Privacy Policy
The personal data controller is the company Expresta s.r.o., ID: 43 954 782, VAT ID: SK2022532600, with its registered office at Obchodno-výstavný objekt B, Devínska Nová Ves 7465 Bratislava - mestská časť Devínska Nová Ves 841 07, Slovak Republic, registered in the Commercial Register kept by the Municipal Court Bratislava III, Section Sro, Insert 50241/B (hereinafter referred to as "we" or "the controller").
1. Introduction
We do not take the protection of personal data lightly. In this Policy you will learn for what purpose, for what reason and in what way we process your Personal Data. You will also find information about your rights in relation to the protection of personal data.
If you have any further questions regarding the processing of your Personal Data, please contact us by e-mail info@expresta.eu.
How do we process your personal data? We process your personal data only to the extent necessary to achieve the purpose for which the data was collected and we comply with security technical and organizational rules when processing them. The personal data processing process is automated, but we do not perform profiling.
2. What Personal Data do we Process? For How Long and Why?
We only process the personal data that you provide to us. If you use the services of our e-shop, we process various types of personal data about you. We need some personal data to fulfill the purchase contract, we process some personal data based on our legitimate interest. For some personal data, we are required to process it by law (for example, accounting). In some cases, we use processors who may have access to your personal data. These include accounting firms or marketing specialists. If necessary, we will request your consent to process your personal data.
Personal data categories:
- ✓ Name and surname, contact details (especially e-mail, phone number)
- ✓ Login to the user account and behavior in the user account (in particular, data filled in by the User in the user account, purchase history, registration time, date of last profile update)
- ✓ Billing details and bank details (data necessary for accounting and payment processing)
- ✓ Note on the order and other information that you provide to us as part of your communication with us (this will mainly include your questions and answers to your questions, communication with you)
- ✓ Reviews (first and last name or nickname, email and other information you provide as part of the review)
- ✓ Cookies and IP address, activity data (including information about your device or operating system)
- ✓ Comments you add to our posts on social networks (especially Instagram, Facebook, LinkedIn, Youtube, TikTok), as well as the name (nickname) of your profile on these social networks and information you make publicly available on your profiles
- ✓ Personal data that you entrust to us as part of the competitions we organize (in particular, first and last name, nickname on the social network, e-mail, phone number).
- ✖ Special categories of personal data. We do not process any sensitive personal data about you.
- The specific purposes of data processing and the categories of personal data that we process for each purpose are detailed in the following section. For each purpose, we will inform you about how the data is processed and how long each processing takes.
A. Users of Our Websites
If you visit our website, we process your personal data for the purposes set out in this table. If you are interested, you can subscribe to receive commercial communications or similar promotional material on the website or via email, which we prepare for potential customers of our products. To subscribe to commercial communications, you must provide us with your consent to process some of your personal data.
| Why? | What data? | As? | How long? |
|---|---|---|---|
Visiting websites. | Information about when and how you visit and browse our websites may include: | Cookies or other technologies for tracking User behavior. | The duration of processing varies depending on the type of cookie. Some process data only for the duration of the session (visit), some for a longer period. For more information, see the Cookie Policy. |
Communication with customer support, requests and complaints. | Name, surname, phone number, email. | In order to process your inquiry, we process personal data that is necessary to process it. Communication takes place by phone, e-mail, or directly on our website. | Closed queries are deleted regularly, but no later than 3.5 years after the query was submitted. |
Sending Commercial Communications (direct marketing). | Name, surname, phone number and email. | We send a newsletter in which we inform you about our goods, services and news. | The data is processed for 5 years from the last active viewing of the newsletter, unless you unsubscribe earlier. |
B. Customers
If you create a user account with us, we will process your personal data to the extent necessary for the purpose of maintaining the user account and processing your order. If you are interested, you can subscribe to receive commercial communications or similar promotional material that we prepare for existing customers on the website or via email.
