Coral Club Slovakia s.r.o., Company ID: 51 858 142, Námestie SNP 474/15, Bratislava - Staré Mesto 811 06 (hereinafter referred to as the "Company") processes personal data of its employees, distributors or partners (hereinafter referred to as the "Data Subject") as an operator of information systems (hereinafter referred to as the "IS").

Legal basis for processing personal data of interested persons:

When processing personal data, the company acts in accordance with Act No. 18/2018 on the protection of personal data and on amendments to certain regulations (hereinafter referred to as the "Personal Data Protection Act"), Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. The legal basis for the processing of personal data is the Personal Data Protection Act, special legal regulations, and consent to the processing of personal data depending on the purpose of processing personal data. The interested party, in accordance with paragraph 2 (e) of Article 19 of the Personal Data Protection Act, is obliged to provide personal data for the purpose specified below. Otherwise, concluding the contract that the interested party has expressed a desire to conclude will not be possible.

If the purpose of processing personal data, the circle of data subjects, and the list of personal data are established by a direct act of the European Union, an international agreement to which the Slovak Republic is bound, the Personal Data Protection Act or another special law, the company has the right, in accordance with the Personal Data Protection Act, to process personal data without the consent of the data subject.

The company processes personal data without the consent of the data subject if the purpose of processing personal data, the circle of data subjects, and the list of personal data or their scope are provided for by a directly binding act of the European Union, an international agreement to which the Slovak Republic is bound, or this Personal Data Protection Act. If the list or volume of personal data is not established, the company may process personal data only to the extent and in the manner necessary to achieve the established purpose of processing in accordance with the main obligations under the Personal Data Protection Act.

Further processing of personal data is carried out by the Company without the consent of the data subject if the purpose of processing personal data, the circle of data subjects, and the list of personal data are provided for by a special law, and only to the extent and in the manner provided for by a special law. The processed personal data may be provided, provided, or disclosed from the information system only if a special law provides for the purpose of provision, provision, or disclosure, the list of personal data that can be provided, disclosed, or published, as well as to third parties to whom the personal data is provided, or a group of recipients to whom the personal data is provided, unless otherwise provided by the Personal Data Protection Act.

The Company processes personal data without the consent of the data subject, even if:

a) The processing of personal data is necessary for the performance of a contract to which the data subject is one of the parties, or in pre-contractual relations with the data subject, or in negotiations to amend the contract, which are conducted at the request of the data subject, the Company hereby notifies the data subject as an interested party that in the process of concluding the contract it will process personal data without the consent of the interested party, since the processing of personal data will be carried out within the framework of pre-contractual relations, and the processing of personal data is necessary for the conclusion of the contract for the provision of the required services.

b) The processing of personal data is necessary to protect the life, health, or property of the interested party, paragraph 1 f) of Art. 6 of the Regulation or paragraph 1 f) of Art. 13 of the Law on the Protection of Personal Data: the processing of personal data is necessary for the purpose of implementing the legitimate interests of the Company or a third party, except in cases where these interests prevail over the interests or rights of the interested party requiring the protection of personal data. The Company provides various services to Data Subjects. Therefore, it is in the legitimate interest of both the Company and the Data Subject to be informed of facts that may affect the rights and obligations of the Data Subject and may have a significant impact on his or her quality of life and the quality of life of his or her family.
For this purpose, the Company has taken appropriate technical and organizational measures to protect the processing of the e-mail address"

c) The subject of processing is exclusively the name, first name, last name, and address of the data subject without the possibility of assigning other personal data to them, and their use is intended solely for the needs of the postal operator with the data subject and the recording of these data,

d) personal data that have already been disclosed in accordance with the law and which the controller has duly identified as disclosed are processed; the person claiming to process published personal data must, upon request, prove to the Authority that the personal data being processed have already been published on legal grounds,

e) the processing of personal data is necessary to protect the rights and legally protected interests of the controller or a third party, and this does not apply if, in such processing of personal data, the fundamental rights and freedoms of the data subject, which are protected by this Act, prevail.

If, with regard to the purpose of processing personal data provided for in a directly binding act of the European Union, an international agreement to which the Slovak Republic is bound, the Personal Data Protection Act and the Special Act, it is not possible to specify in advance individual personal data to be processed, the list of personal data may be replaced by a set of personal data.

The company is obliged to act in accordance with the Personal Data Protection Act when processing such personal data, with the exception of those operators who process personal data for the purposes of and in connection with legal proceedings.

If the Personal Data Protection Act does not apply to the processing of personal data, the company as an operator has the right to process personal data only with the consent of the data subject.

The company obtains the consent of the person concerned without coercion or duress and without the threat of withdrawal from contractual relations, services rendered, or obligations arising for the operator from legally binding acts of the European Union, an international agreement to which the Slovak Republic is bound to by law.

In the event of refusal to provide personal data to the company for the purposes necessary for the provision of services or the fulfillment of legal obligations, the company has the right to notify the data subject of the possible consequences of failure to provide personal data.

