Go to Cart 0 €0
Cart is empty

Privacy Policy

Privacy Policy

Below we provide information on the processing and protection of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, “GDPR”) and Act No. 18/2018 Coll. on the protection of personal data and on amendment of certain acts (the “Personal Data Protection Act”).

1. Controller

Kingray, s.r.o.
Ružová 728/2
050 01 Revúca
Company ID (IČO): 45396736

We process your data for our own purposes as the Controller. This means we determine the purposes for which we collect your personal data, define the means of processing, and are responsible for processing them properly.

2. Our processors and recipients who process your personal data

In certain cases, the Controller may process the data subject’s personal data through processors who are authorised to process personal data pursuant to Article 28 GDPR. Processors process personal data on behalf of the Controller. Processing through a processor does not adversely affect the exercise and enforcement of the data subject’s rights. The Controller uses only processors providing adequate technical, organisational and other measures so that processing meets the requirements of the GDPR and the rights of data subjects are fully protected.

The Controller uses the following categories of processors:

  • Companies providing technical solutions, web hosting services, maintenance and support of IT systems used by the Controller.
  • Companies providing accounting and tax services.

Additional information

  1. Kingray.sk hereby informs its customers that it aims to continuously improve its services and increase customer satisfaction. In connection with fulfilling the above goal, we process the personal data you have provided to us (first name, last name, email address, telephone number, transaction date, order ID and information about purchased products). The reason for processing personal data is our legitimate interest in increasing customer satisfaction and the quality of our services.
  2. For this purpose, after purchasing our products we will send a satisfaction questionnaire to your address. To evaluate the satisfaction questionnaires we cooperate with our partners—the operator of the portal spolehliverecenze.cz and the company eKomi Holding GmbH—to whom we provide the above personal data for this purpose.
  3. If you do not agree with receiving the satisfaction questionnaire and with transferring your personal data to the above companies, you have the right to object to such processing of personal data, either by emailing info@kingray.sk or by following the procedure set out in the satisfaction questionnaire.

The Controller uses the following categories of recipients:

  • Delivery and courier services, including pickup‑point services.
  • State administration bodies and public authorities for control and supervision.

3. Purpose of processing personal data

On behalf of Kingray, s.r.o., as the Controller, we obtain from you only those data that we actually need to provide a full‑value service—selling medical devices, biolamps, health and beauty devices, food supplements, cosmetics and cosmetic tools. The purposes of processing personal data at individual process steps are:

  • When communicating with clients by phone, in person, by electronic/paper mail, or via the online contact form, we process data under Article 6(1)(f) GDPR—legitimate interest—for the purpose of responding to your enquiry/complaint or question regarding the services provided and products supplied, where it is necessary to verify the relevance of the request or carry out any subsequent contact with you as the data subject.
  • When you show interest in our services, when placing an order for services by phone, in person, by electronic/paper mail or by direct purchase through the online shop at https://www.kingray.eu, we process data under Article 6(1)(b) GDPR—processing is necessary to take steps at your request as the ordering party prior to concluding and confirming the order, i.e., during the pre‑contractual stage (e.g., client identification during the creation, definition or modification of the order; determining or changing the delivery address and time; or adding other data needed to conclude the order).
  • After order confirmation—i.e., once a contractual relationship arises between Kingray, s.r.o. as Controller and you as the ordering data subject—during the required cooperative communication with the client, informing about changes in order status, final personal delivery, or when preparing and issuing the tax document (invoice), we process data under Article 6(1)(b) GDPR—processing is necessary to perform the contract to which you, as the client, are a party.
  • Via the website https://www.kingray.eu you may voluntarily create and register a user account through which simplified online shopping and a record of all purchases can be made, or register your email address as a subscriber to product news—newsletters. In such case, we process data under Article 6(1)(a) GDPR—based on the consent you have given for the purpose of creating and administering a user account, or for sending current news via newsletters to the email address provided.

