards pursuant to Article 46 of the Regulation, relating to the transfer of personal data, if personal data are transferred to a third country or an international organization.

10.1.3. the right to obtain a copy of the personal data undergoing processing, provided that the right to obtain a copy of the processed personal data does not adversely affect the rights and freedoms of others.

10.1.4. the Data Subject’s right to rectification according to Article 16 of the Regulation, the content of which is the right: for the Controller to rectify inaccurate personal data concerning the Data Subject without undue delay. The right to have incomplete personal data of the Data Subject completed, including by means of providing a supplementary statement by the Data Subject. The Data Subject’s right to erasure of personal data (the “right to be forgotten”) according to Article 17 of the Regulation, the content of which is:

10.1.5. the right to obtain from the Controller the erasure of personal data concerning the Data Subject without undue delay, if one of the following grounds applies:

the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, the Data Subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing of personal data, the Data Subject objects to the processing of personal data pursuant to Article 21(1) of the Regulation and there are no overriding legitimate grounds for the processing of personal data, or the Data Subject objects to the processing of personal data pursuant to Article 21(2) of the Regulation, the personal data have been unlawfully processed, the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject, the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the Regulation;

10.1.6. the right for the Controller, who has made the personal data of the Data Subject public, taking into account available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform other controllers who are processing the personal data that the Data Subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, it being understood that the right to erasure of personal data with the content of rights according to Article 17 para. 1. and 2 of the Regulation shall not apply to the extent that processing is necessary:

10.1.7. for exercising the right of freedom of expression and information.

10.1.8. for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

10.1.9. for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) of the Regulation, as well as Article 9(3) of the Regulation.

10.1.10. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 para. 1. of the Regulation, insofar as the right referred to in Article 17 para. 1. of the Regulation is likely to render impossible or seriously impair the achievement of the objectives of that processing; or for the establishment, exercise or defence of legal claims;

10.1.11. the Data Subject’s right to restriction of personal data processing according to Article 18 of the Regulation, the content of which is:

10.1.12. the right for the Controller to restrict the processing of personal data in one of the following cases: the Data Subject contests the accuracy of the personal data, for a period enabling the Controller to verify the accuracy of the personal data, the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead, the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims, the Data Subject has objected to processing pursuant to Article 21 para. 1. of the Regulation pending the verification whether the legitimate grounds of the Controller override those of the Data Subject;

10.1.13. the right that where processing of personal data has been restricted, such restricted personal data shall, with the exception of storage, only be processed with the Data Subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State;

10.1.14. the right to be informed in advance about the lifting of the restriction on personal data processing;

10.1.15. the Data Subject’s right to notification obligation towards recipients according to Article 19 of the Regulation, the content of which is: the right for the Controller to communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 para. 1. and Article 18 of the Regulation to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort, the right for the Controller to inform the Data Subject about those recipients if the Data Subject requests it;

10.1.16. the Data Subject’s right to data portability according to Article 20 of the Regulation, the content of which is: the right to receive the personal data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller to which the personal data have been provided, if:

a) the processing is based on consent of the Data Subject pursuant to Article 6(1)(a) of the Regulation or Article 9(2)(a) of the Regulation, or on a contract pursuant to Article 6(1)(b) of the Regulation, and simultaneously

b) the processing is carried out by automated means, and simultaneously:

10.1.17. the right to obtain personal data in a structured, commonly used and machine-readable format and the right to transmit these data to another controller without hindrance from the Controller, shall not adversely affect the rights and freedoms of others;

10.1.18. the right to have personal data transmitted directly from one controller to another, where technically feasible;

10.1.19. the Data Subject’s right to object according to Article 21 of the Regulation, the content of which is:

10.1.20. the right to object at any time on grounds relating to his or her particular situation, to processing of personal data concerning him or her which is based on Article 6 para. 1. e) or f) of the Regulation, including profiling based on those provisions of the Regulation;

10.1.21. in the event of exercising the right to object at any time on grounds relating to his or her particular situation, to processing of personal data concerning him or her which is based on Article 6 para. 1. points (e) or (f) of the Regulation, including the right to object to profiling based on these provisions of the Regulation, so that the Controller shall no longer process the Personal Data of the Data Subject, unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject, or for the establishment, exercise, or defense of legal claims.

