GDPR

The regulation of personal data protection has so far been regulated in the form of Directive 95/46/EC, which has been transposed very differently in the national legal systems of the Member States. This has often led to inconsistent application practices by supervisory authorities across Europe. The current form of the legal instrument of regulation is a Regulation, which, unlike Directive 95/46/EC, will be directly applicable in the Member States. The GDPR (General Data Protection Regulation) should effectively compensate for the fact that the fundamental human right to privacy and personal data protection has become a de facto payment for the services of the modern digital economy, for example, in the use of smartphone apps, wifi tracking, cookies, GPS monitoring, the use of biometric devices or customer loyalty programmes. The applicability of the Regulation is based on a specific case if the territorial, material and personal scope of the legal standard is met. In terms of territoriality, the Regulation potentially affects all natural persons in the Union, all organisations in the Union that process personal data, as well as organisations outside the Union that process personal data relating to natural persons in the Union. Substantive scope
The essence of the substantive scope of the General Data Protection Regulation, as well as of the Data Protection Act, is that it applies to any processing of personal data by a controller, e.g. for the purpose of carrying out targeted advertising. Generic personal data
According to Section 2 of the new Data Protection Act, personal data are data relating to an identified natural person or an identifiable natural person who can be identified, directly or indirectly, in particular by reference to a generally applicable identifier, other than, for example, a name, surname, identification number, location data, or online identifier, or on the basis of one or more characteristics or attributes which constitute his or her physical identity, physiological identity, genetic identity, psychological identity, mental identity, economic identity, cultural identity or social identity. Natural person
From the point of view of data protection, the data relating to a legal person or natural person Entrepreneur are the data that identify him/her: business name, identification number, registered office or place of business. Information about legal entities and natural persons. Purpose limitation principle and data minimisation principle
The purpose of the processing of personal data is determined by the controller itself or is directly derived from a legal regulation.
Personal data will therefore be stored for the purpose of the e-shop for a maximum period of 1 year for marketing and advertising purposes in the context of the operation of the company and its digital media.
Pursuant to Art. 6 of the Regulation and, alternatively, Article 13 of the new Data Protection Act, the controller may process the personal data of data subjects on the basis of at least one of the following legal bases:
(a) Consent of the data subject,
(b) Processing for the performance of a contract,
(c) Processing necessary pursuant to a special regulation or international treaty,
(d) Processing necessary for the protection of the life, health or property of the data subject or of another natural person,
(e) Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
(f) Processing necessary for the purposes of a legitimate interest. Right to erasure (right to be forgotten)
In accordance with Art.

17 of the Regulation and Section 23 of the Personal Data Protection Act, the data subject has the right to have personal data concerning him or her erased by the controller without undue delay in the following cases: – The personal data are no longer necessary for the purpose for which the controller obtained or processed the data, – The data subject withdraws his or her consent and there is no other legal basis for the processing of the personal data,
– The data subject objects to the processing of the personal data and there are no overriding legitimate grounds for the processing of the personal data,
– The personal data are being processed unlawfully,
– The reason for erasure is the fulfilment of an obligation under the Personal Data Protection Act, a special regulation or an international treaty to which the Slovak Republic is bound,
– The personal data were collected in connection with the offer of information society services pursuant to Art. 8(1) of the Regulation or Article 15(1) of the new Personal Data Protection Act. Additional safeguards for the lawful processing of personal data
Codes of Conduct
A draft code of conduct, a draft amendment to a code of conduct and a draft extension to a code of conduct are subject to an approval process. The subject matter of a code of conduct is procedures: – For the fair and transparent management of personal data, – For the application of legitimate interest in specific situations, – For the pseudonymisation of personal data, – For the proper exercise of the rights of data subjects, – For ensuring the information and protection of children and for obtaining the consent of the holders of parental rights and responsibilities,
– For demonstrating compliance with the Regulation in accordance with the principle of accountability and the obligation to take appropriate security measures in accordance with the specific and standard data protection design
– For notifying personal data breaches to the Authority and to data subjects,
– For transferring data to third countries or international organisations,
– For ensuring out-of-court procedures or dispute resolution between the controller and data subjects. All information under this title will be processed only within the Slovak Republic and will not be disclosed to third
parties or within the EU or third countries.