Privacy policy
Last updated: 25 April 2026
1. Data Controller
The controller of your personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 (the "GDPR") is:
BenoCode s.r.o.
Registered office: Rázusova 6, 949 01 Nitra, Slovak Republic
IČO: 55 920 918 — VAT: SK2122131110
Email: contact@svetlanalampe.sk
Phone: +421 910 610 892
We have not appointed a Data Protection Officer (DPO) as we are not required to do so under Article 37 GDPR. For all data-protection enquiries, please contact us using the details above.
2. Categories of Personal Data We Process
- Identification and contact data: first name, last name, postal address, email address, telephone number.
- Order and payment data: order content, order ID, payment method (we do not store full card numbers — these are handled by our payment processor), invoice information.
- Communication data: emails, messages and other correspondence with us.
- Technical data: IP address, browser type, device identifiers, pages visited, referrer URL, language preference, time of visit, cookie identifiers.
- Marketing data: newsletter preferences, opt-in records, click and open statistics (only if you have opted in).
3. Purposes and Lawful Bases for Processing
| Purpose | Lawful basis (GDPR Art. 6) | Retention |
|---|---|---|
| Processing and fulfilling orders, customer support, returns/refunds | Performance of a contract — Art. 6(1)(b) | For the duration of the contract + statutory periods |
| Issuing invoices, accounting, tax records | Legal obligation — Art. 6(1)(c) | 10 years (Slovak Accounting Act) |
| Newsletter and marketing emails | Consent — Art. 6(1)(a) | Until consent is withdrawn |
| Website analytics, fraud prevention, IT security | Legitimate interest — Art. 6(1)(f) | Up to 14 months |
| Strictly necessary cookies (session, cart, security) | Necessary for the service — Art. 6(1)(b) / ePrivacy | Up to 13 months |
| Defending or asserting legal claims | Legitimate interest — Art. 6(1)(f) | Up to 4 years from contract conclusion |
4. Recipients of Personal Data
We share personal data only to the extent necessary with the following categories of recipients, who act as our data processors under Article 28 GDPR:
- Shopify International Limited (Ireland) — e-commerce platform, hosting, checkout, payment routing.
- Stripe Payments Europe Ltd. and other Shopify-listed payment processors — secure payment processing.
- Packeta Slovakia s.r.o. and Packeta group entities — delivery and tracking.
- Email service providers integrated with Shopify (e.g. Shopify Email, Klaviyo) — order confirmations and (with your consent) marketing.
- Accountants and tax advisors bound by professional secrecy.
- Public authorities where required by law.
5. International Transfers
Some of our processors may transfer data to third countries outside the European Economic Area, in particular the United States. Such transfers are protected by the EU–US Data Privacy Framework, Standard Contractual Clauses adopted by the European Commission, and supplementary measures where appropriate. You may request copies of these safeguards by contacting us.
6. Cookies and Similar Technologies
Our website uses cookies and similar technologies. You can find detailed information and manage your preferences at any time using the "Cookie preferences" link in the footer. The categories we use are:
- Strictly necessary — required for the website to work (cart, session, security). Cannot be disabled.
- Functional — language, region, recently viewed items.
- Analytics — anonymised statistics about how visitors use the site.
- Marketing — measuring the performance of advertising campaigns and personalised content.
Non-essential cookies are only set after you give consent through our cookie banner. You can withdraw consent at any time.
7. Your Rights Under GDPR
Subject to the conditions of the GDPR you have the right to:
- Access your personal data (Art. 15);
- Rectification of inaccurate data (Art. 16);
- Erasure ("right to be forgotten", Art. 17);
- Restriction of processing (Art. 18);
- Data portability (Art. 20);
- Object to processing based on legitimate interest or for direct marketing (Art. 21);
- Withdraw consent at any time, without affecting the lawfulness of processing performed before withdrawal (Art. 7(3));
- Lodge a complaint with a supervisory authority (see section 8).
To exercise any of these rights, write to contact@svetlanalampe.sk. We will respond within one (1) month.
8. Right to Lodge a Complaint
The competent supervisory authority for our company is:
Úrad na ochranu osobných údajov Slovenskej republiky
(Office for Personal Data Protection of the Slovak Republic)
Hraničná 12, 820 07 Bratislava 27, Slovakia
Telephone: +421 2 32 31 32 14 — Email: statny.dozor@pdp.gov.sk
Web: dataprotection.gov.sk
You may also lodge a complaint with the supervisory authority of the EU/EEA Member State where you reside.
9. Automated Decision-Making
We do not engage in automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR.
10. Children
The Store is intended for adults. We do not knowingly collect personal data from children under the age of 16. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Security
We implement appropriate technical and organisational measures to protect your personal data, including HTTPS encryption, role-based access controls, regular security reviews of our processors, and secure payment processing.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top indicates when the policy was last revised. Material changes will be notified prominently on the website.