PRODOM spol. s r.o.
These terms and conditions of personal data protection provide for the protection and processing of personal data by the trading company PRODOM spol. s r.o. as a controller as regards sale of the products specified below to individual customers and potential customers.
The products are construction project documentation in electronic form from the seller´s portfolio available at www.dream-plans.com, made available to the buyer as a digital copy of an architectural work protected by copyright after purchasing the product (the “Product”).
Personal data are processed in accordance with the applicable legislation, namely:
- Act No. 18/2018 Coll. on the protection of personal data as amended (the “Personal Data Protection Act”) and
- regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “Regulation” or “GDPR”)
and in accordance with these conditions of personal data protection.
1.Controller
Controller is the trading company:
PRODOM spol. s r.o.
Business ID: 30 777 011
TIN: 2020314373
VAT ID: SK2020314373
Registered office at Vajnorská 2/E, 900 28 Ivanka pri Dunaji, Slovak Republic
Registered with the Commercial Register of District Court Bratislava I, section: Sro, insertion No.: 2129/B
e-mail: info@prodom.sk
website: www.prodom.sk
(the “Controller”)
2.Data subjects
These conditions of personal data protection apply to:
- customers of the Controller concluding a contract on purchase of the Product with the Controller through the website www.dream-plans.com, or persons acting on behalf of these persons (the “Customers”)
- potential customers interested in purchasing the Product from the Controller through the website www.dream-plans.com, or persons acting on behalf of these persons (the “Potential Customers”)
(hereinafter collectively referred to as the “Data Subjects”).
To avoid any doubts, if the Customer or the Potential Customer is a legal entity, personal data of the Customer or the Potential Customer mean, for the purposes of these terms and conditions, personal data of persons acting on behalf these entities.
3.Purpose of the personal data processing
Purpose of the processing of personal data of the Data Subjects pursuant to these conditions is:
- implementation of measures prior to concluding a contract with the Customers, conclusion of the contract with the Customers to purchase the Product;
- compliance with tax and accounting regulations;
- compliance with regulations in the field of archiving;
- securing of possible legal claims of the Controller;
- direct marketing for the Customers by providing current information about products and services concerning the Product through newsletters;
- marketing for the Potential Customers interested in the Product who sign up to receive current information about products and services concerning the Product through newsletters;
- operation of the website – the Controller uses functional and technical cookies on the website that are required for the proper operation of the website, i.e. necessary for the performance of the contract;
- analysis of the operation of the website – the Controller uses analytical cookies on the website to analyse the operation of the website, for the purposes of the website traffic statistics, to improve the functioning of the website and to ensure the user optimality; to this effect, the Controller also retains and analyses information about the user traffic on the website;
- relevant advertising – the Controller uses marketing cookies on the website to provide relevant advertising to the Data Subject;
- analysis of the operation of the Controller´s website on social media (e.g. Facebook) – the Controller uses cookies on its social media to analyse the operation of these pages.
4.Legal basis for the processing
Legal basis for the processing is:
- Section 13(1)(b) of the Personal Data Protection Act, or Article 6(1)(b) of GDPR – performance of the contract and pre-contractual relationships;
- Section 13(1)(a) of the Personal Data Protection Act, or Article 6(1)(a) of GDPR – consent given by the Data Subject (when placing and sending an order for the Product);
- Section 13(1)(c) of the Personal Data Protection Act, or Article 6(1)(c) of GDPR in conjunction with Act No. 593/2003 Coll. on the income tax as amended, Act No. 431/2002 Coll. on the accounting as amended and other relevant laws – compliance with tax and accounting regulations;
- Section 13(1)(c) of the Personal Data Protection Act, or Article 6(1)(c) of GDPR in conjunction with Act No. 395/2002 Coll. on archives and registries as amended and other applicable laws – compliance with regulations in the field of archiving;
- Section 13(1)(f) of the Personal Data Protection Act, or Article 6(1)(f) of GDPR – legitimate interest of the Controller to secure and assert its possible legal claims;
- Section 13(1)(f) of the Personal Data Protection Act, or Article 6(1)(f) of GDPR – legitimate interest of the Controller to perform direct marketing for the Customers and/or Potential Customers;
- Section 13(1)(a) of the Personal Data Protection Act, or Article 6(1)(a) of GDPR – consent given by the Data Subject in the form of subscription to receive newsletters;
- Section 13(1)(f) of the Personal Data Protection Act, or Article 6(1)(f) of GDPR – legitimate interest of the Controller to operate the website (necessary cookies);
- Section 13(1)(a) of the Personal Data Protection Act, or Article 6(1)(a) of GDPR – consent given by the Data Subject through a banner on the website of the Controller (analytical cookies);
- Section 13(1)(a) of the Personal Data Protection Act, or Article 6(1)(a) of GDPR – consent given by the Data Subject through a banner on the website of the Controller (marketing cookies);
- Section 13(1)(a) of the Personal Data Protection Act, or Article 6(1)(a) of GDPR – consent given by the Data Subject (analysis of the operation of the Controller´s social media pages).
