This Privacy Policy describes how your personal information is collected, utilised, and shared when you visit or make a purchase from www.soapshroomshelf.com (the “Site”). The Site is operated by Shroomy Home Solutions s.r.o., acting as the Data Controller under European data protection legislation.
1. Data Controller
The entity responsible for the processing of your personal data under the General Data Protection Regulation (GDPR) and regional statutes is:
- Company Corporate Name: Shroomy Home Solutions s.r.o.
- Registered Office Address: Tomášikova 26, 821 01 Bratislava, Slovakia
- Company Registration Number (IČO): 53 124 582
- Official Correspondence Email: bathroom@soapshroomshelf.com
- Official Telephone Line: +421 905 123 456
2. Personal Data We Collect
When you interact with the Site, we collect certain information necessary to complete your transaction and maintain standard web operations:
- Device Information: Web browser details, IP address, time zone, and specific cookies installed on your device.
- Order Information: Name, billing address, shipping address, payment information (including obfuscated card details), email address, and telephone number.
3. Purpose and Legal Basis for Processing
We process your personal information based on the following statutory legal grounds:
- Performance of a Contract: To fulfill orders placed through the Site (including managing intra-European logistical handovers, processing transaction amounts, and providing statutory invoices).
- Legal Obligation: To comply with mandatory accounting, taxation, and corporate reporting requirements applicable within the Republic of Slovakia and the European Union.
- Legitimate Interests: To mitigate commercial risk, detect potential fraud, assess operational efficacy, and maintain the infrastructure integrity of our platform.
4. Sharing Your Personal Data and Third-Party Processors
We engage trusted third-party service providers to assist us in conducting our commercial operations and processing data strictly on our behalf:
- Payment Processing: All financial transactions executed via our online portal are processed directly by our external payment gateway provider, Stripe. Stripe operates as an independent data processor and handles your credit/debit card information in strict accordance with Payment Card Industry Data Security Standards (PCI-DSS). Your sensitive financial details are transmitted via encrypted protocols (SSL) directly to Stripe without ever being retained or stored on our corporate servers.
- Logistical Partners: Your shipment coordinates and contact numbers are shared with relevant European postal and courier services solely to execute order deliveries.
5. Data Retention Periods
We retain your personal information only for as long as necessary to fulfill the objectives outlined in this policy and to adhere to European legal mandates:
- Transaction and Accounting Data: In compliance with Slovakian corporate accounting laws and European tax regulations, data relating to financial transactions and commercial invoices is retained for a mandatory period of ten (10) years from the end of the respective financial year.
- General Correspondence: Communications submitted via our official email channels are retained for a maximum of twenty-four (24) months following satisfactory resolution, unless required longer for legal purposes.
6. Information Security
We implement appropriate technical workflows and commercial-grade electronic management protocols to mitigate the risk of unauthorized access, alteration, or disclosure of your data. Please note that while we employ rigorous methods to manage data responsibly, no digital transmission over the internet or method of electronic storage can be characterised as completely infallible.
7. Your Statutory Rights Under the GDPR
As a resident within the European Economic Area (EEA), you possess specific, legally enforceable rights regarding your personal information under the GDPR:
- The Right of Access: To request copies of your personal records held by our enterprise.
- The Right to Rectification: To require the immediate correction of inaccurate or incomplete details.
- The Right to Erasure (“Right to be Forgotten”): To request the deletion of your personal files, provided the retention is no longer mandatory under Slovakian and European corporate obligations.
- The Right to Restrict or Object to Processing: To limit how your information is handled under specific legal criteria.
To exercise any of these statutory rights, please communicate your formal request to our administration via bathroom@soapshroomshelf.com.