SHIPPING TO 25 EUROPEAN COUNTRIES | 30 DAY RETURNS SHOP NOW

PRINCIPLES OF PRIVACY

The processing of your personal data is very important for our company, and the main priorities of our company include compliance with the principles of personal data protection. In this context, through our website, we fulfil our information obligation towards Data Subjects according to Art. 13 and Art. 14 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter "GDPR Regulation“), about the processing of your personal data, what rights you have in this regard and how you can exercise them.

CONTROLLER

The controller of your personal data is Athleeya, s.r.o., having the registered office at Kladnianska 34, 821 05 Bratislava – mestská časť Ružinov, company registration number (IČO): 51 800 004, a company registered in the Business Register of City Court Bratislava III, section: Sro, file no. 129847/B (hereinafter together also the “Controller” or “Athleeya”).

CONTACTING THE CONTROLLER

The Controller has appointed a responsible person to supervise personal data protection for the sake of better transparency towards you as the Data Subjects. The responsible person may be contacted by e-mail at the e-mail address: gdpr@athleeya.com.

PROFILING AND AUTOMATED DECISION MAKING

When processing your personal data, there is no profiling or automated decision-making about your rights and freedoms.

RIGHTS OF DATA SUBJECTS

As a Data Subject, you have, among other things, the right to request from us for access to your personal data (Art. 15 GDPR Regulation), the right to have incorrect personal data rectified (Art. 16 GDPR Regulation), in the cases determined by law the right to erasure the personal data (so-called "right to be forgotten") (Art. 17 GDPR Regulation), in the cases provided by law the right to restrict the processing of personal data (on the basis of which the Controller shall mark the stored personal data in order to limit processing thereof in the future) (Art. 18 GDPR Regulations), the right to data portability (Art. 20 GDPR Regulation), the right to withdraw consent to the processing (if the consent of the Data Subject is the legal basis for the processing), the right to file a complaint with the supervisory authority regarding the processing of personal data (the Office for Personal Data Protection, https://dataprotection.gov.sk), and/or to lodge a complaint to initiate the personal data protection proceedings regarding your rights, e.g. in the case of violation of your rights as the rights of a Data Subject by the Controller.

For the purposes of processing listed below, in which a legitimate interest is the legal basis for the processing, you as the Data Subject have the right to object to the processing of personal data processed in this way, and at the same time we assure you that the Controller has assessed the legitimacy of their interest in a written balance test, which is part of the Controller´s personal data protection system setup documentation.

PURPOSES OF PERSONAL DATA PROCESSING

The information mentioned in the paragraphs above refer to all purposes which the Controller processes personal data for. In the paragraphs below, the Controller provides Information that should be provided when obtaining personal data from a Data Subject, which relates to the particular purposes of the processing (information systems) at the Controller, for which it is not possible to fulfil the information obligation jointly for all personal data information systems, but the information differ depending on the specific personal data information systems (purposes of processing).

The Controller has determined the following purposes and means of the processing of the personal data of the customers or prospective customers of Athleeya:

SALE OF ATHLEEYA PRODUCTS

The purpose is the sale of Athleeya products.
The legal basis for the processing is the fulfilment of the contract with the Data Subject (the purchase agreement).
Personal data Recipients are suppliers of related software solutions, suppliers of server solutions, suppliers of courier and postal services and service companies.
In the event that, in legal relations, the Controller receives the personal data of Data Subjects from another Controller in connection with the provision of services to the Data Subject, the Controller processes common personal data such as the name, surname, address, email address and telephone number.
There is no cross-border transfer of personal data during the processing.
The retention period is 10 years after the last financial transaction of the customer. The Controller's customers are the initial source of the data.

Personal data provision is not a statutory requirement. The provision of personal data by the client (the user's employer) is a contractual requirement of the Controller, as the data is necessary for functioning of the Controller's software solutions. The provision of personal data is also a requirement necessary for concluding a contract by and between the Controller and the user's employer. If personal data is not provided, the Controller will not be able to provide the client with the services.

