ioy.sk

Personal data protection policy

The operator in the processing of personal data is the subject:

name: program health as
seat: Drobného 27, 841 01 Bratislava
ID: 46 433 350
VAT number: 2023397002
 Registration: Business register OS Bratislava I, section: Sa, insert number: 5436/B
IBAN: SK70 1100 0000 0029 2186 7388
phone: +421 918 888 807
e-mail: info@ioy.sk
Responsible person: Ivana Bartošová

If the client has any questions about this document or the use of his personal data or wants to exercise his rights described in this document, he can contact the responsible person by e-mail at info@ioy.click or in writing at the address of the company's headquarters.

Personal data processed

Data required to complete the purchase:

Mandatory data - data without which we cannot send the purchase to the client and process his order, such as first and last name, e-mail address, telephone number, delivery address and the subject of the order itself.

The client can freely decide to notify us of additional data: photo, date of birth, additional phone number, save multiple addresses for delivery.

In case of activation of Facebook services, if the client logs in through his account on the social network Facebook, Facebook will provide us with data such as name or e-mail address. The sharing of this data between us and Facebook can be terminated by the client at any time when managing the user profile on Facebook.

In the case of some services, the client may be asked to provide additional personal data (e.g. a copy of an identity card), which serve to verify the client's identity remotely and also to verify his ability to pay for the goods.

As part of marketing campaigns, we can also process personal data for the purposes of marketing campaigns, or for the purposes of properly fulfilling the contract, and we can combine them.

In the event that personal data will be sold to another entity, we will inform the client about this in advance, including indicating to whom we are selling personal data. Also, if someone sells the client's personal data to us, the client must also be informed in advance.

Personal data of third parties:

If the client provides us with personal data of third parties, it is the client's duty to inform the person concerned about this and to ensure their consent to these terms of personal data protection.

More information:

It can, for example, it happens that a client buys goods from us, but does not want to pick them up or make a claim. In his user profile, he can define authorized persons who are authorized on his behalf, e.g. take over the goods or complain about the goods. In doing so, the client also provides us with their personal data.

Personal data that we process automatically when you visit our website, we can collect certain information about the client, such as e.g. IP address, date and time of access to our website, information about his Internet browser, operating system or language settings. We can also process information about the client's behavior on our website, i.e. e.g. which links on our website he visited and which goods were shown to him. However, information about the client's behavior on the website is anonymized for the sake of the client's maximum privacy. If the client accesses our website from a mobile phone or similar device or through one of our mobile applications, we can also process information about this mobile device (data about the client's mobile phone, possible records of application failures, etc.).

Reasons for collecting and processing personal data

We collect and process personal data for the following reasons:

Purchase of goods and services:

First of all, we process personal data in order to properly process and deliver the client's order.

Customer care:

If the client contacts us with a question/problem, we must process the client's personal data to answer/solve it. In some cases, personal data may also be transferred to third parties (e.g. goods carrier).

Marketing activity:

E-mail marketing: we send e-mail business notifications based on the client's consent. The client can unsubscribe from business notifications.

Telemarketing:

We make marketing calls for the purpose of offering our goods and services and related marketing communication. Legal title for phone processing. of the client's number is either his consent or at least our legitimate interest in conventional direct marketing. The client can object to this processing.

Marketing competitions:

In some cases, the winner of the competition may be photographed, or filmed, mainly due to the increased transparency of our marketing competitions. We carry out this processing of personal data on the basis of our legitimate interest, which consists in increasing the credibility of marketing competitions in the eyes of other competitors and in increasing the attractiveness of these competitions. The client can object to this processing.

Improving our services:

With the help of the client's order history and his behavior on the web, we can offer more relevant offers of other goods, e.g. accessories for purchased products. Therefore, in certain places we can display products that are directly for the client and correspond to his needs and interests.

Customer evaluations of goods and services:

After the client purchases a product from us, he may be asked to rate it. The evaluation can also be entered on one's own initiative.

Exercising rights and legal claims and control by public authorities: We may also process personal data because we need them to exercise our rights and legal claims (e.g. in case we have an unpaid claim against the client). We can also process personal data for the reason that we need it for the purposes of checks carried out by public authorities and for other similarly serious reasons.

