Privacy Policy

OPFE PHARMA s.r.c. (Registered office: Hlavná 62, 943 01 Štúrovo, Slovakia, CoRegNo: … E-mail:, phone number: +44 73 1122 4446, hereinafter: Data Controller) informs the visitors of the website via this privacy policy about the personal data managed by Opfe Pharma, the practice regarding the processing of personal data, the measures taken for the protection of personal data and the rights of the data subjects, fully complying with the EU Regulation 2016/679 on data management and fulfilling its obligation to provide prior information related to the processing of personal data required by the Act CXII of 2011 on the right of informational self-determination and freedom of information.

The data management practice of the data controller is regulated by EU Regulation 2016/679 (GDPR) and Act CXII of 2011 on the right to informational self-determination and freedom of information. (hereinafter: Info Act.), the legal basis of data processing is section §6(1) and §5(1)(a) of these laws, the voluntary consent of the person interested in or registering on the website.

Terms used in the PP under the Info Act:
Data controller

A natural or legal person or an organization with no legal personality, which alone or jointly with others determines the purpose and means of data processing, makes and implements decisions on data processing (including the means used) or make decisions executed by the data controller;

Data Subject

Any determined, identified on the basis of personal data or – directly or indirectly – identifiable natural person;

Personal data

Data related to the data subject, in particular the data subject’s name, identification code and knowledge of one or more physical, physiological, mental, economic, cultural or social identities, as well as the conclusion may be drawn from the data concerning the data subject;


A voluntary and firm declaration of the data subject’s intention, based on adequate information, giving his or her unambiguous consent to the processing – in whole or in part – of his/her personal data;

Right of objection

Statement by the data subject objecting to the processing of his/her personal data and requesting the termination of the data processing or the deletion> of the processed data.

According to EU regulation 2016/679 and Section 4(1) of the Info Act, the personal data of the data subject may only be processed for a specific purpose, in order to exercise a right and fulfill an obligation.

According to the law, only such personal data of the data subject may be processed, which is essential for the realization of the purpose of data processing and is suitable for achieving the purpose. The personal data of the data subject may be processed only to the extent to achieve the purpose and for the time necessary.

The data controller acts in accordance with the data security requirements of the law.

The use of your personal data is based, inter alia, on the following legal bases:
  • the data required to complete the order or the steps required prior to the order, legal basis: Article 6(1)(a) and (b) of the GDPR
  • registration required for the order, Article 6(1)(a) and (b) of the GDPR
  • issue of an invoice in accordance with accounting legislation; legal basis: Article 6(1)(c) of the GDPR
  • contact – legal basis: Article 6(1)(f) of the GDPR. The legitimate interest of the data controller: business continuity.
  • processing of data of contractual partners – legal basis: Article 6(1)(b) of the GDPR
  • marketing activity – legal basis: Article 6 (1) (a) GDPR. e.g. visiting a website without making a purchase
  • for the purpose of marketing activities, a Facebook page is also operated, however, an independent database is not created or profiled.
  • legal basis for online registration: Article 6(1)(a) of the GDPR
  • legal basis for the use of cookies: Article 6(1)(a) of the GDPR

The purpose of data management is to conclude and fulfill the contract for the service on the website, such as registration for the order, processing of the order, fulfillment with delivery, subscription to services, acquainting the interested parties with the services, contact with data subjects, furthermore the performance of related administrative tasks, as well as possible warranty administration and complaint handling.

Based on the voluntary consent, data subject provides the following data for the purpose of first contact, registration, communication:

  • name
  • home address
  • E-mail address
  • phone number

The data subject gives his/her voluntary consent at the data controller to the processing of the data regarding the data mentioned above, personally by using the website. The consent also covers operations of data collection, entry, recording, organization, storage, use, deletion and destruction.

By providing E-mail address, the data subject consents to sending information about and prospectus of services provided by the data controller.

The data controller shall take all necessary security, organizational and technical measures to ensure the highest level of security of the personal data processed by data controller and to prevent their unauthorized alteration, destruction and use.