5.Subject-matter of the processing
Subject-matter of the processing is:
- basic identification and contact personal data of the Customers and Potential Customers provided by the Customer and/or Potential Customer and necessary for the performance of the contract – first name, surname, address, e-mail, telephone number; provision of these data is voluntary, however, without providing the data, proper performance of the contract is not possible; the Customer may edit and update the data by notifying the Controller;
- IP addresses through which the Data Subjects use the Controller´s website;
- information about the activities of the Data Subjects when using the Controller´s website;
- Cookies:
- The Controller uses cookies on the website to ensure proper operation of the website (functional and technical cookies), to analyse the operation of the website (analytical cookies) as well as of marketing cookies in order to provide relevant advertising to the Data Subject. Cookies are small text files stored by a website in the computer or mobile device of the Data Subject when viewing the website. The Data Subject may reject, control, or delete cookies at his or her own discretion by setting up his or her web browser, more information is available, for example, at aboutcookies.org. However, the website may not work properly, if cookies are rejected;
- The Controller uses cookies at its social media such as Facebook. These cookies are provided to the Controller by Facebook in an anonymised form to analyse the operation of the Controller's social media pages (page traffic statistics). More information about cookies used by Facebook is available at https://www.facebook.com/policy/cookies/.
6.Categories of recipients
Personal data are provided to the following recipients:
- providers of IT services;
- providers of services in the field of e-mail marketing, software design and development or customer service;
- Google Ireland Ltd. – for the purpose of provision of the Google Analytics service;
- Facebook Ireland Ltd.
- external accountant of the Controller;
- providers of legal and tax consulting services;
- providers of postal and courier services;
- tax authority;
- Slovak Trade Inspection;
- courts, law enforcement authorities, enforcement agents;
- other entities authorised under applicable legislation.
External providers of services are carefully selected by the Controller and checked upon on regular basis to ensure proper protection of personal data.
7.Personal data portability
Currently, the Controller does not transfer personal data to a third country or international organisation.
If such transfer occurs in the future, the Controller will take measures necessary to fulfil relevant statutory requirements. Above all, the Controller will inform the Customers and Potential Customers in due time of relevant recipients or categories of recipients of personal data in accordance with statutory requirements.
8.Storage period
Personal data will be stored for the period the purpose for the processing of personal data remains in existence, i.e. at least for the duration of the contractual relationship and within the necessary scope until a limitation period for the assertion of possible legal claims does not lapse and for the period for archiving laid down by the applicable legislation, however, always at least until all proceedings concerning legal claims are concluded.
If the processing is based on consent of the Data Subject, personal data will not be processed for such purpose longer than for the period of the consent given. Consent may be withdrawn in accordance with Article 11 below.
If the processing is based on a legitimate interest of the Controller, personal data will not be processed for such purpose longer than for the period of justified objecting to the processing in accordance with Article 12 below.
The Data Subject may control or delete cookies at his or her own discretion, more information is available, for example, at aboutcookies.org.
