Privacy Policy
- By entering into an agreement in accordance with Section I of these terms between the provider (hereinafter referred to for the purposes of this section as the “Operator”) and the customer (hereinafter referred to for the purposes of this section as the “Data Subject”), the Operator is authorized to process the personal data of the Data Subject in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (hereinafter referred to as “GDPR”) and Act No. 18/2018 Coll. on the protection of personal data (hereinafter referred to as the “Act”). In this context, the Operator is authorized to entrust the processing of personal data to a third party possessing adequate personnel, technical, organizational, and professional capacity, based on a separate written contract.
- The source of personal data is the Data Subject. The Operator obtains personal data from the Data Subject by (i) providing and submitting them when entering into an agreement in accordance with Section 1.3 of Terms and Conditions, (ii) through a special form on the Operator’s website www.allheadsglobal.com, or (iii) by visiting and using the Operator’s website.
- The purpose of processing personal data by the Operator is, or may be: (i) the conclusion and performance of a contract under which the Data Subject will be provided with the Operator’s services and, in the event of the Data Subject’s interest in receiving services at a discount or free of charge within a specific promotion of the Operator, also the verification of the fulfillment of special conditions (hereinafter referred to as the “contractual requirement”), (ii) the fulfillment of legal obligations arising from the GDPR, the Act, and other generally binding legal regulations, such as Act No. 431/2002 Coll. on Accounting (hereinafter referred to as the “legal requirement”), (iii) sending short email messages about news or other important or useful information in the context of providing the Operator’s services, (iv) direct marketing – sending email messages with commercial content, (v) effective marketing communication, including profiling to the extent related to this purpose, as a result of which the Data Subject will primarily be shown advertisements on the Operator’s website that are relevant to the Data Subject and match their preferences, depending on their online activities, (vi) other purposes for which the Data Subject has given their consent to the processing of personal data, (vii) other purposes that are compatible with the original purpose for which the personal data of the Data Subject were originally obtained. The processing of personal data for archiving or statistical purposes is considered, in accordance with the GDPR and the Act, to be processing compatible with the original purpose. In the case of processing for these purposes, the Operator has implemented appropriate and effective technical and organizational measures, including the minimization of personal data. Depending on how these purposes can be achieved, the Operator will also ensure pseudonymization (personal data will not be attributable to a specific Data Subject without the use of additional separately stored information) or anonymization (personal data will not be attributable to a specific Data Subject, and the Data Subject cannot be further identified). (viii) extrajudicial and judicial enforcement, assertion, and collection of the Operator’s legal claims or the purpose of another legitimate interest of the Operator in accordance with the GDPR and the Act.
- The legal basis for processing personal data by the Operator is (i) the performance of contractual obligations towards the Data Subject, (ii) the performance of legal obligations of the Operator, (iii) the legitimate interest of the Operator, and (iv) the free and unambiguous consent granted by the Data Subject, if it concerns processing for the purposes specified in Section 3 (iii) to (vi) of these terms, with the processing of personal data for direct marketing purposes being considered a legitimate interest of the Operator in accordance with Recital 47 of the GDPR, (v) the free, unconditional, and explicit consent given by the Data Subject, if the purpose is to verify the fulfillment of special conditions for the provision of services at a discount or free of charge within a specific promotion of the Operator, and if biometric data falling into a special category of personal data within the meaning of Article 9 of the GDPR has been provided by the Data Subject for this purpose.
- The scope of personal data processed for the Data Subject is as follows: for the digital subscription service: (i) email address, (ii) first and last name, (iii) login details for a registered account, (iv) data about visits and activities on the Operator’s website, (v) data obtained from cookie files – only if the Operator can precisely identify the Data Subject based on cookies, (vi) billing data (e.g., business name, ID, tax ID, VAT ID) – only if the Data Subject (a natural person) chooses to receive invoices and voluntarily provides billing information, (vii) other personal data processed in accordance with applicable legal regulations, (viii) other personal data if required for verification of eligibility for discounted or free services within a specific promotion offered by the Operator, in which the Data Subject expresses interest.
