Privacy Notice and Secure Connection

DISCLOSURE OF YOUR PERSONAL INFORMATION

It is our general policy to not voluntarily disclose your personal information to third parties without your consent. “Steroids4U.to” does not intend to transfer Personal Information without your consent to third parties who are not bound to act on Steroids4U.to behalf. Similarly, it is against Steroids4U.to policy to sell Personal Information collected online without consent.

HOW WILL WE USE THE INFORMATION ABOUT YOU?

We collect information about you to process your order, manage your account, and If you agree, post offers of other products and services that we offer.

We use your information collected from the website to personalise your repeat visits to the website.

If you agree, we shall pass on your personal information to our group of companies so that they may offer you their products and services.

We will not share your information for marketing purposes with companies outside of our group.

Whenever you can delete your personal information from our website under: My account – Remove personal data from shop.

More informations about Personal data informations are below and more about General Data Protection Regulation (GDPR).

COOKIES

Steroids4U.to used on their site the following types of cookies – Cookies are small text files that your browser stores on your computer or device:

– Temporary cookies are used for example. after logging on to the service to the user ID for login. Without these cookies, some of our services may not work at all or their functionality may be limited. Temporary cookies are turned off in the browser automatically deleted.
– Permanent cookies remain stored in the browser on this computer. These cookies tend to user preferences and thus serves to increase its comfort when using our services, or used for statistical or promotional purposes.
Consent for cookies grants the user clicking on the box at the bottom of a letter which he displayed on our site. Changing the web browser, the user can after such consent at any time simply use cookies files prohibit (including third party cookies). In the case of banning the use of cookies in your browser, however, some of the page may not work properly. Determine when and availability cookies you can adjust your browser settings.

We use cookies so that we can customize the content to users. They also serve for analysis and statistical evaluation of the use of services and content.

SSL SECURE CERTIFICATE

Our eshop Steroids4U.to is SSL certificated. All connections are private and secure.

HOSTING SERVER AND DOMAIN NAME SECURE

 Our hosting is on offshore secure server and Domain name is registered with offshore domain registrar.

Privacy Policy and Personal Data Protection

IN THE SALE OF GOODS AND THE RENDERING OF SERVICES BY STEROIDS4U.TO

Information under § 15(1) of Act No. 122/2013 Coll. on Personal Data Protection, as amended.

Dear data subject,

In order to process your order we need information on your personal data. We process them under Act No. 122/2013 Coll. on Personal Data Protection, as amended, while they will be used for the intended purpose only.

Online store operator

1) Online store operator is:

Business name: Steroids4U.to

(hereinafter referred to as the “Operator”).

Purpose of the personal data processing

1) The Operator processes the personal data in order to:

Conclude a purchase contract with data subject by means of the online store or in other suitable way and to fulfil its duties arising from the Contract and the law,
maintain a loyalty programme for customers, perform marketing activities.

2) The Operator processes the personal data especially for the following purpose:

the ordering of the goods by means of the online store or in other suitable way,
the confirmation of the order,
the conclusion of the purchase contract,
the issuance of a tax document for the payment of purchase price for the goods ordered under Act No. 222/2004 Coll. on Value Added Tax, as amended,
the delivery of the goods ordered to the place of delivery and the handover of the goods to an authorised person, the registration of customers for administrative purposes, the registration of orders in order to solve eventual complaints, rewarding customer loyalty, marketing activities, information on actions, novelties and discounts.

A list of personal data being processed

1) The Operator processes the personal data of data subjects in a scope stated in the relevant legislation, contracts and other documents of the Operator in a scope in which the personal data will be provided to the Operator in documents, letters and notices, or during telephone conversations or electronic communication between the Operator and the data subject.

2) The Operator processes especially the following personal data of data subjects:

name and surname,
date of birth,
address,
contact data (tel., mail),
payment terms,
order data.

3) If the Operator also processes other personal data on data subjects, as stated in Article 3(1) of these terms and conditions for the personal data processing, the Operator processes them in a scope necessary to fulfil duties arising from purchase contract and special legislation.

Voluntary provision of personal data

1) The Operator acquires personal data in a scope necessary to fulfil duties arising from a purchase contract concluded between the Operator and a data subject, the subject of which is the delivery of the goods ordered at agreed purchase price under § 10(3)(b) of Act No. 122/2013 Coll. on Personal Data Protection, as amended., without the data subject`s consent.

2) The data subject provides the Operator with these personal data voluntarily in order to fulfil its duties arising from the purchase contract and special legislation.

3) The data subject notes that the personal data will be made available or provided to a third party in order to fulfil duties arising from the purchase contract and special legislation.

4) The Operator processes the data subject`s personal data only for a period necessary to fulfil its duties arising from the contract and special legislation.

5) The Operator processes the data subjects` personal data for the purposes of loyalty programme and marketing purposes with the data subject`s consent under § 11 of Act No. 122/2013 Coll. on Personal Data Protection, as amended. The data subject expresses its consent with the personal data processing through the online store. The data subject grants its consent with the personal data processing for an indefinite period. The data subject can withdraw its consent anytime in writing. The consent expires within 1 month of the delivery of withdrawal of the data subject`s consent to a seller and the data will be subsequently deleted.

Provision and disclosure of personal data

1) The online store Operator provides personal data on data subjects to third parties only to necessary extent in order to fulfil its duties arising from the purchase contract and special legislation. The Operator provides personal data to:

a carrier in order to deliver the goods,
an external accounting firm Steroids4U.to based on a contract under § 8 of Act No. 122/2013 Coll. on Personal Data Protection, as amended.

