Last updated: February 26, 2019
- Introductory provisions
- Controller identification and contact details
- Identification and contact details of the person supervising the processing of personal data of the controller
- Definition of Basic Terms
- Basic principles relating to personal data processing
- Method of personal data processing
- Categories of personal data, the purpose of processing, legal basis and processing time
- Categories of personal data recipients
- Transfer of personal data to a third country or international organization
- Information on the existence of automated processing of personal data
- Archiving, registry and personal data protection
- Visiting the website and security measures
- Cookie Processing Policy
- Use of personal data for marketing purposes
- Rights of the data subject
- Final Provisions
1. Introductory provisions
At Cryomed sro, we value the trust of you, our customers, suppliers and others who communicate with us, and we make sure that we respect your privacy and the confidentiality of the data we receive, including personal data.
We guarantee full protection of your personal data against misuse. All the data you provide about your person is protected. In accordance with the requirements of the applicable legislation, we take all necessary security, technical and organizational measures to protect your personal data. Your data is encrypted wherever technically possible.
At the same time, we continuously monitor the legislation applicable in the field of personal data protection, but also related recommendations, trends and technological innovations in this area. We pay attention to the compliance of our personal data protection with the valid legal regulations, especially the Act on Personal Data Protection and on the amendment and supplementation of certain Acts No. 18/2018 Coll. and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”).
In connection with the processing of your personal data, within the meaning of Article 13 of the Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, we hereby disclose the following information. It will help you to clarify what kinds of data we collect regarding product sales and provision of our services, visiting and using our website, and performing other activities and how we process this type of information.
2. Controller identification and contact details:
940 01 Nové Zámky
Company ID No.: 46 248 820
VAT ID No.: SK2023301665
Tax ID No.: 2023301665
The company is registered in the Commercial Register of the District Court Nitra section Sa, Insert No. 29397/N
3. Identification and contact details of the person supervising the processing of personal data of the controller
Cryomed sro has entrusted its employee with the supervision of security and protection of your personal data. If you have any questions concerning this Policy or any other suggestion or interest in exercising your right, please feel free to contact us and we will be happy to assist you.
Phone No.: +421 915 222 704
4. Definition of Basic Terms
Act No. 18/2018 Coll. on Personal Data Protection considers personal data as: “any information relating to an identified or identifiable natural person, such a person being one who can be identified, directly or indirectly, in particular by reference to an identifier of general application or by reference to one or more characteristics or factors specific to his physical, physiological, psychological, mental, economic, cultural or social identity.
In particular, this includes data such as your name, title, address, birth date, age, gender, phone number, and your e-mail address.
According to Article 4(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”): “personal data are any information relating to an identified or identifiable natural person; an identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier, or by reference to one or more elements that are specific to physical, physiological, genetic, mental, economic, cultural or social identity of that individual”.
Thus, according to the GDPR, online identifiers of persons (for example, IP address, cookies, mobile device identifiers) are also considered personal data – for example, if the IP address can be used to determine the location of the individual, it is considered personal data.
Controller is anyone who, alone or together with others, defines the purpose and means of processing personal data and processes personal data in their own name; the controller or specific requirements for their designation may be stipulated in a special regulation or an international treaty the Slovak Republic is bound by if such a provision or this treaty establishes the purpose and means of processing personal data.
The data subject is any natural person whose personal data are processed.
Authorized person is a natural person getting in contact with personal data at a controller in the course of performing his/her work duties, obligations or similar relationship with the controller (based, for example, on an authorization, appointment, election or in the exercise of public office), and performing processing operations with personal data assigned by the controller. A natural person becomes an authorized person on the day of his / her instruction.
5. Basic principles relating to personal data processing
Cryomed sro is governed in accordance with Article 5 GDPR and Sections 6 to 12 of the Personal Data Protection Act when processing personal data by these principles:
The principle of legality – personal data can only be processed in a lawful manner and in such a way that the fundamental rights of the data subject are not violated.
The purpose limitation principle – personal data may only be obtained for a specific, explicit and legitimate purpose and may not be further processed in a manner incompatible with that purpose; further processing of personal data for the purpose of archiving, for scientific purposes, for the purpose of historical research or for statistical purposes, if it is in accordance with a special regulation and if adequate safeguards for the protection of the data subject’s rights pursuant to Section 78(8) of the Act are respected, is not considered incompatible with the original purpose.
The principle of personal data minimization – the personal data must be adequate, relevant and limited to the necessary scope given for the purpose for which they are processed.