Data subjects agree that the company, when processing personal data, entrusts such processing to an intermediary who processes personal data on behalf of companies. When the purpose of processing personal data ceases, the company destroys the legally obtained personal data of interested persons within the period stipulated by the current legal acts and in accordance with the company's internal documents.

The company respects your privacy and considers the personal data provided to be confidential.

In order to ensure the quality of its services, the company needs to know some personal data of the interested parties and provide them to other recipients in order to fulfill its legal obligations and provide high-quality services.

The company processes the provided personal data for several purposes.

On the one hand, this concerns job seekers' personal data and their employee's personal data for personnel records management and payroll, as well as the corresponding legal obligations arising from special legal regulations.

The company also processes the personal data of its clients, customers, and business partners in order to ensure its business activities, taking into account the interests of its clients, customers, and business partners.

The company does not process personal data for any other purposes, which means that The company collects, stores, and processes only the personal data of interested persons that it needs to perform its services. Provided personal data are strictly protected from misuse by unauthorized third parties by means documented in the adopted security project and security directive in accordance with the Personal Data Protection Act.

When processing the personal data of interested parties, the company complies with the basic obligations of the controller in accordance with the Personal Data Protection Act, which includes the following obligations.

The company always uses the provided personal data for a pre-defined purpose of processing, which is clear, precise, and specifically defined, in accordance with the Constitution of the Slovak Republic, constitutional laws, laws, and international treaties to which the Slovak Republic is bound.

The company always determines the conditions for processing personal data in such a way that the rights of the data subject provided by law are not limited.

The company collects only the personal data of data subjects, the scope and content of which correspond to the purpose of processing and are necessary to achieve it.

The company guarantees that the personal data of data subjects are processed only in a manner consistent with the purpose for which they were previously collected.

The Company, as the controller, is obliged to process personal data only correctly, completely, and, if necessary, updated in relation to the purpose of processing. The controller is obliged to block incorrect and incomplete personal data and correct or supplement them without undue delay; if they cannot be corrected or supplemented so that they are correct, the Company will clearly mark these personal data and destroy them without undue delay. Detain.

The Company ensures that the personal data of subjects is processed in a form that allows the identification of individual data subjects for a period of time not exceeding the period necessary to achieve the purpose of processing.

The company manages personal data, the purpose of processing which has ended in the established manner. After achieving a certain purpose, the company has the right to process personal data in the necessary volume for research or statistical purposes in their anonymous form. Personal data processed in this way may not be used by the controller to support measures or decisions taken against the data subject to restrict their fundamental rights and freedoms.

Third parties:

The Company does not provide your personal data to third parties in violation of the Personal Data Protection Act and for the purpose of collecting them, contrary to your interests or instructions, and is provided to a third party only for the above-mentioned purpose of fulfilling the Company's contractual obligations.

In its commercial activities, the Company cooperates with several intermediaries whose purpose is to provide quality services, while these entities process the personal data of interested parties in the performance of their contractual activities for the Company.

The Company honestly declares that when selecting individual intermediaries, it paid attention to their professional, technical, organizational, and personnel competence and their ability to guarantee the security of the personal data being processed through the security measures taken in accordance with the Personal Data Protection Act.

In doing so, the Company approached the selection of a suitable intermediary in such a way that the rights and legally protected interests of the interested parties were not endangered.

The Company, as an operator, has concluded written agreements with intermediaries in accordance with the Personal Data Protection Act on ensuring the protection of personal data processed by intermediaries to whom it has entrusted the processing of personal data of data subjects only to the extent provided by law. Under the conditions and for the purposes agreed upon in the agreement,

The Company processes the personal data of interested persons in its information systems to the extent necessary to achieve the stated purpose. This is the volume of personal data provided for by special legal regulations or within the framework of the consent of the data subject to the processing of his personal data.

The company processes only those personal data that were provided to it voluntarily and to the extent necessary by the data subject. Providing personal data to the company outside the framework of special laws is voluntary.

The Company processes the personal data of interested parties in its information systems using automated and non-automated processing tools.

The Company does not disclose processed personal data, except in cases provided for by special legislation or a decision of a court or other government agency.

The Company will not process your personal data without your explicit consent or other legal basis for other purposes or in a larger volume than specified in this information and records of individual information systems of the operator.

The interested party has the right, upon written request, to request from the company:

a) confirmation of whether personal data about him is being processed,

b) in a generally accessible form, information about the processing of personal data in the information system to the extent provided for by the Law on the Protection of Personal Data when making a decision in accordance with the Law on the Protection of Personal Data, the interested party has the right to familiarize themselves with the procedure for processing and evaluating transactions,

c) in a generally accessible form, accurate information about the source from which he received his personal data for processing,

d) a list of personal data subject to processing in a publicly available form,

e) correction or destruction of incorrect, incomplete, or outdated personal data that is the subject of processing,

f) destruction of personal data, the purpose of the processing of which has ended; if official documents containing personal data are processed, they may request their return,

g) destruction of personal data that is the subject of processing, if there has been a violation of the law,

k) blocking of personal data in connection with the withdrawal of consent before its expiration if the company processes personal data with the consent of the data subject.