Legal basis

Conclusion and fulfillment of the contract:

We need a large part of personal data in order to be able to conclude a purchase or other contract regarding the goods or services that the client wants to purchase from us. As soon as the contract is concluded, we process your personal data in order to properly deliver the purchased goods to you, or to properly provide you with the purchased services. On the basis of this legal reason, we primarily process invoicing and delivery data.

Consent:

For the purpose of sending business notifications (e-mail marketing) and telemarketing, we process personal data based on the client's consent. If the client does not give us his consent, we can send him business announcements (or call him as part of telemarketing) even without the client giving us his consent. Each given consent is voluntary and you can withdraw it at any time, but this does not affect the legality of the processing before its withdrawal. However, in any case, the client can prohibit such marketing communication from us. We can ask for the client's consent, even if we need to verify his ability to repay the goods that we hand over to him without the client paying the full purchase price for the goods in advance.

Legitimate interests:

We also use personal data to provide clients with relevant offer content, i.e. offer content that is interesting to the client. On the basis of a legitimate interest, we mainly process personal data in this way, which we process automatically. For the same legal reason, we can send e-mail and SMS messages to clients.

Special events, collections:

In the case of special events and collections in which the client participates through us, e.g. when paying, it is decided to donate some amount to a charitable organization with which we cooperate, the client's contact data may be provided to this organization so that it can thank you for the support provided. However, we always ask the client in advance if he wishes his personal data to be provided to a specific organization or if he wants to remain anonymous.

Disclosure of personal data to third parties

We make personal data available to third parties for the following reasons:

Delivery of goods:

The third party - the repairer is not able to deliver the ordered goods if we do not give him the data necessary to deliver the goods to the client. We pass this data to the carrier according to how the client fills it in the order. The data made available and transferred in this way include, above all, the name and surname of the client, his delivery address, phone number. the number at which the carrier can contact him and, if the goods have not been paid for in advance, and possibly the amount that must be paid when taking over the goods. In relation to the personal data that we pass on to him about the client, the carrier is entitled to process them only for the purpose of delivering the goods and then to delete the personal data immediately.

Delivery of goods stored for us by the contractual partner:

If the client orders goods from us that are in the warehouse of our contractual partner, for the purpose of completing the order, we must transfer the client's personal data to this contractual partner, who will process the order. The data transmitted in this way includes primarily the name and surname of the client, his delivery address, phone number. the number on which the carrier can contact the client and, if the goods have not been paid for in advance, the amount that must be paid when the goods are taken over. This contractual partner must then hand over the mentioned personal data to the carrier who will deliver the goods, because otherwise the carrier would not be able to deliver the goods to the client. Both the contractual partner who stores the goods for us and the carrier, in relation to the personal data that we transfer to them, are obliged to use this personal data only for the purpose of storing / delivering the goods and then to delete them immediately.

Payment cards:

The processor does not have data on the payment cards with which the client pays for the goods. Payment card data is available only to the secured payment gateway and the relevant banking institution. If the client has his payment card saved to speed up further purchases on our online store, we only have basic data such as the first and last few digits of the payment card. The client is entitled to delete this data at any time.

Analytical and advertising services:

In the case of sending business announcements (e.g. by e-mail or via SMS message) or telemarketing, we can use a third party for the distribution or telephone calls. This entity is bound by the obligation of confidentiality and may not use the provided personal data of the client for any other purpose. We may also work with partners who provide us with analytics and advertising services. These allow us to better understand how clients use our website, place our advertising on the Internet and measure its performance. These companies may use cookies and similar technologies to collect data about your interaction with our services and other sites.

State authorities and protection against damage:

We may also store the client's personal data or make it available to other persons in order to comply with obligations arising from legal regulations, from the requirements of state and other authorities, to assert our claims or to defend ourselves in proceedings where others assert them against us. The categories of third parties to whom we disclose personal data for these reasons include, for example, courts, other state authorities responsible for exercising control over our activities, resolving disputes or implementing decisions, or our legal and accounting advisors and auditors.

