Privacy Policy

Fundamental provisions

  • The controller of personal data pursuant to Article 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”) is ClockWork s.r.o., Kossuthova 42, 94301 Sturovo, Slovak Republic, which is registered in the Commercial Register of the District Court of Nitra, Section: Sro, Insert No. 55231/N, the operator of the millennial.watch online shop (hereinafter referred to as: “Administrator” or “Controller”).
  • The Administrator’s contact details are:

ClockWork s.r.o.
Kossuthova 42
943 01 Sturovo
Slovak Republic

Telephone: +421 949 737 766
Email:    info@millennial.watch

  • Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

  • The Administrator has not appointed a data protection officer.

Sources and categories of personal data processed

  • The Controller processes personal data provided by the Buyer or personal data obtained by the Controller on the basis of the fulfilment of an order from the Buyer.
  • The Controller processes the Buyer’s identification and contact data and the data necessary for the performance of the purchase contract to the extent of:
    • identification data, which means in particular first and last name, username and password, VAT number and tax identification number if you are a business;
    • contact data, which means personal data that enable us to contact you, in particular e-mail address, telephone number, delivery address, billing address;
    • your preferences, which means the data in your account, in particular your saved addresses and profiles, settings for promotional emails, membership of loyalty programmes, shopping lists, products tracked, your ratings of products and services and completed questionnaires;
    • data about your orders, which is mainly data about the goods and services you have ordered, delivery and payment methods, including payment account number and complaints data;
    • data about your behaviour on the website, in particular the goods and services you view, the links you click on, the way you move around our website and also data about the device from which you view our website, such as the IP address and the location derived from it, the identification of the device, its technical parameters such as the operating system and its version, the screen resolution, the browser used and its version, and also data obtained from cookies and similar technologies for the identification of devices.

Lawful basis and purpose for processing personal data

  • The lawful reason for the processing of personal data is the performance of the contract between the Buyer and the Controller:
    • Article 6(1)(b) of the GDPR, the legitimate interest of the Controller for the provision of direct marketing (in particular for the sending of commercial communications and newsletters (advertising emails)),
    • pursuant to Article 6(1)(f) of the GDPR, the Buyer’s consent to processing for the purpose of providing direct marketing (in particular for sending commercial communications and newsletters (promotional emails)),
    • pursuant to Article 6(1)(a) GDPR in conjunction with Article 7(2) of Act No. 480/2004 Coll., on certain information society services in the absence of an order for goods or services.
  • The purpose of the processing of personal data is to process the Buyer’s order and to exercise the rights and obligations arising from the contractual relationship between the Buyer and the Administrator.
  • When placing an order, the personal data required for the successful processing of the order (name and address, contact) are requested.
  • The provision of personal data is a necessary requirement for the conclusion and performance of the contract, without the provision of personal data it is not possible to conclude the contract or its performance by the Administrator, sending commercial communications and carrying out other marketing activities.
  • There is no automatic individual decision-making on the part of the Data Controller within the meaning of Article 22 GDPR.

Data retention period

  • The Administrator retains personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between the Buyer and the Controller and the exercise of claims arising from these contractual relationships for as long as the consent to the processing of personal data for marketing purposes is withdrawn, if the personal data are processed on the basis of consent.

    If you create an account on www.millennial.watch, the Administrator processes your identification and contact data, your preferences and your order data (if you later purchase from the Administrator), on the basis of the performance of a contract with you (without your consent), in order for the Administrator to manage your user account. The contract on which the processing is based arises from the creation of your account. For this purpose, personal data exists and is used by the Administrator for the duration of your account, which you can delete at any time.

Recipient of personal data

  • Recipients of personal data are persons involved in the delivery of goods, services and the execution of payments under the contract, providing services for the operation of the online store and other services in connection with the operation of the online store, providing marketing services.
  • The controller does not intend to transfer personal data to a third country (to a country outside the EU) or to an international organisation.

Your rights

  • Under the conditions set out in the GDPR, the Buyer has:
    • the right of access to his personal data pursuant to Article 15 GDPR,
    • the right to rectification of personal data pursuant to Article 16 of the GDPR or, where applicable, restriction of processing pursuant to Article 18 of the GDPR,
    • the right to erasure of personal data pursuant to Article 17 GDPR,
    • the right to object to processing under Article 21 GDPR; and
    • the right to data portability under Article 20 GDPR,
    • the right to withdraw consent to processing in writing or electronically to the address or email of the Controller,
    • the right to lodge a complaint with the Data Protection Authority in the event of a suspected violation of the Buyer’s right to data protection.

Personal Data Security Terms and Conditions

  • The administrator declares that it has taken all appropriate technical and organisational measures to secure personal data.
  • The administrator has taken technical measures to secure data storage and paper-based storage of personal data.
  • The administrator declares that only persons authorised by the administrator have access to the personal data.

Final provisions

  • By submitting an order from the online order form, the Buyer confirms that he/she has been informed of the terms and conditions of personal data protection and that he/she accepts them in their entirety.

  • The Administrator is entitled to change these conditions. The updated version of the privacy policy will be published on its website.

These terms and conditions shall enter into force on 09.02.2023.