The principle of accuracy – the personal data must be accurate and kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
The storage limitation principle – personal data must be stored in a form that allows the data subject to be identified as long as necessary for the purpose for which the personal data are processed; personal data may be stored longer if they are to be processed solely for the purpose of archiving, for scientific purposes, for the purpose of historical research or for statistical purposes on the basis of a special regulation, and if adequate safeguards for the protection of the data subject’s rights under Section 78 (8) of the Act are respected.
The principle of integrity and confidentiality – personal data must be processed in a manner that, through appropriate technical and organizational measures, ensures adequate security of personal data, including protection against unauthorized processing of personal data, unlawful processing of personal data, accidental loss of personal data, destruction or damage of the personal data.
The liability principle – The controller is responsible for compliance with the basic principles of personal data processing, conformity of the personal data processing with the principles of processing the personal data and is obliged to prove this conformity of the principles of personal data processing at the request of the Office.
6. Method of personal data processing
Cryomed sro keeps records of its processing activities, both manual and automated, and has in place appropriate technical and organizational measures in the area of information security to prevent unauthorized or unlawful disclosure, access, accidental or unlawful loss or destruction, alteration, transmission or other damage to your personal data. Such measures include the use of firewalls, secure server spaces, encryption, appropriate access rights management systems and processes, a thorough selection of processors, and other technically and commercially justified measures to provide adequate protection of your personal data from unauthorized use or disclosure. As appropriate, Cryomed sro may also make backup copies and use other similar means to prevent accidental damage or destruction of your personal data. These measures provide a sufficient level of security in relation to the risks naturally associated with the process and nature of the personal data that is protected. Your secure personal data will be made available exclusively to selected authorized and instructed employees of Cryomed sro.
7. Categories of personal data, the purpose of processing, legal basis and processing time
In order to protect the personal data of you and others (“data subjects”), we try to minimize their use to only the necessary data. Nevertheless, the processing of some personal data is necessary, whether legally required or necessary for the provision of products, services, and communication with you.
We use your personal data to process your orders, including the delivery of products and services associated with your order, to process your payments, to answer your questions, or to send our newsletter if you have given us your consent.
Cryomed sro processes these categories of personal data of its customers (and potential customers):
|Purpose||Legal Basis||Personal Data Category||Storage Period|
|the realization of the contractual relationship with customer, preparations prior to entering the contractual relationship, registration of the contractual relationship, delivery of goods realization, performance of contracts control||performance of the contract pursuant to Section 13 (1b) Act No. 18/2018 Coll. on Personal Data Protection and Article 6 (1b) GDPR||address, IP address, cookies, phone, e-mail||5 years|
|communication via the contact form on the controller’s website||performance of the contract pursuant to Section 13 (1b) Act No. 18/2018 Coll. on Personal Data Protection and Article 6 (1b) GDPR||name, surname, address, telephone, e-mail||5 years|
|bookkeeping, processing of accounting documents for the introduction and performance of pre-contractual and contractual relations||performance of the contract pursuant to Section 13 (1b) Act No. 18/2018 Coll. on Personal Data Protection and Article 6 (1b) GDPR||name, surname, title, address, bank account number, telephone, e-mail||10 years|
|participation in the competition, evaluation of competitions, keeping records of competitors and mutual communication with them, sending information regarding the competition||the consent of the data subject pursuant to Section 13 (1b) Act No. 18/2018 Coll. on Personal Data Protection and Article 6 (1a) GDPR||name, surname, address, telephone, e-mail, or other information according to the terms of the competition specified in the invitation for participation||2 years|
|issuing a certificate for the operation or installation of equipment produced by the controller||name, surname, title, address, date of birth, ID card number, telephone, e-mail||10 years|
|sending marketing information -newsletter||the consent of the data subject pursuant to Section 13 (1b) Act No. 18/2018 Coll. on Personal Data Protection and Article 6 (1a) GDPR||name, surname, e-mail||until the withdrawal of consent|
|implementation and evaluation of marketing surveys
|legitimate interest of the controller pursuant to Section 13 (1f) Act No. 18/2018 Coll. on Personal Data Protection and Article 6 (1f) GDPR,||name, surname, title, address, IP address, cookies, phone, e-mail||5 years|
|processing requests from natural persons to exercise their rights as the data subjects under Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.||fulfilment of the statutory obligation pursuant to Section 13 (1c) Act No. 18/2018 Coll. on Personal Data Protection and Article 6 (1c), in accordance with Article 15 to 22 and 34 GDPR||name, surname, address, telephone, e-mail||1 year (from the date of processing the application)
8. Categories of personal data recipients
Cryomed sro also uses professional and specialized services of other entities to fulfil its commitments and obligations under the contracts. If these entities process personal data transmitted by Cryomed sro, they have the status of processors who process personal data only on the basis of the Personal Data Processing Agreement concluded in accordance with Article 28 (3) GDPR and Section 34 (3) of Act No. 18/2018 Coll. on Personal Data Protection, only within the instructions of Cryomed sro and may not use them otherwise.
