PERSONAL DATA PROTECTION AND COOKIE NOTICE

/ Policies and instructions regarding personal data protection

Provided by the Operator to the Data Subject when collecting personal data from the Data Subject and the cookie notice of the online store www.titzmach.com /

Operator

1.1. Identity and contact details of the Operator are:

Business name: Mária Lazarová
Place of business: Žitavská 175/17, 95197, Žitavany, Slovak Republic

Registered in the Trade Register: District Office Nitra, Trade Register Number: 430-71623

Company ID: 56974426

VAT number: SK1123037025

Bank account: SK59 0900 0000 0052 3357 1085

The Seller is not a VAT payer

1.2. Email and telephone contact for the Operator:

Email: [email protected]
Tel.: +421 940 350 526

1.3. Address of the Operator for sending correspondence:

Mária Lazarová, Žitavany, Žitavská 175/17, 95197, Slovak Republic

1.4. The Operator hereby, in accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 May 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC – General Data Protection Regulation (hereinafter referred to as the “Regulation”), further in accordance with Act No. 18/2018 Coll., the Personal Data Protection Act, as amended, and in accordance with Act No. 452/2021 Coll., the Electronic Communications Act, as amended, provides the Data Subject (the Buyer), from whom the Operator (the Seller) collects personal data concerning them, with the following information, instructions, and explanations:

References

2.1. These policies and instructions regarding personal data protection form part of the General Terms and Conditions published on the Seller’s website.

2.2. Pursuant to §3(1)(n) of Act No. 102/2014 Coll., the Seller informs the consumer that there are no specific relevant codes of conduct to which the Seller has committed to comply. A code of conduct means an agreement or a set of rules defining the Seller’s behavior, which the Seller has undertaken to follow in relation to one or more specific business practices or commercial sectors, if these are not established by law or other legal regulation or administrative measure. The Seller also informs how the consumer can familiarize themselves with such codes or obtain their text.

III. Personal Data Protection and Use of Cookies. Instructions and Explanation of Cookies, Scripts, and Pixels

3.1. The Operator of the website provides the following brief clarification regarding the function of cookies, scripts, and pixels:

3.1.1. Cookies are text files containing a small amount of information that are downloaded to your device when you visit a website. These files allow the website to retain information about your actions and preferences (such as login name, language, font size, and other display settings) for a certain period of time, so you do not have to re-enter them during subsequent visits to the website or while browsing its individual pages.

A script is a portion of program code used for the correct and interactive functioning of websites. This code is executed on the Operator’s server or on your device.

Pixels are small, invisible texts or images on a website used to monitor website traffic. Various data are stored via pixels to enable this monitoring.

3.1.2. Cookies are categorized as follows:

  • Technical or functional cookies – ensure the proper functioning and use of the Operator’s website. These cookies are used without consent.

  • Statistical cookies – allow the Operator to collect statistics on the use of its website. These cookies are used only with consent.

  • Marketing / Advertising cookies – used to create advertising profiles and similar marketing activities. These cookies are used only with consent.

3.2. How to control cookies:

3.2.1. You can control and/or delete cookies at your discretion – for details, see aboutcookies.org. You can delete all cookies stored on your computer or other device, and most browsers can be set to prevent cookies from being stored.

3.3. The Operator’s website uses the following cookies:

All cookies used by the Operator can be found at https://www.cookieserve.com/ by entering the Operator’s website address: https://www.titzmach.com.

  • Technical or functional cookies – accessed by the Operator of the website. Cookie duration: 2 years.

  • Statistical cookies – accessed by the Operator of the website. Cookie duration: 2 years.

  • Marketing and advertising cookies – accessed by the Operator of the website. Cookie duration: 2 years.

3.3.1. Cookies shared with third parties:

Google Analytics, Google ADS: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. More information about privacy can be found at https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008.

