Personal data protection principles and notices provided by the controller to the data subject when collecting personal data from the data subject, and a cookies notice for the online store www.racingbikes.sk
I. Controller
1.1. The identity and contact details of the Controller are:
Business name: RacingBikes s. r. o.
Registered office: Vyšehradská 29, Bratislava 851 06, Slovak Republic
Registered in the Commercial Register of the Municipal Court Bratislava III, Section Sro, File No. 75000/B
Company ID (IČO): 46216561
Tax ID (DIČ): 2023333312
VAT ID (IČ DPH): SK2023333312
Bank account: SK9811000000002929862012
The Seller is a VAT payer.
1.2. The Controller’s e-mail and telephone contacts are:
Email: shop@racingbikes.sk
Tel.: 0903202030
1.3. The Controller’s address for written correspondence:
RacingBikes s.r.o., Fialová 2C, 851 07 Bratislava, Slovakia
1.4. The Controller hereby, in accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (the General Data Protection Regulation) (hereinafter the “Regulation”), and further in accordance with Act No. 18/2018 Coll. on the Protection of Personal Data and on amendments and supplements to certain acts, as amended, and Act No. 452/2021 Coll. on Electronic Communications, as amended, provides the following information, instructions and explanations to the Data Subject (the Buyer) from whom the Controller (the Seller) obtains personal data concerning the Data Subject:
II. References
2.1. These Personal Data Protection Principles and Notices form part of the General Terms and Conditions published on the Seller’s Website.
2.2. The Trader informs consumers that there are no specific applicable codes of conduct to which the Seller has committed to adhere, where a code of conduct means an agreement or a set of rules defining the conduct of the Seller, which the Seller has undertaken to comply with in relation to one or more specific commercial practices or business sectors, where such rules are not laid down by law, another legal regulation or a measure of a public authority that the Seller has undertaken to comply with, and on the manner in which the consumer may become acquainted with them or obtain their text.
III. Retention period
3.1. The Controller stores the Data Subject’s personal data only for as long as is necessary for the purposes of contract performance and for its subsequent archiving in line with the statutory time limits imposed on the Controller by law. If the Data Subject has consented to the sending of promotional e-mails and similar offers, the Data Subject’s personal data are processed for those purposes until the Data Subject withdraws their consent, but for no longer than 10 years.
IV. Personal data processed
4.1. The Controller processes the following personal data on its website: first name, surname, place of residence, e-mail address, home telephone number, mobile telephone number, billing address, delivery address, data obtained from cookie files, and IP addresses.
V. Contact details of the data protection officer
5.1. The Controller has not appointed a data protection officer pursuant to Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
5.2. The Controller is at the same time the Seller within the meaning of the term defined in the General Terms and Conditions of this website.
VI. Purposes of processing of the Data Subject’s personal data and processing periods
6.1. The purposes for which the Data Subject’s personal data are processed include in particular:
6.1.1. recording, creation and processing of contracts and customer data for the purpose of entering into contracts with third parties;
6.1.2. processing of accounting documents and documents related to the Controller’s commercial activities;
6.1.3. compliance with legal regulations regarding the archiving of documents and records, e.g. under Act No. 431/2002 Coll. on Accounting, as amended, and other applicable regulations;
6.1.4. activities of the Controller in connection with the fulfilment of a request, order, contract or similar arrangement of the Data Subject;
6.1.5. newsletters, marketing and similar promotional activities of the Controller, where the Data Subject has given consent to the Controller for marketing and similar promotional activities.
VII. Legal basis for processing the Data Subject’s personal data
7.1. Where the Controller processes personal data on the basis of the Data Subject’s consent, such processing will begin only after the Data Subject has given that consent.
7.2. Where the Controller processes the Data Subject’s personal data for the purposes of pre-contractual negotiations and the conclusion and performance of a purchase contract, and the associated delivery of goods, products or services, the Data Subject is obliged to provide personal data for the proper performance of the purchase contract; otherwise the performance cannot be ensured. Personal data are processed for this purpose without the consent of the data subject.
VIII. Recipients or categories of recipients of personal data
8.1. Recipients of the Data Subject’s personal data will or may include:
8.1.1. the Controller’s statutory bodies or members thereof;
8.1.2. persons working in an employment or similar relationship for the Controller;
8.1.3. commercial agents of the Controller and other persons cooperating with the Controller in performing the Controller’s tasks. For the purposes of this document, all natural persons performing dependent work for the Controller on the basis of an employment contract or agreements on work performed outside an employment relationship are considered employees of the Controller.