9.Measures to protect personal data
The Controller processes personal data in accordance with the applicable legislation, especially the Personal Data Protection Act and the Regulation. The Controller uses state-of-the-art technologies to store and transfer data securely and pays attention to the expertise of its staff on a regular basis.
The Controller implements appropriate technical and organisational measures to protect all personal data from accidental or intentional manipulation, loss, destruction or being accessed by unauthorised persons. It also applies to all external services. The Controller audits effectivity of the measures for protection of personal data and makes an ongoing effort to improve them in line with technological development. Entered personal data are encrypted during the transfer by way of secure encryption process.
10.Rights of the Data Subjects
The Data Subject whose personal data are processed has the following rights as regards the processing of his or her personal data:
- right to request access to his or her personal data or information about the processing (including confirmation about the processing) from the Controller;
- right to rectification of incorrect personal data and to have incomplete personal data completed;
- right to erasure of personal data or to restriction of the processing (namely, if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, if the consent was withdrawn, or if the processing is unlawful; personal data may not be erased before statutory and contractual time limits set for their retention expire);
- right to object to the processing;
- right to data portability;
- right to withdraw consent, if the processing is based on the consent;
- right to lodge a complaint with the supervisory authority, i.e. Office for Personal Data Protection of the Slovak Republic (action pursuant to Section 100 of the Personal Data Protection Act).
The Data Subject may contact the Controller at the following e-mail address info@dream-plans.com or by mail sent to the address PRODOM spol. s r.o., Vajnorská 2/E, 900 28 Ivanka pri Dunaji, Slovak Republic. The Controller may only charge a fee for providing information in cases set out in the Personal Data Protection Act, or the Regulation (e.g. with a clearly unsubstantiated request or repeated request). To acquire the information, a person must identify himself or herself as the Data Subject or to prove he or she is authorised to receive the information relating to a third person.
11.Right to withdraw consent
If the processing is based on consent, the Data Subject has the right to withdraw his or her consent at any time. Lawfulness of the processing of his or her personal data based on the consent given remains unaffected until the withdrawal of the consent. The Data Subject may withdraw his or her consent at any time at this e-mail address: info@dream-plans.com or by mail sent to the address PRODOM spol. s r.o., Vajnorská 2/E, 900 28 Ivanka pri Dunaji, Slovak Republic. When there is doubt about the identity, the Controller may request that it is proved or request other way of authenticating the withdrawal of the consent. With newsletters, it is sufficient for the Data Subjects to cancel the subscription by following instructions provided in newsletters.
The Data Subject may reject cookies by setting up his or her web browser, or by not giving consent through the banner on the Controller´s website. More information available at aboutcookies.org.
12.Right to object to the processing
The Data Subjects have the right to object at any time to the processing of their personal data based on the legitimate interests of the Controller. The Controller may not continue to process the personal data unless demonstrating compelling legitimate grounds for the processing which override the rights and/or interests of the Data Subject or reasons to exercise a legal claim. Where the Data Subject objects to the processing of personal data for direct marketing purposes, the Controller may not process the personal data for such purposes.
The Data Subjects may object by sending an e-mail to the address info@dream-plans.com or by mail sent to the address PRODOM spol. s r.o., Vajnorská 2/E, 900 28 Ivanka pri Dunaji, Slovak Republic. When there is doubt about the identity, the Controller may request that it is proved. With newsletters, it is sufficient for the Data Subjects to cancel the subscription by following instructions provided in newsletters.
The Data Subject may reject cookies by setting up his or her web browser. More information available at aboutcookies.org.
13.Supervisory authority
The Controller complies with all the set legislative rules and safety measures when handling personal data. If the Data Subjects deem it necessary and do not agree with how the processing of personal data is done, they may turn to:
Office for Personal Data Protection of the Slovak Republic
seated at Hraničná 12, 820 07 Bratislava
14.Final provisions
These conditions of personal data protection become valid and effective on ............... These conditions also form part of the Controller's General Sales Conditions for the sale of the Products and are regularly revised and updated. Valid and effective conditions are available on the Controller's website www.dream-plans.com.