PROVIDING SUPPORT FOR ATHLEEYA PRODUCTS

The purpose is to provide support for Athleeya products and services to customers.
The legal basis for the processing is the Controller´s legitimate interest, and/or the fulfillment of the contract with the Data Subject. The Controller has a legitimate interest in processing personal data in connection with their business activity, as the processing is necessary for providing the Controller's support services.
The Recipients are the suppliers of related software solutions and server solution.
There is no cross-border transfer of personal data during the processing.
The retention period is 3 years after the relevant request is resolved.
The provision of personal data is neither a statutory requirement nor a contractual requirement, nor a requirement necessary for concluding a contract by and between the Controller and the Data Subject. If personal data is not provided, the Controller will not be able to provide the Data Subject with support for the products.

PROCESSING OF PERSONAL DATA OF ATHLEEYA´S PARTNERS

The purpose is the processing of personal data of the representatives of contractual partners of Athleeya who legal entities and partners are who are natural persons.
The legal basis for the processing is the fulfillment of the contract with the partner and the fulfillment of the contract with the Data Subject (as for natural person clients).
There is no cross-border transfer of personal data during the processing.
The retention period is 10 years after the contract with the partner is terminated.
The provision of personal data is not a statutory requirement, the provision of data is a contractual requirement and a requirement necessary for concluding a contract with the Controller. If personal data is not provided, the Controller will not be able to conclude a contract with the client, as they will not be able to identify the client.

PROCESSING OF SUPPLIERS´ PERSONAL DATA

The purpose is the processing of personal data of natural person suppliers and contact persons of the suppliers who are legal entities.
The legal basis for the processing is the Controller´s legitimate interest. The Controller has a legitimate interest in processing personal data for the above purpose, as it is processing inextricably related to the performance of business activities.
The data Recipient is the supplier of archiving services.
There is no cross-border transfer of personal data during the processing.
The retention period is 10 years after the contract is terminated.
The provision of personal data is not a statutory requirement, the provision of data is a contractual requirement and a requirement necessary for concluding a contract with the Controller. If personal data is not provided, the Controller will not be able to identify the supplier and properly archive accounting records.

LEGAL AGENDA

The purpose is the processing of personal data related to the Controller's legal agenda, which can include, in particular, the agenda related to contracts, dispute agenda, communication with public authorities, agenda related to personal data protection, anti-social activity and registry matters.
The legal basis for the processing is the Controller´s legitimate interest and the fulfilment of the Controller´s statutory obligations according to the relevant legal regulations. The Controller has a legitimate interest in processing personal data in connection with their business activity, as the processing is necessary for exercising their rights and defending the rights and legally protected interests of the Controller.
The data Recipients are the suppliers of related software solutions, suppliers of legal services and public authorities.
There is no cross-border transfer of data during the processing.
The retention period is 10 years after the termination of the contract, judicial, administrative or other proceedings.
The provision of personal data is not a statutory requirement, the provision of data is neither a contractual requirement nor a requirement necessary for concluding a contract with the Controller. If personal data is not provided, the Controller will not be able to identify the Data Subjects for the purposes of the Controller's legal agenda.

ACCOUNTING AND TAX MATTERS AND FINANCIAL CONTROLLING

The purpose is the processing of personal data related to the Controller´s statutory obligation to keep accounts, file tax returns and the processing of personal data related to the partners and users´ financial transaction check.
The legal basis of the processing is the Controller´s legitimate interest and the fulfillment of the statutory obligations according to the relevant legal regulations. The Controller has a legitimate interest in processing personal data in connection with their business activity, as the processing is necessary for proving proper accounting of particular users´ transactions.
The data Recipients are suppliers of related software solutions, suppliers of archiving services, suppliers of payroll accounting services, suppliers of advisory and consulting services, auditors, and public authorities.
There is no cross-border transfer of data during the processing.
The retention period is 10 years after the relevant transaction or after the creation or due date of the accounting entry.
The provision of personal data for accounting and tax purposesis a statutory requirement, the provision of data is neither a contractual requirement nor a requirement necessary for concluding a contract with the Controller. If personal data is not provided, the Controller will not be able to fulfill their statutory obligations properly.

