Slovak version of TERMS AND CONDITIONS OF PERSONAL DATA PROTECTION / Slovenská verzia PODMIENKY OCHRANY OSOBNÝCH ÚDAJOV
TERMS AND CONDITIONS OF PERSONAL DATA PROTECTION
Effective date: March 1st, 2025
Article I
Recitals
In the processing of personal data, the controller is the person who determines the purpose and means of personal data processing. In the case of your personal data, the controller is JUDr. Mgr. Eva Lelkesová, place of business at Drieňová 25, 821 03 Bratislava, Slovak Republic, ID No.: 54388406 (hereinafter referred to as the "Controller").
The Controller is responsible for the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "GDPR").
The Controller has taken all appropriate technical and organizational measures to ensure the protection of personal data. In this document, the Controller informs you in detail about the processing of personal data. The data subject has the right to know how the Controller processes his or her personal data. Personal data is considered to be any information that can directly or indirectly identify you as a specific natural person.
The Controller provides services in the field of personal coaching and mentoring with a focus on women's empowerment, especially on the balance of female and male energy in a woman's life for the improvement of the quality of their life. It provides services mainly through its website www.evalelkes.com, where digital products are located, as well as through consultations and posts published on social networks.
The list of processed personal data that the Controller has obtained from data subjects is specified in Article II. The Controller endeavors to process personal data only to the extent necessary and necessary for predetermined purposes for the necessary period of time.
As the Controller actively uses its website and appears on social networks in its activities, in Article III you will find separate information on the processing of personal data on these platforms.
What rights the data subject has and what he/she may request from the Controller when processing personal data is specified in Article IV.
Article II.
Purposes of processing, legal bases for processing, categories of data subjects,
the period of storage of the PD, the recipients of the PD
|
Purpose of PD processing |
Legal basis for processing Article 6(1) GDPR |
Categories of data subjects |
Category PD |
Personal data retention period |
Category of PD recipients |
|
Conclusion of a distance contract according to the general terms and conditions |
Article 6(1)(b) GDPR |
Clients interested in providing services |
Common personal data (name, surname, address, e-mail address, telephone contact) |
For the duration of the contractual relationship up to 5 years from the date of termination of the provision of services |
No beneficiaries |
|
Consultation |
Article 6(1)(b) of the GDPR the processing of personal data is necessary for the performance of a contract |
Clients |
Personal data provided to the client in the course of providing services that may relate to his work, personal life, health, relationships |
For the duration of the contractual relationship |
No beneficiaries |
|
Payment and issuance of an invoice / other tax document |
Article 6(1)(c) GDPR Act No. 431/2002 Coll. on Accounting |
Clients, suppliers |
Common personal data (name, surname, permanent residence, place of business, ID NUMBER, VAT ID, VAT number, bank account, payment card number and other transaction data) |
10 years |
Accounting firm, statistical office, bailiff, bankruptcy administrator, interim administrator, tax administrator, tax advisor Stripe payment gateway |
|
Sending marketing materials |
Article 6 (1) of the Dog Act. f) GDPR – legitimate interest |
Clients who have already been provided with services |
Common personal data (name, surname, e-mail address) |
For the duration of sending marketing materials |
Kajabi LLC. |
|
Sending marketing materials |
Article 6(1)(a) GDPR consent |
Interested parties who have signed up for newsletters themselves |
Common personal data (name, surname, e-mail address) |
For the duration of sending marketing activities |
Kajabi LLC. |
|
Asserting legal claims against debtors |
Article 6(1)(f) GDPR The processing of personal data is necessary for the protection of legitimate interests |
Borrowers |
Common personal data necessary to identify the debtor (name, surname, permanent residence, date of birth) |
During the period of limitation determined according to the type of claim |
Lawyer, court, bailiff |
|
Complaint handling |
Article 6, paragraph 1, letter c) of the GDPR, Act No. 108/2024 Coll. on Consumer Protection and on Amendments to Other Legislation, as amended |
Complainant |
Common personal data contained in the complaint and other personal data necessary for the proper handling of the complaint |
For the period specified by law |
Court, SOI |
|
Handling of data subjects' complaints under the GDPR |
Article 6(1)(c) GDPR |
Complainant |
Common personal data necessary for the proper handling of the complaint |
During the period for the imposition of a sanction by the Office for Personal Data Protection of the Slovak Republic, i.e. after the lapse of 5 years from the exercise of the right of the data subject. |
Office for Personal Data Protection, Law Enforcement Authorities |
Article III
Cookies, analytics and social media
Cookies and analytics tools
a) Website
If the data subject visits the www.evalelkes.com website, a so-called cookie may be stored on your device (depending on the settings of your internet browser). The Controller always processes cookies with the consent of the data subject.
