• Share:

Personal Data Protection Policy

I. Basic Provisions

The controller of personal data pursuant to Section 5 letter o) of Act No. 18/2018 Coll. on Personal Data Protection, as amended (hereinafter referred to as the “Act”), is
GreenApp, s.r.o., Company ID No.: 47937181, with its registered office at Jarabinková 18878/8D, 821 09 Bratislava (hereinafter referred to as the “Controller”).

The Controller’s contact details are:
Address: Jarabinková 18878/8D, 821 09 Bratislava
Email: info@kspot.sk

The Controller has not appointed a data protection officer.

Personal data means any information relating to an identified or identifiable natural person within the meaning of applicable legal regulations.

II. Sources and Categories of Processed Personal Data

The Controller processes personal data that you have provided, in particular when placing an order, registering, or communicating with us.

The Controller processes in particular the following categories of personal data:

identification data (first name, last name),
contact data (email, telephone number),
address data (delivery address and billing address),
order data,
technical data (IP address, cookies, website behaviour data).

III. Legal Basis and Purpose of Personal Data Processing

The legal basis for the processing of personal data is:

performance of a contract pursuant to Section 13(1)(b) of the Act,
the legitimate interest of the Controller (in particular analytics and marketing towards existing customers),
the data subject’s consent (cookies, newsletters, remarketing).

The purpose of the processing of personal data is:

processing orders and performing the contract,
administration of the customer account,
analysis of website traffic (Google Analytics),
advertising personalisation (Meta Pixel),
sending commercial communications (email marketing),
improving services and marketing.

Providing personal data is a contractual requirement. Without providing such data, it is not possible to conclude a contract and process an order.

For marketing and analytics purposes, personal data is processed only on the basis of your consent, which you may withdraw at any time.

IV. Retention Period of Personal Data

The Controller retains personal data:

for the duration of the contractual relationship and subsequently for 5 years,
for the period required by special legal regulations (e.g. accounting regulations),
for the duration of consent for marketing purposes, for no longer than 5 years.

After the retention period has expired, personal data will be deleted or anonymised.

V. Recipients of Personal Data

Recipients of personal data include in particular:

providers of IT and hosting services,
the operator of the e-shop system,
providers of analytics services (e.g. Google Analytics),
providers of marketing tools (e.g. Meta Platforms),
providers of email marketing services,
persons involved in the delivery of goods and the processing of payments.

Some recipients may be located outside the EU (in particular in the USA). Transfers of personal data are carried out on the basis of standard contractual clauses or other mechanisms in accordance with the GDPR.

VI. Cookies and Tracking Technologies

The website uses cookies and similar technologies for:

ensuring website functionality,
traffic analysis (Google Analytics),
marketing and remarketing (Meta Pixel).

The use of non-essential cookies is only possible on the basis of your consent, which you grant through the cookie banner.

You may withdraw your consent at any time or change your cookie settings.

VII. Your Rights

You have the right:

to access your personal data,
to rectify data,
to erasure (“right to be forgotten”),
to restriction of processing,
to data portability,
to object to processing,
to withdraw consent.

You have the right to file a motion to initiate proceedings with the Personal Data Protection Office of the Slovak Republic.

VIII. Conditions for Securing Personal Data

The Controller has adopted appropriate technical and organisational measures to protect personal data.

Only authorised persons bound by confidentiality obligations have access to personal data.

Personal data is protected against unauthorised access, loss, and misuse.

IX. Final Provisions

By submitting an order, you confirm that you have familiarised yourself with these conditions.

The Controller reserves the right to amend these conditions.

These conditions become effective on 12 March 2026.