Privacy Policy
These privacy conditions are valid from 5/25/2018.
We care about protecting your privacy. Therefore, please read these privacy protection conditions (hereinafter referred to as "Privacy Protection Conditions") carefully. These Privacy Protection Conditions describe in detail how Besteron a.s. obtains, uses, stores and possibly discloses your personal data during individual activities carried out by Besteron a.s. If in these In the terms of privacy protection, the term "Besteron a.s." is used, which means the company Besteron a.s., with registered office at Teslova 20a, 821 02 Bratislava, ID: 47 866 233, registered in the Commercial Register maintained by the District
by the Bratislava I court, Section: Sa, Insert number: 6004/B, established in the Slovak Republic. These Privacy Conditions are part of the General Terms and Conditions for the provision of Besteron payment services. Besteron a.s. processes your Personal Data in accordance with the GDPR and Act No. 18/2018 Coll. on the protection of personal data and on the amendment of certain laws. The Payer and/or Client provides their personal data voluntarily and is obliged to consider the extent to which they provide such personal data. However, without providing some personal data, the Operator cannot respond to an initiative or request, cannot conclude a contract with the Client or implement a payment operation. The Payer and/or Client is responsible for the correctness, completeness and truthfulness of the provided personal data, and the Operator will rely on the correctness, completeness and truthfulness of this personal data. The Operator is not responsible for any damages that the Payer and/or the Client or any third party may incur in connection with the provision of incorrect, incomplete or false personal data.
1. Definitions of terms
For the purposes of these Terms and Conditions, the following terms have the following meanings:
"Personal data" means all personal data relating to a specific living natural person who is identifiable or could be identified through such data and which is processed by Besteron a.s. for any of the purposes specified in these Privacy Terms.
"Operator" means a specific person who determines the purpose of processing Personal Data and is Besteron a.s. in accordance with these Privacy Terms.
"Intermediary" means a person other than the Operator in a given case, who processes Personal Data on behalf of the Operator in a specific case.
"GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
"Portal" means websites operated by the Operator on the internet domain www.besteron.sk or www.besteron.cz. The portal includes all and any parts of the website, its subpages, their content, source and machine codes as it is in at any time available and operated on the above-mentioned domain. The portal also includes the Besteron payment system as specified by the applicable GTC. Other terms mentioned in these Privacy Terms have the same
meaning as in the valid GTC.
2. Scope of personal data processing
The Operator processes the Payer's and/or Client's personal data in the following cases:
a. The Payer and/or Client uses and accesses the Portal;
b. The client fills in personal data in the registration form to create an account and this account is created or if he changes these data;
c. The Payer and/or Client fills in personal data in a contact form on the Portal or contacts the Operator via email;
d. The Payer and/or Client fills in personal data in the box for requesting advertising and information messages (newsletter);
e. If the Payer and the Client carry out the transaction and the Payment Operation is carried out;
f. When using the Portal, the Operator or third parties process data that can indirectly identify the Payer and/or the Client, especially data from the use of cookies, beacons, pixels and other similar programs that are operated on the Portal, in particular:
i. information and data from devices used by the Payer and/or Client to access the Portal, which may include general information about the Payer's and/or Client's device;
ii. log data, which represent data and information that the Portal server automatically stores whenever the Payer and/or Client accesses the Portal (especially IP address, access time, hardware and software data, number of clicks, pages that the Payer and/or Client see or their order and the time the Payer and/or Client spends on the pages and others);
iii. geolocation information about the location of the device from which the Payer and/or Client accesses the Portal;
iv. information obtained through cookies and other programs for monitoring visitors, including cookies and monitoring programs of Portal partners or social network operators.
3. Purpose of personal data processing
The Operator processes and stores the Payer's and/or Client's personal data under the conditions and within the limits set by applicable legislation for the following purposes:
a. conclusion and fulfillment of the contractual relationship between the Operator and the Payer and/or the Client, the subject of which is the provision of services on the Portal;
b. providing payment services through the Portal and ensuring the operation of the Portal for Payers and/or Clients;
c. provision, improvement and optimization of the operation of the Portal, to increase comfort during its use, to ensure technical support of the Portal, analytical and statistical evaluation of the use of the Portal, detection and prevention of misuse of the Portal (including prevention of fraud, security incidents
and other similar activities), risk assessments;
d. providing customer support for the Portal and responding to inquiries, questions, requests from Payers and/or Clients, including exercising the rights of data subjects under the GDPR and taking measures in connection with the inquiry, question or request;
e. sending informational, service and advertising messages (newsletter) and notifications;
f. fulfillment of legal obligations of the Operator resulting from generally binding legal regulations;
4. Legal basis for personal data processing
The legal basis for processing personal data is:
a. the adoption of measures before the conclusion of the contract as well as the necessity of their processing for the fulfillment of the contract in accordance with Art. 6 par. 1 letter b) GDPR, in particular the performance of the contractual relationship, which is governed by the General Terms and Conditions and ensuring the execution of the Payment operation between Payers and Clients;
b. legitimate interest of the Operator in accordance with Art. 6 par. 1 letter f) GDPR, which is a legitimate interest in ensuring the proper operation of the Portal and all its functionalities, optimization and improvement of the Operator's services and the provision of high-quality customer services and services that are interesting and attractive for customers, prevention and protection of the Portal against fraudulent and other illegal actions, by damage, destruction or other disruption, protection and defense of the rights and claims of the Operator, provision of direct marketing, increase in traffic to the Portal and promotion of the Portal, analysis of own services and products and their improvement;
c. fulfillment of legal obligations pursuant to Art. 6 par. 1 letter c) GDPR, in particular the fulfillment of Act no. 297/2008 on protection against the legalization of income from criminal activity and on protection against the financing of terrorism and on the amendment of certain laws (AML Act).
