Privacy & Cookie Policy

1. Basic Information

Data Controller

Feketeleves is a brand operated by Uncle Industries, s.r.o.
Company name: Uncle Industries, s.r.o.
Company address: Tatranska 102, 94001 Nove Zamky, Slovakia
Company ID (IČO): 51318113
Registered in the Companies Register by the Municipal Court in Nitra, Section Sro, Insert 44925/N
Email: [email protected]
Contact form: https://www.feketeleves.com/contact/

We respect your right to privacy and handle all personal data in compliance with Regulation (EU) 2016/679 (GDPR), the Slovak Data Protection Act, and applicable legal requirements.

You can always manage, change, or withdraw your cookie preferences at any time by clicking “Privacy & Cookie Settings” in the footer on every page, or by contacting us directly.

2. What Data We Process

We collect and process the following categories of personal data:

  • Identity data (name, delivery address, billing address)
  • Contact data (email, phone number)
  • Order information (purchased items, payment method, delivery preference)
  • Technical data (IP address, device type, browser, operating system)
  • Cookie identifiers (subject to consent)

We do not collect or store full payment card details; these are handled securely by our payment processor. Providing your identity, contact, and order information is a contractual requirement necessary to process and fulfill your order. Without this data, we cannot conclude the purchase or deliver the goods. Providing your data for marketing communications or analytics is entirely voluntary and is not required to make a purchase.

3. Legal Basis and Purpose of Processing

We process your data for the following purposes:

  • Contract performance: To process and deliver your orders.
  • Legal obligations: E.g. accounting and tax compliance.
  • Legitimate interests: Site security, fraud prevention, customer support.
  • Consent: For email marketing (optional), analytics, and marketing/advertising tracking cookies.
  • Automated Decision-Making: We do not use your personal data for automated decision-making or profiling that would produce legal or similarly significant effects concerning you.

4. Email Marketing

We only send newsletters if you have actively opted in. The checkbox at checkout is not selected by default. You can unsubscribe anytime using the unsubscribe link in the emails or by contacting us.

We use Klaviyo, Inc. for newsletter management, subscriber segmentation, and related email performance analytics. Where personal data is transferred outside the EEA, such transfers are safeguarded by the EU-U.S. Data Privacy Framework and/or the European Commission’s Standard Contractual Clauses, as applicable.

5. Cookies and Tracking Technologies

Our website uses the following categories of cookies and similar technologies, which you can manage at any time via our consent banner:

  • Necessary: (Always Active) These cookies and scripts are essential for the website to function (e.g., shopping cart, secure checkout, and privacy preferences) and cannot be switched off.
  • Analytics: (Requires Explicit Consent) Used to measure visits, traffic sources, and website performance. This includes Google Analytics 4. We configure these tools to support privacy and only load them after your explicit consent.
  • Embedded Videos: (Requires Explicit Consent) These cookies and scripts may be set by external video hosting services (like YouTube or Vimeo) to deliver video content on our site. The provider may build a profile of your interests based on uniquely identifying your browser and device.
  • Marketing: (Requires Explicit Consent) These cookies and scripts are set by our advertising partners (such as Google, TikTok, Pinterest, and Reddit, managed via PixelYourSite) and Klaviyo (for onsite tracking and marketing automation, including abandoned-cart communications). They help build a profile of your interests to show relevant ads.
  • Facebook Advanced Matching: (Requires Explicit Consent) Where enabled, we may share hashed customer information with Meta/Facebook to improve attribution, conversion measurement, and audience targeting.
  • Facebook CAPI (Conversions API): (Requires Explicit Consent) Where enabled, server-side events may be sent to Meta/Facebook to measure conversions and improve campaign performance.

6. Sharing Data with Third Parties

We only share your data when necessary and never sell it. Data may be shared with:

  • Web hosting provider: Websupport, based in the EU.
  • Content delivery, Performance & Security provider: Cloudflare. Depending on how requests are routed and processed, personal data may be transferred outside the EEA subject to appropriate safeguards.
  • Invoicing & Accounting: SuperFaktura, s.r.o. (EU), used to generate legally compliant tax documents and invoices.
  • Transactional emails: Postmark, used to securely deliver essential system messages such as order confirmations and password resets.
  • Payment processor: Stripe.
  • Order delivery: Packeta (including their delivery partners), DHL Express.
  • Consent management: ConsentMagic, used to record and apply cookie consent choices.
  • Analytics providers: Google Analytics, consent-based.
  • Email marketing: Klaviyo, Inc. (USA), subscriber management.
  • Advertising & Marketing Partners: (e.g., Google Ads, Meta Platforms Ireland Ltd., TikTok Technology Ltd., Pinterest Europe Ltd., Reddit Ireland Ltd.) — for campaign attribution and targeted advertising, only if marketing consent is granted.

All third-party partners process personal data under appropriate GDPR safeguards and act as data processors or independent data controllers as applicable.

7. Data Storage Duration

  • Order and billing data: retained for 10 years (legal requirement).
  • Account and support data: retained for up to 5 years after the last relevant activity, unless longer retention is required by law or necessary for the establishment, exercise, or defence of legal claims.
  • Newsletter subscriber data (stored in Klaviyo): retained until consent is withdrawn, or for up to 7 years from the last meaningful interaction, after which it is deleted or anonymized.
  • Cookies: Lifespans vary by purpose. Session cookies expire immediately when you close your browser. Persistent cookies (such as those used for consent management, analytics, and marketing) typically remain on your device for a period ranging from 90 days up to 2 years, unless you manually clear them or withdraw your consent. For a detailed, up-to-date list of every specific cookie and its exact lifespan, please open your “Privacy & Cookie Settings” in the footer on every page.

8. Security

We apply strong technical and organizational measures to protect your data:

  • SSL encryption for all site traffic
  • Access controls to data centers and backend
  • Regular security updates and audits
  • Bot Protection: We use Cloudflare Turnstile to protect our website from spam and automated abuse. It may process technical data necessary for security and anti-bot verification, and depending on configuration, may use security-related cookies or similar technologies.

9. Your Rights

You have the right to:

  • Access your personal data
  • Correct or update your data
  • Request erasure (“right to be forgotten”)
  • Request data portability
  • Restrict the processing of your data
  • Object to processing, especially regarding direct marketing
  • Withdraw consent at any time
  • Lodge a complaint with the Slovak Data Protection Office

Supervisory Authority:
Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov Slovenskej republiky)
https://dataprotection.gov.sk/

10. Age Restriction

Our website and products are not directed at children. We do not knowingly collect personal data from persons under the age of 16 without an appropriate legal basis or parental authorization where required by applicable law.

The Privacy & Cookie Policy, including all its parts, is valid and effective from 15-APR-2026.