Processed Personal Data

4.1. The Operator processes the following personal data on its website: first name, last name, place of residence, email address, home phone number, mobile phone number, billing address, shipping address, data obtained from cookies, and IP addresses.

Contact Details of the Person Responsible for Personal Data Protection

5.1. The Operator has appointed a Data Protection Officer in accordance with Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Contact:

Email: [email protected]
Tel.: +421 940 350 526

5.2. The Operator is also the Seller within the meaning defined in the General Terms and Conditions of this website.

Purposes of Processing Personal Data of the Data Subject and Retention Period

6.1. The purposes of processing the personal data of the Data Subject are primarily:

6.1.1. Recording, creating, and processing contracts and client data for the purpose of entering into agreements with third parties.

6.1.2. Processing accounting documents and other documents related to the Operator’s business activities.

6.1.3. Compliance with legal regulations regarding the archiving of documents and records, e.g., according to Act No. 431/2002 Coll., the Accounting Act, as amended, and other applicable regulations.

6.1.4. The Operator’s activities related to fulfilling requests, orders, contracts, and similar actions of the Data Subject.

6.1.5. Newsletters, marketing, and similar advertising activities of the Operator. If the Data Subject has given consent for marketing and similar advertising activities, the Operator will process personal data for these purposes.

6.2. The Operator retains the personal data of the Data Subject only for the period necessary to fulfill the contract and for subsequent archiving in accordance with statutory deadlines imposed by law. If the Data Subject has consented to receiving promotional emails and similar offers, the personal data of the Data Subject will be processed for these purposes until the Data Subject withdraws their consent, but for no longer than 10 years.

VII. Legal Basis for Processing Personal Data of the Data Subject

7.1. If the Operator processes personal data based on the consent of the Data Subject, such processing will commence only after the Data Subject has given their consent.

7.2. If the Operator processes personal data of the Data Subject for the purposes of negotiating pre-contractual relations, concluding, and fulfilling a purchase contract, including the delivery of goods, products, or services, the Data Subject is obliged to provide the personal data necessary for proper contract performance. Without these data, performance cannot be ensured. Personal data for this purpose are processed without the consent of the Data Subject.

VIII. Recipients or Categories of Recipients of Personal Data

8.1. Recipients of the personal data of the Data Subject will be, or at a minimum may include:

8.1.1. Statutory bodies or their members of the Operator.

8.1.2. Persons performing work in an employment or similar relationship for the Operator.

8.1.3. Sales representatives of the Operator and other persons cooperating with the Operator in fulfilling the Operator’s tasks. For the purposes of this document, all natural persons performing dependent work for the Operator based on an employment contract or agreements on work performed outside of an employment relationship shall be considered employees of the Operator.

8.1.4. Recipients of personal data of the Data Subject also include collaborators of the Operator, its business partners, suppliers, and contractual partners, in particular: an accounting company, a company providing services related to software creation and maintenance, a company providing legal services to the Operator, a company providing consultancy to the Operator, companies providing transport and delivery of products to buyers and third parties, marketing companies, companies operating social networks, companies providing payment gateways and other payment methods.

8.1.5. Recipients of personal data also include courts, law enforcement authorities, tax offices, and other state authorities, if required by law. In such cases, personal data will be provided by the Operator to the respective authorities and state institutions on the basis of and in accordance with the legal regulations of the Slovak Republic.

8.1.6. List of third-party entities – intermediaries and recipients processing the personal data of the Data Subject:

  • Direct Parcel Distribution SK, s.r.o., identification number 35 834 498, registered office Pri letisku 5, 821 04 Bratislava – third party providing transport services

  • Packeta Slovakia s.r.o., Kopčianska 3338/82A, Bratislava – Petržalka 851 01 – third party providing transport services

  • General Logistics Systems Slovakia s.r.o., Budča 1039, 962 33 Budča, Slovak Republic – third party providing transport services

  • Zásilkovna s.r.o., Prague, ID: 28408306, Českomoravská 2408/1a, 190 00 Prague – Libeň – third party providing transport services

