Privacy Policy and Cookie Notice

Privacy Policy and Information on the Processing of Personal Data Provided by the Controller to the Data Subject When Obtaining Personal Data, and Cookie Notice of the Online Store www.mountrastore.com

 

I. Controller

1.1. The identity and contact details of the Controller are as follows:

Business name: Petsky, s. r. o.
Registered office: Klimkovičova 3164/21, 040 23 Košice – Sídlisko KVP, Slovak Republic
Registered in the Commercial Register of the District Court Žilina, Section Sro, Insert No. 87564/L
Company ID: 56937407
Tax ID: 2122504230
Bank account: SK5275000000004034983576

The Seller is not a VAT payer.

 

1.2. The Controller's email and telephone contact details are:

Email: info@petsky.eu
Phone: +421 907 976 751

 

1.3. Address for correspondence:

Petsky, s. r. o., Klimkovičova 21, 040 23 Košice, Slovak Republic

 

1.4. In accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the “Regulation”), as well as Act No. 18/2018 Coll. on the Protection of Personal Data and on the Amendment and Supplementing of Certain Acts as amended, and Act No. 452/2021 Coll. on Electronic Communications as amended, the Controller hereby provides the Data Subject (the Buyer), from whom the Controller (the Seller) obtains personal data concerning them, with the following information, explanations, and instructions:

II. References

2.1. This Privacy Policy and information form an integral part of the General Terms and Conditions published on the Seller’s Website.

2.2. The Seller informs consumers that there are no specific applicable codes of conduct to which the Seller has committed to adhere. A code of conduct is understood as an agreement or set of rules that define the behavior of the Seller who has undertaken to comply with it in relation to one or more specific commercial practices or business sectors, unless established by law, another legal regulation, or a public authority measure, and how the consumer can become acquainted with them or obtain their wording.

III. Retention Period

3.1. The Controller retains personal data of the Data Subject only for the period necessary to fulfil the contract and for the subsequent archiving period required by legal regulations. If the Data Subject has given consent to receive marketing emails or similar offers, their personal data will be processed for such purposes until the consent is withdrawn, but no longer than 5 years.

IV. Processed Personal Data

4.1. The Controller processes the following personal data on its website: name, surname, residence address, email address, landline telephone number, mobile phone number, billing address, delivery address, data obtained from cookies, IP addresses.

V. Contact Details of the Data Protection Officer

5.1. The Controller has appointed a Data Protection Officer in accordance with Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Contact: Email: info@mountrastore.com, Tel.: +421 907 976 751

5.2. The Controller is also the Seller within the meaning of the term defined in the General Terms and Conditions of this website.

VI. Purposes and Duration of Personal Data Processing

6.1. The purposes of processing the personal data of the Data Subject are in particular:

6.1.1. Registration, creation, and processing of contracts and client data for the purpose of concluding contracts with third parties.

6.1.2. Processing of accounting documents and other documents related to the Controller's business activities.

6.1.3. Compliance with legal regulations concerning the archiving of documents, e.g. in accordance with Act No. 431/2002 Coll. on Accounting as amended, and other relevant regulations.

 6.1.4. Activities of the Operator in connection with the fulfillment of the request, order, contract, and similar legal instruments of the Data Subject.

6.1.5. Newsletter, marketing, and similar advertising activities of the Operator. In the event of the Data Subject granting consent to the Operator for marketing and similar advertising activities.

VII. Legal basis for the processing of personal data of the Data Subject

7.1. In the event that the Operator processes personal data based on the consent of the Data Subject, such processing shall commence only after the Data Subject has given the said consent.

7.2. In the event the Operator processes personal data of the Data Subject for the purposes of negotiating pre-contractual relations and concluding and fulfilling a purchase contract, and the related delivery of goods, products, or services. The Data Subject is obliged to provide personal data for the proper performance of the purchase contract; otherwise, the fulfillment cannot be ensured. Personal data for this purpose are processed without the consent of the Data Subject.

VIII. Recipients or categories of recipients of personal data

8.1. Recipients of the personal data of the Data Subject shall be or may at least include:

8.1.1. Statutory bodies or their members of the Operator.

8.1.2. Persons performing work activities under an employment or similar relationship for the Operator.

8.1.3. Sales representatives of the Operator and other persons cooperating with the Operator in fulfilling the Operator's tasks. For the purposes of this document, all natural persons performing dependent work for the Operator based on an employment contract or agreements on work performed outside an employment relationship shall be considered employees of the Operator.