- Providing personal data by the Data Subject is voluntary. Providing personal data by the Data Subject is a contractual requirement necessary for services under Part I and Part II of these terms for entering into a contract. Without providing personal data, it will not be possible to conclude and fulfill the contract, which forms the legal basis for using and maintaining the service requested by the Data Subject. Providing personal data for processing under sections 3 (iii) to (viii) of these terms is neither a contractual nor a legal requirement.
- The Operator is entitled to retain processed personal data to the extent necessary and in a form that allows the identification of the Data Subject for a period ending no later than the time required to fulfill the purpose for which they are processed (e.g., as long as it is required for contract performance, verification of eligibility for discounted or free services, legal obligations, or legitimate interests). In the case of processing personal data solely based on the Data Subject’s consent according to section 4 (iv) of these terms, the Operator is entitled to retain processed personal data for 24 months from the granting of consent or until consent is revoked. Before the expiration of this period, the Operator may request an extension of the consent. After the expiration of the authorized retention period of processed personal data, the Operator will ensure their deletion or anonymization in accordance with the GDPR and the Law.
- The Operator uses cookie files on its website www.allheadsglobal.com. In this context, the Operator recommends carefully reviewing the “COOKIE POLICY” section published on the website www.allheadsglobal.com.
- In accordance with the GDPR and the Law, the Data Subject has the following rights:
9.1. The right to withdraw their consent for personal data processing at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. If the Data Subject withdraws their consent for personal data processing, and there is no other legal basis for processing personal data (e.g., the necessity of contract performance, legal obligations, or legitimate interests), the Operator will ensure the prompt deletion or anonymization of personal data in accordance with the GDPR and the Law.
9.2. The right to object to the processing of personal data when the Operator processes them (i) for the performance of a task carried out in the public interest, (ii) in the exercise of official authority, (iii) on the basis of legitimate interest, or (iv) for direct marketing purposes, including profiling based on these legal grounds. If the Data Subject objects to the processing of personal data for direct marketing purposes, personal data must not be further processed for this purpose (the objection will be considered as the withdrawal of consent for personal data processing). In other cases, the Data Subject’s objection will be justified if their legitimate reasons outweigh the legitimate interests of the Operator. - The Operator does not intend to transfer the Data Subject’s personal data to third countries outside the European Union.
- The Operator does not carry out automated individual decision-making or profiling with the Data Subject’s personal data, which would have legal effects on or significantly affect the Data Subject’s rights and freedoms.
- The Operator is entitled to provide the Data Subject’s personal data to the following recipients, to the extent necessary: (i) persons who, on behalf of the Operator, out-of-court or judicially enforce and collect the Operator’s legal claims, for the purpose of asserting and enforcing the Operator’s legal claims, (ii) courts, court bailiffs, law enforcement authorities, or other public authorities, for the purpose of asserting and enforcing the Operator’s legal claims or fulfilling the Operator’s obligations under applicable legal regulations, (iii) persons who provide technical operation of the Operator’s services, websites, and information infrastructure, exclusively for this purpose, (iv) persons who provide security and protection of the Operator’s services, websites, and information infrastructure, and who also regularly monitor and test this security and protection, exclusively for this purpose, (v) persons who provide analytical and statistical services to the Operator, for the purpose of improving and optimizing the Operator’s services and website, (vi) persons who provide marketing services to the Operator, solely for the purpose of efficient and relevant marketing communication by the Operator (this category of persons will not be able to use the Data Subject’s personal data for their own marketing or marketing activities of any other person other than the Operator).
- In accordance with the GDPR and the Law, the Data Subject has, in particular, (i) the right to access the data being processed about them, (ii) the right to rectify them, (iii) the right to erase them, (iv) the right to restrict processing, (v) the right to data portability, (vi) the right to object to processing, as well as (vii) the right to withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Similarly, the Data Subject has (viii) the right to file a complaint with the supervisory authority (Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, dataprotection.gov.sk). The scope, limitations, and methods of exercising these rights are detailed in Chapter III of the GDPR and the second part of the second chapter of the Law.
- The Data Subject can ask questions related to the processing of personal data and exercise their rights free of charge by sending a request to the Operator electronically at the email address info@allheads.sk, by mail to the postal address: Allheads, s.r.o., Karloveská 31, 841 04 Bratislava, or by any other preferred method.