We are keeping a close eye on all your personal data.
We would like you to feel safe when shopping online at ZITA. On this page, you can find all the information about how we protect your data, where we get them, who we share them with, and what we use them for. You can also find out about your rights in relation to their processing and how you can monitor the processing of your personal data on our website.
Who processes your personal data?
Head office: Wolkrova 11
851 01 Bratislava
The company is entered in the Commercial Register of the Bratislava I District Court, Sro section, Insert No.115246/B
Which of your personal data do we use?
We only process personal data that you give us in order to use our services (accessing MY ZITA, ordering products from our e-shop, booking an appointment for frame fitting or eye examination or subscribing to our newsletter). These are the most common data you will provide when you register:
- password (encrypted)
- name and surname (only if necessary for a particular service)
- date and year of birth when booking an appointment for a frame fitting or an eye examination at the opticians
- contact and/or shipping address (for order delivery)
- phone number (for providing information about your order)
- additional data provided by you voluntarily (e.g. in a contact form) and data we acquire through your use of our services: IP address, business ID, tax ID, cookies (in case of online services), or other online identifiers
Why do we use your personal data?
We can make your time at our website more pleasant thanks to the processing of your data. You are also giving us permission to manage your user account in order to provide services and products you are interested in.
Your data is also processed for the purposes of:
- fulfilment of contractual relations (name and surname, address, e-mail, phone number, business ID and tax ID, payment data, encrypted password), on the legal basis of the processing necessary for the performance of the contract (Article 6 (1)(b) GDPR);
- for accounting and tax reasons (purposes) and the fulfilment of other legal obligations (name and surname, address, phone number, business ID and tax ID, payment data), on the legal basis of the processing necessary for the performance of the contract (Article 6 (1)(b) GDPR) as well as necessary for the fulfilment of the legal obligations of the operator (Article 6 (1)(c) GDPR);
- improving the quality of our services and developing new services (profile information such as e-mail, age and name and surname), on the legal basis of the processing necessary for the legitimate interests pursued by the operator (Article 6 (1)(c) GDPR), while ensuring that such processing is proportionate;
- performing of analyses and measurements aiming to assess the use of our services (cookies, IP address), on the legal basis of the processing necessary for the legitimate interests pursued by the operator (Article 6 (1)(c) GDPR), while ensuring that such processing is proportionate;
- analysing your preferences in order to display the content that best suits your individual interests (cookies, IP address), on the legal basis of the processing necessary for the legitimate interests pursued by the operator (Article 6 (1)(c) GDPR), while ensuring that such processing is proportionate;
- sending business notifications, on the legal basis of your consent (Article 6 (1)(a) GDPR) (the option of unsubscribing from the business notifications is available in the account settings of the registered account or via e-mail at: firstname.lastname@example.org) and content newsletters (e-mail, name and surname, phone number).
Your personal data is processed manually as well as automatically. ZITA s.r.o. is entitled to collect, store and use certain information through automated means such as statistical information whenever you visit our website.
Who will have access to your data?
We do not disclose or make your personal information available to any other entity, except as described below:
- in the technical operation of certain services or technologies that we use for our services
- for the security and integrity of our services and websites and their regular testing
- when using payment gateways
- when using the transportation services that deliver your orders
- for the analysis of our website traffic
- for technical solutions enabling the delivery of your order and notification of order delivery
- for technical solutions that allow us to display relevant content and advertising
Under certain, precisely defined conditions, we are also obliged to submit some of your personal data based on valid legal regulations, e.g. to the Slovak Police, or other government bodies. We do not provide personal data to third countries.
What are cookies and what types do we use?
Cookies are text files containing a small amount of information that is downloaded to your computer, mobile phone or other devices when you visit the website. Subsequently, each time you visit this website, cookies are sent back to the original website or to another site that recognizes cookies.