8.1.4. Recipients of the personal data of the Data Subject shall also include collaborators of the Operator, its business partners, suppliers, and contractual partners, in particular: accounting company, company providing services related to the creation and maintenance of software, company providing legal services to the Operator, company providing consultancy to the Operator, companies ensuring transport and delivery of products to buyers and third parties, marketing companies, companies operating social networks, companies ensuring payment gateways and other payment methods.

 8.1.5. Recipients of personal data shall also include courts, authorities competent in criminal proceedings, the tax office, and other state authorities, if so provided by law. Personal data shall be provided by the Operator to the respective offices and state institutions based on and in accordance with the legal regulations of the Slovak Republic.

8.1.6. List of third parties – intermediaries and recipients who process the personal data of the Data Subject:

• Slovenská pošta, a.s., Partizánska cesta 9, 975 99 Banská Bystrica, Company ID: 36631124 – third party providing transportation services

• Direct Parcel Distribution SK, s.r.o., registered office at Technická 7, 82104 Bratislava, Company ID: 35834498 – third party providing transportation services

• Packeta Slovakia s. r. o., registered office at Sliačska 1E, 831 02 Bratislava – Nové Mesto district, Company ID: 48136999 – third party providing transportation services

IX. Information on the provision of personal data to third countries and their retention period:

9.1. This applies. The Operator transfers personal data of individuals in the form of cookies to third countries, to the following entities:

• Google HQ, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. More information about privacy can be found at: https://support.google.com/analytics/topic/2919631?hl=sk&ref_topic=1008008

• META Pixels: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. More information about privacy can be found at: https://www.facebook.com/about/privacy/

• Google LLC, D/B/A YouTube, 901 Cherry Ave., San Bruno, CA 94066, USA. More information about privacy can be found at: https://support.google.com/analytics/topic/2919631?hl=sk&ref_topic=1008008

 X. Information on the existence of relevant rights of the Data Subject:

10.1. The Data Subject has, among others, the following rights, whereby:

10.1.1. The rights listed under point 10.1 do not affect other rights of the Data Subject.

10.1.2. The right of the Data Subject to access data pursuant to Article 15 of the Regulation, which includes the right to obtain from the Operator confirmation as to whether personal data concerning the Data Subject are being processed, and if so, to what extent. At the same time, if processed, the Data Subject has the right to know their content and to request from the Operator information about the reason for their processing, in particular information on: the reason for processing, categories of personal data concerned, recipients or categories of recipients to whom the personal data have been or will be disclosed, especially in the case of recipients in third countries or international organizations, the anticipated retention period of the personal data or, if that is not possible, the criteria used to determine that period, the existence of the right to request from the Operator the rectification of personal data concerning the Data Subject or their erasure or restriction of processing, and the existence of the right to object to such processing, the right to lodge a complaint with a supervisory authority, if personal data were not obtained from the Data Subject, any available information as to their source, the existence of automated decision-making including profiling as referred to in Article 22(1) and (4) of the Regulation and, in such cases, at least meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the Data Subject, and appropriate safeguards pursuant to Article 46 of the Regulation relating to the transfer of personal data to a third country or an international organization.

10.1.3. The right to receive a copy of the personal data being processed, provided that the right to receive a copy of the processed personal data shall not adversely affect the rights and freedoms of others.

10.1.4. The right of the Data Subject to rectification pursuant to Article 16 of the Regulation, which includes the right that the Operator shall rectify without undue delay any inaccurate personal data concerning the Data Subject, and the right to complete incomplete personal data concerning the Data Subject, including by means of providing a supplementary statement by the Data Subject.

10.1.5. The right of the Data Subject to erasure of personal data (the so-called "right to be forgotten") pursuant to Article 17 of the Regulation, which includes:

The right to obtain from the Operator without undue delay the erasure of personal data concerning the Data Subject, if one of the following grounds applies:

• the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,

• the Data Subject withdraws consent on which the processing is based, and there is no other legal ground for processing,

• the Data Subject objects to the processing of personal data pursuant to Article 21(1) of the Regulation and there are no overriding legitimate grounds for the processing, or the Data Subject objects to the processing pursuant to Article 21(2) of the Regulation,

• the personal data have been unlawfully processed,

• the personal data must be erased to comply with a legal obligation under Union or Member State law to which the Operator is subject,