4. List of personal data processed

  • Data required to send a message via the online contact form:
    • First name
    • Email address
  • Data for newsletter (product news) registration:
    • Email address
  • Data required to register a user account:
    • First and last name
    • Email address
    • Permanent residence address or another correspondence address for delivery
    • Telephone number
    • Personal access password
  • Data required to place an order:
    • First and last name
    • Email address
    • Permanent residence address or another correspondence address for delivery
    • Telephone number
  • Billing data:
    • First and last name
    • Permanent residence address or another correspondence address for billing purposes
    • Account number / IBAN
  • Contact data in case of parcel delivery:
    • First and last name
    • Permanent residence address or another correspondence address for parcel delivery
    • Telephone number—needed to confirm date, time and place of delivery or to make changes to the order
    • Email address—needed to send the electronic order confirmation and order‑status updates; also used as a backup communication channel if the customer is unavailable on the telephone number provided

5. Period of processing and storage of your personal data

Your personal data processed under Article 6(1)(b) GDPR—as part of fulfilling Kingray s.r.o.’s obligations towards ordering parties and clients—are further processed to fulfil our statutory obligations in the field of taxes and accounting arising from generally binding legal regulations (e.g., storage of individual accounting records of your confirmed orders and invoicing for the purpose of delivering selected goods to your contact address under Act No. 431/2002 Coll. on Accounting, as amended; for demonstrating fulfilment of tax obligations under tax legislation—Act No. 595/2003 Coll. on Income Tax, Act No. 563/2009 Coll. on Tax Administration, etc.). We must store such data for the period stipulated by the relevant legal regulations.

In any case, we follow the principle of data minimisation under Article 5(1)(e) GDPR; therefore, your personal data that are not subject to archiving under special legal regulations will be deleted or anonymised.

Personal data processed under Article 6(1)(a) GDPR—based on your consent to create and administer a user account or to send current marketing news—are processed for 3 years or until consent is withdrawn.

When the processing period is about to expire, we will contact you in writing or by email, allowing you to renew consent for the defined purpose and extend processing for the next period. If consent is not granted during renewal/extension or you do not respond, we will no longer process your personal data—i.e., we will automatically remove the data from records, delete electronic data from systems, and physically shred paper records.

Personal data processed under Article 6(1)(f) GDPR—based on legitimate interest—obtained when responding to your enquiry/complaint or question about services and products, where it was necessary to verify relevance or make subsequent contact and which were not then moved into a pre‑contractual or contractual relationship—are deleted without delay after handling.

As the Controller, we will ensure deletion of personal data without undue delay after: all contractual relationships between you and us as Controller have ended; and/or all your obligations towards the Controller have ceased; and/or all your complaints and requests have been handled; and/or all other rights and obligations between you and us as Controller have been settled; and/or all purposes of processing laid down by legal regulations or purposes for which you gave consent (if processing was based on consent) have been fulfilled; and/or the period for which consent was granted has expired or you have withdrawn your consent; and/or your request for erasure has been granted and a relevant reason for granting it has been met; and/or the decisive legal fact for ending the purpose of processing has occurred and the protective retention period set with regard to the principle of minimising storage periods has also expired; and at the same time our legitimate interest no longer persists and all obligations set by generally binding legal regulations requiring storage of the data subject’s personal data (especially for archiving, tax control, etc.) have ceased, or could not be fulfilled without storing them.

Any accidentally obtained personal data are never further processed systematically for any purpose we define. If possible, we inform the data subject whose personal data were obtained accidentally about the accidental acquisition and, depending on the nature of the case, provide the necessary cooperation to restore control over their personal data. Immediately after these necessary steps aimed at resolving the situation, all accidentally obtained personal data will be securely destroyed without delay.

For further information on a specific retention period of your personal data, please contact us via the contact details provided.

6. Disclosure of data

Our company does not disclose the personal data obtained.

7. Cross‑border transfer of personal data

Cross‑border transfer of personal data is carried out for delivering orders abroad via:

  • Courier company DPD
  • Courier company GLS

8. Rights and obligations of the data subject

  • The customer is obliged to provide only complete and accurate data.
  • The customer undertakes to update their data in case of changes, no later than before placing the first order following the change.
  • If the customer provides personal data of a third party (name, surname, telephone number), they do so only with that person’s consent and the data subject is informed about the procedures, rights and obligations stated on this page.

