These personal data protection rules regulate:

1. Who is the controller of personal data and what are his contact details

2. Definition of terms

3. What categories of personal data do we obtain and process

4. What are the legal bases and purposes of personal data processing

5. Recipients of personal data

6. How we store personal data

7. How we protect personal data

8. Rights of the affected person

9. Changes in the protection of personal data

1. Who is the controller of personal data and what are his contact details

1.1 activepro.sk s.r.o. with registered office: Pod Párovcemi 7152/151, 921 01 Piešťany, ID: 47004282; VAT number 2023687952, (hereinafter referred to as "company", "us", "we" or "our" or "Operator") cooperates with o.z. He brings a smile to others and the profit from his sale back to the community of people with disabilities,

The company operates the following websites:

www.usmejsa.com
1.2 The company is a personal data controller with its seat in the Slovak Republic. The registered office is Pod Párovcami 7152/151, 921 01 Piešťany.

1.3 As an Operator, the Company undertakes to protect and respect your privacy and ensure safety when using its websites and services offered through them. This Privacy Policy informs you about who we are, what personal data we collect and why and what measures we take to protect it.

1.4 The website user has the right to access his personal data and has the right to correct or delete incorrect or inappropriate data and other rights, as described in more detail in point 8 of these Rules and which he can exercise to the extent guaranteed by the legislation on the protection of personal data data. If you have any questions regarding your personal data, please contact us at info@usmevpredruhych.sk

2. Definition of terms

"legal regulations for the protection of personal data" are legal regulations related to the protection of personal data or the protection of privacy that apply to the processing of the Operator, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of physical persons in the processing of personal data and on the free movement of such data, which repeals Directive 95/46/EC (General Data Protection Regulation (hereinafter referred to as "GDPR") and Act No. 18/2018 Coll. on the Protection of Personal Data and on the Amendment and amendments to some laws
"personal data" is any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier, or by reference to one or more elements that are specific to the physical, physiological, genetic, mental , economic, cultural or social identity of this natural person
"processing" is an operation or set of operations on personal data or sets of personal data, such as obtaining, recording, arranging, structuring, storing, processing or changing, searching, browsing, using, providing by transmission, dissemination or otherwise making available, rearranging or combining; restriction, erasure or disposal, whether by automated or non-automated means
"restriction of processing" is the designation of stored personal data with the aim of limiting their processing in the future;
"operator" is a natural or legal person, public authority, agency or other entity that alone or jointly with others determines the purposes and means of personal data processing; in the event that the purposes and means of this processing are determined by Union law or
in the law of a Member State, the operator or the specific criteria for its determination may be determined in the law of the Union or in the law of a Member State;
"intermediary" is a natural or legal person, public authority, agency or other entity that processes personal data on behalf of the operator;
"recipient" is a natural or legal person, public authority, agency or other entity to which personal data is provided, regardless of whether it is a third party. However, public authorities that may receive personal data as part of a specific investigation in accordance with Union law or the law of a Member State are not considered recipients; the processing of said data by said public authorities is carried out in accordance with applicable data protection rules, depending on the purposes of processing;
"third party" is a natural or legal person, public authority, agency or entity other than the data subject, operator, intermediary and persons who, on the basis of the direct authorization of the operator or intermediary, are entrusted with the processing of personal data;
"consent of the person concerned" is any freely given, specific, informed and unambiguous expression of the will of the person concerned, by which he expresses his consent to the processing of personal data concerning him in the form of a statement or a clear confirming act;
"information society service" is the service defined in Article 1 point 1 letter b) directive of the European Parliament and of the Council (EU) 2015/1535.
Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meaning as in our General Terms and Conditions and/or General Website Terms of Use.

3. What categories of personal data do we obtain and process

3.1. We collect several different types of information for different purposes, namely:

identification and contact data: We obtain this data (usually) during User registration. Identification data may include, but is not limited to: first and last name, title, date of birth (where necessary to verify the User's age), User's login, IP address and age. Contact data includes data such as: address, district, zip code, city, country, email address, telephone / mobile number.

data provided/created by the User himself when using the website, such as User Contributions, including comments, questions, references.

data about the User/Registrant's purchases, such as the type of goods, price, invoicing data, delivery address, etc.

technical data related to the use of our website (including data obtained through cookies) such as
records of visits to our websites,
records of your login, logout from the account if you are a Registered User;
information about how you use our website, such as the type of device you use and the browser you use to access our website;
information relating to the location from which you are connecting, including IP address and other operational or location data necessary to enable access to the Websites;
the pages you've visited, including what you've clicked on. Further information can be found in the Cookie Policy below.

data obtained in connection with communications with us or our employees/representatives, such as calls, emails and messages sent through a form;

any other information you provide through the website.
4. What are the legal bases and purposes of personal data processing

Creating and managing a user account
The processing is based on the User's consent obtained in accordance with Article 6 par. 1 letter c) of the GDPR regulation.

E-shop - orders for goods, payments, delivery of goods
Processing for this purpose is necessary for the performance of the contract to which the User (person concerned) is a party in the sense of Article 6 para. 1 letter b) of the GDPR regulation

Claims and accounting
In the case of these purposes, personal data are processed for the purpose of fulfilling the legal obligations of the Civic Association in accordance with Article 6, paragraph 1 letter c) GDPR.

Detecting, preventing and resolving technical issues. In order to ensure the security of the website, we process personal data for this purpose based on our legitimate interest in accordance with Article 6 para. 1 letter f) GDPR.