10.1.22. the right to object at any time to the processing of personal data concerning the Data Subject for direct marketing purposes, including profiling to the extent that it is related to such direct marketing; in such cases, if the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data shall no longer be processed for such purposes;

10.1.23. in the context of the use of information society services, the right to exercise the right to object to processing by automated means using technical specifications;

10.1.24. the right to object, on grounds relating to his or her particular situation, to processing of personal data concerning him or her, where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the Regulation, 1. of the Regulation, unless the processing is necessary for the performance of a task carried out for reasons of public interest;

10.1.25. the Data Subject’s right related to automated individual decision-making pursuant to Article 22 of the Regulation, the content of which is:

10.1.26. the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, except in cases pursuant to Article 22(2) 2. of the Regulation [i.e., except where the decision is: (a) necessary for entering into, or performance of, a contract between the Data Subject and the Controller,

10.1.27. authorised by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests, or (c) based on the Data Subject’s explicit consent.

XI. Instruction on the Data Subject’s right to withdraw consent to the processing of personal data:

11.1. The Data Subject is entitled to withdraw their consent to the processing of personal data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

The Data Subject is entitled to withdraw their consent to the processing of personal data at any time – either in full or in part. Partial withdrawal of consent to the processing of personal data may concern a specific type of processing operation / processing operations, while the lawfulness of processing of personal data in the scope of the remaining processing operations shall remain unaffected. Partial withdrawal of consent to the processing of personal data may concern a specific purpose of personal data processing / specific purposes of personal data processing, while the lawfulness of processing of personal data for other purposes shall remain unaffected.

The Data Subject may exercise the right to withdraw consent to the processing of personal data in written form to the Controller’s address registered as its registered office in the commercial register at the time of withdrawal of consent to the processing of personal data, or in electronic form via electronic means (by sending an email to the Controller’s email address specified in the Controller’s identification in this document).

XII. Instruction on the Data Subject’s right to lodge a complaint with a supervisory authority:

12.1. The Data Subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if the Data Subject considers that the processing of personal data relating to him or her infringes the Regulation, without prejudice to any other administrative or judicial remedy.

The Data Subject has the right to be informed by the supervisory authority to which the complaint has been lodged of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the Regulation.

12.2. The supervisory authority in the Slovak Republic is the Office for Personal Data Protection of the Slovak Republic.

XIII. Information on the existence / non-existence of the Data Subject’s obligation to provide personal data and Information related to automated decision-making including profiling:

13.1. The Controller informs the Data Subject that the provision of the Data Subject’s personal data is necessary for the conclusion and performance of the purchase contract. The Controller informs the Data Subject that the Data Subject is not obliged to provide personal data nor is obliged to give consent to their processing. As a consequence of not providing personal data and/or not granting consent to the processing of personal data, the Controller will not be able to conclude and perform the purchase contract.

13.2. Since, in the case of the Controller, the processing of the Data Subject’s personal data does not involve automated decision-making, including profiling, as referred to in Article 22(2) 1. and (4) of the Regulation, the Controller is not obliged to provide information pursuant to Article 13(2)(f) of the Regulation, i.e., information on automated decision-making including profiling and the procedure used, as well as the significance and envisaged consequences of such processing of personal data for the Data Subject. Not applicable.

XIV. Final Provisions

14.1. These Principles and instructions on personal data protection and cookie instructions form an integral part of the General Terms and Conditions and the Complaints Procedure. The documents – General Terms and Conditions and Complaints Procedure of this online store are published on the Seller’s online store domain.

14.2. These privacy policy principles become valid and effective upon their publication in the Seller’s online store on 15/02/2021

This e-shop is certified by http://www.pravoeshopov.sk

18+
Are you 18 or older?
No, I am not
To enter this site, you must be of legal drinking age in your country of residence. By clicking YES, you accept the legal notice and privacy policy of this server.
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.