• the personal data have been collected in relation to the offer of information society services pursuant to Article 8(1) of the Regulation;

 

10.1.6. The right of the Data Subject to require the Controller, who has made personal data public, taking into account available technology and the cost of implementation, to take reasonable measures, including technical measures, to inform other Controllers processing the personal data that the Data Subject requests the erasure of all links to, copies, or replications of those personal data, provided that the right to erasure of personal data under the rights set out in Article 17(1) and (2) of the Regulation shall not apply where processing is necessary for:

10.1.7. exercising the right of freedom of expression and information;

10.1.8. compliance with a legal obligation which requires processing under European Union law or the law of a Member State to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;

10.1.9. reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) of the Regulation, as well as Article 9(3) of the Regulation;

10.1.10. archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) of the Regulation, where the exercise of the right referred to in Article 17(1) of the Regulation is likely to render impossible or seriously impair the achievement of the objectives of such processing; or for the establishment, exercise, or defense of legal claims;

10.1.11. The right of the Data Subject to restriction of processing of personal data pursuant to Article 18 of the Regulation, which includes:

10.1.12. The right to require the Controller to restrict the processing of personal data in the following cases: the Data Subject contests the accuracy of the personal data during the period enabling the Controller to verify the accuracy of the personal data; the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests restriction instead; the Controller no longer needs the personal data for processing purposes, but the Data Subject requires them for the establishment, exercise, or defense of legal claims; the Data Subject has objected to processing pursuant to Article 21(1) of the Regulation pending verification whether the legitimate grounds of the Controller override those of the Data Subject.

 10.1.13. The right that, if the processing of personal data has been restricted, such restricted personal data shall, except for storage, be processed only with the consent of the Data Subject or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State;

10.1.14. The right to be informed in advance about the lifting of the restriction on the processing of personal data;

10.1.15. The right of the Data Subject to the notification obligation towards recipients pursuant to Article 19 of the Regulation, which means the right to require the Controller to communicate any rectification or erasure of personal data or restriction of processing carried out pursuant to Articles 16, 17(1), and 18 of the Regulation to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort, and the right to be informed by the Controller about those recipients if the Data Subject so requests;

10.1.16. The right of the Data Subject to data portability pursuant to Article 20 of the Regulation, which means the right to receive the personal data concerning them, which they have provided to the Controller, in a structured, commonly used, and machine-readable format, and the right to transmit those data to another Controller without hindrance by the Controller to whom the personal data have been provided, where:

a) the processing is based on the consent of the Data Subject pursuant to Article 6(1)(a) or Article 9(2)(a) of the Regulation, or on a contract pursuant to Article 6(1)(b) of the Regulation, and simultaneously

b) the processing is carried out by automated means; and simultaneously:

10.1.17. the right to receive personal data in a structured, commonly used, and machine-readable format, and the right to transmit those data to another Controller without hindrance, provided that this right does not adversely affect the rights and freedoms of others;

10.1.18. the right to have personal data transmitted directly from one Controller to another, where technically feasible;

10.1.19. The right of the Data Subject to object pursuant to Article 21 of the Regulation, which includes:

10.1.20. The right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is based on Article 6(1)(e) or (f) of the Regulation, including profiling based on those provisions;

10.1.21. In the case of exercising the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is based on Article 6(1)(e) or (f) of the Regulation, including profiling based on those provisions, the right to require the Controller to no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject, or for the establishment, exercise, or defense of legal claims.

 10.1.22. The right to object at any time to the processing of personal data concerning the Data Subject for the purposes of direct marketing, including profiling to the extent that it is related to direct marketing; where the Data Subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes;

10.1.23. In the context of the use of information society services, the right to exercise the right to object to the processing of personal data by automated means using technical specifications;

10.1.24. The right to object on grounds relating to the Data Subject’s particular situation to the processing of personal data concerning the Data Subject for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the Regulation, except where the processing is necessary for the performance of a task carried out for reasons of public interest;

10.1.25. The rights of the Data Subject related to automated individual decision-making pursuant to Article 22 of the Regulation, which include:

10.1.26. The right not to be subject to a decision based solely on automated processing of personal data, including profiling, which produces legal effects concerning them or similarly significantly affects them, except in cases pursuant to Article 22(2) of the Regulation [i.e., except where the decision is:
(a) necessary for entering into or performance of a contract between the Data Subject and the Controller,

10.1.27. (b) authorized by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests, or
(c) based on the Data Subject’s explicit consent].