| Why? | What data? | As? | How long? |
|---|---|---|---|
Visiting websites. | Information about when and how you visit and browse our website may include: IP address, date and time of access to our website, information about your internet browser, operating system or language settings, history of your behavior on the website. If you visit our website via a mobile phone, we may also process data about your phone. | Cookies or other technologies for tracking User behavior. | The duration of processing varies depending on the type of cookie. Some process data only for the duration of the session (visit), some for a longer period. For more information, see the Cookie Declaration. |
Order Processing. | During the Order, you enter your name, surname, e-mail, telephone number, contact and delivery address, billing information, and possibly notes. | You will provide us with this information when filling it out either as part of registering for a user account or during the Order. | The data is processed for the duration of the Contract, or until its transfer and subsequently for a period of 4 years from the end of the Contract. |
Complaints. In order to handle a complaint, we will process some personal data in order to comply with a legal obligation and also to fulfill the concluded Contract. | Name, surname, e-mail, telephone number, details of the concluded Contract, delivery and necessary payment details. | You provide us with this Personal Data for the purpose of purchasing goods on our e-shop; we process the Order and then fulfill obligations set out by law or the Contract. | We process your Personal Data for the duration of the customer's contractual relationship with us and subsequently for a period of 4 years after its termination. |
User account. | The data filled in during registration, in particular your e-mail and other contact details (see above). | You provide us with this information when creating a user account. | We process your Personal Data for this purpose for the duration of the user account and subsequently for a period of 4 years after its termination. |
Communication with customer support, requests and complaints. | Phone number, name, surname, possibly e-mail, details of the order placed. | Communication with customer support takes place by phone, email, or directly on our website. Calls are recorded. | Closed inquiries and complaints are deleted regularly, but no later than 3.5 years after the inquiry or complaint has been resolved. |
Communication in voice self-service. | Phone number, name, surname, or e-mail, details of the order placed. The scope of processing of Personal Data may vary depending on which Personal Data will be communicated during the voice self-service call. | Communication in voice self-service takes place over the phone. Calls are recorded and you will be notified in advance. | The recording of voice self-service calls is stored for 3 months from the time the query is made, then it is deleted. |
Marketing, especially sending commercial communications. | Name, surname, phone number and email. | We send a newsletter in which we inform you about our goods, services and news. | The data is processed for 5 years from the last active viewing of the newsletter, unless you unsubscribe earlier. If you do not want to receive the newsletter, you can unsubscribe in the email footer. |
Satisfaction evaluation. We have a legitimate interest in finding out whether you were satisfied with our services and also with the goods ordered from our e-shop. | Name, surname, email address of the customer and information about the ordered goods. | Unless you object in advance (e.g. as part of an Order), we will provide some Customer Personal Data to a third party for the purpose of evaluating customer satisfaction. | We process data for the duration of the customer's contractual relationship with us and subsequently for a period of 4 years after its termination. |
Review. | First and last name or nickname, email, possibly inserted photo or video and other personal data communicated within the text of the review. | You voluntarily provide us with your personal information for the purpose of writing a review and publishing it. | Reviews are entered until you withdraw your consent; we process any personal data for a maximum of 5 years. |
Bookkeeping. | Invoice data: name, surname, e-mail address, billing address, or other identification of the User and details of the performance according to the Order. | After you fill out your payment information in your profile, we will store this information to create an invoice. We are fulfilling a legal obligation. | We are required by law to archive accounting documents and accounting records (invoices) for a period of 5 years starting from the end of the accounting period to which they relate. We are also required to retain the invoice for a period of 3 years from the end of the tax period in which the tax liability related to the invoice arose. We are also required to archive tax documents for a period of 10 years from the end of the tax period in which the performance took place. |
Compliance with legal obligations. | In particular, this may include the name, surname, email address, billing information, or other identification of the User. | In this case, we process your Personal Data to comply with applicable legal regulations (fulfillment of a legal obligation). | We process your Personal Data for the period specified by applicable legal regulations. |
We hold competitions. So that we can evaluate the competition, announce and publish the winners on our Websites and social networks. You consent to participate in the competition. | Name, surname, address, telephone number, e-mail address or other information that may be specified in the terms of the competition. | You voluntarily provide us with Personal Data when participating in a competition on social networks or on our Websites. | The data is processed for 5 years from the last end of the competition, unless you withdraw your consent earlier – or another period if stated differently in the competition terms. |
3. Who are Our Processors?
You already know that we collect and process your personal data as their controller. We primarily process your personal data.
Processors. In some cases, when we use the services of third parties for the proper functioning of our e-shop, your data is also processed by these third parties, who are called Processors. Processors process your data only on the basis of our instructions. We only use verified Processors with whom we have a written contract, and who provide us with at least the same guarantees as we provide you. We have listed the data that Processors may process, including their purpose and legal title of processing, above. In the table below you will find an overview of our Processors. We will be happy to provide you with details about the Processors upon request.
| Website operation and security | Webhouse |
| Regular website traffic analysis | Google Analytics |
| Order Processing | |
| Complaint | |
| Handling inquiries and communicating with us | |
| Marketing | |
| Business communication | Bloomreach |
| Social networks | |
| Satisfaction rating | Heureka |
Legal obligations. We may transfer personal data to third parties, in addition to our Processors, if required by law or in response to legal requests from public authorities or at the request of a court in litigation.
4. What Measures Have We Taken To Protect Your Personal Data?
Technical and organizational measures. Security is very important to us and we are constantly working to protect your personal data. When choosing measures, we take into account the scope of processing, the risk of processing or the state of our technology.