  • DPD-služby, s.r.o., ID: 25131036, Hvozdnice 140, 252 05 Hvozdnice – third party providing transport services

  • Heureka Shopping s.r.o., Karolinská 650/1, 186 00 Prague 8 – Karlín, Czech Republic, ID: 02387727 – third party monitoring customer satisfaction with the website and providing the Verified Customer service

8.2. The Operator of the online store assesses customer satisfaction through email surveys as part of the “Verified Customers” program, in which the Operator’s online store participates. The Operator sends the survey to the Data Subject – the Buyer – each time the Data Subject – Buyer – makes a purchase from the Operator’s online store, unless, in accordance with Act No. 452/2021 Coll., as amended, the Data Subject – Buyer – has refused to receive emails for the purposes of direct marketing.

Processing personal data for the purpose of sending surveys within the “Verified Customers” program is based on the Operator’s legitimate interest, which consists in determining the satisfaction of the Data Subject – Buyer – with their purchase through the Seller’s online store.

For sending surveys, evaluating feedback from the Data Subject – Buyer, and analyzing market position, the Operator uses a processing intermediary, which is the operator of the portal Heureka.sk. For these purposes, the Operator may provide information about the purchased goods and the email address of the Data Subject – Buyer. Personal data of the Data Subject – Buyer are not disclosed to any third party for their own purposes when sending email surveys.

The Data Subject – Buyer may object at any time to receiving email surveys within the “Verified Customers” program by refusing further surveys using the link provided in the survey email. In case of objection by the Data Subject – Buyer, the survey will no longer be sent to the Data Subject – Buyer by the Operator.

Information on the Provision of Personal Data to Third Countries and Retention Period

9.1. Not applicable. The Operator does not transfer personal data of individuals to third countries.

Information on the Existence of Relevant Rights of the Data Subject

10.1. The Data Subject has, among others, the following rights, whereby:

10.1.1. The provisions of section 10.1 do not affect other rights of the Data Subjects.

10.1.2. The right of the Data Subject to access data pursuant to Article 15 of the Regulation, which includes:

The right to obtain from the Operator confirmation as to whether personal data concerning the Data Subject are being processed, and if so, to what extent. At the same time, if the data are being processed, the Data Subject has the right to access the content of the data and request information from the Operator about the reasons for processing, in particular information on:

  • The purpose of the processing;

  • The categories of personal data concerned;

  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;

  • The envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

  • The existence of the right to request from the Operator the rectification of personal data concerning the Data Subject, their erasure, or restriction of processing, and the existence of the right to object to such processing;

  • The right to lodge a complaint with a supervisory authority;

  • Where personal data were not obtained from the Data Subject, any available information as to their source;

  • The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the Regulation, and in such cases at least meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject;

  • Appropriate safeguards pursuant to Article 46 of the Regulation regarding the transfer of personal data if personal data are transferred to a third country or an international organization.

10.1.3. The right to receive a copy of the personal data being processed, provided that the right to receive a copy of the processed personal data does not adversely affect the rights and freedoms of others.

10.1.4. The right of the Data Subject to rectification pursuant to Article 16 of the Regulation, which includes the right for the Operator to correct without undue delay any inaccurate personal data concerning the Data Subject, and the right to complete incomplete personal data of the Data Subject, including by providing a supplementary statement of the Data Subject.

10.1.5. The right of the Data Subject to erasure of personal data (“right to be forgotten”) pursuant to Article 17 of the Regulation, which includes the right to have the Operator erase personal data concerning the Data Subject without undue delay if any of the following grounds apply:

  • Personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

  • The Data Subject withdraws consent on which the processing is based, and there is no other legal ground for processing;

  • The Data Subject objects to the processing of personal data pursuant to Article 21(1) of the Regulation and there are no overriding legitimate grounds for processing;

  • The Data Subject objects to the processing of personal data pursuant to Article 21(2) of the Regulation;

  • Personal data have been unlawfully processed;

  • Personal data must be erased to comply with a legal obligation under European Union law or the law of a Member State to which the Operator is subject;

  • Personal data were collected in relation to the offer of information society services pursuant to Article 8(1) of the Regulation.