Personal data protection method

In accordance with the requirements of applicable legislation, we implement all necessary security, technical and organizational measures to protect the personal data of our clients. Electronic data is stored in a protected database on a server owned by us or reserved for us. We protect the database containing personal data against its damage, destruction, loss and misuse. We try to use such security measures that, taking into account the current state of technology, provide sufficient security. The security measures taken are then regularly updated. If the client wishes more information about the security of personal data, he can contact the responsible person for the protection of personal data specified by us at the beginning of this document.

Period of storage of personal data

We process personal data at least for the duration of the contractual relationship between us and the client. In the case of the processing of personal data for which consent was granted by the client, the personal data will generally be processed for a period of 7 years, or until such consent is revoked. Furthermore, we also point out that those personal data that are necessary for the proper provision of goods or services, or in order to fulfill all our obligations, whether these obligations result from the contract between us and the client or from generally binding legal regulations, we must process, regardless of the consent granted by the client, for the period determined by the relevant legal regulations or in accordance with them (e.g. for tax documents, during this period at least 10 years).

Personal data of persons under 16 years of age

Our online store is not intended for children under 16 years of age. A person under the age of 16 can only use our online store if their legal representative gives their consent.

The rights of the client in connection with the protection of his personal data

In relation to his personal data, in particular, the client has the right to withdraw his consent to the processing of personal data at any time, the right to correct or supplement his personal data, the right to request restriction of their processing, the right to raise an objection or complaint against the processing of personal data, the right to access personal data, the right to request the transfer of personal data, the right to be informed of a breach of personal data security and, under certain conditions, the right to erasure, as we specify below.

If the client believes that the personal data we process about him is incorrect, he can contact us at info@ioy.click or in writing at the address of the company's headquarters.

Right to information:

At the same time, the client has the right to access the following information regarding his personal data:

• What are the purposes of processing the client's personal data

• What are the categories of affected personal data

• Who, apart from us, are the recipients of the client's personal data

• Planned period for which the client's personal data will be stored

• Whether the client has the right to request from us the correction or deletion of his personal data or to limit their processing or to object to this processing

• Information about the source of personal data, if we have not obtained it from the client

The right to erasure of personal data:

Furthermore, the client can request that we delete the data about him (however, the deletion does not affect the data on documents that we must keep by law (e.g. invoices or credit notes). If we need the client's personal data to determine, exercise or defend our legal claims, he can the client's request for erasure of personal data is rejected (e.g. when we register an unpaid claim or in the case of an ongoing complaint procedure).

Please note that the main information about the client's payment card is not stored in our company, but in our payment gateway. Therefore, this data cannot be deleted from our side and it is necessary to contact the payment gateway through which the payment was made.

With the exception of the cases mentioned, you have the right to erasure in the following cases:

• personal data are no longer necessary for the purposes for which they were processed,

• withdrawal of consent by the client, on the basis of which the data were processed and there is no other legal reason for their processing,

• raising an objection by the client against the processing of personal data. data and if the client believes that during the assessment of the objection it becomes clear that in a specific situation his interest prevails over our interest in the processing of this personal data,

• personal data is processed illegally,

• the obligation to delete is established by a special legal regulation,

• this is personal data of children under 16 years of age.

Right to objection:

If there are specific reasons on the other side, the client can object to the processing of his personal data processed by us on the basis of our legitimate interest. This objection can be sent to info@ioy.click or in writing to the address of the company's registered office.

Limitation of processing:

If the client a) denies the accuracy of personal data, b) his personal data is processed illegally, c) the company no longer needs the personal data for processing purposes, but the client needs them to determine, exercise or defend his legal claims, or if the client d) raised an objection according to the previous point, the client has the right to limit the processing of your personal data. In this case, we can process the client's personal data only with his consent (with the exception of saving or backing up the personal data in question).

Filing a complaint:

If the client believes that we are processing his personal data illegally, the client also has the right to file a complaint with the Office for Personal Data Protection. However, we prefer a personal solution to the problem directly with us. You can always contact us easily at our email address info@ioy.click or in writing at the address of the company headquarters.

These Terms of Personal Data Protection, including their parts, are valid and effective from 01.01.2021, while they are available electronically on the website: www.ioy.sk.