The Act No. 18/2O18 on personal data protection and amending and supplementing certain Acts as well as the Regulation (EU) 2O16/679 of the European Parliament and the Council (the Regulation) constitute the legal basis for the protection of natural persons with regard to the processing of personal data and on the free movement of such data and protect fundamental rights and freedoms of natural persons, mainly with respect to the right to protection of personal data.
Under the Art. 4 (1) of the Regulation, the term ‘personal data’ means any information related to an identified or identifiable natural person (‘data subject’).
‘Processing’ is any operation or set of operations involving personal data or sets of personal data, whether carried out by automated or non-automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4 (2) of the Regulation).
Under the Art. 12 et seq. of the Regulation, the Controller must take appropriate measures to provide any information relating to processing to the data subject and the rights of the data subject.
The Controller is entitled to update this Policy at any time. The current version of the statement was issued on 17 June 2O21.
1. Legal basis for personal data processing
Processing is lawful only if and to the extent when at least one of the following applies:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes,
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract,
- processing is necessary for compliance with a legal obligation,
- processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
2. Not providing your personal data
Processing your personal data:
- is necessary for the performance of a contract or a legal requirement. The provision of a service/ an employment contract is conditional on consent to the processing of personal data,
- the consent to the processing of personal data is freely given and the data subject is obliged to consider to what extent he or she provides his or her personal data. However, responding to a request or a complaint is conditional on consent to the processing of personal data.
3. Obtaining your personal data
We obtain your personal data:
- primarily directly from you, for example through communication with you via the contact form on our website,
- through the recruitment procedure for a specific job vacancy, or through recording the personal data for recruitment purposes in the future,
- through public information from your social media profiles (Facebook, LinkedIn), etc.
- if you are our client, we most often obtain your personal data directly from you. In this case, the provision of your personal data is voluntary, with the exception of the data that is necessary for the process of invoicing of the goods or services provided.
4. Job application
The Controller processes personal data of job applicants for the purposes of their registration in the recruitment procedure for a specific job vacancy or records personal data of job applicants for recruitment purposes in the future.
The personal data you have provided us with will be processed in our company exclusively for the purpose of registration of job applicants for a period of 1 year from the date of obtaining the curriculum vitae and will be disposed of thereafter.
The data subject has the right to withdraw his or her consent at any time by informing the Controller via e-mail address to which the curriculum vitae and the consent to the processing of personal data is sent.
Legal basis: in accordance with the provisions of Art. 6 (1) (a) Regulation 2O16/679 of the European Parliament and the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (‘GDPR Regulations’), under § 13 (1) (a) of the Act No. 18/2O18 on personal data protection and amending and supplementing certain Acts (the Act).
5. What is the purpose of the processing of personal data? What personal data do we process? How long do we store your personal data?
The Controller processes your personal data in the following way/ for the following purposes:
accounting and business agenda
- The purpose is to fulfil the legal obligations of the Controller arising from special regulations (e.g. Accounting Act, Value Added Tax Act, Income Tax Act).
- Legal basis (including their disclosure to third parties): legal obligation.
- Retention period: 1O years.
- The main purpose of the processing of personal data is to receive and process purchase orders via the contact form on the website, a message on the social media (Facebook, LinkedIn), an e-mail or by telephone.
- Legal basis: The processing of personal data is necessary for the performance of a contract (for example, a purchase contract according to the Art. 6 (1) (b) of the general Regulation (EU) 2O16/679 of the European Parliament and the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data) and you are a contracting party.
- Retention period: until the full settlement of legal and other claims arising from the contractual relation, minimum 3 months from the date of termination of the contractual relation.
registry administration, administration of the whistleblowers of anti-social activity agenda
- The purpose of the processing is to fulfil legal obligations, especially arising from Act No. 395/2OO2 Coll. on archives and registries and on the amendments of certain acts.
- Legal basis: Art. 6 (1) (c) of the general Regulation on Data Protection Act No. 395/2OO2 Coll. on archives and registries and on the amendments of certain acts.
- Retention period: the records are stored for 1O years after the end of the record period.
registration of the rights of data subjects
- The purpose of the processing as a legal basis is to fulfil the legal obligation of the Company.
- Legal basis: the processing of personal data is allowed under Art. 6 (1) (c), in accordance with Art. 15 to 22 and 34 of the Regulation (EU) 2O16/679 of the European Parliament and the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
- Retention period: 5 years from the date of processing the request.
- The purpose of the processing of personal data is handling complaints from data subjects.
- Legal basis: Art. 6 (1) (c) and (e) of the general Regulation on Data Protection Act No. 9/2O1O Coll. on complaints as amended by later regulations.