8.1.4. Recipients of the Data Subject’s personal data will also include the Controller’s collaborators, business partners, suppliers and contractual partners, in particular: the accounting firm, the company providing software development and maintenance services, the company providing legal services to the Controller, the company providing consulting services to the Controller, companies arranging the transport and delivery of products to buyers and third parties, marketing companies, companies operating social networks, and companies providing payment gateways and other payment methods.
8.1.5. Recipients of personal data will also include courts, law enforcement bodies, the tax authority and other state authorities, where so provided by law. The Controller will provide personal data to such authorities and state institutions on the basis of and in accordance with the legal regulations of the Slovak Republic.
8.1.6. List of third parties – processors and recipients who process the Data Subject’s personal data:
Direct Parcel Distribution SK, s.r.o., with its registered office at Technická 7, 82104 Bratislava, ID: 35834498 – third party providing transport services;
STRIPE PAYMENTS EUROPE, LIMITED, The One Building, 1 Lower Grand Canal Street, Dublin 2, Ireland – third party providing the payment gateway;
P G PLAST s.r.o., Gramblička Peter, Hlavná 1061/32, 900 31 Stupava – third party providing accounting services.
IX. Information on the transfer of personal data to third countries and the retention period:
9.1. Applicable. The Controller transfers personal data in the form of cookies to third countries, to the following recipient:
Google HQ, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For more information on privacy, see: https://support.google.com/analytics/topic/2919631?hl=sk&ref_topic=1008008
X. Notice on the existence of the Data Subject’s relevant rights:
10.1. The Data Subject has, among others, the following rights, whereby:
10.1.1. Clause 10.1 is without prejudice to other rights of Data Subjects.
10.1.2. The Data Subject’s right of access to data under Article 15 of the Regulation, the content of which is:
the right to obtain from the Controller confirmation as to whether personal data concerning the Data Subject are being processed and, if so, to what extent. Where the data are being processed, the Data Subject has the right to ascertain their content and to request from the Controller information about the reason for their processing, in particular information about: the reason for their processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, the envisaged retention period for the personal data or, if that is not possible, the criteria used to determine that period, the existence of the right to request from the Controller rectification or erasure of personal data concerning the Data Subject, or restriction of processing, and the existence of the right to object to such processing, the right to lodge a complaint with a supervisory authority, where the personal data have not been collected from the Data Subject, any available information as to their source, the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the Regulation and, in those cases, at least meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject, the appropriate safeguards pursuant to Article 46 of the Regulation relating to the transfer of personal data, where personal data are transferred to a third country or to an international organisation.
10.1.3. the right to obtain a copy of the personal data undergoing processing, provided that the right to obtain a copy shall not adversely affect the rights and freedoms of others.
10.1.4. the Data Subject’s right to rectification under Article 16 of the Regulation, the content of which is the right: to have the Controller, without undue delay, rectify inaccurate personal data concerning the Data Subject; the right to have incomplete personal data of the Data Subject completed, including by means of providing a supplementary statement; the Data Subject’s right to erasure of personal data (the so-called “right to be forgotten”) under Article 17 of the Regulation, the content of which is:
10.1.5. the right to obtain from the Controller, without undue delay, the erasure of personal data concerning the Data Subject, where one of the following grounds applies:
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the Data Subject withdraws consent on which the processing is based and there is no other legal ground for the processing of the personal data; the Data Subject objects to the processing of personal data pursuant to Article 21(1) of the Regulation and there are no overriding legitimate grounds for the processing, or the Data Subject objects to the processing pursuant to Article 21(2) of the Regulation; the personal data have been unlawfully processed; the personal data have to be erased for compliance with a legal obligation under European Union or Member State law to which the Controller is subject; the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the Regulation;
10.1.6. the right that, where the Controller has made the Data Subject’s personal data public, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the Data Subject has requested erasure of any links to, or copy or replication of, those personal data; provided that the right to erasure of personal data with the content of the rights under Article 17(1) and (2) of the Regulation shall not arise to the extent that processing is necessary:
10.1.7. for exercising the right of freedom of expression and information;
10.1.8. for compliance with a legal obligation which requires processing under European Union or Member State law to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
10.1.9. for reasons of public interest in the area of public health, in accordance with Article 9(2)(h) and (i) and Article 9(3) of the Regulation;