These include, in particular, the categories of information system operators, marketing support tools, sales, customer service and accounting, cloud platform operators, postal services operators, experts, lawyers, auditors, suppliers of other sub-contracting activities and sub-services where the processing of personal data is necessary. For example, Cryomed sro submits personal data to:
|Processor||Personal data that is shared and why|
|Slovenská pošta, a. s.||Delivery of documents|
|marketing purposes – website analysis data obtained through cookies for marketing purposes and improving our services|
|Microsoft||provision of services – data required to configure and manage Microsoft services|
|Avast Software sro||provision of services – data necessary for providing security solutions|
Cryomed transmits personal data to the administrative authorities and authorities designated by applicable legislation as part of its legal obligations.
With the consent of the data subject or by his/her order, personal data may be provided to other recipients.
9. Transfer of personal data to a third country or international organization
Cryomed sro can only transmit personal data to countries that provide an adequate level of personal data protection. Cryomed sro will not authorize the processing of personal data by an entity abroad.
The protection of personal data processed by Cryomed sro by the controller, transferred to the territory of the Slovak Republic from entities established or permanently resident in third countries, is performed in accordance with the applicable legislation and internal regulations of the company.
10. Information on the existence of automated processing of personal data
In accordance with Article 22 of the GDPR, Cryomed sro does not use any fully automated decision-making process to establish a business relationship. If Cryomed sro decided to use this method in rare cases, it will inform you in advance where required by law.
Cryomed uses automatic methods partially to process your data in order to evaluate certain personal aspects (profiling). The client profiling process is used by Cryomed sro, for example, for the targeted provision of products you might be interested in.
11. Storage, destruction, archiving, registry and personal data protection
Personal data are stored on backed-up servers of Cryomed sro Access to them is limited to authorized persons.
Personal data is after processing or achieving the specified purpose of personal data processing destroyed in accordance with the internal regulations of Cryomed sro
Although the processing of your personal data is terminated by Cryomed sro, in the case of certain categories of documents, such as contractual documents and accounting documents, it is necessary to store these documents in the form of registry records for the period specified by the relevant legislation and the company’s registry plan until their disposal in accordance with Act No. 431/2002 Coll. on Accounting as amended and Act No. 395/2002 Coll. on Archives and Registries and on the amendment of certain Acts, as amended.
12. Visiting the website and security measures
During your visit to the website of Cryomed sro we process only the information that you provide about yourself and which will be sent to us, collected and stored on a protected server and processed to the extent that you permit or is permitted by law. You may disagree with the processing of some information or not disclose it, but this may mean that you will not be able to take advantage of some of our offers or the functionality of the website may be limited.
Personal data that we need to process your order are processed for this purpose without your further special consent, you grant the consent automatically, e.g. by submitting your order.
We have taken extensive measures to secure your data on our website. The data you provide to us and which you entered on our website via the contact form are encrypted using SSL (Secure Socket Layer) and are transmitted via a public data network to Cryomed sro where they are stored and processed. SSL is currently the most common and secure way to transfer data on the Internet.
You can recognize the encrypted connection by the fact that the line in the browser changes from “https://” to “https://” and the lock icon appears in the browser line.
If the SSL encryption is active, third parties cannot read the data you send us.
Every time you access our website, our system automatically collects data and information from the computer system of the computer accessing the website.
The following data is collected:
- Internet protocol,
- IP address,
- date and time of access,
- browser type and operating system,
- the page you visited,
- the amount of data transmitted,
- access status,
- duration and frequency of use.
This data is never stored with other user’s personal data.
There is a contact form on our website that you can use when you want to contact us electronically. If the user selects this option, the data he enters in the input mask is transferred and stored. These data include:
- e-mail address
- phone number (optional)
In addition, the following information is stored when you send your message:
- user’s IP address,
- date and time the message was sent.
You can also contact us via the e-mail addresses provided. In this case, the personal data that the user has sent in the e-mail will be stored.
13. Cookie Processing Policy
In order to ensure the proper functioning of the website, its full browsing potential for visitors and for the purpose of making the company’s marketing activities more effective, the company Cryomed sro uses so-called cookies.
If you visit the website of Cryomed sro and at the same time you enable cookies in the browser, it is considered as consent to their use and acceptance of the terms of their use.