A cookie is a short text file that is sent to your browser by the websites you visit. It allows the website to remember information about your visit, such as your preferred language and other settings. This can make the next visit to the site easier and more productive. Cookies are important for a personalized website experience.
When visiting the Controller's website or profiles on social networks, personal data may be processed for statistical and analytical purposes (LinkedIn, Instagram, Facebook, Google). This data is used to personalize website content and content on LinkedIn, Facebook and Instagram. This data is processed by the Controller on the basis of your consent - if you have given it when visiting our website in connection with cookies.
b) Facebook
It records, among other things, the IP address and other information when visiting the profile, and stores cookies on the data subject's device. On the basis of the information collected in this way, Facebook provides statistical information on the use of the Provider's Facebook profile and other related services.
When processing data on the Facebook profile for statistical purposes, the Controller acts with Facebook as a joint controller pursuant to Article 26 of the GDPR.
Facebook processes users' personal data on behalf of the Controller in order to measure the performance and impact of its communication campaigns. It provides the Provider with an aggregated (anonymized) overview of users who interact with the Provider's communication and marketing content through personal user profiles set up on Facebook.
In such cases, Facebook is a processor of the Controller.
The personal data of data subjects is processed by Facebook in accordance with the Data Processing Terms and is protected in accordance with the Data Security Terms. Both documents can be accessed www.facebook.com in the section marked "legal terms".
c) Google Analytics
Google Analytics is a web analytics service provided by Google Inc. This service provides aggregated anonymous statistics regarding visitors to our website. In addition to reporting on website usage statistics, Google Analytics can be used to show you more relevant ads on Google properties and on the web, as well as to measure interactions with the ads that are displayed.
Social networks
a) Facebook and Instagram
The Controller has set up its profile on the social network Facebook and Instagram.
If you follow the activities of the Controller on social networks or communicate with them through them, please familiarize yourself with the terms and conditions of privacy protection of the operators of individual social network platforms. In addition to the processing of personal data through the Controller's profiles on social networks, your personal data is also processed directly by the operators of social networks.
The Controller has no control over this processing and the rights of the data subject that they have as a result of the use of these social networks must be exercised directly with these controllers. Further information on the processing of personal data by the operators of social networks can be found below on the respective social networks.
On social media profiles, the Controller focuses on the following activities:
a) direct marketing, promotion, raising awareness of the Provider, its activities and initiatives (it reaches Facebook users and collects background statuses directly on Facebook);
b) communication with users or visitors of the Controller's profile, comments, or communication via Messenger (communication is archived directly on Facebook); in the case of Instagram, communication takes place via Direct;
c) monitoring and evaluation of statistics, monitoring of intervention and interaction (aggregated statistical data is monitored and evaluated by the Controller, but cannot specify users from them - anonymous statistical data on users);
b) LinkedIn
The Controller also has a profile on the LinkedIn social network, through which it promotes its activities, informs about its events, and communicates with users and visitors to the profile. On the Controller's profile, it also monitors and evaluates the statistics of traffic to its profile, but only on an anonymous level.
LinkedIn uses advertising cookies, the settings of which can be changed by the data subject directly on the LinkedIn page, where you can also find information on personal data protection.
c) YouTube
The Controller has set up a YouTube account on which it publishes videos related to its activities.
YouTube is operated by Google LLC and collects and processes your personal data to improve services and personalize content. In particular, your identification data, and data about your activity such as search history, video views, comments, and interactions are processed. Technical data such as IP address, location (if enabled), device information, or payment data if you use the paid version of YouTube Premium are also processed.
This data is used to recommend content, show you personalized ads, and improve security. You can manage your data in your Google Account settings.
Please review the terms and conditions of privacy on this platform to be aware of all personal data and how it is used by this platform.
Article IV
Rights of the data subject
Right to withdraw consent:
In cases where the processing of personal data is based on the consent of the data subject, the data subject may withdraw this consent at any time by following the procedures described in the relevant consent form. The Controller guarantees that consent can be withdrawn in the same way as it was granted. The withdrawal of consent does not affect the lawfulness of the processing of personal data based on consent before its withdrawal. In some cases, the withdrawal of consent will result in the inability to use some services that are based on the processing of your personal data.