 XI. Information on the Data Subject's Right to Withdraw Consent to the Processing of Personal Data:

11.1. The Data Subject has the right to withdraw their consent to the processing of personal data at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.

The Data Subject may withdraw their consent in full or in part at any time. Partial withdrawal of consent may concern a certain type of processing operation(s), while the lawfulness of processing of personal data within the scope of remaining processing operations remains unaffected. Partial withdrawal of consent may also concern specific processing purposes, while the lawfulness of processing for other purposes remains unaffected.

The right to withdraw consent may be exercised by the Data Subject in written form sent to the Controller's registered office address as stated in the commercial register at the time of consent withdrawal, or electronically via electronic means (by sending an email to the Controller’s email address provided in this document).

XII. Information on the Data Subject's Right to Lodge a Complaint with a Supervisory Authority:

12.1. The Data Subject has the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or place of the alleged infringement, if they consider that the processing of personal data relating to them infringes the Regulation, without prejudice to any other administrative or judicial remedies.

The Data Subject has the right to be informed by the supervisory authority to which the complaint was submitted about the progress and outcome of the complaint, including the possibility to seek a judicial remedy pursuant to Article 78 of the Regulation.

12.2. The supervisory authority in the Slovak Republic is the Office for Personal Data Protection of the Slovak Republic, Park One Building, Námestie 1. mája 18, 811 06 Bratislava.

Phone: +421 2 32 31 32 14, Email: statny.dozor@pdp.gov.sk

XIII. Information Related to Automated Decision-Making, Including Profiling:

13.1. Since the Controller does not perform automated decision-making including profiling within the meaning of Article 22(1) and (4) of the Regulation, the Controller is not obliged to provide the information pursuant to Article 13(2)(f) of the Regulation, i.e., information about automated decision-making including profiling and about the logic involved as well as the significance and the envisaged consequences of such processing for the Data Subject. This does not apply.

XIV. Data Protection and Use of Cookies. Information and Explanation of Cookies, Scripts, and Pixels:

14.1. The Controller of the website provides the following brief explanation of the function of cookies, scripts, and pixels:

14.1.1. Cookies are text files containing small amounts of information, which are downloaded to your device when you visit a website. These files allow the website to store information about your actions and preferences (such as login name, language, font size, and other display settings) for a certain period, so you do not have to re-enter them during subsequent visits or while navigating between pages.

A script is a piece of program code used for the proper and interactive functioning of websites. This code is executed on the server of the Controller or on your device.

Pixels are small, invisible text or images on a webpage used to monitor website traffic. Through pixels, various data are stored to enable this monitoring.

14.1.2. Types of Cookies:

• Necessary cookies – ensure the proper functioning and use of the Controller’s website. These cookies are used without consent.

• Functional cookies – relate to users’ choices regarding the use of cookies on the website, including the options to accept, reject, or customize cookie settings based on their privacy preferences.

• Statistical cookies – the Controller obtains statistics about the use of its website. These cookies are used only with consent.

• Advertising cookies – used for creating advertising profiles and similar marketing activities. These cookies are used only with consent.

14.2. How to Control Cookies:

14.2.1. You can control and/or delete cookies at your discretion – for details, see aboutcookies.org. You may delete all cookies stored on your computer or other device, and most browsers can be set to prevent cookies from being stored.

14.3. Cookies Used:

Necessary cookies

• keep_alive
  First-party session cookie. This cookie is used to maintain an active user session on the website and to ensure that the user’s connection remains secure and uninterrupted during their browsing session.

• secure_customer_sig
  First-party cookie, 1 year. Generally provided by Shopify and used in connection with customer login.

Functional cookies

• localization
  First-party cookie, 1 year. These cookies are set on pages with the Flickr widget.

Advertising cookies

• _tracking_consent
  First-party session cookie, 1 year.

14.3.2. Cookies Shared with Third Parties:

• Google HQ
  1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  For privacy information, see: https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008

• META Pixels
  Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
  For privacy information, see: https://www.facebook.com/about/privacy/

XV. Final Provisions

15.1. These Privacy Policy and Cookie Policy form an integral part of the General Terms and Conditions and the Complaints Procedure. The documents – General Terms and Conditions and Complaints Procedure of this Website are published on the domain of the Seller’s Website.

15.2. These Privacy Policy provisions shall enter into force and become effective upon their publication on the Seller’s Website on May 23, 2025.