As our client and a data subject, you have the right—within the defined scope—to decide how your personal data are handled. You can exercise the rights below:

  • In person at the Controller’s contact address: Kingray, s.r.o., Ružová 728/2, 050 01 Revúca;
  • Via our customer line: +421 918 988 998;
  • By email: info@kingray.sk.

We will try to respond as soon as possible, but no later than 30 days after receiving your request.

The applicable legal regulations—GDPR and the Act—guarantee you in particular:

  • Right of access – You have the right to obtain confirmation as to whether your personal data are being processed and, if so, to obtain a copy of those data and additional information under Article 15 GDPR / Section 21 of the Act. If we process a large amount of data about you, we may ask you to specify the scope of data you want.
  • Right to rectification – To ensure we process only up‑to‑date personal data about you, please notify us of any changes as soon as they occur. If we process inaccurate data, you have the right to request rectification.
  • Right to erasure – If the conditions of Article 17 GDPR / Section 23 of the Act are met, you may request erasure of your personal data (e.g., if you withdraw consent and there is no other legal basis, if we process your data unlawfully, or the purpose has ceased and we do not process the data for another compatible purpose). We will not erase data needed for the establishment, exercise or defence of legal claims.
  • Right to restriction of processing – If the conditions of Article 18 GDPR / Section 24 of the Act are met, you may request restriction of processing (e.g., while you contest accuracy or when processing is unlawful and you do not wish erasure but need restriction while exercising your rights). We continue processing where necessary for the establishment, exercise or defence of legal claims.
  • Right to data portability – If processing is based on your consent or performed for the performance of a contract with you and carried out by automated means, you have the right to receive the personal data concerning you in a commonly used machine‑readable format and, where technically feasible, to have them transmitted directly to another controller. This right does not apply to processing carried out for the performance of a task carried out in the public interest or in the exercise of official authority.
  • Right to object – If we process your personal data for the performance of a task carried out in the public interest or in the exercise of official authority, or on the basis of our legitimate interests or those of a third party, you have the right to object. Based on your objection we will restrict processing and, unless we demonstrate compelling legitimate grounds overriding your interests, rights and freedoms, or grounds for the establishment, exercise or defence of legal claims, we will stop processing and erase your data. You have the right to object at any time to processing for direct marketing, including profiling to the extent related to such direct marketing; after an objection we will no longer process your data for this purpose.
  • Right to lodge a complaint – If you believe your personal data are processed in conflict with the GDPR or the Act, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement. In the Slovak Republic the supervisory authority is the Office for Personal Data Protection of the Slovak Republic.
  • Right to withdraw consent – Where processing is based on consent, you have the right to withdraw it at any time. Withdrawal does not affect processing already carried out. If you later decide you wish to receive our commercial and marketing offers again, you can grant your withdrawn consent (or revoke your objection) at any time using any of the contact methods above.

9. Contact details of the Supervisory Authority and the Data Protection Officer

Office for Personal Data Protection of the Slovak Republic
Address: Hraničná 12, 820 07 Bratislava 27, Slovak Republic
Company ID (IČO): 36 064 220

Filing office hours: Mon–Thu 8:00–15:00, Fri 8:00–14:00
Telephone consultations on personal data protection: Tue & Thu 8:00–12:00, +421 2 323 132 20
President’s Secretariat: +421 2 323 132 11
Office Secretariat: +421 2 323 132 14
Fax: +421 2 323 132 34
Spokesperson: mobile +421 910 985 794, email: hovorca@pdp.gov.sk
General email: dozor@pdp.gov.sk
Information pursuant to Act No. 211/2000 Coll.: info@pdp.gov.sk
Website: dataprotection.gov.sk
Template proposal to initiate personal‑data protection proceedings: available on the authority’s website.

10. Security of the website

The website https://www.kingray.eu uses encrypted SSL connections for any user connection and transfer of any data, preventing third‑party access to data transmitted over the Internet and alteration of such data by third parties. The Controller’s databases containing personal data are protected by encryption and non‑public access credentials in line with state‑of‑the‑art technical standards.

ShareTweetPin It