Privacy Policy

Website privacy policy

This Privacy Policy is provided by Webshop Technologies s.r.o. (hereinafter referred to as “Company”) in order to inform the consenting natural persons, companies and contractors (hereinafter referred to as “clients”) regarding the usage, handling, storage and protection of the personal data provided to us, and on the free flow of such data; in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (General Data Protection Regulation).

This Privacy Policy governs the privacy practices of the following pages:

This Privacy Policy is available on the following websites:

Changes made to this document take effect upon publication at the above address.

Data controller and contact details

Data controller

Name: Webshop Technologies s.r.o.

Headquarters: Hlavná 22, Štúrovo 943 01, Slovakia

Tax number: SK 2121111366

Registration number: 102418279/2019



Phone: +36 20 969 6170



Personal data

Any information related to an identified or identifiable natural person (“data subject”). A natural person is identifiable if they can be identified, either directly or indirectly, particularly by reference to an identifier such as name, number, positioning data, online identification or to one or more factors related to their physical, physiological, genetic, intellectual, economic, cultural or social attributes.

Handling of data

Means any operation or combination of operations, whether automatic or not, carried out on personal data or data files, such as collection, recording, filing, sorting, storing, transforming or altering, retrieving, accessing, using, communicating, distributing or otherwise making available, reconciling or linking, limiting, deleting or destroying.

Data controller

Means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of data processing are determined by Union or Member State law, the data controller or the specific criteria for designating the data controller may also be defined by Union or Member State law.

Data processor

Means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller.


Means any natural or legal person, public authority, agency or any other body which with whom personal data is disclosed, whether they are a third party or not. Public authorities which have access to personal data in the framework of an individual investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing.

Consent of the data subject

Stands for the voluntary, explicit and unambiguous expression of the will of the data subject, by which the data subject, by means of a statement or an act unambiguously confirming their consent, signifies their consent to the processing of personal data concerning them.

Data breach incident

Means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access of personal data which is transmitted, stored or otherwise processed.

Principles governing the handling of personal data

  1. The handling and processing of personal data must be carried out in a lawful and fair manner and in a manner that is transparent to the data subject (“lawfulness, fairness and transparency”). Collection of it must happen for specified, explicit and legitimate purposes and not managed in a way incompatible with those purposes. Further procession of data for archiving purposes in the public interest, for scientific/historical research purposes or for statistical purposes (“purpose limitation”) is not considered incompatible with the original purpose.
  2. Personal data must be adequate and relevant to the purposes for which the data are processed and must be limited to what is necessary (“minimum viability”).
  3. Personal data must be accurate and, if necessary, kept up to date; every reasonable step must be taken to ensure that personal data which is inaccurate for the purposes for which they are processed are erased or rectified without delay (“accuracy”); it must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for a longer period only if they are processed for archiving in the public interest, for scientific and historical research purposes or for statistical purposes in accordance with Article 89 (1), in mind with the implementation of appropriate technical and organizational measures to protect the subjects’s rights (“limited storage”).
  4. The handling of personal data shall be carried out in such a way as to ensure adequate security by appropriate technical and organizational measures, including protection against unauthorized or unlawful access, accidental loss, destruction or damage (“integrity and confidentiality”).
  5. The handler is responsible for compliance with the above and must be able to justify such compliance (“accountability”).

Legal basis for data management

This Privacy Policy applies only to the handling of personal data of natural persons, given that personal data can only be interpreted in relation with natural persons.

The following information is provided regarding the data management during carrying out the services provided by the Company:

Data management related to employment

The company may only request and record data and conduct occupational medical examinations from the employees that are necessary to establish, maintain and terminate employment, and in order to provide social and welfare benefits, without any violation to the employee’s rights as an individual.

Legal basis for the procession of the data is the consent of the data’s subject.

Further legal basis for the data handling: In order to assert the legitimate interests of the Company, the enterprise needs to manage the employee’s data for the purposes of establishing, fulfilling or terminating an employment relationship.

