Introduction
Principles of personal data protection
Your personal data is processed solely on the basis of legal grounds set out in the Regulation or by law. As the Controller, we are responsible for protecting your personal data, which we process only to the extent necessary and strictly in accordance with the purposes and legal basis described in this document.
We process personal data in a secure manner, and appropriate technical and organisational measures are taken to ensure protection against loss, misuse, access by unauthorised persons, disclosure, alteration, or destruction.
Source of personal data
We obtain your personal data directly from you. This occurs when you voluntarily provide it in connection with an inquiry or order for our products or services, or when you contact us via email, telephone, online forms, or when placing an order through the www.3mon.sk website or our e-shop.
We may also obtain personal data from a business partner who has provided your contact details, typically in connection with an order, delivery, or fulfilment of contractual obligations, where the partner has identified you as the authorised contact person for fulfilling contractual tasks.
Your personal data can also be processed on the basis of publicly accessible resources, such as public registers, public directories, or publicly available websites, strictly to the extent necessary for performing our activities in compliance with applicable legislation.
Categories of personal data
The data we typically process about applicants, customers, business partners, including personal data of their employees:
Identification and contact details: mainly name, surname, contact and delivery postal address, telephone contacts, email contacts, and, where applicable, if you act as a self‑employed individual, also your business name, business address or registered office, identification number and tax identification number.
Data related to orders/requests: information about the subject of your order or your request.
Banking, financial and transactional data: credit card number, bank account details, payment information.
Information about our mutual communication or other contact made in connection with inquiries or within a contractual relationship: mainly communication channels used, the date and content of such communication.
Information related to complaints, claims or appeals you have submitted: mainly identification and contact details of the complainant, details of the complaint or claim, records of handling the complaint or claim, and related communication.
Video recordings from camera systems in the event of your personal visit to our premises in Bratislava, where video monitoring is carried out for the purpose of increasing security and protecting property.
Necessity of providing personal data
We need your personal data because, if you do not provide it, it may not be possible to establish a contractual relationship between you and us as the supplier or buyer, as required by Act No. 513/1991 Coll., the Commercial Code. Identification of contractual parties is one of the essential elements of a contract, and without your necessary identification data the contract cannot be validly concluded.
If you decide not to provide us with your telephone number or email address, this may prevent a smooth contractual relationship, as our mutual communication would not be as effective as if you provided this information.
If you refuse to provide your email address, we may not be able to send you electronic invoices, notifications, or other communication required for the performance of contractual obligations.
Furthermore, if you do not provide other necessary personal data that is essential for the proper performance of the contractual relationship, this may result in delays in communication or fulfilment of contractual obligations.
Recipients of personal data
All your personal data will be stored in our internal systems and may be further provided by us to various cooperating entities. Recipients of personal data may include:
- supervisory, regulatory and other state authorities performing their activities under applicable legislation, e.g. the Slovak Trade Inspection, the Office for Personal Data Protection, the Tax Office, etc.,
- courts and authorities active in criminal proceedings based on their requests, or within the legitimate interests of the Controller for proving, exercising, or defending legal claims,
- contractually authorised service providers, who:
- provide us with IT administration and maintenance services, hosting and servicing of software applications we use,
- deliver or transport goods you have ordered (Slovak Post, carriers, couriers),
- provide secure online payment services (payment gateway providers),
- provide accounting services,
- provide legal services, especially in matters related to the exercise or enforcement of our rights arising from contractual relationships and representing the Controller before courts, authorities, or other bodies (lawyers, executors),
- our business partners, in cases where we process personal data under the legitimate interest of the Controller or based on your consent,
- financial institutions, e.g. banks, for the purpose of processing payments,
- entities ensuring postal and courier services, for the delivery of ordered goods or documents,
- insurance companies, if required for settling insurance events related to contractual performance,
- marketing service providers, if you have granted consent for receiving marketing communication,
- providers of cloud services, where your personal data may be stored in connection with system use or service operation.
With all processors, we have duly concluded contracts based on which they ensure the protection of your personal data. We take care to ensure that these processors comply with the required level of personal data protection in accordance with applicable legal regulations relating to the protection of personal data.