A cookie is a small text file that a website stores on your computer or mobile device while browsing. With this file, the site keeps track of your steps and preferences (such as login name, language, font size, and other display settings) for some time, so you don’t need to re-enter them when you visit or browse each site again. Therefore, cookies are important since, without them, web-browsing would be a lot more difficult.
Cookies cannot scan your computer or other devices or read data stored on them.
Temporary cookies (session cookies) are always activated when you visit a website and are automatically deleted when you finish browsing.
Long term cookies remain stored on your computer or another device after browsing the website.
In general, cookies can generally be divided into four categories – essential, functional, analytical and advertising.
Necessary cookies allow you to use the website in general and use its basic features. These cookies do not collect any data about you that could be used for marketing purposes and they do not store your Internet browsing history. With the help of the necessary cookies, we detect your identity when you sign in to the site, ensuring that we have the necessary service on our website, even if we reorganize our website in some way, etc. Without their use, we cannot guarantee the full functionality of our site.
Functional cookies serve to provide services or to remember settings to ensure maximum convenience when using the website. With the use of functional cookies, we remember what settings you have chosen, such as your preferred language, remember whether you have already given your consent, e.g. confirming the Cookies Policy, or pre-fill your data in forms, etc.
Analytical Cookies – they collect the data about how you use our website, e.g. which pages you visit, whether you have encountered any unwanted errors, e.g. in forms. These cookies do not collect any data that can be used to identify your identity. All data collected is anonymous and serves to let us know our website traffic, to analyse visitor behaviour, and to find out what content and information is interesting to our visitors. With analytical cookies, we get statistics about how you use our website, we can identify errors and remove them to improve the website, etc. Any analytical information stored is anonymous and used exclusively for our own technical and marketing purposes.
Google Analytics – Address: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
For more information about privacy protection, visit:
We use the Yandex Metrica service on the Cryomed website.
Advertising Cookies – they allow to displaying targeted advertising on our website by tracking your behaviour and Internet search by identifying your browser settings. These cookies do not identify a specific person, but the settings and preferences of the anonymous user of a particular computer. Advertising cookies are also used to evaluate the effectiveness of a particular advert.
If you do not want our website to store cookies in your browser, you can change this setting directly in your browser. Instructions to change cookies settings are in the “help” option of each browser.
The majority of browsers offer configuration options, e.g. enable saving cookies, viewing saved cookies, disabling all or selected cookies. Instructions for deleting cookies in individual browsers can be found here:
- Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
- Internet Explorer: https://support.microsoft.com/sk-sk/help/17442/windows-internet-explorer-delete-manage-cookies
- Safari: https://www.apple.com/
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
You can delete all cookies stored on your computer, and you can set most browsers to prevent them from being saved. In this case, however, you may need to manually adjust some settings each time you visit a website, and some services and features will not work.
For more information on cookies, visit www.allaboutcookies.org, https://www.whatarecookies.com/
14. Use of personal data for marketing purposes
If you are a customer with whom Cryomed sro has been in a previous contractual relationship (previous purchase of goods), Cryomed sro may, for marketing purposes, process the contact information you provided, that being name, surname, e-mail address. Cryomed sro can send you news about its products, current discounts, promotions and competitions.
All personal data used for marketing purposes (working with existing customers, promoting goods or services after a previous purchase) is used for legal purposes of legitimate interest, and for marketing purposes, we keep it for 5 years from your last order.
If you are a new customer of Cryomed sro and wish to subscribe to the newsletter, Cryomed sro can only grant it to you on the basis of a voluntarily granted consent by subscribing to the newsletter.
If you wish to receive the above information via e-mail, you can express your voluntary consent by entering an e-mail address in the website panel called “News via e-mail -Newsletter” and checking the “I agree” box.
By agreeing, you voluntarily authorize Cryomed sro to send news and other business and marketing information to your e-mail address, while confirming that you are an authorized user of the e-mail address you have entered and that you are authorized to grant such consent, that is, you are a natural person who is 16 years of age or older, or if you are under the age of 16, have the legal guardian’s consent.
In addition to the address you have entered, we also store the date and time of granting the consent.
You have the right to withdraw your consent to the processing of your personal data at any time. Withdrawal of the consent does not affect the lawfulness of the processing of personal data based on consent prior to its withdrawal. You may withdraw your consent in the same manner as you granted your consent.
You can withdraw your consent in the following ways:
- a) by sending an e-mail message with the subject line “DO NOT SEND” to the e-mail address email@example.com,
- b) by inserting an e-mail address into a website panel called “News via e-mail – Newsletter”, where the system detects that your e-mail address exists and offers you the option to unsubscribe.