Scope of personal data handled: All personal data necessary to establish, maintain and fulfill an employment relationship.

The purpose of personal data management is to establish, maintain and fill a employment relationship.

The recipients of the personal data are: the head of the company, the employer, the data processor of the enterprise performing labor duties.

Period of retention of personal data: 3 years after termination of employment, except for the documents necessary for calculating the length of service and pension.


Purpose of data management: The use of the services provided by the Company, the use of purchased products by the affected parties, determination and billing of the services and goods.

Legal basis for data management: Fulfillment of a legal obligation under the provisions of paragraphs 1 and 2 (Article 6 (1) (c) of the GDPR).

Personal information handled: surname, first name, company name, company VAT number, billing address to issue the invoice, tax number, in case of rent: individual’s birth details, mother’s name, ID number, address card number.

Period of data management: 8 years from the date of the submission of the personal data by the data subject to the preparation of the report, business report or accounting for the given business year.

Possible consequences of failure to provide data: The company can’t make invoice to data subject, and thus is unable to conduct business with data subject.

Business relationship

Like most companies, our company maintains a business relationship with employees of other organizations whose names, business positions and contact information are stored by us.

Purpose of data management: communication with our partners for cooperation.

Legal basis for the handling of data: Legal interest in the fulfilling contracts or in the contacts between the companies (Article 6 (1) (f) of GDPR).

The handler of data has a legitimate interest: business continuity.

Personal information handled: name, business position, telephone number, email address of the contact person.

The contact details of these business relationships are stored solely to facilitate the establishment and maintenance of business partnerships with partner companies.

Revocation of data management: consent may be revoked at any time by sending a message to

Duration of data management: The contact details of our business relationships are reviewed at least annually and any data that is no longer relevant is removed from the system. At your request, we will modify or remove your information from our system.

Contacting us through our website

Purpose of data management: Providing advance information about the Company’s products, services and pricing, and providing online contact.

Legal basis for data processing: prior consent of the originator (Article 6 (1) (a) of GDPR)

The personal data handled includes: surname and first name; company name; e-mail address.

Transfer of managed data: to authorized distributors.

Duration of data management: Until the conclusion of a business relationship, reviewed every 5 years

Possible consequences of failure to provide data: If you do not provide the required information, we will not be able to provide a personalized quote.

Revocation of data management: consent may be revoked at any time by sending a message to


At the request of the data subject, the Company may send direct marketing (direct acquisition) messages in an electronic newsletter, so only those who have registered for this service on the Company’s website or who have explicitly (in writing) consented to receiving the newsletter will receive the newsletter. If the subscriber can sign up for the newsletter on the website, they must agree to the privacy policy at the place of subscription, by clicking a check box. At the bottom of each newsletter, the Company provides the option to unsubscribe at

Legal basis for data processing: consent of the data subject Article 6 (1) (a) of GDPR.

Scope of data handled: ID, email address, date, analytical data related to subscription and registration, message sending, delivery, opening (date, time of the message, IP address of the computer, reason for undeliverance)

Duration of data management: until the end of the operation of the newsletter service, but if the data subject requests deletion of their data (unsubscribes from the newsletter), immediately after their request for deletion or from the opening of the latest newsletter.

Possible consequences of failure to provide data: data subject will not be informed of data controller’s (and their partners’) offers.

Method of data management: electronic.

Social networks (GoogleAnalytics)

The Company uses the GoogleAnalytics web analytics service to measure visitors, number of visitors, and their use of the features of the website. GoogleAnalytics logs a number of properties for visitors, such as where they came from, what browser or operating system were they using, which pages they view on a web page. The data stored by GoogleAnalytics is not capable of identifying the visitor by name, but on a subsequent visit, it may recognize that someone has previously visited the site on their computer, using the browser used by that user.