The above-mentioned rights of the data subject in accordance with points e) and f) may be limited only if such a limitation follows from a special law or its application would violate the protection of the data subject or violate the rights and freedoms of others.

In accordance with the Personal Data Protection Act, the data subject has the right to object to:

a) the processing of his personal data that is expected to be processed or will be processed for direct marketing purposes without his consent, and request their erasure,

b) the use of personal data specified in the Personal Data Protection Act for direct marketing purposes in the postal system, or

c) the provision of personal data specified in the Personal Data Protection Act for direct marketing purposes.

According to the Personal Data Protection Act, the data subject has the right to object at any time to the processing of personal data in cases provided for in the Personal Data Protection Act or by presenting evidence of unauthorized interference based on a written request addressed to the company or personally and the legally protected interests that are or may be damaged as a result of such processing of personal data; unless this is legally justified and it is proven that the objection of the data subject is justified, the company is obliged to block and destroy the personal data to the processing of which the data subject has objected without undue delay, as soon as the circumstances allow.

According to the Personal Data Protection Act, the data subject has the right to object to and not to be subject to a decision of the company that would have legal effects or significantly affect him or her unless the matter is postponed, if such a decision is issued solely on the basis of automated processing of his or her personal data. The data subject also has the right to request that the company review the decision taken in a manner other than automated processing, whereby the company is obliged to comply with the data subject's request so that the authorized person plays a decisive role in the review. Decision: the controller informs the data subject of the verification method and the result of the finding within the period in accordance with the Personal Data Protection Act. The interested party does not have this right only if this is provided for by a special law providing for measures to protect the legitimate interests of the interested party or if the controller has made the decision in a pre-contractual relationship or during the contractual relationship. Relationship: in order to comply with the data subject's request, the controller has taken other appropriate measures in accordance with the contract to protect the legitimate interests of the interested party.

If the interested party exercises their right:

a) in writing, and the content of their application shows that they are exercising their right, the application is considered to be submitted in accordance with the Personal Data Protection Act; the request must be delivered in writing by e-mail or fax no later than three days from the date of its sending,

b) in person orally in a protocol, from which it must be clear who has exercised the right, what they are seeking, when and by whom the protocol was drawn up, their signature and the signature of the interested party; the company is obliged to forward a copy of the protocol to the person concerned,

c) in the case of an intermediary under point (a) or point (b), the latter is obliged to forward this request or protocol to the company without delay.

If the data subject suspects that their personal data are being processed unlawfully, they may submit a request for a personal data protection procedure to the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, Slovak Republic or contact the Office via the website dataprotection.gov.sk.

If the person concerned does not have full legal capacity, their rights may be exercised by a legal representative.

If the person concerned is deceased, their rights under this by-law, a close person may do so.

The company processes the data subject's request free of charge in accordance with the Personal Data Protection Act.

The Company will process the data subject's request in accordance with the Personal Data Protection Act free of charge, except for a fee that may not exceed the amount of reasonably incurred material costs associated with making copies, supplying technical media, and sending information to the data subject, unless otherwise provided by a special law.

The Company is obliged to process the data subject's request in writing in accordance with the Personal Data Protection Act no later than 30 days from the date of delivery of the request.

The Company notifies the data subject and the Personal Data Protection Office of the Slovak Republic in writing without undue delay of any restrictions on the data subject's rights under the Personal Data Protection Act.

The Company hereby informs you as a data subject about the protection of your personal data and informs you of your rights in relation to the protection of personal data within the framework of this written obligation to provide information.

Bratislava, 26.04.2022 Coral Club Slovakia s.r.o.

Each registered User has access to the option of extended information on purchased products. When implementing this option, other users' experience with purchased products is used. By subscribing to extended information, the User expresses their consent to the provision of their data on purchased products.

In the event of the User's express consent to this, by setting the appropriate value in the personal account settings to receive the option of extended information on purchased products, access to the User's data may be provided to other Users. The following information is used for this:

• contacts: e-mail, mobile phone;
• number of days until status change;
• list of events for which the CHK is registered;
• messengers for quick communication: Skype, Telegram, WhatsApp, Viber;
• list of purchases for the current month, purchase history for 6 months.

By using the resource of extended information on purchased goods, Users have the opportunity to share their opinions about the product. It is important to understand that such opinions of Users are purely individual and subjective; therefore, when using a particular product, we strongly recommend that you follow the instructions for the product.

After using the purchased product, the User can also share his impressions of the product with others.

The provided option is exclusively a platform where Users can exchange opinions about the product. Please note that Users are neither employees nor partners of the Company. And from the moment of consent to access such a resource, the Company is not responsible for the use of data by other Users. All communication with the Site Administration Company is carried out exclusively in relation to access to extended information.

If you do not agree that the data used in the extended information option for purchased goods will become available to other Users, refuse and do not use the specified resource, for which check the current value in the personal account settings and set the appropriate setting.