If the data controller is about to carry out further data processing, he/she shall provide preliminary information on the essential circumstances of the data management (legal background and legal basis of data management, purpose of data management, scope of processed data, duration of data management).

Due to legislative provisions – Article 7(1) of the GDPR. – the consent must be able to be verified later, therefore the data will be stored for the limitation period following the cessation of data processing.

During registration, ordering, subscribing to the newsletter, the IT system stores the IT data related to the consent for later proof.

The duration of data management lasts from the time of data registration to the deletion of the data by the data controller (see Data Access>).

Invoices are kept for at least eight years due to legal obligation. The retention period of the documents on which the invoice is based is eight years.

The retention period of the data provided for the purpose of contact is maximum one year after the contact is established.

Retention period of data related to contract fulfillment: five years.

In relation to personal data, the data subject has the rights specified by law.

Rights concerned
  • right of access (cognition of data, fact whether data are being processed);
  • in case of out-of-date or incorrect data, its correction;
  • deletion (only in the case of consent-based data management);
  • restrictions on data processing;
  • prohibiting the use of personal data for direct marketing purposes;
  • transfer of personal data to a third-party service provider, or its prohibition;
  • request a copy of any personal data processed by the data controller; or
  • objection to the use of personal data.

The data subject may submit his/her requests in writing, by registered mail to the official address of the data controller or by electronic way. At the request of the data subject, the data controller shall delete his/her data without undue delay if the data subject withdraws the consent on which the data processing is based. Data controller shall send answers without delay, but within 30 days to the address or E-mail address provided by data subject.

We are to inform you that the data controller is obliged to comply with the written data requests of the authorities based on legal authorization. The data controller is obliged to keep records of data-transfer based on §15(2)-(3) of the Info Act (to which authority, what personal data, on what legal basis, when was transmitted by the data controller), the content of which the data controller provides information on request, unless its disclosure is excluded by law.

The legal provisions concerning the procedure related to the possible infringement of the data subject and the obligations of the data controller are set out in Act No. 2016/679. EU regulation and Info Act.

In case of data protection incident (unlawful handling or use of personal data) the data controller is obliged to report the events no later than within 72 hours of becoming aware of the data protection incident. 

In the case of a breach of the processing of personal data, the data subject may lodge a complaint with the National Data Protection and Freedom of Information Authority in accordance with the provisions of the law.

Judicial process: data protection litigation falls within the jurisdiction of the tribunal. The action may, at the option of the person concerned, also be brought before the court of the place where the person concerned stays or is resident.

Pursuant to the law, in order for the consent to data processing to be voluntary, express and unambiguous and based on appropriate information, the data controller must always inform the data subject in advance, clearly and in detail before the data processing, by this very privacy policy about all the facts regarding the data processing.

Data subject can get acquainted with this information on the website page: Privacy policy, data subject accepts it by using the service provided by the data controller, by conduct.

The data controller reserves the right to unilaterally amend this privacy policy information. The data controller shall publish the current version of this data management information on its website. By using the service provided by the data controller, the data subject accepts the contents of the amended data management information by conduct.

The data controller uses so-called cookies on the website, the legal basis of which is your consent. A cookie is a package of information that a website sends to your browser in order to save certain settings, facilitate the use of our website and contribute to the collection of statistical information (Cookie policy)

Website operator, hosting provider

The website is operated by Opfe Pharma s.r.c. (Registered office: Hlavná 62, 943 01 Štúrovo, Slovakia, CoRegNo: …, E-mail:, phone number: +44 73 1122 4446). The personal data provided by the data subjects will not be transferred by the data controller and operator to third-parties. The data controller does not use a data processor.

Opfe Pharma s.r.c. (Registered office: Hlavná 62, 943 01 Štúrovo, Slovakia) informs the visitors of the website that it qualifies as a data controller as the operator of the website and as a data controller handles only the personal data provided by the data subjects, and treats all data, facts and information related to data subjects confidentially.

You can send your comments to the E-mail address


Retrieval of personal information

Use the form below to request that your details be sent to your email address or to be deleted from our system.
(Authenticity is checked for security reasons!)