Privacy and data processing principles of the company and information provided by the controller

in accordance with the GDPR (“General Data Protection Regulation”) Regulation (EU) 2016/679 of the European Parliament and of the Council, in force and effective as of 25.05.2018 and 18/2018 of the Personal Data Protection Act hereinafter referred to as (“Act and GDPR”) and (hereinafter also referred to as “Conditions”)

1. controller under these Conditions means:

Sound Healing Slovakia s.r.o., Pod Válkom 10181/12, 83107 Bratislava – Vajnory ID: 53300025, TAX ID: 2121353366, VAT ID: SK2121353366 on behalf of which act the executive directors Mgr. Lucia Nosko and Mgr. Martin Nosko (hereinafter referred to as the “controller”).

We follow the rules and therefore the protection of your personal data hereinafter referred to as (“PII”) is important for us. We process PII in accordance with these conditions.

By giving consent to the processing of PII on the portal https://soundhealingslovakia.sk/ the data subject provides the consent in a serious and freely given, specific, informed and unambiguous expression of his or her will in the form of an unambiguously affirmative act within the meaning of the GDPR and the law.

      1.1 The data subject under these conditions means:

A visitor to the website in question, a prospective customer, a customer or any natural person whose PII is processed by the controller.

2. Purpose of the processing of PII, legal basis, category of PII, period for erasure and disclosure.

3. ONLINE ENVIRONMENT

The controller is responsible for the collection of the data and, in part, the operators of the social networking platforms. In certain processing operations, we act as joint controllers within the meaning of Article 26(4) of the Regulation.

The controller operates the following funpages on these platforms:

• Facebook
• Instagram

The operators of these social networks have their own adopted rules, service infrastructure and their own privacy provisions. The operating and contractual conditions of the aforementioned companies apply to the protection of data subjects’ PII. Users of social networks are responsible for their content and their profiles. For more detailed information on the processing of personal data by the data controller, please see below: 

– Facebook: https://www.facebook.com/privacy/explanation
– Instagram: https://help.instagram.com/519522125107875

The purpose of the processing of personal data is to operate FUN PAGE’s own profiles on social networks and to communicate with you as citizens, interacting on topics in the community as well as answering relevant questions in comments e.g. Facebook/Instagram.

We may collect anonymous statistical data about your visits through a feature called Facebook Insight, which is provided to us free of charge by Facebook under immutable terms of use. This data is collected via hidden files (hereinafter referred to as “cookies (ID)”), each of which contains a unique user code that is active for a period of two years and is stored by Facebook on the hard drive of the computer or other device of visitors to the fan page. The user code, which can be associated with the connection data of users registered on Facebook, is collected and processed when the fan pages are opened.

The legal basis for the processing of personal data is Article 6(1)(f) legitimate interest.

The personal data you post on our “FUN PAGE” social networking pages such as comments, likes, videos, pictures, etc. will be published via the social networking platform. We do not process the personal data subsequently for any other purpose. The operator reserves the right to delete such comments and other content such as videos, images, etc. if they are in violation of applicable legislation (hateful comments, snide comments, racist or otherwise violating fundamental human rights and freedoms) this content and the right to share your posts if you communicate via social networks.

Posts are kept on our “timeline” page indefinitely or until you delete them as a commenting citizen, or until we delete them as the controller.

The website also contains social networks plugins. The data is not collected unless the data subject clicks on the logos and thus no data will be transferred to the social networks. By clicking on these logos, the data subject accepts communication with the social network servers, thereby creating a link.

4. THIRD PARTIES

4.1 The PII is processed by our employees who have been duly instructed on how to handle the PII as well as signed a confidentiality agreement.

4.2  Your PII may be disclosed to third parties. During the processing of an order and the performance of a contract, data is also disclosed to third parties such as banks, accounting companies, partners and the like, e.g.:

• Google LLC – Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (tools for online marketing),
• Google Analytics – Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (statistics),
• Facebook, Inc. (tools for online marketing), Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, United States,
• Facebook Pixel, Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, United States,
• INSTAGRAM (marketing), Instagram LLC, ATTN: Arbitration Opt-out 1601 Willow Rd. Menlo Park, CA 94025, United States,
• Microsoft Corporation, Redmont 980 52 Washington, United States (LINKEDIN social network),
• YOUTUBE, (marketing), YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, United States,
• The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, United States (Mailchimp application),
• Reservio, s.r.o., with registered office at Hlinky 995/70, Staré Brno, 603 00 Brno, Czech Republic.

• Accounting company, attorney’s office
• Application – Google, IOS, Apple
• Programmers, web hosting (Websupport).
• Slovak Post.

5. UNDER THE AGE OF 16

In connection with the offer of information society services, the controller lawfully processes PII on the basis of the data subject’s consent if the data subject has reached the age of 16. This portal is not directly addressed to persons under the age of 16.

6. PROCESSING PERIOD

The controller shall only process PII for the necessary period of time and shall comply with the principles of processing of PII. If consent has been given, this shall be for the period of time during which consent is given or withdrawn. When we process PII on the basis of law, e.g. the accounting documents, we process these for 10 years.

