Woodler s. r. o.
ID: 44 732 503
Registered office: Pribinova 4, 811 09 Bratislava, Slovak Republic
Registered in the commercial register maintained by the District court of Bratislava 1 under file Sro 151073/B
(hereinafter referred as the Controller)
1. Purposes and legal bases
Controller might collect and process the personal data of Website visitors, customers and authorised users for the following purposes that will be explained in detail below:
- Analysis of the visits and use of the Website and to improve the visitors experience;
- Management of orders and payments on the e-shop and fulfilling the contracts;
- Management of customer and authorised user accounts;
- Provision of customer support;
- Operation of the Software;
- Sending of marketing communication;
- Other business communication;
- Protection of business interest, processing of claims and complaints;
1.1 Website analysis
1.2 E-shop management
The Controller uses the Website to offer services and products to customers. In order to process orders, conclude contracts and fulfil the contracts certain personal information might be collected, processed and stored. This data might include identification information of customers and persons authorised to act on behalf of the customers, delivery information, contact information (e-mail, phone, address), payment information, credit card information, invoices, orders, contract information and other similar data.
This data about customers is processed as necessary to negotiate the contracts and to fulfil the contracts. If personal data of other persons acting on behalf of the customers are collected and processed, the processing I based on legitimate interest of the Controller to conduct business and to negotiate and fulfil the contracts that those persons negotiated of behalf of the customers.
The data is stored for the duration of the contract and for 5 years after the contract is concluded in order to handle any claims and issues that might arise out of the contracts.
Certain services or products might require the customer to register a customer account and to register authorised user accounts. These accounts are mainly used to manage the customers orders, subscriptions and to manage and operate the Software. Information collected and processed relating to the customer and authorised user accounts include e-mail addresses, name, surname, identification information of the customer, credentials, permissions, account settings, orders, subscriptions and log of user activity.
This data about customers is processed as necessary to negotiate the contracts and to fulfil the contracts. Information about authorised users is collected and processed based on legitimate interest of the Controller to fulfil the contracts with customers that designated those authorised persons.
The data is stored for the duration of any contracts and subscriptions and for 1 year after all of the contracts and subscriptions were terminated for the purpose of seamless renewal of the subscriptions.
1.4 Customer support
This data is processed based on legitimate interest of the Controller and customer in processing the customer support tickets and to fulfil any contract the customer support might be provided upon.
This data is stored until the support ticket is resolved and for 6 months afterwards and if it is related to a contract then for the duration of this contract and 1 year after the termination of such contract.
1.5 Operation of the Software
Certain Software might require connection to the Controller’s system in order to initialize and to operate properly. Information such as installation details, metadata, settings, customers details, subscription details, authorised person’s identification, e-mail and credentials might be processed in order to ensure the proper operation of the Software.
Information is processed based on legitimate interest of the Controller and the customer to fulfil the contracts with customers and to ensure the Software proper operation.
This data is stored only for the duration of the Software operation and are disposed of afterwards unless needed for other described purpose.
1.6 Marketing communication
The controller might send the customers an e-mail from time to time about recent news, new products and services, changes to the Software and other relevant information about the Controller and its business if the customer or authorised person registers for the newsletter.
The e-mail newsletter is sent based on the consent of the customer or its authorised person.
The e-mail address will be kept in the mailing list until the person opts-out of the mailing list or until the connected customer account or authorised person account is closed. The option to opt-out is offered at the account settings and in every message.
1.7 Business communication
The communication is based upon your consent implied by contacting the Controller.
The data is kept only for reasonable duration to handle the communication and to reflect upon it and in any case no longer than 1 year after the communication ceased.
1.8 Protection of business interest, processing of claims and complaints
Any data collected and processed by the Controller might be used to protect the Customer from claims, to enforce claims of the Controller and to settle disputes and complaints.
Processing pursuant this purpose is based on legitimate interest of the Controller to protect its business interests, enforce its claims and defend against claims of third persons and to settle disputes and complaints.
