within the meaning of Article 19 et seq. of Act No. 18/2018 Coll. on Personal Data Protection and on Amendments and Supplements to Certain Acts, as amended, in accordance with Articles 13 and 14 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”).
Pursuant to the provisions of Article 19 et seq. of Act No. 18/2018 Coll. on Personal Data Protection as amended (hereinafter referred to as the “Personal Data Protection Act”), we hereby provide you as the data subject with the following information about the processing of your personal data.
Data controller: The controller is the company NG Aviation s.r.o., organizačná zložka, with its registered office Ivánska cesta 30/B, 831 04 Bratislava, Company ID: 505 179 02, represented by: Simona Franková (hereinafter referred to as the “Controller”).
In the processing of personal data, in addition to the Controller and the companies related to the NG Aviation s.r.o.. and their employees, other persons processing personal data as processors may have access to personal data. A specific, continuously updated list of processors, i.e. recipients of personal data processed on behalf of the Controller, in following categories:
• Companies providing marketing services
• Companies providing payroll and accounting services
• Companies providing internal and external audit services
The legal basis for the processing of personal data is, as a rule, the fulfilment of the statutory obligation (in particular Act No. 18/2018 Coll. on Personal Data Protection), the conclusion, administration and fulfilment of contractual obligations arising out of employment and commercial contracts, the legitimate interest, which is the protection of rights and interests of the Controller and his employees protected by right, as well as the consent of the data subject (mainly for the purposes of marketing, competitions, social events, etc.). The consent to the processing of personal data must be granted voluntarily, and the data subject may withdraw the consent at any time. However, the consent is necessary for the Controller to ensure, for example, corporate events, and the like, and without such consent, the Controller is not entitled to provide the services in question. If the data subject refuses to provide the Controller with the personal data required for the purpose of fulfilling the contractual obligations of the Controller or complying with the law, the Controller is not obliged to conclude a contract or provide any other services.
We collect our merchants’ customers’ name, email, shipping and billing address, payment details, company name, phone number, IP address, information about orders you initiate, information about the NG Aviation – supported merchant stores that you visit, and information about the device and browser you use. We collect this information when you use or access a store that uses our services, such as when you visit a merchant’s site, place an order or sign up for an account on a merchant’s site. As you visit or browse the NG Aviation website, we collect information about the device and browser you use, your network connection, your IP address, and information about the cookies installed on your device. We also collect personal information submitted by you via any messaging feature available from our website. From forum users, we collect your name, email address, website URL, and other personal information you may post.
We use this information to provide our merchants with the services, including supporting and processing orders, authentication, and payments. We also use this information to improve our services. NG Aviation works also with a third parties and service providers to help provide our merchants with the services and we may share personal information with them to support these efforts. We may also share your information in the following circumstances:
The Controller is authorized to process personal data of data subjects for a period of time determined in accordance with the relevant legislation. Processing of personal data upon a consent shall only be possible for the period for which the consent was granted. The consent is granted to the Controller for the following three (3) years or until the moment of withdrawal of the consent. Upon expiry of the relevant period, personal data will be erased if their storage is not required under the relevant Slovak legislation.
As regards the processing of personal data, data subjects may exercise the following rights:
• the right to access and be provided information about their personal data;
• the right to the rectification of personal data;
• the right to the erasure of personal data;
• the right to the restriction of personal data processing;
• the right to personal data portability;
• the right to object to the processing of personal data;
• the right to the ineffectiveness of automated individual decision-making, including profiling;
• the right to withdraw consent at any time (if consent is the legal basis of processing);
• the right to file a motion to initiate proceedings under Article 100 et seq. of the Personal Data Protection Act with the supervisory authority, i.e. the Office for Personal Data Protection of the Slovak Republic, with its registered office at Hraničná 12, 820 07 Bratislava 27, Slovak Republic, contact details: +421 2 3231 3214, e-mail: firstname.lastname@example.org.
Data subjects may exercise the above rights, which are further specified in the provisions of Article 21 et seq. of the Personal Data Protection Act, in accordance with the Personal Data Protection Act and the GDPR as well as other relevant legislation. Data subjects may exercise their rights against the Controller by means of a written request sent or delivered to the Controller’s registered office: Ivánska cesta 30/B, 831 04 Bratislava, Company ID: 505 179 02, or by electronic mail sent to the address: email@example.com
The request must contain the following information: name, surname, date of birth and permanent address so that the Controller is able to identify the data subject. The Controller may request the provision of additional information necessary to verify the identity of the data subject if he has reasonable doubts as to the identity of the natural person. The Controller is required to provide the data subject with information on the measures taken at his/her request within one (1) month of receipt of the request. In justified cases, with regard to the complexity and the number of requests, the Controller may extend the above period by further two (2) months, even repeatedly. The Controller shall be obliged to inform the data subject about any such extension within one (1) month of receipt of the request, stating the reasons for the extension of the time limit. If the data subject has submitted the request in electronic form, the Controller shall provide the information in electronic form, unless the data subject requested information in any other way. If the Controller fails to take measures at the request of the data subject, he is required to inform the data subject about the reasons for the failure to act within one (1) month of receipt of the request as well as about the possibility to file a motion to initiate proceedings under Article 100 of the Personal Data Protection Act with the Office for Personal Data Protection. Notifications of the measures taken shall be provided free of charge. If the request of the data subject is manifestly unfounded or inappropriate, in particular for its recurrent nature, the Controller may require a reasonable fee taking into account the administrative costs of providing the information, or a reasonable fee taking into account the administrative costs of the notification, or a reasonable fee taking account the administrative costs of implementing the requested measure, or refuse to act upon the request. The Controller shall prove that the request is unfounded or inappropriate.
NG Aviation understands that you have rights over your personal information, and takes reasonable steps to allow you to access, correct, amend, delete, port, or limit the use of your personal information. If you are a merchant or a partner, you can update many types of personal information, such as payment or contact information, directly within your account settings. If you are unable to change your personal information within your account settings, or if you are concerned about data collected as you visit NG Aviation’s website or use our support services, please contact us to make the required changes. It’s important to remember that if you delete or limit the use of your personal information, the services may not function properly.
If you have any questions about your personal information or this policy, or if you would like to make a complaint about how NG Aviation processes your personal data, please contact NG Aviation by email at firstname.lastname@example.org.
In Prague, on 4. April 2018
Cookies are small text files that are placed on your computer or device by the websites that you visit. They are widely used in order to make websites work and to provide information to the owner of the website.
When someone visits www.ngaviation.com we collect standard internet log information so that we can track visitor behaviour patterns. We do this to find out things like how many people have visited a particular page or how long visitors spend in different parts of the site. This helps us to improve our website and to plan our future work.
Most modern web browsers give you some control over cookies. You can set your web browser to accept or reject all cookies or to accept or reject specific cookies. You may also be able to set your browser to alert you every time a cookie is offered.
You can find out how to control and delete cookies on AboutCookies.org.