Data collected for marketing purposes via cookies is processed by the controller for the duration of the consent to the use of cookies, it means for the period, for which you allow the storage of cookies in your browser, or until the period when an objection is raised against the processing of your data for this purpose.

Further processing of PII beyond the aforementioned time limits is only carried out by the controller if this is necessary to comply with the obligations arising from the applicable legislation. The exact specification is set out in Article 2 for each individual purpose of PII processing.

7. TRANSFER TO A THIRD COUNTRY

The controller does not intend to transfer PII to a third country or an international organisation, including the identification of the country or international organisation. However, some of the recipients may have servers located outside the EU (Google, Facebook). These servers may be located in the United States of America (USA). Companies based in the USA that have access to PII are certified under a privacy protection scheme called Privacy Shield and are considered to be the companies that provide an adequate level of protection.

This transfer only takes place subject to strict compliance with the GDPR.

8. AUTOMATED PROFILING

The controller uses automated profiling, namely via Facebook Pixel and by using the Google Analytics measurement code. The controller uses these applications in order to optimize its sites.

Google Analytics is an analytical tool that helps websites and apps owners understand how their visitors use these resources. It is possible to use a set of cookies and collect information and statistics about the use of the website without personally identifying individual visitors in the Google service. For more information about cookies, see paragraph 11.

The Facebook Pixel is a code that is placed on our website. With the help of cookies, which are placed automatically in the customer’s browser, we are able to track your behavior on your website. The Facebook Pixel offers us information about conversions from your Facebook ads, offers the possibility of remarketing to customers who have already visited our website, but is also suitable for audience building. For more information about “cookies”, see paragraph 11.

9. IP ADDRESS

Is a set of numbers uniquely identifying a device on a computer network.

An IP address can be regarded as data relating to an identifiable person from the point of view of the protection of PII.

The IP address becomes PII if:

The IP address is PII if it is processed by an Internet service provider together with another identification (name, email…),

• the static IP addresses used by natural persons/individuals should be considered as personal data,
• the dynamic IP address will be considered as PII if the online service provider processes other identifiers considered as PII together with the dynamic IP address (e.g. first name, last name, email, etc.).

10.  SECURE DATA TRANSFER

Your PII is transmitted securely due to encryption. The SSL (Secure Socket Layer) encryption system is most commonly used for secure communication with web servers. PII in our systems as well as the website are secured by appropriate technical and organisational measures against loss, destruction, alteration and further dissemination of data by unauthorised persons.

11. RIGHTS OF THE DATA SUBJECT

The data subject has the right under the GDPR to (i) the right to rectification, (ii) the right to erasure, (iii) the right to data portability, (iv) the right to object, (v) the right to withdraw consent, (vi) the right of access to information.

• Right to rectification.

The data subject has the right to have incorrect PII relating to him or her corrected by the controller without undue delay and to have incomplete PII completed.

• Right to erasure.

The data subject has the right to have the controller erase PII concerning him or her without undue delay. The controller shall delete such PII without undue delay if one of the following grounds is met:

• PII is no longer necessary for the purpose for which it was obtained or processed,
• the data subject withdraws consent to the processing of PII for at least 1 specific purpose, or the consent is invalid if its provision is precluded by a specific regulation,
• the data subject objects to the processing of PII when it relates to direct marketing, including profiling,
• PII is processed unlawfully,
• the ground for erasure is the fulfilment of an obligation under this Act, a special regulation or an international treaty, to which the Slovak Republic is bound, or
• PII was collected in connection with the offer of information society services the data subject is under the age of 16 years.

If the controller has disclosed PII and is obliged to erase it, he shall also take appropriate security measures, including technical measures, taking into account the available technology and the costs of implementing them, in order to inform other controllers who process the data subject’s PII of his request that those controllers erase references to his PII and copies or copies thereof.

• Right to data portability.

The data subject has the right to obtain PII concerning him or her that he or she has provided to the controller in a structured, commonly used and machine-readable format and has the right to transfer that PII to another controller – the vendor, if technically feasible and if:

• PII are processed on the basis of the data subject’s consent, the contract and the data subject’s consent, which is invalid if its provision is excluded by a specific regulation,
• the processing of PII is carried out by automated means.

• Right to object

The data subject shall have the right to object to the processing of PII concerning him or her for the purpose of direct marketing, including profiling to the extent that profiling is related to direct marketing, the controller shall explicitly inform the data subject of his or her rights at the latest at the time of the first communication with him or her, and this right shall be clearly and separately indicated from any other information. The data subject may exercise his or her right to object by automated means using technical specifications.

• Withdrawal of consent

The data subject has the right to withdraw consent to the processing of PII concerning him or her at any time. Withdrawal of consent shall not affect the lawfulness of the processing of PII based on consent prior to its withdrawal; the data subject must be informed of this fact before consent is given. The data subject may withdraw consent in the same way as he or she gave consent.

