Summary in 5 Sentences
- We collect only the personal data necessary to conclude and process your order and deliver your wine.
- We do not sell, rent or share your data with third parties for marketing purposes.
- Newsletter posielame, iba ak nám na to dáte výslovný súhlas. Odhlásiť sa môžete jediným klikom.
- We keep data only as long as the law requires (most often accounting records: 10 years).
- You have all the rights under the GDPR; you can request access, correction or erasure at any time.
1. Data Controller
The controller of your personal data is:
Vinárstvo Zlatý roh s. r. o.Dvořákovo nábrežie 10, 811 02 Bratislava, mestská časť Staré Mesto
Place of business and visits: K zlatému rohu 32, 841 10 Bratislava, Devín
Company ID (IČO): 55 451 951
E-mail: gdpr@zlatyroh.sk
Given the scope of our processing we are not required to appoint a data protection officer (DPO), but all your requests are handled personally by the company's managing director.
2. What Data We Process
Depending on how you interact with us, we process the following categories of data:
- Identification data
- First name, last name, date of birth (for 18+ age verification).
- Contact data
- E-mail address, phone number, delivery and billing address.
- Order data
- List of ordered goods, amounts, dates, payment and delivery method.
- Payment data
- Payment card data is processed exclusively by our payment gateway provider (Stripe / WooCommerce Payments). We do not store it.
- Technical data
- IP address, browser type, visit data (via cookies and server logs).
- Communication
- The content of e-mails and messages from contact forms that you send us.
3. Processing Purposes and Legal Bases
| Purpose | Legal basis | Period |
|---|---|---|
| Conclusion and performance of the purchase contract (order processing, delivery, complaints) | Contract (Art. 6(1)(b) GDPR) | 4 years after the contract ends |
| Accounting and tax records | Legal obligation (Art. 6(1)(c) GDPR) | 10 years (Accounting Act) |
| Wine Club newsletter | Consent (Art. 6(1)(a) GDPR) | Until consent is withdrawn |
| Handling inquiries from contact forms | Legitimate interest (Art. 6(1)(f) GDPR) | 6 months after the last communication |
| Visitor statistics, website improvement | Cookie consent | According to cookie settings |
4. Who We Share Your Data With
We share data only to the extent necessary for the purpose and only with the following categories of recipients:
- Courier company: Direct Parcel Distribution SK, s.r.o. (DPD), for delivering your shipment (name, address, phone, e-mail).
- Payment gateways: Stripe / WooCommerce Payments, for payment processing.
- Accountant: an external provider of accounting services under contract.
- Hosting and IT: the website hosting provider (server within the EU).
- Newsletter platform: Mailchimp / SendGrid (only if you have subscribed).
- Public authorities: only where the law entitles them to it.
5. Data Transfers Outside the EU
Some of our suppliers (e.g. Mailchimp, Stripe) are established in the USA. Transfers are always safeguarded by EU standard contractual clauses or EU-U.S. Data Privacy Framework certification. These measures guarantee an adequate level of protection.
6. Retention Period
We keep data only as long as necessary for the processing purpose or as required by law: see the table in Article 3. After the period expires, we securely delete or anonymize the data.
7. Your Rights
Under the GDPR you have the right:
- To access: to obtain confirmation of whether we process data about you, and a copy of that data.
- To rectification: to have inaccurate data corrected.
- To erasure (the “right to be forgotten”): okrem prípadov, keď nás zákon zaväzuje údaje uchovávať.
- To restriction of processing: while a dispute about the accuracy of the data is being resolved.
- To data portability: to receive your data in a machine-readable format.
- To object: to processing based on legitimate interest, or to direct marketing.
- To withdraw consent: at any time, without affecting the lawfulness of prior processing.
- To lodge a complaint with the supervisory authority: Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, dataprotection.gov.sk.
To exercise your rights, send a request to gdpr@zlatyroh.sk. We will reply within 30 days (in exceptional cases within 60 days, with notice of the extension).
9. Changes to This Policy
We may update this policy from time to time. We will inform you of changes on the website and, where relevant, by e-mail. You can always check the current version and effective date at the top of this document.