10.1.6. The right for the Data Subject to have the Operator, who has made personal data public, take reasonable measures, including technical measures, considering available technology and the cost of implementation, to inform other Operators processing the personal data that the Data Subject requests the deletion of any links to, copies, or replications of the personal data. This right to erasure pursuant to Article 17(1) and (2) of the Regulation does not arise if processing is necessary:

10.1.7. For exercising the right of freedom of expression and information.

10.1.8. For compliance with a legal obligation that requires processing under European Union law or the law of a Member State to which the Operator is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Operator.

10.1.9. For reasons of public interest in the area of public health, in accordance with Article 9(2)(h) and (i) of the Regulation, as well as Article 9(3) of the Regulation.

10.1.10. For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) of the Regulation, provided that the right referred to in Article 17(1) of the Regulation is likely to render impossible or seriously impair the achievement of the objectives of such processing; or for the establishment, exercise, or defense of legal claims.

10.1.11. The right of the Data Subject to restriction of processing of personal data pursuant to Article 18 of the Regulation, which includes:

10.1.12. The right to require the Operator to restrict the processing of personal data in any of the following cases:

  • The Data Subject contests the accuracy of the personal data, for a period enabling the Operator to verify the accuracy of the personal data;

  • Processing of personal data is unlawful and the Data Subject objects to the erasure of the personal data and requests restriction instead;

  • The Operator no longer needs the personal data for processing purposes, but the Data Subject requires them for the establishment, exercise, or defense of legal claims;

  • The Data Subject has objected to processing pursuant to Article 21(1) of the Regulation, pending verification whether the legitimate grounds of the Operator override those of the Data Subject.

10.1.13. The right that, in the event that the processing of personal data has been restricted, such restricted personal data shall only be processed with the consent of the Data Subject, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State, except for storage purposes.

10.1.14. The right to be informed in advance about the lifting of the restriction on the processing of personal data.

10.1.15. The right of the Data Subject to notification obligations toward recipients pursuant to Article 19 of the Regulation, which includes: the right for the Operator to notify each recipient to whom personal data have been disclosed of any correction, erasure of personal data, or restriction of processing carried out pursuant to Article 16, Article 17(1), and Article 18 of the Regulation, unless this proves impossible or involves disproportionate effort; the right for the Operator to inform the Data Subject about these recipients if the Data Subject requests it.

10.1.16. The right of the Data Subject to data portability pursuant to Article 20 of the Regulation, which includes the right to obtain personal data concerning the Data Subject, which the Data Subject has provided to the Operator, in a structured, commonly used, and machine-readable format, and the right to transmit these data to another Operator without hindrance from the Operator, if:

a/ the processing is based on the consent of the Data Subject pursuant to Article 6(1)(a) or Article 9(2)(a) of the Regulation, or on a contract pursuant to Article 6(1)(b) of the Regulation, and simultaneously

b/ the processing is carried out by automated means; and simultaneously:

10.1.17. The right to obtain personal data in a structured, commonly used, and machine-readable format and the right to transmit these data to another Operator without hindrance from the Operator, provided it does not adversely affect the rights and freedoms of others.

10.1.18. The right to have personal data transmitted directly from one Operator to another, where technically feasible.

10.1.19. The right of the Data Subject to object pursuant to Article 21 of the Regulation, which includes:

10.1.20. The right to object at any time, on grounds relating to the particular situation of the Data Subject, to the processing of personal data concerning them, which is carried out pursuant to Article 6(1)(e) or (f) of the Regulation, including profiling based on those provisions.