- Retention period: 5 years after termination or expiry of the obligation.
- The purpose of the processing of personal data is the award of contracts for the supply of goods, contracts for the execution of construction works, contracts for the provision of services, proposal competition, concessions for construction works, concessions for services and public procurement administration.
- Legal basis: Art. 6 (1) (c) and (e) of the general Regulation on Data Protection Act No. 369/199O Coll. on municipalities, Act No. 343/2O15 Coll. on public procurement as amended.
- Retention period: 1O years.
6. Who are the recipients of your personal data?
Category of recipients: state and public administration bodies, local governments, the company’s website administrator, an auditor, a lawyer, intermediaries (accounting agenda), companies providing administration and IT support, information service providers, in justified cases courts and law enforcement bodies.
7. Cookies on our website
8. Publishing of personal data
Personal data will not be published.
9. Automated individual decision-making
Personal data will not be used for automated individual decision-making, including profiling.
1O. Transfer of personal data outside the European Union
We do not transfer personal data to a third country or to an international organisation.
We would like to assure you that our employees and co-workers processing your personal data are obliged to maintain the confidentiality of personal data. The confidentiality obligation continues after the end of contractual relations with us.
12. Security of personal data
Your personal data is safe with us. To prevent unauthorised access and misuse of your personal data, we have implemented technical and operational measures. We care deeply about protecting your personal data. Therefore, we regularly check their security and continuously strive to improve their protection. We try to use security measures that provide a sufficient level of protection with regard to the current state of technology. These measures are then regularly updated.
13. Data subjects
They are mainly employees, clients and any natural person whose personal data is processed.
14. Data subjects’ rights
Right to withdraw your consent – in cases where we process your personal data based on your consent, you have the right to withdraw this consent at any time. You can withdraw the consent electronically via the specified e-mail address, in writing or in person at the Controller’s registered office. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Nevertheless, you have the right to object to the processing of personal data at any time.
Right to access – you have the right to obtain a copy of the personal data concerning you as well as the purposes of the processing of your personal data. In most cases, your personal data will be provided to you in writing, unless you request another method. If you have requested this information by electronic means, it will be provided to you electronically, if technically possible.
Right to rectification – we adopt reasonable measures to ensure your personal data is accurate, complete and up-to-date. Please contact us without undue delay if any of your personal data is inaccurate, incomplete or out-of-date, so we can modify, update or complete it.
Right to erasure (to be forgotten) – you have the right to ask us for erasure of your personal data, for example, if the personal data we have obtained about you is no longer needed for their original processing purpose. The right to be forgotten is not unreservedly guaranteed. For example, it is limited if the processing of data is necessary to comply with legal and regulatory obligations.
Right to restriction – under certain circumstances, you have the right to obtain restriction of processing your personal data. For example, when you contest the accuracy of your personal data, or you think we no longer need the personal data for the purposes of the processing.
Right to data portability – under certain circumstances you have the right to have the personal data transmitted to a third party of your choice. The right to portability only applies to personal data we have obtained from you based on your consent or under a contract to which you are a contracting party.
Right to object – you have the right to object to the processing of data on grounds relating to your particular situation. If we do not demonstrate compelling legitimate grounds for the processing and you object, we will no longer process your personal data.
Right to lodge a proposal for initiation of the personal data protection procedure – if you believe that your personal data has been processed unfairly or illegally, you can file a complaint to the supervisory body, the Office for Personal Data Protection of the Slovak Republic, 12 Hraničná 82O O7 Bratislava 27, telephone number +421 2 3231 3214, email address email@example.com, www.dataprotection.gov.sk. In case of submitting a proposal in an electronic form, it must meet the requirements pursuant to the § 19 (1) of Act No. 71/1967 Coll. on administrative proceedings (an administrative fee).
15. Informing and exercising the right of the data subject
In order to exercise your rights, you may contact the Controller at any time as follows:
- Address: ERUDIO, s.r.o., 16 Košovská cesta, 971 O1 Prievidza
- E-mail: firstname.lastname@example.org
- Telephone number: +421 91O 1OO 75O
We will respond to your request free of charge within 3O days. In case of complexity or a large number of applications, we are entitled to extend this period by another 6O days. If this happens, we will inform you.
In case of a repeated request, we are entitled to charge a reasonable administrative fee to cover the costs associated with the provision of this service.
If you have any further questions related to the processing of your personal data, you can contact us via our contact form, telephone, e-mail or post at the Controller’s registered office. If you exercise any of the rights of the data subject and it is not possible to verify the identity of the applicant in your application, or if we have legitimate doubts about the identity of the person submitting the application, we reserve the right to request additional information necessary to confirm the identity of the person.