Privacy Policy · Zlatý Roh

Effective from: 1. 1. 2026 · Version: 1.0

Summary in 5 Sentences

We collect only the personal data necessary to conclude and process your order and deliver your wine.
We do not sell, rent or share your data with third parties for marketing purposes.
Newsletter posielame, iba ak nám na to dáte výslovný súhlas. Odhlásiť sa môžete jediným klikom.
We keep data only as long as the law requires (most often accounting records: 10 years).
You have all the rights under the GDPR; you can request access, correction or erasure at any time.

1. Data Controller

The controller of your personal data is:

Vinárstvo Zlatý roh s. r. o.
Dvořákovo nábrežie 10, 811 02 Bratislava, mestská časť Staré Mesto
Place of business and visits: K zlatému rohu 32, 841 10 Bratislava, Devín
Company ID (IČO): 55 451 951
E-mail: gdpr@zlatyroh.sk

Given the scope of our processing we are not required to appoint a data protection officer (DPO), but all your requests are handled personally by the company's managing director.

2. What Data We Process

Depending on how you interact with us, we process the following categories of data:

Identification data: First name, last name, date of birth (for 18+ age verification).
Contact data: E-mail address, phone number, delivery and billing address.
Order data: List of ordered goods, amounts, dates, payment and delivery method.
Payment data: Payment card data is processed exclusively by our payment gateway provider (Stripe / WooCommerce Payments). We do not store it.
Technical data: IP address, browser type, visit data (via cookies and server logs).
Communication: The content of e-mails and messages from contact forms that you send us.

3. Processing Purposes and Legal Bases

Purpose	Legal basis	Period
Conclusion and performance of the purchase contract (order processing, delivery, complaints)	Contract (Art. 6(1)(b) GDPR)	4 years after the contract ends
Accounting and tax records	Legal obligation (Art. 6(1)(c) GDPR)	10 years (Accounting Act)
Wine Club newsletter	Consent (Art. 6(1)(a) GDPR)	Until consent is withdrawn
Handling inquiries from contact forms	Legitimate interest (Art. 6(1)(f) GDPR)	6 months after the last communication
Visitor statistics, website improvement	Cookie consent	According to cookie settings

4. Who We Share Your Data With

We share data only to the extent necessary for the purpose and only with the following categories of recipients:

Courier company: Direct Parcel Distribution SK, s.r.o. (DPD), for delivering your shipment (name, address, phone, e-mail).
Payment gateways: Stripe / WooCommerce Payments, for payment processing.
Accountant: an external provider of accounting services under contract.
Hosting and IT: the website hosting provider (server within the EU).
Newsletter platform: Mailchimp / SendGrid (only if you have subscribed).
Public authorities: only where the law entitles them to it.

5. Data Transfers Outside the EU

Some of our suppliers (e.g. Mailchimp, Stripe) are established in the USA. Transfers are always safeguarded by EU standard contractual clauses or EU-U.S. Data Privacy Framework certification. These measures guarantee an adequate level of protection.

6. Retention Period

We keep data only as long as necessary for the processing purpose or as required by law: see the table in Article 3. After the period expires, we securely delete or anonymize the data.

7. Your Rights

Under the GDPR you have the right:

To access: to obtain confirmation of whether we process data about you, and a copy of that data.
To rectification: to have inaccurate data corrected.
To erasure (the “right to be forgotten”): okrem prípadov, keď nás zákon zaväzuje údaje uchovávať.
To restriction of processing: while a dispute about the accuracy of the data is being resolved.
To data portability: to receive your data in a machine-readable format.
To object: to processing based on legitimate interest, or to direct marketing.
To withdraw consent: at any time, without affecting the lawfulness of prior processing.
To lodge a complaint with the supervisory authority: Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, dataprotection.gov.sk.

To exercise your rights, send a request to gdpr@zlatyroh.sk. We will reply within 30 days (in exceptional cases within 60 days, with notice of the extension).

8. Cookies

Detailed information about the cookies we use can be found in the separate document Cookie Policy.

9. Changes to This Policy

We may update this policy from time to time. We will inform you of changes on the website and, where relevant, by e-mail. You can always check the current version and effective date at the top of this document.

Questions about your data? gdpr@zlatyroh.sk →