10.1.21. In the exercise of the right to object at any time for reasons relating to the particular situation of the Data Subject to the processing of personal data concerning them, carried out pursuant to Article 6(1)(e) or (f) of the Regulation, including profiling based on those provisions, the right to require the Operator to cease processing the personal data of the Data Subject unless the Operator demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject, or for the establishment, exercise, or defense of legal claims.

10.1.22. The right to object at any time to the processing of personal data concerning the Data Subject for direct marketing purposes, including profiling to the extent that it is related to direct marketing; where, if the Data Subject objects to processing for direct marketing purposes, personal data may no longer be processed for such purposes.

10.1.23. In connection with the use of information society services, the right to exercise the right to object to the processing of personal data by automated means using technical specifications.

10.1.24. The right to object, on grounds relating to the particular situation of the Data Subject, to the processing of personal data concerning the Data Subject, if personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the Regulation, except where the processing is necessary for the performance of a task carried out for reasons of public interest.

10.1.25. The rights of the Data Subject related to automated individual decision-making pursuant to Article 22 of the Regulation, which include:

10.1.26. The right not to be subject to a decision based solely on automated processing of personal data, including profiling, which produces legal effects concerning them or similarly significantly affects them, except in the cases provided for in Article 22(2) of the Regulation, i.e., except where the decision is:
(a) necessary for entering into or performance of a contract between the Data Subject and the Operator,

10.1.27. (b) authorized by European Union law or the law of a Member State to which the Operator is subject, and which also lays down suitable measures to safeguard the Data Subject’s rights, freedoms, and legitimate interests; or
(c) based on the explicit consent of the Data Subject.

XI. Information on the Right of the Data Subject to Withdraw Consent to the Processing of Personal Data

11.1. The Data Subject has the right to withdraw their consent to the processing of personal data at any time, without affecting the lawfulness of processing based on consent given prior to its withdrawal.

The Data Subject is entitled to withdraw consent to the processing of personal data at any time—either in full or partially. Partial withdrawal of consent to the processing of personal data may concern a specific type of processing operation(s), while the lawfulness of processing for the remaining operations shall remain unaffected. Partial withdrawal of consent may also relate to a specific purpose(s) of data processing, while the lawfulness of processing for other purposes shall remain unaffected.

The right to withdraw consent to the processing of personal data may be exercised by the Data Subject in writing, sent to the Operator’s registered office as listed in the commercial register at the time of withdrawal, or electronically, by sending an email to the Operator’s email address provided in this document.

XII. Information on the Right of the Data Subject to Lodge a Complaint with a Supervisory Authority

12.1. The Data Subject has the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or the place of the alleged infringement, if they consider that the processing of personal data concerning them is in violation of the Regulation, without prejudice to any other administrative or judicial remedy.

The Data Subject has the right to be informed by the supervisory authority to which the complaint was lodged about the progress and outcome of the complaint, including the possibility of filing a judicial remedy pursuant to Article 78 of the Regulation.

12.2. The supervisory authority in the Slovak Republic is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, Slovak Republic. Tel.: +421 2 3231 3214, Email: [email protected]

XIII. Information Related to Automated Decision-Making, Including Profiling

13.1. Since the Operator does not process the personal data of the Data Subject through automated decision-making, including profiling as referred to in Article 22(1) and (4) of the Regulation, the Operator is not obliged to provide information pursuant to Article 13(2)(f) of the Regulation, i.e., information on automated decision-making, including profiling, the procedure used, as well as the significance and anticipated consequences of such processing for the Data Subject. Not applicable.

XIV. Final Provisions

14.1. These Principles and Instructions on Personal Data Protection and Cookie Information constitute an integral part of the General Terms and Conditions and the Complaints Procedure. The documents—General Terms and Conditions and Complaints Procedure—of this Website are published on the domain of the Seller’s Website.

14.2. These Personal Data Protection Principles take effect and become valid upon their publication on the Seller’s Website on 11 August 2025.