Exercising legal claims, changing management in the association or operating the website by a new operator We process personal data for these purposes on the basis of our legitimate interest in the sense of Article 6 para. 1 letter f) GDPR.

Providing news about the association's activity and activities (newsletter). In this case, the processing will be carried out on the basis of the User's consent in the sense of Article 6 para. 1 letter a) GDPR and Act no. 351/2011 Coll. on electronic communications as amended.
5. Recipients of personal data

5.1 In fulfilling the above-mentioned purposes, we may need help or use the services of other entities or be responsible for them, therefore personal data processed by us may be provided

employees of the Civic Association, collaborators/experts and volunteers of the Civic Association and persons authorized to act on behalf of the Civic Association, while ensuring that these persons handle only the data they absolutely need to perform their tasks and observe security measures,

public authorities, or to other persons within the framework of the fulfillment of some legal obligations established by special regulations, e.g. for inspection purposes (e.g. tax office, Personal Data Protection Office of the Slovak Republic, State Trade Inspection, Ministry of the Interior of the Slovak Republic), courts, authorities active in criminal proceedings,

to other persons, if it is necessary to protect the rights of the Civic Association, e.g. when making a claim, e.g. courts, bailiffs, etc. In such cases, the scope of personal data provided is limited to the data necessary for the successful application of the claim.

intermediaries who perform processing for the Operator on the basis of the relevant contract on the processing of personal data. As an intermediary, the Civic Association after careful consideration selects only such a person who will provide maximum guarantees on technical and organizational security for the protection of transferred personal data.

to service providers such as IT service providers, marketing services, tax and legal advisors, etc.

6. How and where we store personal data and transfers of personal data

6.1. The company processes personal data for the period necessary to fulfill the purposes mentioned above, either for the duration of the contract (eshop), for the period required by law or for the period of your consent to processing. We process your data while you are an active User of our websites/services. If you cease to be a Registered User of the Websites, we will store and use your personal data in our systems only to the extent necessary to fulfill our legal obligations (for example, those imposed by tax laws, accounting laws, etc.) or to fulfill our legitimate interests .

6.2 Your data is stored on the territory of the Slovak Republic. However, if we work with third parties, the data we receive from you may be transferred and stored outside the European Economic Area (EEA), which happens exceptionally. They may also be processed by non-EEA staff working for us or one of our suppliers.

6.3. In the event that personal data is transferred to a non-EEA country that does not provide adequate personal data protection, we ensure that there are adequate contractual controls in place over any third party that helps us process your data and that adequate safeguards are adopted, in the form of standard contractual clauses.

7. How we protect personal data

To protect your personal information, we take reasonable precautions and follow best practices to ensure that it is not lost, misused, disclosed, altered, destroyed, or otherwise accessed. We store all active information we receive directly from you in an encrypted, password-protected database located on our secure network behind active state-of-the-art firewall software.

8. Rights of the affected person

8.1 As a data subject, you have rights within the meaning of personal data protection legislation that allow you to control the way your personal data is processed. However, some of these rights can only be exercised under certain circumstances. These are your rights in relation to processing:

Right to withdraw consent In cases where we process your personal data based on your consent, you have the right to withdraw this consent at any time. You can withdraw your consent electronically, in writing, by sending a notice of withdrawal of consent or in person at our company headquarters. Withdrawal of consent does not affect the legality of the processing of personal data that we processed about you on the basis of it.
Right of access You have the right to be provided with a copy of the personal data we hold about you
available, as well as for information on how we use your personal data. In most cases, your personal data will be provided to you in written document form, unless you request another way of providing it. If you have requested this information to be provided by electronic means, it will be provided to you electronically if technically possible.
The right to rectification guarantees that your personal data is accurate, complete and up-to-date. If you think that the data we have is inaccurate, incomplete or out of date, please do not hesitate to ask us via email or other means to correct, update or supplement this information.
The right to erasure You have the right to ask us to delete your personal data, for example, if the personal data we have obtained about you is no longer necessary to fulfill the original purpose of processing. However, your right must be assessed in light of all the relevant circumstances. In the event that your personal data is still necessary for the fulfillment of legal obligations, we will not be able to comply with your request.
Right to restriction of processing In certain circumstances, you are entitled to ask us to stop using your personal data. These are, for example, cases where you believe that the personal data we have about you may be inaccurate or when you believe that we no longer need to use your personal data.
Right to data portability In certain circumstances, you have the right to ask us to transfer the personal data you have provided to us to another third party of your choice. However, the right to portability only applies to personal data that we have obtained from you on the basis of consent or on the basis of a contract to which you are a party.
Right to object You have the right to object to data processing based on our legitimate interests. If you object to such processing, we will check your reasons and requests and, if we do not have a legitimate interest that outweighs your right to privacy, we will not process your personal data further.
If you have a question, wish to exercise your rights or file a complaint regarding the way we process your personal data, contact us by e-mail at info@usmevpredruhych.sk or in writing to the Company's correspondence address listed in point 1 of these Rules.

We will be happy to solve your query/problem. However, you can still address your complaint to the supervisory authority, which is the Personal Data Protection Office of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27; tel. number: +421 /2/ 3231 3214; e-mail: statny.dozor@pdp.gov.sk

9. Changes in the protection of personal data

We reserve the right to change these Personal Data Protection Rules at any time, so please familiarize yourself with them continuously. We will notify you of material changes to this Privacy Policy by notice or email regarding those changes. All other changes to this Privacy Policy are effective as of the "Last Updated" date indicated.