2) The Operator does not disclose personal data to any third party with the exception of cases when it is necessary to fulfil duties arising from the purchase contract.

Mediation of personal data processing

1) The Operator is entitled to entrust an intermediary with the processing of data subjects` personal data under a written contract made in compliance with § 8 of Act No. 122/2013 Coll. on Personal Data Protection, as amended.

2) The Operator entrusted an external accounting company with the processing of personal data of an accounting and accounting documents information system.

3) When selecting an intermediary, the Operator proceeded under § 8(2) of Act No. 122/2013 Coll. on Personal Data Protection in order to provide for the security of personal data that are being processed.

4) The intermediary has contractually obliged to provide for the security of personal data that are being processed so that it will protect them against accidental and unlawful damage and destruction, accidental loss, change, unauthorised provision and disclosure to third parties.

Disclosure of personal data

1) The Operator does not disclose personal data of data subjects.

Information on the rights of a data subject
1) A data subject is entitled, based on a written request, to require from the Operator

a) A confirmation as to whether its personal data are being processed or not,

b) In a generally comprehensible form the information on the personal data processing within information system in the scope according to § 15(1)(a) to (e), the second to the sixth paragraph the above act; when a decision is issued the data subject is entitled to acquaint itself with the procedure of the processing and evaluation of operations,

c) In a generally comprehensible form accurate information on the source from which it acquired its personal data for processing,

d) In a generally comprehensible form a list of its personal data that are subject to processing,

e) The correction or liquidation of its incorrect, incomplete or obsolete personal data that are subject to processing,

f) The liquidation of its personal data the processing purpose of which has ended; if the processing relates to official documents containing personal data, the data subject can ask for them to be returned,

g) The liquidation of its personal data that are subject to processing, if the law was breached,

h) The blocking of its personal data due to the withdrawal of consent before it expires, if the Operator processes personal data based on the data subject`s consent.

2) The right of the data subject under Paragraph 1(e) and (f) of the above act can be restricted only if such a restriction arises from a special act or if its application would result in the breach of the data subject`s protection or the rights and freedoms of other parties would be breached.

3) The data subject is entitled, based on a written request delivered to the Operator, to object to

a) The processing of its personal data which it assumes are or will be processed for the purposes of direct marketing without its consent, and to request their liquidation,

b) The use of personal data stated in § 10(3)(d) of the above act for the purposes of direct marketing within postal system, or

c) The provision of personal data stated in § 10(3)(d) of the above act for the purposes of direct marketing.

4) The data subject, based on a written request or in person, if the matter is urgent, is entitled, in relation to the Operator, to object to the processing of personal data in cases according to § 10(3)(a), e), f) or g) of the above act by expressing justified reasons or submitting evidence on unauthorised intervention into its rights and interests protected by law, which are or can be in a specific case damaged by the processing of personal data; unless prevented by legal reasons and if proved that the data subject`s objection is substantiated, the Operator is obligated, without undue delay, to block and liquidate the personal data the processing of which was objected by the data subject, immediately, as soon as circumstances permit.

5) The data subject, in relation to the Operator, is further entitled, based on a written request or in person, if the matter is urgent, to anytime object to and not to obey a decision of the Operator that would have legal effects for or significant impact on the data subject, if such a decision is issued exclusively on the basis of the acts of automated processing of its personal data. The data subject is entitled to ask the Operator to review the issued decision using other method than the automated processing, while the Operator is obligated to comply with the request of the data subject so that an authorised person will play a decisive role within the review of the decision; the Operator will inform the data subject on the method of review and the result of the finding within a deadline according to § 29(3) of the above act. The data subject does not have this right only if stipulated so by a special act that provides for measures for the protection of legitimate interests of the data subject, or if the Operator, within pre-contractual relations or during the existence of contractual relations, issued a decision by which it complied with the data subject`s request, or if the Operator, based on a contract, took other adequate measures for the protection of legitimate interests of the data subject.

6) If the data subject exercise its right

a) In writing and the content of its request shows that it exercises its right, the request is deemed submitted under this act; a request sent by electronic mail or fax will be delivered by the data subject in writing not later than within three days of the sending,

b) In person orally on the record from which it must be clear who has exercised the right, what is it calling for and when and who prepared the record, his signature and signature of the data subject; the Operator is obligated to hand a copy of the record over to the data subject,

c) In relation to an intermediary under sub-paragraph a) or b), the intermediary is obligated to hand the request or the record over to the Operator without undue delay.

7) If there is suspicion of unauthorised processing of personal data, the data subject can submit to an authority a reference for the ruling on personal data protection.

8) If the data subject does not have full legal capacity, a legal representative can exercise its rights.

9) If the data subject is not alive, a close person can exercise its rights that the data subject has under this act.

10) The data subject is obligated to provide only true personal data. The one who entered untrue data into information system is responsible for untrue personal data under § 16(1) of Act No. 122/2013 Coll. on Personal Data Protection, as amended.

11) The data subject`s request under § 28(1)(a) to (c), e) to h) and paragraphs 3 to 5 of the act will be processed by the Operator free of charge.

12) The data subject`s request under § 28(1)(d) of the act will be processed by the Operator free of charge, with the exception of a payment in the amount that cannot exceed the amount of effectively incurred real costs associated with the preparation of copies, the procurement of technical media and the sending of information to the data subject, unless a special act stipulates otherwise.

13) The Operator is obligated to process the data subject`s request in writing under Paragraphs 1 and 2 within 30 days of the delivery of the request.

14) The Operator will inform the data subject§ 28(2) and the authority, without undue delay, on the restriction of the rights of the data subject.