For measuring purposes, the system uses small data files (“cookies”) on your browser. The purpose of the measurement is to get to know the user habits, thus expanding the site based on the information obtained. It also aims to survey the search habits of visitors to the site, and to map the search terms used. Cookies are created by the webserver through the browser on the visitor’s device (which may be PC, laptop, smartphone, etc.) where they are stored in a separate directory. If you do not want GoogleAnalytics to measure the above data for the purpose and purpose described, please install a plug-in to block this in your browser:

Google Analytics is hosted by

Google LLC

1600 Amphitheater Parkway

Mountain View, CA 94043


The Google Privacy Notice can be found here:

You can manage the Google information stored on the user’s machine at:

Google Analytics “Data Protection” information can be found here:


When you visit the Company’s website, one or more cookies – small data packets that the server sends to the browser application of the user and then are sent back to the server by on subsequent visits – are sent to the computer of the person visiting the website. Your browser will be uniquely identifiable if it is explicitly (explicitly) consented to by the person who visits the website.

Permanent or temporary cookies

The website uses both “temporary cookies” (session cookies) and “permanent cookies”. Temporary cookies will remain on your computer until you leave the site. Permanent cookies stay on your device for a longer duration (depending on your browser setting) or until you manually delete them.

Session cookies

Temporary cookies only exist during the current visit and are automatically deleted from your computer at the end of the session and when you close the browser. These are essential for navigating the website and for the proper functioning of the website. In no case do session cookies collect information that could identify the user.

Performance Cookies (Analytics)

GoogleAnalytics cookies collect information about the behavior and characteristics of our visitors. This will help us to make the website even more transparent and usable in the future. These cookies are not able to personally identify the visitor to the site, for example, they do not record their name and email address; the data is stored in an aggregated and anonymous form. The IP address is only partially recorded.

Targeting or advertising cookies

They collect information on the interests to the visitor (what topics and content they find interesting). These cookies can also be used to measure the effectiveness of our campaigns and help us show relevant ads in the future. Targeting and advertising cookies cannot identify or collect personal information needed for identification.

Cookies related to website functions

They help us to remember your decisions taken on our website (eg. information provided on forms, etc.). These cookies will only track your activity on the website you visit, not on other websites. These cookies may store personally identifiable information that is provided on the website, for example: a name or email address.

Third Party Cookies

We may use third-party third-party web services on our website. In this case, we do not control the storage of cookies and we have no control over what information these external service providers collect.

Setting up your browser

It is possible to change or manage the settings of cookies in your browser. Most browsers default to accept cookies automatically, but you can change that later.

Use the links below for help setting up cookies:

Although you may disable or restrict cookies, please exercise caution, as the use of cookies is essential for the smooth running of the website, and disabling them may affect the usability of the website and the functionality of certain features.

Purpose of data management: Technical development of the IT system, control of the operation of the service and production of statistics. In case of abuse, the data can also be used to identify the source of the abuse, working with the visitors’ ISP and authorities.

Legal basis for data management: Fulfillment of legal obligations under the provisions of the GDPR.

Duration of data management: 10 days calculated from the visiting of the website.

Other cases of data handling

Information on data handling in cases not listed in this document will be provided at the time of data collection. We inform our clients that certain authorities, public authorities and courts may contact our company for personal information. Our company will provide such bodies with personal data only to the extent and to the extent necessary to fulfill the purpose of the request, provided that the purpose and scope of the request are specified by the relevant authority, and if the execution of the request is required by law.

Transmission of data, use of data processors

Similar to other enterprises, we use the services of other companies with whom we have signed contracts which necessitates their use of data collected by us, in accordance with law.


We are using a third-party company to perform tasks related to accounting to us:

Business name: MUFIS s.r.o.

Headquarters: 943 01 Štúrovo, Hlavná 30, Slovakia

Registration number: 2023258083

VAT number: SK2023258083


Phone: +421 3637 00014

Activity: accounting, payroll, tax consultancy

Hosting provider

The hosting provider of our company related to is:

Business name: BlazeArts Kft.