HR

In addition to the processing of personal data of the employees to whom the information obligation is fulfilled individually, the Controller as an employer also processes the data of other persons that are related to the fulfillment of the obligations of the Controller as an employer, or whose data the Controller encounters when fulfilling their goals when building a team of employees.
The legal basis for the processing is the Controller´s legitimate interest. The Controller has a legitimate interest in the aforementioned processing, as it is processing important for building a high-quality employee team and important for ensuring the continuity of the Controller's activities.
The data Recipients are public authorities, insurance companies, pension funds, the Statistical Office, suppliers of the software solution for the employee social network and the supplier of the software solution for competitions and event attendance recording.
There is no cross-border transfer of data during the processing.
The personal data is kept for the duration of the contractual relationship with Athleeya and is subsequently retained for archiving purposes in accordance with specific legislation. If the personal data is not needed for the duration of the employment relationship, it is deleted as soon as it is no longer needed for the specific purpose.
The provision of personal data about family members is a statutory requirement in the case of using the data for tax benefits, in other cases the provision of data is not a statutory requirement, a contractual requirement or a requirement necessary for concluding a contract with the Controller. In the event that the personal data is not provided, the Controller will not be able to fulfill the particular purpose of the processing that it pursues (e.g. family members will not be able to take part in competitions and events of the Controller).

PROCESSING OF PERSONAL DATA OF JOB APPLICANTS

The purpose is the processing of personal data of job applicants.
The legal basis for the processing is processing before concluding a contract with the Data Subject, and in some cases also the consent of the Data Subject.
The data Recipients are the suppliers of recruitment and selection services.
There is no cross-border transfer of data during the processing.
As for unsuccessful applicants, the retention period is 2 years after the last job application.
The provision of personal data is not a statutory requirement, the provision of data is not a contractual requirement. The provision of data is a requirement necessary for concluding a contract with the Controller. If personal data is not provided, the Controller will not be able to assess the applicant´s suitability for the job.

MARKETING

The purpose is the processing of personal data for the purposes of marketing the Controller's activities. Marketing communication can be aimed at users of Athleeya products or the general public, through competitions, marketing surveys, acquisition activities, building public opinion or through marketing communication.
The legal basis for the processing is the Controller´s legitimate interest and also the consent of the Data Subject in some cases. The Controller has a legitimate interest in processing personal data in connection with their business activity, as the processing is important for further development of the Controller's business activities. The data Recipients are suppliers of related software solutions, suppliers of server solutions, call center, operators of social networks on which the Controller has an account, survey suppliers, suppliers of contact details of potential customers and the supplier of technical support for marketing activity through social networks.
When processing data, there is cross-border transfer of data by the operators of the social networks - Facebook Ireland Ltd. and LinkedIn Ireland Unlimited. There is cross-border transfer of data to the USA as part of cooperation with the above companies. Adequate transfer guarantees are represented by standard contractual clauses.
The retention period is, as for marketing communication, 5 years after sending a marketing e-mail, as for competitions until the evaluation of the particular competition, as for surveys within 1 year after the survey, as for acquisition activities until the recommended person´s interest in the Controller´s services and products is ascertained, as for marketing through social networks, the data is stored according to the settings of the particular social network.
The provision of personal data for the marketing purpose is neither a statutory requirement nor a contractual requirement, nor a requirement necessary for concluding a contract with the Controller. In the event that personal data is not provided, the Controller will not use the above mentioned data for their marketing activities.
In the case of marketing communication carried out on the legal basis of legitimate interest, the Data Subjects may object to data processing by sending an e-mail to the address: gdpr@athleeya.com. The Data Subjects are also informed about the right to object when sending each marketing e-mail, by unsubscribing from the newsletter.
In the case of marketing communication carried out on the legal basis of the consent of the Data Subject, the consent can be revoked at any time either by changing the settings in the applications or by sending an e-mail to the address: gdpr@athleeya.com.

TESTING OF SOFTWARE SOLUTIONS AND REPORTING

The purpose is the processing of personal data when testing software solutions when deploying a new solution or when changing an existing solution.
The legal basis for the processing is the Controller´s legitimate interest. The Controller has a legitimate interest in processing personal data in connection with their business activity, as the processing is important for analyzing the functioning of the Controller´s software solutions.
The data Recipients are the suppliers of related software solutions and the supplier of the server solution.
There is no cross-border transfer of data during the processing.
The retention period is 3 years after the activity of the relevant virtual card finishes.
The provision of personal data is not a statutory requirement, the provision of data is neither a contractual requirement nor a requirement necessary for concluding a contract with the Controller. If personal data is not provided, the Controller will not be able to analyze the functioning of their software solutions properly.