Right to rectification:
In the event that the data subject suspects that his/her data processed by the Controller is incorrect, he/she has the right to request the Controller to correct or supplement your personal data. The Controller endeavors to keep personal data up to date on an ongoing basis and constantly strives to keep it accurate, complete, up-to-date, and relevant, based on the latest information at its disposal.
Right to restriction of processing:
The Controller may restrict the processing of the data subject's data if:
a) the data subject disputes the accuracy of the personal data, for the period necessary for the Controller to verify the accuracy,
b) the processing of personal data is unlawful and the data subject requests restriction of processing instead of erasure of personal data,
c) the personal data is no longer needed by the Controller but is required by the data subject to establish, exercise, or defend his/her legal claims, or
d) the data subject objects to the processing while the Controller verifies the legitimacy of this request.
Right of access:
The data subject has the right to ask the Controller to confirm whether we process any of your personal data, including, for example, information about which categories of personal data they process, for what purpose the personal data are used, to whom they are transferred, how long they will be stored, where they obtained them – if not directly from you – or to which recipients or categories of recipients the personal data were disclosed, or the rights of data subjects attached to them.
Confirmation of whether the Controller processes personal data will be sent to the data subject preferably electronically.
The Controller is also obliged to provide the data subject with the personal data that we process about him/her if he or she so requests.
The Controller reserves the right to charge a reasonable fee for processing the application. This applies in particular to inadequate and frequently repeated requests or requests that require a disproportionate administrative effort. The fee will be charged in the amount of administrative costs associated with making copies of the data (e.g. the price of the data carrier – CD, USB stick).
Right to portability:
At the request of the data subject, the Controller shall transmit all processed personal data in a structured, commonly used and machine-readable format or, if technically possible, the Controller shall transmit them to another controller designated by the data subject. This right may be exercised provided that the Controller processes personal data on the basis of consent or a contract, and only if the processing is carried out by automated means. The Controller points out that the exercise of the right to data portability does not affect personal data processed on the basis of the law.
Right to erasure:
The Controller will delete personal data without undue delay if:
(a) the personal data are no longer necessary for the purpose for which they were collected or processed;
b) the data subject has objected to the processing of personal data for the purposes of legitimate interests and at the same time there are no legitimate interests of the Controller overriding the interests of the data subject;
c) the processing is based on consent, the consent has been withdrawn, and there is no other legal ground for the processing;
(d) the personal data has been unlawfully processed;
e) their deletion is required for compliance with a legal obligation established by the law of the European Union or of a Member State to which the Controller is subject;
(f) the personal data collected relates to a person under the age of 16; and insofar as the processing was not necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims.
Right to object to processing:
The data subject may at any time object to the processing of his/her personal data for a specific reason, provided that the processing is not based on consent, but on the legitimate interests of the Controller or the legitimate interests of a third party. In such a case, the Controller will no longer process your personal data unless it can prove compelling legitimate reasons that outweigh your rights and freedoms. If the data subject objects to the processing, he or she must specify whether he or she wishes to erase the personal data or restrict its processing.
Right to lodge a complaint:
In the event of an alleged violation of applicable data protection legislation, the data subject may lodge a complaint with the data protection supervisory authority in the country in which he or she lives, or in the country where the alleged personal data breach occurred. In Slovakia, such a body is the Office for Personal Data Protection of the Slovak Republic.
Time limit for processing your request when exercising your rights:
The Controller will try to process the request within 30 days of its delivery. However, the deadline may be extended by a further 2 months due to the number of applications and their complexity. The Controller will inform the data subject of this fact no later than 30 days after receiving your request, together with the reason for the extension of the deadline.
Impossible identification:
The Controller assumes that in some cases it will not be possible to trace all personal data according to the identifiers provided by the data subject in his/her request. In such cases, when the Controller is unable to identify the data subject as a data subject, it is not able to comply with the request unless the data subject provides additional information enabling his/her identification. The Controller shall inform the data subject of the reasons for the impossibility of processing the request.
To make requests to exercise your rights:
For information on the protection of personal data, as well as to exercise your rights as a data subject, please contact the Controller at the following e-mail address: [email protected]
The Controller reserves the right to update these terms and conditions. For this reason, it recommends that data subjects monitor them on an ongoing basis. The update of the wording can be seen according to the date of the last update.
Last updated: 1.3.2025