Any data might kept even after the above mentioned retention periods expire if it is necessary for this purpose and shall be kept until the purpose is fulfilled.
2. Transfers of personal data
Any data collected and processed by the Controller is kept secure and in confidentiality. The Controller shall never sell your data to third parties without your express consent. The data might be shared with third parties where it is a statutory obligation of the Controller and where the Controller uses third party services to outsource part of the processing to processors. The processor are selected with diligence and are bound to protect the data under data processing contracts.
In general, the Controller employs the following categories of processors:
- accounting, tax and legal advisers;
- IT infrastructure services (cloud computing, webhosting, e-mailing service etc.);
- payment service providers;
- web analytics services;
- helpdesk service;
- scheduling service providers;
- contractors (e.g. customer support operators);
2.1 Google Analytics Service
The Controller uses the Google Analytics services for the Website analytics. Google Analytics service is provided by Google LLC a company established in the USA. The Controller has concluded a data processing contract according to the GDPR with the Google LLC based on the standard contractual clauses approved by the European Commission.
Follow these links in order to find out more about the Google Analytics service and how the Google LLC handles the data:
2.2 Stripe payment processing
To process payments the Controller uses the Stripe payment processing service provided by the Stripe, Inc. a company established in the USA. The Controller has concluded a data processing contract according to the GDPR with the Stripe, Inc. based on the standard contractual clauses approved by the European Commission.
Follow these links in order to find out more about the Stripe payment processing service and how the Stripe, Inc. handles the data:
2.3 Calendly scheduling
To automatically schedule appointments and calls the Controller uses the Calendly scheduling service provided by the Calendly LLC a company established in the USA. The Controller has concluded a data processing contract according to the GDPR with the Calendly LLC based on the standard contractual clauses approved by the European Commission.
Follow these links in order to find out more about the Calendly scheduling service and how the Calendly LLC handles the data:
2.4 Jira helpdesk service
To handle the customer support tickets the Controller uses the Jira Service Management by the Atlassian Pty Ltd a company established in Australia. The Controller has concluded a data processing contract according to the GDPR with the Atlassian Pty Ltd based on the standard contractual clauses approved by the European Commission.
Follow these links in order to find out more about the Jira Service Management and how the Atlassian Pty Ltd handles the data:
2.5 Service providers for the Website
3.1 What are cookies in general
Cookies are small text files that are stored in your browser. They are used by web developers to help users navigate their websites efficiently and perform certain functions. Due to their core role of enhancing/enabling usability or site processes, disabling cookies may prevent users from using certain functionality of the Website. To find more about cookies you can visit the allaboutcookies.org or related wikipedia page.
3.2 List of important cookies
The Website uses the following cookies custom cookies:
|cookieHidden||Stores information about cookie confirmation||365 days|
|PHPSESSID||Information about currently logged in user||14 days|
3.3 Third party services
3.3.1 Google Analytics
Google Analytics service uses collected cookies to analyse how the Website is used. The information generated by the cookie about use of the Website (including IP address) will be provided by Google, Inc. uploaded and stored on Google, Inc. servers All data obtained in this way will be processed anonymously. For more information on cookies used by Google analytics follow the link provided.
3.3.2 Google AdSense
3.3.3 Google Doubleclick
Google Doubleclick cookies are used by the Google Marketing platform and Google Ad manager to improve advertising. Cookies themselves contain no personally identifiable information. For more information on the Google Doubleclick cookies follow the link provided.
3.3.4 Lead Forensics
Lead Forensics cookies are used to generate leads for potential business opportunities from the Website visits. Data collected by these cookies might be shared with Lead Forensics, a company based in United Kingdom of Great Britain and Northern Ireland. For more information on the Lead Forensics cookies and how the service works follow the link provided.
3.3.6 Facebook Pixel
Facebook Pixel cookies are used to improve advertising. The collected information might be shared with Facebook, a company based in the USA through its Ireland based subsidiary. For more information on the Facebook cookies follow the link provided.