- we regularly back up data;
- we update antivirus software systems;
- we use the secure https protocol;
- our data on servers is encrypted;
- we encrypt data using SSL/TLS for all data transmission;
- access passwords to information systems and access permissions are controlled at the individual level.
Organizational measures. We have adopted and are committed to maintaining the following measures:
- our employees are bound by confidentiality;
- our employees are properly trained and also regularly trained regarding GDPR and familiarized with the rules of safe work on work equipment;
- access to all systems, including the information system, is personalized and protected by secure passwords;
- the information system records logs so that we can control employee access to individual Users' Personal Data.
5. Your Rights And Possibility To Make A Request Concerning The Protection of Personal Data
In connection with the protection of personal data, you are guaranteed the rights described below, which you can exercise with us as the administrator.
Right of access
We will confirm whether we are processing your personal data. You have the right to information about the purposes of processing, the categories of personal data, the recipients to whom they are disclosed, the period of processing. You have the right to know whether any right has already been exercised. It is also a prerequisite that the rights and freedoms of other persons and a copy of the personal data will not be adversely affected.
Right to correction
We will correct inaccurate personal data upon your request. You can correct some data in your user profile.
Right to erasure
If there is no other reason to continue processing this data, we will delete or anonymize the data you requested.
Right to restriction of processing
Please contact us if you believe that we are processing your data incorrectly, whether it concerns the reasons for the processing or its scope.
Right to notification of correction, erasure or restriction of processing
If you contact us with a request, we will inform you of the outcome. Sometimes it may happen that we will not be able to comply (e.g. the email address you wrote to us from is no longer working).
Right to portability
We will provide your personal data, which you have provided to us in a structured and machine-readable format, to another controller at your request.
Right to object
If we process your data based on a legitimate interest (e.g. sending a newsletter to Users). It is up to us to prove our legitimate interest. If your objection is justified, we will stop processing your personal data.
Right to withdraw consent
If you have changed your mind, please let us know. Processing for marketing and commercial purposes can be revoked at any time.
Automated individual decision-making including profiling
Do you not want decisions about you to be made using a computer? We respect your right, so we do not perform profiling. We process Orders, so your personal data may be processed automatically.
6. How to Proceed When Submitting an Application
Who can submit a request? You can submit a request regarding the protection of personal data if you are the data subject, their legal representative, guardian or a person authorized by the data subject based on a power of attorney.
How can I submit an application? You can submit an application via e-mail: info@expresta.eu or in paper form to the registered office address: Obchodno-výstavný objekt B, Devínska Nová Ves 7465 Bratislava - mestská časť Devínska Nová Ves 841 07, Slovak Republic.
What must the request contain? The request must include your identification, the subject of the request (a description of what you are requesting) and a signature, if it is in writing. Since we register most of the data under your telephone number or email, please indicate which number or email your request relates to. You may be asked to prove that you actually use the contacts listed. If the necessary information is missing, we will ask you to complete it, and the processing period will only start after receiving it. Anonymous requests cannot be processed and your identity will be verified if necessary.
How quickly will we process your request? We will respond to you within one month at the latest. If providing information would endanger the privacy of other persons, or would be disproportionate to the risks or costs of providing it, we may not be able to comply with your request. After submitting your request, we will inform you of its receipt. We will refer you to available documents regarding the processing of personal data, if applicable. The request will be processed based on verification and we will inform you of the result. The processing period is within 30 days of receipt of the request or of the provision of the necessary data, but it may be extended by up to another 60 days depending on the complexity or number of requests. We will inform you of any extension in a timely manner.
Is there a fee for submitting a request? Submitting a request is usually free of charge, but in some cases, for example when requesting information on a technical medium, a reasonable fee may be charged. In the event of a repeated request, the controller will also be entitled to charge a reasonable fee for a copy of personal data.
When can an application be rejected? An application may be rejected if:
- unreasonable repetition (e.g. third and subsequent requests with the same content within six months),
- the request is unfounded,
- failure to provide missing information after repeated requests,
- refusal to pay the fee in the event that the administrator is entitled to claim the fee.
7. Conclusion
This Privacy Policy may only be amended in writing. You will be notified of this via our website.
If you have any questions regarding our Privacy Policy, please contact us at info@expresta.eu.
If you are dissatisfied, you can submit a suggestion or complaint to the Office for Personal Data Protection at any time, with its registered office at Pplk. Sochora 727/27, 170 00 Prague 7 – Holešovice (more at https://www.uoou.cz/).
Answers to frequently asked questions are here.
These Personal Data Processing Policies are effective from 1.5.2026.