It is not possible to identify a user based on this information, not even in combination with any other information in our possession. The information may include, for example, the type of device and browser used, language preferences, or sites that have been visited. Cookies are not used to obtain any sensitive personal data. They are important, however, for the protection of privacy.
We collect cookie information on our website in order to improve the tracking of new and returning visitors and also for the purpose of internal site analysis to achieve a better understanding of how they are used. We use this information to improve our services and the navigation on our website.
Another type of cookies are third-party cookies (e.g. Google Analytics for the analysis of traffic to a particular website or some services or operator cookies of advertising systems running on our website).
You can accept cookies on our website by clicking the “I understand” button. You can refuse or selectively prevent cookies in the browser settings. However, if you block all cookies, some features on our website may not be accessible or may not display properly. Another option is to browse the website in Incognito mode, which prevents cookies from being stored.
Detailed information for all types of browsers can be found here: aboutcookies.org or https://www.cookiesandyou.com/
How long is data stored?
We process and store your personal data for the time strictly necessary to ensure all rights and obligations under the applicable contractual and legal regulations (e.g. accounting), but for a maximum of 10 years. After this time, your data is permanently deleted. If your personal data is used for commercial communication to your e-mail address or in other cases where you have given us your consent, the data will be retained until you revoke the relevant consent.
Can we process your personal data without your consent?
Yes, your personal data can be processed without your consent, but only for the purposes of
- providing services or products (based on a contract between you and us, where the contract can be represented by the actual use of a service, without having to sign anything);
- compliance with legal obligations arising from generally binding legal regulations (e.g. we are obliged to store operational and location data on the basis of the Act no.127/2005 coll. On Electronic Communications);
- or data processing that is necessary for the purposes of our legitimate interests (e.g. direct marketing, ensuring the security of our website).
The possibility and lawfulness of such processing arise directly from valid legal regulations and your consent to such processing is not required.
How is your personal data secured?
All personal data you will give us is secured by standard procedures and technologies. At ZITA we regularly monitor the system in case of vulnerabilities and exposure to attack and we use security measures to prevent unauthorized access to your personal data in a manner that is reasonable in view of the technologies used. To better secure your personal data, access to this data is password protected and sensitive data is encrypted when transmitted between your browser and our website.
Personal data that we process in paper form are stored in folders and lockers to which only authorized persons have access.
How can you revoke your consent to the processing of personal data?
You can revoke your voluntary consent to the processing of personal data at any time, free of charge, by sending an e-mail to: email@example.com. Withdrawal of consent does not affect the lawfulness of the processing of your personal data, which was carried out before the withdrawal of consent. Withdrawal of consent also does not affect the processing of personal data that we process on a legal basis other than consent (especially if the processing is necessary for the performance of the contract, legal obligation or for other reasons specified in applicable law).
Do you have to give us your personal data?
You provide your personal data voluntarily (for some services, however, the transfer of certain personal data is required to make the service available, which means if you do not provide it, you will not be allowed to use this service).
The processing of data often takes place only in an anonymous form, without us being able to identify you as a specific user. This allows us to provide you with our services and constantly improve them. However, if in certain cases you do not provide us with the necessary scope of your personal data, it might lead to our inability to further provide certain services or provide them in their full extent or quality. However, you are, of course, not obliged to use our free services.
What rights do you have?
You have several rights as a result of the processing of your personal data. You can exercise your rights by sending an email or a written request to our contact details
The right to access personal data
You have the right to obtain a confirmation of whether your personal data is being processed. In case we are processing your personal data, we will provide information about the scope of data, the purpose of the processing, any parties your data was provided to, whether they have been provided to third countries and how long your data will be stored. You have the right to request information about:
- the purpose of personal data processing
- the source of personal data, i.e. where the data was obtained (if it was not obtained from the data subject)
- the category of personal data processed
- the expected retention period of personal data; if this is not possible, information on the criteria for its determination
- the right to request the correction of personal data concerning the data subject, their deletion or restriction of their processing, or the right to object to the processing of personal data
- the right to file a motion to initiate proceedings with the Office for Personal Data Protection of the Slovak Republic if the data subject claims that his rights, established by Act no. 18/2018 Coll. on Personal Data Protection, have been violated
- the operator is obliged to provide the data subject with his / her personal data. The operator may charge a reasonable fee corresponding to the administrative costs for the repeated provision of personal data requested by the data subject. The operator is obliged to provide personal data to the data subject in the manner required by his / her request (e.g. by e-mail)
- the right to obtain personal data in accordance with the above point must not adversely affect the rights of other individuals.