10.1.10. for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) of the Regulation, in so far as the right referred to in Article 17(1) of the Regulation is likely to render impossible or seriously impair the achievement of the objectives of such processing; or for the establishment, exercise or defence of legal claims;
10.1.11. the Data Subject’s right to restriction of processing of personal data under Article 18 of the Regulation, the content of which is:
10.1.12. the right to obtain from the Controller restriction of processing of personal data where one of the following applies: the Data Subject contests the accuracy of the personal data, for a period enabling the Controller to verify the accuracy of the personal data; the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests instead the restriction of their use; the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims; the Data Subject has objected to processing pursuant to Article 21(1) of the Regulation, pending the verification of whether the legitimate grounds of the Controller override those of the Data Subject;
10.1.13. the right that, where processing of personal data has been restricted, such restricted personal data shall, with the exception of storage, only be processed with the Data Subject’s consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State;
10.1.14. the right to be informed in advance of the lifting of the restriction of processing of personal data;
10.1.15. the Data Subject’s right concerning the notification obligation towards recipients under Article 19 of the Regulation, the content of which is: the right that the Controller communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 of the Regulation to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort; and the right that the Controller inform the Data Subject about those recipients if the Data Subject requests so;
10.1.16. the Data Subject’s right to data portability under Article 20 of the Regulation, the content of which is: the right to receive the personal data concerning the Data Subject which the Data Subject has provided to the Controller in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from the Controller, where:
a) the processing is based on the Data Subject’s consent under Article 6(1)(a) of the Regulation or Article 9(2)(a) of the Regulation, or on a contract under Article 6(1)(b) of the Regulation; and
b) the processing is carried out by automated means, and:
10.1.17. the right to receive personal data in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from the Controller, shall not adversely affect the rights and freedoms of others;
10.1.18. the right to have personal data transmitted directly from one controller to another, where technically feasible;
10.1.19. the Data Subject’s right to object under Article 21 of the Regulation, the content of which is:
10.1.20. the right to object at any time, on grounds relating to the Data Subject’s particular situation, to processing of personal data concerning the Data Subject which is based on Article 6(1)(e) or (f) of the Regulation, including objecting to profiling based on those provisions of the Regulation;
10.1.21. where the right to object at any time, on grounds relating to the Data Subject’s particular situation, to processing of personal data concerning the Data Subject which is based on Article 6(1)(e) or (f) of the Regulation, including objecting to profiling based on those provisions of the Regulation, is exercised, the right that the Controller no longer process the Data Subject’s personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject, or for the establishment, exercise or defence of legal claims;
10.1.22. the right to object at any time to processing of personal data concerning the Data Subject for direct marketing purposes, including profiling to the extent that it is related to such direct marketing; where the Data Subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes;
10.1.23. in the context of the use of information society services, the right to exercise the right to object to the processing of personal data by automated means using technical specifications;
10.1.24. the right to object, on grounds relating to the Data Subject’s particular situation, to the processing of personal data concerning the Data Subject, where the personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the Regulation, except where the processing is necessary for the performance of a task carried out for reasons of public interest;
10.1.25. the Data Subject’s right related to automated individual decision-making under Article 22 of the Regulation, the content of which is:
10.1.26. the right not to be subject to a decision based solely on automated processing of personal data, including profiling, which produces legal effects concerning the Data Subject or similarly significantly affects the Data Subject, with the exception of cases under Article 22(2) of the Regulation [i.e. except where the decision is: (a) necessary for entering into or performance of a contract between the Data Subject and the Controller,
10.1.27. authorised by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the rights and freedoms and legitimate interests of the Data Subject, or (c) based on the Data Subject’s explicit consent.
XI. Notice on the Data Subject’s right to withdraw consent to the processing of personal data:
11.1. The Data Subject is entitled to withdraw their consent to the processing of personal data at any time, without affecting the lawfulness of processing based on consent given before its withdrawal.
The Data Subject is entitled to withdraw their consent to the processing of personal data at any time – in whole or in part. Partial withdrawal of consent to the processing of personal data may relate to a specific type of processing operation/operations, while the lawfulness of the processing of personal data within the scope of the remaining processing operations remains unaffected. Partial withdrawal of consent to the processing of personal data may relate to a specific purpose/purposes of processing, while the lawfulness of processing for other purposes remains unaffected.