5. Time of personal data processing
Personal data are processed for the maximum period necessary to fulfill the purpose of processing, i.e. always at least for the duration of the Portal's operation, or the duration of the contractual relationship established by the GTC and the existence of the account. If the Client's account is cancelled, the Operator will process personal data for a reasonable period of time after its cancellation in case the Client decides to reactivate his account. After this period, all personal data associated with the given account will be deleted. In some cases (especially in cases of fulfillment of obligations arising from the AML Act) the Operator will process personal data even for the period during which the Operator is obliged to process personal data according to generally binding legal regulations. Where the data subject has the right to object to the processing of personal data, the Operator will process personal data until the data subject successfully objects to the processing.
6. Recipients of personal data
Personal data may be provided or disclosed:
a. subcontractors (Intermediaries) who process personal data on behalf of the Operator as part of their services and activities for the Operator. Subcontractors process personal data only on the basis of the Operator's instructions, in accordance with the concluded contract, are bound by the obligation of confidentiality and are not authorized to use personal data for any other purpose;
b. to banks that accept payments and payment operations carried out between Payers and Clients;
c. National Bank of the Slovak Republic;
d. to public authorities if such an obligation results from generally binding legal regulations, especially at the request of law enforcement authorities, courts, other public authorities or other authorized persons;
e. Payers and Clients to each other, especially in connection with the implementation of the Payment Operation;
f. operators of cookies, beacons, pixels and other similar programs that are operated on the Portal within the scope of the conditions set by these operators (Google, Hotjar, Smartsuppchat and others).
7. Transfer of personal data
The operator does not transfer personal data outside the European Economic Area. The operator of the Portal operates cookies, beacons, pixels and other similar programs that collect analytical and other information about visitors to the Portal for the operators of these programs. The operator does not have access to this personal data and does not assign it to the personal data it has at its disposal.
8. Rights of the data subject under the GDPR
The Payer and/or Client has the right to request confirmation from the Operator as to whether his personal data is being processed and to request access to this personal data (repeated access to personal data may be charged by the Operator) and information on
a. the purpose of processing personal data;
b. categories of processed personal data;
c. the identification of the recipient or the category of recipient to whom the personal data has been or is to be provided, in particular the recipient in a third country or an international organization, if possible;
d. period of storage of personal data; if this is not possible, information on the criteria for its determination;
e. the right to request from the Operator the correction of personal data concerning the person concerned, their deletion or restriction of their processing, or the right to object to the processing of personal data;
f. just submit a proposal to start a procedure on the protection of personal data;
Mr. sources of Personal Data, if the Personal Data were not obtained from you;
h. the existence of automated individual decision-making, including profiling, especially information about the procedure used, as well as about the meaning and expected consequences of such processing of personal data for the person concerned. The Payer and/or the Client has the right to demand from the Operator to correct incorrect personal data concerning him without undue delay and, taking into account the purpose of personal data processing, also the right to supplement incomplete personal data. The Payer and/or the Client has the right to request the Operator to delete personal data concerning him without undue delay if:
a. they are no longer necessary for the purpose for which they were obtained or otherwise processed;
b. revoked his consent to their processing if the legal basis for their processing was consent;
c. objects to their processing;
d. was obtained illegally,
e. the reason for erasure is the fulfillment of an obligation under this Act, a special regulation or an international treaty to which the Slovak Republic is bound; or
f. personal data were obtained in connection with the offer of services of the Operator's information company. The Payer and/or the Client has the right to request the Operator to limit the processing of his personal data if:
a. objects to the correctness of personal data, during the period allowing the Operator to verify the correctness of personal data;
b. the processing of personal data is unlawful and does not object to the erasure of personal data and requests instead the restriction of its use;
c. The Operator no longer needs the personal data for the Purpose of Processing, but the Customer needs it to assert a legal claim;
d. The Payer and/or the Client objects to the processing of their personal data until the Operator verifies whether the legitimate interests on their part prevail over the legitimate interests of the Payer and/or the Client.
The Payer and/or the Client has the right to demand from the Operator to provide him with personal data concerning him in a structured, commonly used and machine-readable format and the right to demand that the Operator transfer this personal data to another operator, but only if the legal basis for processing personal data is the consent of the Payer and/or the Client or the fulfillment of the contract, and at the same time the processing is carried out by automated means. The Payer and/or Client has the right to object to the processing of their personal data for reasons related to their specific situation. The Payer and/or the Client has the right to initiate proceedings on the protection of personal data before the Personal Data Protection Office of the Slovak Republic.
9. Changes to the Privacy Policy
The operator is entitled to change or modify these Privacy Conditions at any time. If the Operator makes any changes to these Terms of Privacy Protection, it will place the new Terms of Privacy Protection on the Portal and, if necessary, will also inform about the change in the Terms of Privacy Protection via email. The Terms of Privacy Protection, thus changed, will be valid and effective from the moment,
which the Operator determines as the date of their validity and effectiveness, and by using the Portal (with each visit to the website) the Payer and/or Client expresses their consent to these new Privacy Protection Terms.
10. Contact
The Payer and/or the Client or another affected person may contact the Operator regarding the protection of personal data (including the exercise of the rights of the affected persons), in writing by means of a letter sent to the address of its headquarters specified in these Privacy Conditions or to the e-mail address: helpdesk@besteron.sk .