3.4 Your choices
3.4.1 Settings in your browser
You can set your browser to reject all cookies or just the ones you select. Your setting might be interpreted as your consent with storing and using cookies. You can learn how to set your browser preference in the Help section of your browser. Should you decide to reject all cookies, please remember that the Website and our application might not function properly.
You can also delete any cookies from your browser after you visit of the Website to maximise tour privacy.
3.4.2 Google Analytics
You can opt-out of the Google Analytics by using the Google Analytics Opt-out Browser Add-on.
3.4.3 Google Ads Settings
You can opt-out of targeted advertising from Google using this website.
3.4.4 Facebook Pixel
3.4.5 Technical and security cookies
The cookies used to handle authentication and technical cookies used for e-shop operation and user accounts operation are necessary for proper operation of certain functions of the Website. If you reject all cookies or set your browser to not store any cookies then some functions of the Website might not work properly or might not work at all and some services might be unavailable.
4. Advice on rights
You have the following rights in connection with processing of your personal data: (1) the right of access to personal data, (2) the right to rectification of inaccurate personal data, (3) the right to restriction of processing, (4) the right to erasure of personal data, (5) he right to object to processing of personal data, (6) the right to revoke your consent, (7) the right to data portability and (8) the right to lodge a complaint with a supervisory authority.
Controller might need to verify your identity when you make a request to exercise any of the rights mentioned above and is entitled to request further information in order to comply with your request.
4.1 Right of access
In relation to processing of personal data, you have the right to obtain, upon your request, information about the processing and the copy of your processed data.
4.2 Right to rectification
When you have reason to believe your personal data are inaccurate, outdated or incorrect in any way, you have the right to contact the Controller and the controller will ensure due rectification when provided with accurate, up to date and correct information.
4.3 Right to restriction of processing
In cases presumed in Article 18 of GDPR, e.g. where the processed personal data are inaccurate or you have objected to the processing, you have the right to request restriction of the processing of the personal data.
For the period of the restriction, personal data shall only be stored with and may not be subject to any other operation without your consent. The restriction of processing lasts for the duration of any of the above described situations. You shall be informed of the termination of such restriction.
4.4 Right to erasure (right to be forgotten)
In cases presumed in Article 17 of GDPR, e.g. when you withdraw your consent or the personal data are no longer necessary, you have the right to their erasure.
Nevertheless, in some cases the right to erasure is limited. For example, personal data processed for compliance with legal obligations imposed on the Controller must not be erased before the expiry of the retention period specified in law.
4.5 Right to object
In case of the processing based on legitimate interests and/or for the purposes of direct marketing, you may lodge a reasoned objection to the processing. The grounds for the objection will be assessed and you will be notified of the decision. Based on the assessment the processing shall be either ceased or the objection shall be dismissed.
4.6 The right to withdraw consent to processing of personal data
In case of processing of personal data based on consent, this consent may be withdrawn at any time.
4.7 Right to data portability
Where the processing of personal data provided by you is based on consent or on a contract and is carried out completely by automated means and the personal data are stored in a structured, machine-readable format, you have the right to receive these personal data in a structured, machine-readable format.
4.8 Right to lodge a complaint with a supervisory authority
If you consider that your personal data are not processed according to law, you have the right to lodge a complaint with a supervisory authority of your habitual residence, place of work or place of the alleged infringement.
Default supervisory authority for the Controller is:
Úrad na ochranu osobných údajov Slovenskej republiky
Postal Address: Hraničná 12, 820 07 Bratislava 27
Phone: +421 /2 3231 3214
5.2 Effective date
6. Contact details
If you have any questions related to the privacy and personal data processing feel free to contact the Controller on these contacts:
|Phone:||+421 948 299 095|
|Postal Address:||Pribinova 4, 811 09 Bratislava, Slovak Republic|