Purpose and duration of personal data processing
- Purchase of goods through the e‑shop, delivery of goods, processing complaints and insurance claims
For the performance of contractual obligations arising from your order placed via our e‑shop, based on which we supply goods to you or to our customer, as well as for related activities carried out in connection with the processing of your order, such as delivery of goods, handling of insurance claims, processing complaints or claims, invoicing, and communication regarding the supply of goods or services. The primary legal basis for processing your personal data for this purpose is Article 6(1)(b) and (a) of the Regulation, i.e., performance of the contract and fulfilment of statutory obligations of the Controller arising mainly from Act No. 513/1991 Coll. the Commercial Code, as amended, and other relevant legal regulations. The provision of personal data necessary for performance of the contractual relationship is essential for the fulfilment of your request. If you do not provide personal data in this context, we may not be able to conclude the contractual relationship.
Your personal data will be processed for the period necessary to achieve the purpose of processing, but no longer than for the duration of the contractual relationship. After fulfilling the contractual obligations, your personal data will be retained during the statutory retention period. In general, this is a period of 10 years from the termination of the contract, as the obligation to retain accounting and tax documents continues even after the termination of the contractual relationship under applicable legislation, particularly accounting regulations and the tax law.
- Provision of services
For the performance of contractual obligations related to the execution of measures before concluding a contract based on your request, or after concluding a contract related to the provision of our services, including customer support and assistance in resolving your requests, preparation and conclusion of contracts, performance of contractual obligations and communication during the contractual relationship until its termination. The legal basis is Article 6(1)(b) of the Regulation. Performance of contractual obligations is not possible without mutual cooperation, and in the event of non‑provision of personal data, we cannot fulfil your request or conclude a contract.
Your personal data will be processed during the duration of the contractual relationship and, after its termination, for the statutory retention period, typically 10 years from the termination of the contract, especially in accordance with tax and accounting regulations.
- Handling customer requests
For the purpose of handling your requests, we process the following personal data: name, surname, contact details, content of the request, and any other data necessary for handling your request. The legal basis is Article 6(1)(b) of the Regulation — performance of measures prior to entering into a contract or performance of the contract, as well as Article 6(1)(f) — legitimate interest of the Controller.
Your data will be retained only for the period necessary to handle your request.
- Exercising the rights of data subjects
As the Controller, we are legally obligated to ensure proper handling of requests through which data subjects exercise their rights under the Regulation.
Your personal data will be processed only for the time necessary to properly handle the request, usually within the period in which you exercise the right, typically up to 5 years.
- Exercising the company’s legal claims
The company processes the following data for the purpose of asserting the company’s legal claims:
Data contained in contracts with customers and suppliers, data contained in complaints and claims, data necessary for filing a lawsuit by the company, data stated in lawsuits filed against the company, data contained in records of thefts, data kept in accounting documentation, and other data necessary in connection with the potential assertion or defence of the company’s legal claims or interests. The purpose of processing this personal data is the legitimate interest of the controller, and the legal basis for processing is Article 6(1)(f) of the GDPR. The processing of personal data by the company is necessary for the purposes of the company’s legitimate interests. The legitimate interest of the company lies in the protection of its property as well as protection against unfounded claims made against the company.
If we assert legal claims against you and initiate judicial or administrative proceedings, or if you assert legal claims against us and initiate judicial or administrative proceedings, personal data will be processed for the purpose of proving, asserting, or defending legal claims until such proceedings are finally concluded.
If you have failed to fulfil your obligation towards our company, if damage has arisen to us due to reasons on your side, or if you are asserting claims against our company through certain legal means, or if there is a real risk that any of the above situations may occur in the future, we may process your personal data in the full scope listed above on the basis of the legitimate interest of our company. This legitimate interest consists in the enforcement of our claims and/or the protection of the rights and legally protected interests of our company (e.g. establishing, defending, or enforcing legal claims before a court). For this purpose, we retain your personal data for the statutory limitation period.
- Protection of property and enhancement of security at company premises through a camera system
The company operates a video monitoring system at its premises, recording footage for the purpose of increasing security and protecting property, with the aim of preventing criminal activity and other unlawful conduct in the area of property protection, particularly acts such as burglary, theft, and damage to third‑party property, as well as protecting persons and health within the premises of the Controller. The legal basis for processing is the Controller’s legitimate interest (Art. 6(1)(f) GDPR).
Video recordings from the camera system are retained for a period of 14 days from the date the recording is made.