The right to rectification of incorrect and untrue personal data
If you feel that we are processing inaccurate or untrue personal data about you, you have the right to have it rectified.
The right to explanation
If you suspect that the processing of your personal data violates the protection of your personal or private life or that the processing of your personal data violates the legislation, you can request an explanation
Right to erasure
You have the right to have your personal data deleted without undue delay if:
- personal data are no longer necessary for the purpose for which they were obtained or otherwise processed
- the data subject withdraws the consent given to the processing of personal data and there is no other legal basis for the processing of personal data, i.e. the company processes personal data only with the consent of the data subject
- the data subject objects to the processing of personal data which are processed due to the legitimate interest of the operator in the protection of property, and the legitimate reasons of the data subject for personal data protection outweigh the legitimate interest of the operator
- it is established that the personal data of the data subject are being processed unlawfully
- the reason for cancellation is the fulfillment of the obligation under Act no. 18/2018 Coll. on Personal Data Protection, a special regulation or an international agreement by which the Slovak Republic is bound
The right to restrict processing
You have the right to restrict the processing of your personal data if:
- the data subject challenges/objects to the accuracy of the personal data during the period when the operator is allowed to verify the accuracy of the personal data
- the processing of personal data is unlawful and the data subject objects to the deletion of personal data and instead calls for restrictions on their use
- the operator no longer needs personal data for the purpose of processing personal data, but the data subject needs them in order to assert a legal claim
- the data subject objects to the processing of personal data which are processed due to the legitimate interest of the operator, and the legitimate reasons of the data subject for the protection of personal data outweigh the legitimate interest of the operator.
If the processing of personal data has been restricted on the basis of the above, except for storage, the operator may process personal data only with the consent of the data subject or for the purpose of asserting a legal claim, for the protection of other data subjects or for reasons of public interest.
The operator is obliged to inform the data subject whose personal data processing is restricted on the basis of the above before the restriction of personal data processing is lifted.
The right to data portability
You have the right to obtain your personal data that are processed on the basis of consent and/or contract and are processed by automated means, in a structured, commonly used and machine-readable format. You can also transfer this data to another person, so if technically possible, we will transfer your personal data directly to the operator of your choice at your request.
The right to object
You have the right to object, for reasons relating to your specific situation, to the processing of your personal data, which is carried out on the basis of our legitimate interest, including the right to object to profiling based on our legitimate interest.
You also always have the right to object to the processing of your personal data if it is processed for direct marketing purposes.
The right to withdraw consent
If you have given us your consent to the processing of personal data, you can revoke it at any time.
The right to lodge a complaint with a supervisory authority
If the data subject claims that his or her rights are directly violated under Act No. 18/2018 Coll. on Personal Data Protection or under the GDPR regulation, they have the right to submit a proposal to initiate proceedings on personal data protection to the Office for Personal Data Protection of the Slovak Republic.
How can you contact us?
In case of any inquiry about personal data protection or revocation of consent to further processing of your personal data, please contact us by e-mail at firstname.lastname@example.org or in writing at our address: ZITA s.r.o., Wolkrova 11, 851 01 Petržalka, Bratislava
In this regard, we would like to remind you that we may ask you to prove your identity in an appropriate manner for the purpose of verification. This is a precautionary measure to prevent unauthorized access to your personal information. In order to increase the quality of services and keep records of compliance with our obligations under the law, all communication with you is monitored.