GDPR - PERSONAL DATA PROCESSING POLICY

BeardedTales s.r.o., with its registered office at Račianska 14349/64B, 831 02 Bratislava – Nové Mesto, Slovak Republic, Company ID No. 50 796 551 (hereinafter referred to as the “Controller”), processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act No. 18/2018 Coll. on Personal Data Protection.

The purpose of this document is to provide information about the personal data we process, the legal basis for processing, retention periods, and your rights as a data subject.

1. CONTROLLER IDENTIFICATION DETAILS

BeardedTales s.r.o.
Račianska 14349/64B
831 02 Bratislava – Nové Mesto
Slovak Republic

Company ID No. (IČO): 50 796 551
E-mail: hello@anst.store
Website: www.anst.store

2. WHAT PERSONAL DATA WE PROCESS

We primarily process the following categories of personal data:

first name and surname,
billing address,
shipping address,
telephone number,
e-mail address,
order information,
payment information,
customer account information,
customer communications,
IP address and technical information relating to website visits.

3. PURPOSES AND LEGAL BASES FOR PROCESSING

a) Order Fulfilment and Performance of the Purchase Contract

Legal basis:
Article 6(1)(b) GDPR – performance of a contract.

Processed data:
First name, surname, address, telephone number, e-mail address, order details, and payment information.

b) Accounting and Compliance with Legal Obligations

Legal basis:
Article 6(1)(c) GDPR – compliance with a legal obligation.

Processed data:
Data contained in tax and accounting documents.

c) Customer Account Administration

Legal basis:
Article 6(1)(b) GDPR – performance of a contract.

Processed data:
First name, surname, e-mail address, telephone number, address, and order history.

d) Establishment, Exercise, or Defence of Legal Claims and Protection of the Controller’s Rights

Legal basis:
Article 6(1)(f) GDPR – legitimate interest.

e) Website Operation and Security

Legal basis:
Article 6(1)(f) GDPR – legitimate interest.

Processed data:
IP address, device-related technical information, and website access logs.

4. COOKIES AND ANALYTICAL TOOLS

Our website uses cookies and similar technologies.

In particular, we use:

WooCommerce,
Stripe,
PayPal,
Google Analytics,
Google reCAPTCHA,
Wordfence,
Packeta widgets,
other technical tools necessary for the operation of the website.

Marketing and analytics cookies are used only on the basis of the visitor’s consent provided through the cookie banner.

Detailed information is available in our separate Cookie Policy.

5. RECIPIENTS OF PERSONAL DATA

Personal data may be disclosed to the following categories of recipients:

website hosting and maintenance providers,
WooCommerce e-commerce platform providers,
payment service providers (Stripe, PayPal),
accounting service providers,
Slovenská pošta (Slovak Post),
Packeta,
DPD,
IT and cybersecurity service providers,
public authorities where required by applicable law.

6. TRANSFERS OF DATA TO THIRD COUNTRIES

Certain services may transfer personal data outside the European Economic Area, particularly services provided by Google, Stripe, or PayPal.

Such transfers are carried out only in compliance with GDPR requirements and on the basis of appropriate safeguards for the protection of personal data.

7. DATA RETENTION PERIODS

Orders and invoicing records:
10 years from the issuance of the accounting document.

Customer account:
For the duration of the account and no longer than 3 years from the last login.

Customer communications:
3 years from the end of the communication.

Complaints and warranty claims:
5 years from the resolution of the complaint.

Technical logs:
Up to 12 months.

Cookies:
In accordance with the settings of individual cookies and the Cookie Policy.

8. RIGHTS OF THE DATA SUBJECT

You have the right to:

access your personal data,
request rectification of inaccurate personal data,
request erasure of personal data,
request restriction of processing,
data portability,
object to processing,
withdraw consent at any time where processing is based on consent,
lodge a complaint with a supervisory authority.

9. SUPERVISORY AUTHORITY

Office for Personal Data Protection of the Slovak Republic
Hraničná 12
820 07 Bratislava 27
Slovak Republic

Website: www.dataprotection.gov.sk

10. CONTACT

If you have any questions regarding personal data protection or wish to exercise your rights, please contact us at:

E-mail:
hello@anst.store

11. FINAL PROVISIONS

The Controller reserves the right to update this Personal Data Processing Policy as necessary.

The current version is always available on the website www.anst.store.

This Personal Data Processing Policy becomes effective on 19 June 2026.

Cookie	Duration	Description
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".