Privacy policy

PRIVACY POLICY

Personal Data Processing and Protection Policy

Controller

LENKA KRIVA Studio s.r.o.
Company ID: 57 245 126
Tax ID: 2122627870
VAT ID: SK2122627870

Registered office:
Dolný Moštenec 302
017 01 Považská Bystrica
Slovakia

Registered at the District Office Považská Bystrica
Trade Register No.: 330-32391

(hereinafter referred to as the “Controller”)

Contact Details of the Authorized Person

If necessary, the data subject may at any time contact the person authorized by the Controller in matters concerning personal data protection.

Name:
Lenka Krivá

E-mail:
lenka@lenkakriva.com

Phone:
+421 907 191 677

I. General Information

The Controller is a business entity primarily engaged in the production and sale of designer clothing collections, made-to-measure garments and related activities registered as its business activities.

When carrying out these activities, data subjects may voluntarily provide the Controller with their personal data identifying them as specific individuals. Personal data may be provided in particular in person, by e-mail, by telephone, by completing a form, in connection with events organised by the Controller, or within legal relationships entered into with the Controller, such as by concluding a civil, commercial, employment or other contract.

This Personal Data Processing and Protection Policy (hereinafter referred to as the “Policy”) applies to all situations in which the Controller processes personal data of data subjects and contains the information that the Controller is required to provide in connection with such processing.

II. Definitions

GDPR
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Act on Personal Data Protection
Act No. 18/2018 Coll. on Personal Data Protection and on amendment and supplementation of certain acts.

Personal Data
Any information relating to an identified or identifiable natural person (the “Data Subject”). An identifiable person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or by reference to factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing
Any operation or set of operations performed on personal data or sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, whether carried out by automated or non-automated means.

Data Subject
Any natural person whose personal data is processed by the Controller.

Information System
Any structured set of personal data accessible according to specific criteria, regardless of whether it is centralised, decentralised or distributed.

Controller
A natural or legal person, public authority, agency or other body which determines the purposes and means of processing personal data.

Processor
A natural or legal person or other entity that processes personal data on behalf of the Controller.

Consent of the Data Subject
Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data.

III. Purpose and Legal Basis of Personal Data Processing

The Controller processes personal data both automatically and manually, but only to the extent necessary to fulfil the purpose of processing and only for the period necessary to achieve that purpose.

If personal data is provided beyond this scope or the purpose of processing ceases to exist, the Controller will stop processing such data and remove it from its systems.

Personal data is processed in particular for the following legal reasons:

• performance of a contract in which the data subject is a party
• taking steps at the request of the data subject before entering into a contract
• compliance with legal obligations of the Controller
• legitimate interests of the Controller
• consent of the data subject where required by law
• protection of the vital interests of the data subject

Providing personal data is voluntary. However, in some cases it may not be possible to provide requested services or conclude a contract without certain personal data.

If consent is required for processing, the Controller will obtain it in advance. Consent may be withdrawn at any time in the same manner in which it was granted.

IV. Scope of Personal Data Processing

The Controller processes personal data only to the extent necessary to fulfil the purpose of processing.

For example, when concluding a contract, the Controller processes only the personal data necessary to fulfil rights and obligations arising from the contract, such as name, address, and contact details.

If personal data is provided beyond the necessary scope, the Controller will not process such data further and will remove it from its systems.

V. Security and Retention of Personal Data

Personal data provided voluntarily is stored in a secure environment and used exclusively for fulfilling obligations arising from contracts, legal regulations, or other legitimate purposes.

Personal data is retained only for the period necessary to fulfil legal and contractual obligations or for the period required by applicable legislation. Unless otherwise required by law, personal data will generally be retained for no longer than 10 years from the date it was provided.

The Controller has implemented appropriate technical and organisational measures to ensure the security of personal data and to prevent its misuse.

After the retention period expires, personal data will be securely deleted.

VI. Processing of Personal Data by Third Parties

The Controller does not sell, rent or exchange personal data with third parties without the explicit consent of the data subject.

However, personal data may be processed by authorised processors acting on behalf of the Controller, including in particular:

• accounting service providers
• legal advisors
• shipping and delivery companies
• website service providers
• marketing service providers

Personal data may also be disclosed where required by law, for example to public authorities or law enforcement agencies.

VII. Profiling and Automated Decision-Making

The Controller declares that personal data is not used for profiling purposes.

Personal data is also not subject to automated decision-making.

VIII. Transfer of Data Outside the EU

The Controller does not transfer personal data to third countries outside the European Union or to international organisations.

IX. Declaration of the Data Subject

By providing personal data, the data subject declares that the information provided is true, accurate, current and complete and grants consent to its processing where required.

X. Rights of the Data Subject

Under the GDPR, data subjects have the following rights:

• the right to lodge a complaint with the supervisory authority
• the right of access to personal data
• the right to rectification or erasure of personal data
• the right to restriction of processing
• the right to object to processing
• the right to data portability

The supervisory authority in Slovakia is:

Office for Personal Data Protection of the Slovak Republic
Hraničná 12
820 07 Bratislava
Slovakia

XI. Final Provisions

This Policy becomes effective on the date of its publication.

The Controller reserves the right to amend this Policy. Any updated version will be published without delay.

These terms take effect on 19 October 2025.