15. Rights of the Data Subjects
As the data subject of which we process the personal data, you have several rights under the law that allow you to change how we process your personal data.
You can file your application for exercising your rights in writing at the address of the registered office of Cryomed sro or by sending an e-mail to firstname.lastname@example.org.
15.1 Right to access the personal data
According to Article 15 GDPR, as the data subject, you have the right to access personal data that includes the right to obtain from Cryomed sro:
- confirmation of processing personal data
- information on the purposes of the processing, the categories of personal data concerned, the recipients to whom the personal data have been or will be made available, the scheduled processing time, the existence of the right to require the controller to rectify or destroy personal data relating to the data subject or to limit their processing or to object to such processing, on filling a complaint to the Authority, all available information on the source of personal data, unless it is obtained from the data subject itself, the fact that there is automated decision making, including profiling, on appropriate safeguards when providing data outside the EU,
- if the rights and freedoms of other persons are not adversely affected, as well as a copy of personal data.
In the case of a repeated request, Cryomed sro is entitled to charge a reasonable fee for the provision of copies of the processed personal data.
15.2 Right to rectify incorrect data
According to Article 16 GDPR, as the data subject, you have the right to rectify inaccurate personal data processed by Cryomed sro. The customer of Cryomed sro is also obliged to report changes to his or her personal data and to prove that such a change has occurred. At the same time, you are obliged to provide Cryomed sro with assistance if it is found that personal data we process about you are not accurate. We will rectify the data without undue delay, but always with regard to the technical possibilities.
15.3 Right to erasure
According to Article 17 GDPR, as the data subject, you have the right to erase personal data relating to you if Cryomed sro does not substantiate the legitimate reasons for processing this personal data. Cryomed sro has set up mechanisms to ensure automatic anonymization or erasure of personal data in case if they are no longer needed for the purpose for which they were processed.
15.4 Right to the restriction of processing
According to Article 18 GDPR, as the data subject, you have the right to restrict processing if you deny the accuracy of your personal data, the reasons for processing it or if you object to its processing until the particular complaint is resolved.
15.5 Right to notify rectification or erasure of personal data or restriction of processing
According to Article 19 GDPR, as the data subject, you have the right to be notified by Cryomed sro in case of rectification, erasure or restriction of the processing of personal data. If personal data are rectified or erased, Cryomed will inform the individual recipient, unless this proves impossible or requires a disproportionate effort. At the request of the data subject, we can provide information about these recipients.
15.6 Right to data portability
According to Article 20 GDPR, as the data subject, you have the right to transfer the data concerning you that you have provided to Cryomed sro in a structured, commonly used and machine-readable format, and the right to request Cryomed sro to transmit such data to another controller.
If you provide, as the data subject, Cryomed sro with personal data as part of the performance of the contract or by consent, you have the right to receive such data from Cryomed sro in a structured, commonly used and machine-readable format. If technically possible, Cryomed sro may also transfer the data to a designated controller, provided that the duly appointed person acting as the relevant controller is authorized.
If the exercise of this right could adversely affect the rights and freedoms of third parties, your request cannot be accepted.
15.7 Right to object to the processing of personal data
According to Article 21 GDPR, as the data subject, you have the right to object to the processing of your personal data due to the legitimate interest of Cryomed sro.
If Cryomed sro does not prove that there is a serious justified reason for processing that prevails over the interests or rights and freedoms of the data subject, Cryomed sro will terminate the processing on the basis of an objection without undue delay.
15.8 Right to withdraw consent to the processing of personal data
Granted consent to the processing of personal data may be withdrawn at any time. The withdrawal must be made by explicit, understandable and certain expression of will (with a precise indication of the consent given to the request).
Cookie data processing can be avoided by changing settings in the web browser.
15.9 Automated individual decision-making, including profiling
The data subject has the right not to be subject to any decision based solely on automated processing, including profiling, which would have legal effects on him or her, or have a significant impact on him or her in a similar way. Cryomed sro states that it does not make automated decision-making without the influence of human assessment with legal effects on the data subjects.
15.10 Right to contact the Office for Personal Data Protection
In the event that you violate your rights when processing personal data or violated Act No. 18/2018 Coll. on Personal Data Protection or a special regulation in the field of personal data protection, and in the case of finding deficiencies, you have the right to file a make a proposal to initiate proceedings pursuant to Section 100 of Act No. 18/2018 Coll. on Personal Data Protection to the Office for Personal Data Protection.
16. Final Provisions