CAMERAS

The purpose is the processing of personal data for the structure security purposes and for the purpose of protecting the Controller's property.
The legal basis for the processing is the Controller´s legitimate interest. The Controller has a legitimate interest in processing personal data for the above purpose, as they have a legitimate interest in the protection of their premises and property.
The data Recipients are law enforcement authorities and labor inspection authorities.
There is no cross-border transfer of personal data during the processing.
The Controller informs about the retention period in the first layer of information - on notices around the monitored area.
The provision of personal data is not a statutory requirement, the provision of data at employees´ work with stamps and vouchers is a contractual requirement and a requirement necessary for concluding a contract with the Controller. If personal data is not provided, the Controller will not be able to protect their property properly.

REGISTRY MANAGEMENT

The purpose is the processing of personal data for archiving purposes after the primary purpose of processing was fulfilled.
The legal basis of the processing is the Controller´s legitimate interest and the fulfillment of the Controller´s statutory obligation. The Controller has a legitimate interest in processing personal data for the above purpose, as they have a legitimate interest in keeping registry records which they may need for their business activities, even if the registry records do not have a statutory period for which they will be stored.
The data Recipients are public authorities and the supplier of archiving services.
There is no cross-border transfer of personal data during the processing.
The retention period will be stored varies, depending on the primary purpose of processing and depending on the particular registry record.
The provision of personal data for archiving and registry purposes is a statutory requirement, the provision of data is neither a contractual requirement nor a requirement necessary for concluding a contract with the Controller. In the event that personal data is not provided, the Controller will not be able to fulfill their statutory obligation to keep a registry and archive registry records.

CORRESPONDENCE

The purpose of the processing is the processing of the personal data of Data Subjects in requested correspondence and spam before being assigned to the relevant information system.
The legal basis for the processing is the Controller´s legitimate interest. The Controller has a legitimate interest in processing personal data for the above purpose, as it is processing inextricably related to the performance of business activities.
The data Recipients are suppliers of postal and courier services and the supplier of archiving services.
There is no cross-border transfer of personal data during the processing.
The retention period is 10 years, spam is not stored.
The provision of personal data is not a statutory requirement, a contractual requirement or a requirement necessary for concluding a contract with the Controller. If personal data is not provided, the Controller will not be able to identify the sender of the mail.

INSURANCE CLAIMS

The purpose is the processing of personal data when handling insurance claims.
The legal basis for the processing is the Controller´s legitimate interest. The Controller has a legitimate interest in processing personal data for the above purpose, as it is processing required for an insurance claim settlement.
The data Recipients are the relevant insurance companies and the supplier of archiving services.
There is no cross-border transfer of personal data during the processing.
The retention period is 11 years after the occurrence of the insurance claim.
The provision of personal data for insurance claim settlement is a statutory requirement, the provision of data is neither a contractual requirement nor a requirement necessary for concluding a contract with the Controller. If personal data is not provided, the Controller will not be able to solve the insurance claim occurred.

CHARITY AND PROMOTIONAL EVENTS

The purpose is the processing of personal data related to the Controller's charity and promotional events.
The legal basis for the processing is the Controller´s legitimate interest. The Controller has a legitimate interest in processing personal data for the above purpose, as it is processing of personal data for the benefit of the Data Subject.
The data Recipients are the supplier of the Controller's social network.
There is no cross-border transfer of personal data during the processing.
The retention period is 1 month after the provision of a charitable fulfilment and 2 years as for publication of data on the Controller's social network.
The provision of personal data is not a statutory requirement, the provision of data is neither a contractual requirement nor a requirement necessary for concluding a contract with the Controller. If personal data is not provided, the Controller will not be able to publish data related to the charitable fulfilment on their social network.
The Controller has taken reasonable security measures to ensure the security of personal data processed in all the above-mentioned information systems and has documented the above-mentioned security measures in the company's security project.

Cookie settings & GDPR

Get 10% off your first order


Be the first to receive updates on upcoming collections, special events, and the latest news from the world of Athleeya.
Subscribe to our newsletter!

By submitting the form, I confirm that I have read the Information on the processing of personal data.