The Data Subject may exercise the right to withdraw consent to the processing of personal data in paper form at the Controller’s address registered as its seat in the Commercial Register at the time of withdrawal of consent, or in electronic form by electronic means (by sending an e-mail to the Controller’s e-mail address provided in the identification of the Controller in this document).
XII. Notice on the Data Subject’s right to lodge a complaint with the supervisory authority:
12.1. The Data Subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement, if the Data Subject considers that the processing of personal data concerning them infringes the Regulation, without prejudice to any other administrative or judicial remedy.
The Data Subject has the right to be informed by the supervisory authority with which the complaint has been lodged, as the complainant, of the progress and outcome of the complaint, including of the possibility of a judicial remedy pursuant to Article 78 of the Regulation.
12.2. The supervisory authority in the Slovak Republic is the Office for Personal Data Protection of the Slovak Republic, Park One Building, Námestie 1. mája 18, 811 06 Bratislava.
Tel.: +421 2 32 31 32 14, Email: statny.dozor@pdp.gov.sk,
XIII. Information related to automated decision-making, including profiling:
13.1. As the Controller does not process the Data Subject’s personal data in the form of automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the Regulation, the Controller is not obliged to provide the information referred to in Article 13(2)(f) of the Regulation, i.e. information about automated decision-making, including profiling, the logic involved, and the significance and envisaged consequences of such processing for the Data Subject. Not applicable.
XIV. Personal data protection and the use of cookies. Information and explanation of cookies, scripts and pixels
14.1. The operator of the website provides the following brief explanation of the function of cookies, scripts and pixels:
14.1.1. Cookies are text files containing small amounts of information that are downloaded to your device when you visit a website. Thanks to this file, the website stores information about your actions and preferences (such as login name, language, font size and other display settings) for a certain period of time, so that you do not have to re-enter them on subsequent visits to the website or when browsing its individual pages.
A script is a piece of programming code used for the correct and interactive functioning of websites. This code runs either on the operator’s server or on your device.
Pixels are small, invisible text fragments or images on a web page used to monitor website traffic. In order for this to take place, various data are stored by means of the pixels.
14.1.2. Categories of cookies
Necessary cookies – ensure the proper functioning of the Controller’s website and its use. These cookies are used without consent.
Functional cookies – relate to the choices of users regarding the use of cookies on the website, including the option to accept, reject or customise cookie settings based on their privacy preferences.
Statistics cookies – the Controller obtains statistics regarding the use of its website. These cookies are used only with consent.
Advertising cookies – used to create advertising profiles and similar marketing activities. These cookies are used only with consent.
14.2. How to control cookies:
14.2.1. You can control and/or delete cookies as you wish – for details see aboutcookies.org. You can delete all cookies stored on your computer or other device, and most browsers can be set to prevent them from being stored.
14.3.1. Cookies used
Necessary cookies
cookieyes-consent
First party, 11 months 4 weeks. This cookie is used to remember the user’s consent to the use of cookies on the website.
Statistics cookies
__utmz
First party, 5 months 4 weeks. This is one of the four main cookies set by Google Analytics, which allows website owners to track visitor behaviour and measure site performance. This cookie identifies the source of the visit – so Google Analytics can tell site owners where visitors came from. The cookie has a lifetime of 6 months and is updated whenever data are sent to Google Analytics.
__utmb
First party, 29 minutes 51 seconds. This is one of the four main cookies set by Google Analytics, which allows website owners to track visitor behaviour and measure site performance. This cookie determines new sessions and visits and expires after 30 minutes. The cookie is updated whenever data are sent to Google Analytics. Any user activity within the 30-minute lifetime will count as a single visit, even if the user leaves and then returns to the site. A return after 30 minutes will count as a new visit but a returning visitor.
_ga_P0FY75CVRH
First party, 1 year 1 month. This cookie is used by Google Analytics to store session state.
_ga_NMEQ6F57RP
First party, 1 year 1 month. This cookie is used by Google Analytics to store session state.
__utma
First party, 1 year 1 month. This is one of the four main cookies set by Google Analytics, which allows website owners to track visitor behaviour and measure site performance. By default this cookie lasts 2 years and distinguishes between users and sessions. It is used to calculate statistics on new and returning visitors. The cookie is updated whenever data are sent to Google Analytics. Its lifetime can be customised by website owners.
