If you are our customer, newsletter subscriber, or website visitor, you are entrusting us with your personal data. We are responsible for its protection and security. Please familiarize yourself with our privacy policy, principles, and your rights in relation to GDPR (General Data Protection Regulation).

Who is the data controller?

We are Carumo s. r. o., located at Mládežnícka 1889/27, 97404 Banská Bystrica, Slovak Republic, Company ID: 56542194, operating the website www.carumo.sk. We process your personal data as the data controller, i.e., we determine how your personal data will be processed, for what purpose, for how long, and we may select additional processors to help us with the processing.

Contact details

If you need to contact us during the processing, you can reach us via email: info@carumo.sk

We declare

We declare that as the controller of your personal data, we comply with all legal obligations required by applicable legislation, especially the Data Protection Act and GDPR, and that:

• We will process your personal data only on the basis of a valid legal reason, especially legitimate interest, contract fulfillment, legal obligations, or consent granted.
• We fulfill the information obligation according to Article 13 of GDPR before starting the processing of personal data.
• We enable and support you in exercising and fulfilling your rights under the Data Protection Act and GDPR.

Scope of personal data and purposes of processing

We process personal data that you voluntarily provide to us, for the following reasons (to fulfill these purposes):

• Provision of services, contract fulfillment. Your personal data in the scope of: email, name and surname, phone number – are necessary for fulfilling the contract (e.g., sending price lists, product catalogs, delivery of goods).
• Accounting records

If you are a customer, we necessarily need your personal data (billing information) to fulfill our legal obligation for issuing and recording tax documents.

Marketing – newsletter distribution

We use your personal data (email and name), gender, information on what you click on in emails, and when you usually open them for direct marketing – sending commercial messages. If you are our customer, we do so based on legitimate interest, as we reasonably assume you are interested in our updates, until you unsubscribe. If you are not our customer, we only send newsletters based on your consent, until you unsubscribe. In both cases, you can withdraw your consent using the unsubscribe link in every email. We retain your personal data for the statute of limitations period, unless the law requires a longer period, or unless stated otherwise in specific cases.

Data security and protection

We protect personal data to the maximum possible extent using modern technologies corresponding to the level of technical development. We treat it as if it were our own. We have adopted and maintain all currently known technical and organizational measures to prevent misuse, damage, or destruction of your personal data.

Transferring personal data to third parties

Our employees and partners have access to your personal data. For certain processing operations that we cannot perform ourselves, we use services and applications of processors who are better equipped to protect data and specialize in processing. These include:

Accounting services

In the future, we may decide to use additional applications or processors to improve and simplify processing. We promise that in such cases, we will demand at least the same level of data protection and processing quality from these processors as we do from ourselves.

Data transfer outside the European Union

We process data exclusively within the European Union or in countries that ensure a level of protection based on an adequacy decision by the European Commission.

Your rights regarding personal data protection

You have several rights related to personal data protection. If you want to exercise any of these rights, please contact us via email: info@carumo.sk.

You have the right to information, which is fulfilled through this privacy policy page. Thanks to your right of access, you can ask us at any time, and we will inform you within 14 days which of your personal data we process and why.

If something changes or your personal data becomes outdated or incomplete, you have the right to supplement and correct it. You can exercise the right to restrict processing if you believe we are processing inaccurate data, think we are processing unlawfully, but don’t want all data deleted, or if you have objected to the processing. You can limit the scope or purposes of personal data processing (e.g., unsubscribing from newsletters limits processing for commercial communication).

Right to data portability

If you would like to take your personal data and transfer it to someone else, we will proceed in the same way as with the right of access – the only difference being that we will provide the information in a machine-readable format. We need at least 30 days for this.

Right to erasure (right to be forgotten)

Another right is the right to erasure (right to be forgotten). We don’t want to forget you, but if you wish, you have the right to it. In this case, we will delete all your personal data from our system and from the systems of all subprocessors and backups. We need 30 days to ensure the right to erasure.

In some cases, we are bound by a legal obligation – for example, we must retain issued tax documents for the period defined by law. In such cases, we will delete all personal data not bound by legal obligations. We will notify you of the completion of the deletion via email.

Complaint to the Data Protection Authority

If you feel that we are not handling your data in accordance with the law, you have the right to file a complaint with the Data Protection Authority at any time. We would appreciate it if you inform us first so we can address the issue and correct any potential errors.

Confidentiality

We assure you that our employees and collaborators who will process your personal data are obligated to maintain confidentiality regarding personal data and security measures, the disclosure of which could compromise the security of your personal data. This confidentiality obligation continues even after the termination of their contractual relationship with us. Without your consent, your personal data will not be disclosed to any third party.

Thank you for taking the time to read our personal data processing policy.