• Right of access to information.

The data subject shall have the right to obtain confirmation from the controller as to whether PII relating to him or her is being processed. If the controller processes such PII, the data subject has the right to obtain access to that PII and information about:

• the purpose of the processing of the PII,
• the category of PII processed – in our case, this is ordinary PII, the controller does not process a special category of PII,
• the identification of the recipient or the category of recipient to whom PII has been or is to be disclosed, in particular a recipient in a third country or an international organisation, if applicable,
• the period of retention of PII; if this is not possible, information on the criteria for its determination,
• the right to request the controller to rectify, erase or restrict the processing of PII relating to the data subject, or the right to object to the processing of PII,
• the right to submit the proposal for proceeding
• the source of PII if PII was not obtained from the data subject,
• the existence of automated individual decision-making, including profiling in these cases, the controller shall provide the data subject with information, in particular on the procedure used as well as on the significance and the envisaged consequences of such processing of PII for the data subject.

The controller is obliged to provide information on the basis of this request within 30 days of receipt of this request. The controller may extend this period by a further 60 days, and we will inform you of any postponement.

The controller may charge a reasonable fee corresponding to the administrative costs for the repeated provision of PII requested by the data subject. The controller is obliged to provide the data subject with PII in the manner in which he or she has requested or according to his or her request.

The controller reserves the right to verify the data subject and to ascertain whether the data subject is a specific data subject. Verification consists in providing additional information, e.g. by means of control questions. Verification is important in order to provide information about PII processed by the controller for the protection of PII.

• The right to submit the proposal for proceeding by the data subject.

The data subject can make a complaint to the supervisory authority, which is the Office for the Protection of Personal Data of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27; tel. number: +421 /2/ 3231 3214; email: statny.dozor@pdp.gov.sk, https://dataprotection.gov.sk. In the case of electronic submission, it is necessary to comply with the requirements of Section 19(1) of Act No. 71/1967 Coll. on Administrative Proceedings (administrative fee), or to file a petition to initiate proceedings pursuant to Section 100 of the Act.

12. COOKIES

12.1 In accordance with § 55 paragraph 5 of Act No. 351/2011 Coll. of National Council of the Slovak Republic (NRSR) on Electronic Communications, as amended, we would like to inform you about the use of cookies and draw your attention to the possibility of changing the settings of your internet browser in case the current setting of the use of cookies does not suit you.

This policy contains information on how the collector uses cookies and similar technologies (hereinafter referred to as “cookies” or “cookies file”).

12.2 What are cookies?

Cookies are small text files that may be sent to your internet browser when you visit a website and stored on your device (computer or other internet-enabled device, such as a smartphone or tablet). Cookies are stored in your browser’s file folder. Cookies usually contain the name of the website from which they originate, their validity and value. The next time you visit the site, your web browser will reload the cookies and send this information back to the website that originally created the cookie. The cookies we use do not harm your computer.

12.3 I don’t want to use cookies, how can I change it?

You can set the cookies that are used on the website of the operator in your web browser. Most web browsers are initially set to automatically accept cookies. You can change this setting by blocking cookies or by notifying if cookies are to be sent to your device.

Instructions for changing cookies can be found in each browser’s help. If you use different devices to access the sites (e.g., computer, smartphone, tablet), we recommend that you adjust each browser on each device to your cookie preferences. You can delete cookies in the browser individually or all at once, either directly (if it is known where they are stored) or by using the browser.

Procedure for removing cookies:

In Internet Explorer:

1. In the “Tools” menu, select “Internet options”.
2. Click on the “Privacy” tab.
3. Now you can set the security settings for the Internet zone. Here you set whether and which cookies are to be accepted or rejected.
4. Use the “OK” button to confirm your settings.

In Google Chrome:

1. In the browser symbol bar, click on the Chrome menu on the right side of the screen.
2. Now select “Settings”.
3. Symbol bar will open in the left corner of the screen, click on “Settings” again and click on “Advanced”.
4. Under “Security and Privacy”, click on “Content Settings”.
5. In the “Cookies” section, you can make the following settings for cookies.
   • Delete cookies.
   • Block cookies by default.
   • Delete cookies and website data by default when you exit the browser.

We use these cookies.

13. DO YOU HAVE ANY QUESTIONS?

If you have any questions or comments regarding the processing of PII, you can contact us, we will be happy to answer your questions.

Contact details of the controller:

company name:                        Sound Healing Slovakia s.r.o.

registered office:                       Pod Válkom 10181/12/, 83107 Bratislava  – Vajnory                   

ID:                                          51 152 258

TAX ID:                                    2121353366

VAT ID:                                    SK2121353366                          

Contact details: e-mail/phone number.: info@soundhealingslovakia.sk / +421 905 261 460

The responsible person has not been appointed.

13. FINAL PROVISIONS

This updated information comes into force and effect on 01.01.2022 The Controller reserves the right to change these conditions in the event of a change in the processing of PII in the company and in the event of a legislative change.