Live monitoring of the camera system and the recordings stored locally on our own servers allow for immediate detection of suspicious activity or behaviour of persons entering the premises of the company, and are used only to the extent necessary for achieving the purpose described above. In cases of suspected offences or criminal acts, the recordings from the camera system may be provided to the Police, prosecution authorities, or other authorities involved in criminal proceedings, misdemeanour proceedings, or proceedings for the purpose of clarification or investigation. For operational inspection and maintenance of the system, access to your personal data may also be temporarily granted to a contracted company responsible for servicing and maintaining the camera system.
Transfer to third countries or international organizations
Withdrawal of consent
Privacy protection on our websites
Our website contains links to our profiles on social media platforms (Facebook, Instagram, LinkedIn, and others). Once you click these links, the privacy policies of the respective social network providers apply. We recommend reviewing their privacy terms before using these linked websites.
Children
Our website is not intended for children, nor do we knowingly request personal data from children or store such data. If we become aware that a child has provided personal information through one of our websites, we will delete that information from our systems.
Your additional rights related to the protection of personal data
In connection with the processing of your personal data, you may exercise the following rights:
- Right of access to personal data (Art. 15 of the Regulation); You have the right to obtain confirmation from us as to whether or not we process your personal data, and if we do, you have the right to access such personal data (their copies), as well as information relating to the processing of personal data under Article 15 of the Regulation.
We will provide you with a copy of your personal data and relevant information in a commonly used electronic or written form, unless you request otherwise. If the request is made electronically, the information will be provided in an electronic format, unless you request otherwise. This does not affect our obligation to ensure adequate identity verification before providing data, including data security measures.
- Right to rectification (Art. 16 of the Regulation); You have the right to request the correction of inaccurate personal data concerning you without undue delay. Taking into account the purposes of processing, you also have the right to have incomplete personal data completed, including by providing a supplementary statement.
Please note that we are required to correct only such personal data that we process correctly and for which we are responsible. We are not required to correct personal data that we did not receive from you.
- Right to erasure (“right to be forgotten”) (Art. 17 of the Regulation); In certain cases specified by law, you have the right to request the erasure of your personal data. This includes situations where the data is no longer necessary for the purposes for which it was collected, you withdraw consent and there is no other legal basis for processing, or the personal data has been unlawfully processed. We will assess each request individually and erase the data if the legal conditions are met.
This right is not absolute and does not apply in all cases. For example, we may retain data if required by law or necessary for the establishment, exercise or defence of legal claims, or for compliance with legal obligations.
- Right to restriction of processing (Art. 18 of the Regulation); In certain cases (e.g., if you contest the accuracy of your personal data or if the processing is unlawful), you may request the restriction of processing. In such cases, we will not process your data except for storage, unless you consent, or it is required for legal claims or protection of rights of others. If processing is restricted, the data will not be actively used until the restriction is lifted.
- Right to data portability (Art. 20 of the Regulation)
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine‑readable format, and you have the right to transmit that data to another controller. This right applies only where processing is based on consent or on a contract and is carried out by automated means.
- Right to object to processing (Art. 21 of the Regulation); You have the right to object at any time to the processing of personal data that is based on our legitimate interest. Upon receiving an objection, we will cease processing your personal data unless we demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.
If personal data is processed for direct marketing purposes, you have the absolute right to object at any time, and in such case we will stop processing your data for these purposes.
- Right not to be subject to automated decision-making (Art. 22 of the Regulation); As part of our processing activities, we do not use automated decision-making, including profiling, that would produce legal effects concerning you or similarly significantly affect you. If we were to introduce such technologies in the future, we would inform you in advance in accordance with the Regulation.
- Right to lodge a complaint with a supervisory authority (Art. 77 of the Regulation); If you believe that your personal data has been processed unlawfully or your rights under the Regulation have been violated, you have the right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic (https://dataprotection.gov.sk/).or with another competent supervisory authority, depending on your place of residence or place of alleged violation.
Final provisions
In case of any questions related to the processing of your personal data, you may contact us in person or in writing at our registered office address, or you may contact our Data Protection Officer directly via e‑mail at: info@3mon.sk .
These information provisions are valid and effective as of 01.03.2026.
We reserve the right to modify, amend or update this personal data protection information at any time. Please check regularly to ensure that you are familiar with our most up‑to‑date notice.