__utmc
First-party cookie. This is one of the four main cookies set by Google Analytics, which allows website owners to track visitor behaviour and measure site performance. It is not used on most sites, but is set to allow interoperability with the older version of Google Analytics code known as Urchin. In those older versions it was used in conjunction with the __utmb cookie to identify new sessions/visits for returning visitors. When used by Google Analytics it is always a session cookie that is destroyed when the user closes the browser. If it appears as a persistent cookie, it is likely being set by another technology.
__utmt
First-party cookie, 9 minutes 51 seconds. This cookie is set by Google Analytics. According to their documentation it is used to throttle the request rate – limiting data collection on high-traffic sites. It expires after 10 minutes.
_ga
First party, 1 year 1 month. This cookie name is associated with Google Universal Analytics – a significant update to Google’s more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in every page request on the site and is used to compute visitor, session and campaign data for the site’s analytics reports.
sbjs_migrations
First-party, session. This cookie is used to track user interactions and migrations between different pages or sections of the website with the aim of improving user experience and the analytics of website performance.
tk_or
First-party, 1 year 1 month. This cookie is set by the JetPack plugin on sites using WooCommerce. It is a referrer cookie used to analyse the behaviour of the referring user for Jetpack.
tk_ai
First-party, 1 year 1 month. Stores a randomly generated anonymous ID. Used only in the administrator area and for general analytics tracking.
sbjs_first
First-party, session. This cookie is used to store information about the user’s first session on the website. It tracks details such as the source the user came from, the path they chose, which search engine and keyword were used, and their location at the time of the first visit. This information is used to analyse and improve website performance by understanding user behaviour.
sbjs_udata
First-party, session. This cookie is used to store user-specific data to help monitor and analyse the effectiveness of advertising campaigns and to optimise the user experience on the website.
tk_lr
First-party, 11 months 4 weeks. Collection of internal metrics for user activity, used to improve user experience.
tk_qs
First-party, 29 minutes 59 seconds. This cookie is used to track rapid changes in the visitor’s session state for the purposes of analytics and personalisation.
_ga_1ED2B72X0W
First-party, 1 year 1 month. This cookie is used by Google Analytics to store session state.
sbjs_current
First party, session. This cookie is used to track user activity and interactions on the website in order to facilitate better analysis and understanding of traffic sources and user behaviour.
sbjs_session
First party, 29 minutes 53 seconds. This cookie is used to track user activity and sessions in order to improve website performance and usability, which helps in understanding how visitors interact with the website.
tk_r3d
First party, 3 days. Cookie installed by JetPack. Used for internal metrics of user activity to improve user experience.
cookielawinfo-checkbox-performance
First-party, 11 months 4 weeks. This cookie is used to remember the user’s consent to the use of cookies categorised as “Performance”. It records the user’s consent status for cookies in the Performance category, ensuring website compliance with legal requirements.
sbjs_current_add
First-party, session. This cookie is used to store information about the current visit in order to distinguish between users and sessions. It typically contains details such as the source of traffic, campaign data and user behaviour, which help track and analyse the effectiveness of marketing campaigns.
sbjs_first_add
First-party, session. This cookie is used to store details of the user’s first visit to the website, including timestamp, referring page and traffic source, in order to assess the effectiveness of marketing campaigns and website sources.
_ga_8Y24Q26E94
First party, 1 year 1 month. This cookie is used by Google Analytics to store session state.
_ga_V94YGGJ7Z7
First party, 1 year 1 month. This cookie is used by Google Analytics to store session state.
_ga_DLYVW079WV
First party, 1 year 1 month. This cookie is used by Google Analytics to store session state.
_ga
First party, 1 year 1 month. This cookie name is associated with Google Universal Analytics – a significant update to Google’s more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in every page request on the site and is used to compute visitor, session and campaign data for the site’s analytics reports.
14.3.2. Cookies disclosed to third parties:
Google HQ, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For more information on privacy, see: https://support.google.com/analytics/topic/2919631?hl=sk&ref_topic=1008008
XV. Final provisions
15.1. These Personal Data Protection Principles and Notices and Cookies Notice form an integral part of the General Terms and Conditions and the Complaints Policy. The documents – the General Terms and Conditions and the Complaints Policy of this Website – are published on the domain of the Seller’s Website.
15.2. These Personal Data Protection Principles enter into force and effect upon their publication on the Seller’s Website on 09.09.2025