pre online store biomefix.eu
Operator: McCarter a.s.
Effective from: 13 May 2026
(in compliance with GDPR Regulation (EU) 2016/679 and Act No. 18/2018 Coll. on Personal Data Protection)

1. The Controller of Personal Data is:

McCarter a.s., with registered office at Bajkalská 25, Bratislava, 821 01, Slovakia, Company ID: 35 846 011, Tax ID: 2020263113, VAT ID: SK2020263113, bank details: IBAN: SK1211000000002623023363, SWIFT: TATRSKBX. (Contact details: e-mail info@biomefix.eu, phone +421 918 710 142)
(No Data Protection Officer has been appointed.)

2. Purposes and Legal Basis for Personal Data Processing

2.1 Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR and § 13(1)(b) of Act No. 18/2018 Coll.)
Personal data of the Buyer (data subject) necessary for communication and performance of the concluded purchase contract (or measures prior to its conclusion) are processed exclusively for this purpose.
Scope of data: name, surname, telephone number, e-mail address, permanent address (including postal code and apartment/house number).

2.2 Marketing purposes and sending of commercial communications (Art. 6(1)(a) GDPR and § 13(1)(a) of Act No. 18/2018 Coll.)
Processing for the purpose of sending information about news, discounts, promotions, and upcoming activities of the Seller is carried out solely on the basis of the free, informed, and revocable consent of the data subject.
Consent is given by ticking the relevant checkbox when ordering or registering on biomefix.eu.
Scope of data: name, surname, e-mail address.
Consent may be withdrawn at any time (e.g. by clicking the unsubscribe link in the e-mail or by e-mailing info@biomefix.eu). Withdrawal of consent does not affect the lawfulness of processing prior to its withdrawal.

2.3 Statistical purposes and website improvement (Art. 6(1)(f) GDPR – legitimate interest)
The Controller evaluates anonymized statistical data on visits to biomefix.eu (number of visitors, traffic sources, etc.). These data do not contain personal data and are used exclusively for internal analysis and improvement of service quality.

3. Retention Period of Personal Data

Data for contract performance: for the duration of the contractual relationship + statutory retention period (in particular 10 years for accounting and tax obligations, or longer for the purpose of legal claims).
Marketing data (consent): until consent is withdrawn or the purpose is fulfilled.
Contact forms without contract conclusion: maximum 12 months.
After the retention period expires, personal data are promptly deleted or anonymized.

4. Recipients and Processors of Personal Data

Personal data are not shared with third parties except in the following cases:
• External product suppliers (to the minimum extent necessary for contract performance).
• Carriers / couriers (name, surname, address, phone, e-mail).
• Payment service providers – GoPay.
• IT service providers, web hosting and e-mail tools (as processors under Art. 28 GDPR – with a concluded processing agreement).
• Partners for customer satisfaction surveys.

All processors are bound by contractual confidentiality and GDPR data protection obligations.
International transfers: Personal data are processed exclusively within the EU/EEA. If tools involving transfers to third countries (e.g. USA) are used, this will be properly notified and secured (standard contractual clauses or adequate safeguards).

5. Rights of the Data Subject (Art. 15 – 22 GDPR)

You have the right:
• to access your personal data,
• to rectification of incorrect or incomplete data,
• to erasure (“right to be forgotten”),
• to restriction of processing,
• to data portability,
• to object to processing (including processing based on legitimate interest),
• to withdraw consent at any time (without affecting prior processing),
• to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic (www.dataprotection.gov.sk).

Requests to exercise your rights should be sent by e-mail to info@biomefix.eu. You will receive a response within 1 month (or an extension of one additional month in case of complexity).

6. Security of Personal Data

The Controller has implemented appropriate technical, organizational, and personnel measures in accordance with Art. 32 GDPR. Data are not accessible to third-party applications except approved processors.

7. Cookies and Other Technologies

The website biomefix.eu may use cookies to ensure functionality, analyze traffic (anonymized), and for marketing purposes. Details are provided in a separate Cookie banner / Cookie Policy.

8. Intellectual Property and Links to Other Websites

All materials on biomefix.eu are the exclusive intellectual property of the Controller or its partners and may not be used without consent.
The Controller is not responsible for the content or personal data protection practices of third-party websites linked from the site.

9. Final Provisions

These Policies may be updated. The current version is always available at https://biomefix.eu/en/privacy-policy.
Changes take effect upon publication. Regular review is recommended.