Headquarters: 6090 Kunszentmiklós, Damjanich u. 36. 1/8, Hungary

Registration number: 03-09-109150

VAT number: 12539833-2-03


Phone: +361 610 5506

Activity: website hosting


We use an electronic invoicing service for our invoicing needs:

Business name: Invoice Ninja LLC

Headquarters: 14799 Soaring Eagle Ct., Fort Myers, Florida, 33912, United States


Activity: provider of invoicing software

Firewall and anti-virus software

Company name: Kaspersky Lab Czech Republic s.r.o.


As a handler of data, the Company is entitled and obliged to transfer to the competent authorities any personal data in its possession and duly stored by it when it is required by law or under a legally binding obligation to transmit the data. The data controller cannot be held responsible for the transmission of such data and the consequences thereof.

Only with the prior and informed consent of the data subject may the Company conduct any further kind of data transfer not listed above.

Method of data storage, security of data management

Employees engaged in data processing at the Company and persons engaged in data processing on behalf of the Company are obliged to treat and disclose any personal information that they have become aware of as business secrets. Persons who handle and have access to personal data are required to make a Privacy Statement.

In the course of their work, the employees of the Company shall ensure that unauthorized persons cannot access personal data, and that the storage and placement of personal data is be designed in such a way that it cannot be accessed, known, altered or destroyed by unauthorized persons.

The Company’s IT systems and other data storage locations are located at its headquarters and at its data processors. We select and operate the IT tools used to manage your personal information in the course of providing the service in such a way that the managed data:

  • is accessible to authorized persons (availability)
  • its authenticity and authentication are assured (authenticity of data management)
  • its unchangeability can be demonstrated (data integrity)
  • is protected against unauthorized access (data confidentiality)

We pay particular attention to the security of the data, and take the technical and organizational measures and procedures necessary to enforce the guarantees declared in GDPR.

In particular, the data shall be protected by appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, and against accidental destruction, damage or unavailability due to changes in technology used.

The Company and our partners’ IT systems and networks are protected against computer-assisted fraud, computer viruses, computer hacking, and denial of service attacks. The operator also provides security through server-level and application-level security procedures. The data is backed up daily.

In order to avoid privacy incidents, our company will take all possible measures, and in the event of such an incident, we will take immediate action to minimize the risks and prevent damage.

Regardless of protocol (e-mail, web, etc.), electronic messages transmitted over the Internet are vulnerable to network threats that can lead to fraudulent activity or the disclosure or modification of information. To prevent such threats, the Company will take all reasonable precautions it may require. However, the Internet is not, as is well known to users, to be 100% secure. The Company shall not be held liable for any damage caused by unavoidable attacks that may occur despite the utmost care that may be taken.

Rights of data subjects

According to EU Regulation 2016/679 of the European Parliament and Council (GDPR), the data subjects’ rights in respect to the handling of their data are: being informed, right of rectification, portability of data, right of deletion, “right to be forgotten”, right to block/restrict data, right of withdrawal, right of protest, right of appeal, right of access to court and authority.

Data subjects may request information and exercise their other rights by making a statement to the data controller (the Company). The data controller will examine and respond to the statement as soon as possible, but within a maximum of 30 days after receipt, and will take the necessary steps in accordance with the information provided and the laws and regulations applicable.


Remedy is available through the Data Protection Agency of the Slovak Republic: Úrad pre ochranu osobných údajov Slovenskej republiky, Hraničná 12, 820 07 Bratislava 27, Slovenská republika,

The person concerned may take legal action in the event of a breach of his rights.

The data controller reserves the right to modify the Privacy Policy at any time. The data controller shall notify the data subject about the modification by publishing it on their website at least 8 days prior to the entry into force of the modification.

Effective January 21, 2020.