PRINCIPLES OF PERSONAL DATA PROTECTION
INFORMATION ON THE PROCESSING OF PERSONAL DATA PROVIDED UNDER THE APPLICABLE REGULATION
1. IDENTIFICATION AND CONTACT DETAILS OF THE OPERATOR:
The operator that processes personal data is the company Oľga Apoleníková SHR, with its registered office at Pružina 391, 018 22 Pružina, ID number: 30182891, the company is registered at the municipal office in Pružina (hereinafter referred to as the "operator")
2. CONTACT DETAILS OF THE OPERATOR'S RESPONSIBLE PERSON:
The provider does not have a designated person responsible for supervision. The provider can be contacted at the email address firstname.lastname@example.org
3. RIGHTS OF THE PERSON CONCERNED:
The right to request access to personal data concerning the controller pursuant to Article 15:
The data subject shall have the right to obtain confirmation from the controller as to whether personal data concerning him or her are being processed and, if so, to have access to such personal data and the following information: (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom the personal data have been or will be provided, in particular recipients in third countries or international organizations; (d) if possible, the expected retention period for personal data or, if that is not possible, the criteria for determining it; (e) the existence of the right to require the controller to correct or delete or restrict the processing of personal data concerning the data subject, or the right to object to such processing; (f) the right to lodge a complaint to the supervisory authority; (g) if personal data have not been obtained from the data subject, any available information as to their source; (h) the existence of automated decision-making, including profiling, as referred to in Article 22 (2); 1 and 4 of the Regulation and in these cases at least meaningful information on the procedure used as well as the significance and expected consequences of such processing for the data subject.
Where personal data are transferred to a third country or an international organization, the data subject shall have the right to be informed of the adequate guarantees regarding the transfer pursuant to Article 46 of the Regulation.
The controller shall provide a copy of the personal data being processed. The operator may charge a reasonable fee corresponding to the administrative costs for any additional copies requested by the person concerned. If the person concerned has submitted the request by electronic means, the information shall be provided in a commonly used electronic form, unless the person concerned has requested another method. The right to obtain a copy must not adversely affect the rights and freedoms of others.
Right to rectify personal data pursuant to Article 16:
The data subject has the right to have the controller correct incorrect personal data concerning him without undue delay. With regard to the purposes of processing, the data subject has the right to supplement incomplete personal data, including by providing a supplementary declaration.
Right of erasure (right to be forgotten) under Article 17:
The data subject shall also have the right to have the personal data concerning the controller deleted without undue delay, and the controller shall be obliged to delete the personal data without undue delay if any of the following reasons is met: (a) personal data are no longer required for the purposes for which they were obtained or otherwise processed; (b) the data subject withdraws the consent on the basis of which the processing is carried out, in accordance with Article 6 (2). 1 letter (a) or Article 9 (1) 2 letter (a) Regulations and, unless there is another legal basis for processing; (c) the person concerned objects to the processing provided for in Article 21 (2). 1 of the Regulation and there are no legitimate grounds for processing or the person concerned objects to the processing under Article 21 (1). 2 Regulations; (d) personal data have been processed illegally; (e) personal data must be deleted in order to comply with a legal obligation under Union law or the law of the Member State to which the controller is subject; (f) personal data have been collected in connection with the offer of information society services pursuant to Article 8 (2). 1 of the Regulation.
If the controller has disclosed personal data and is obliged to delete personal data, it shall take appropriate measures, including technical measures, in the light of available technology and the costs of implementing the measures to inform the controllers that the data subject requests them to delete all references to this personal data, a copy or replicas thereof.
The right of erasure does not apply if processing is necessary: (a) the exercise of the right to freedom of expression and information; (b) to fulfill a legal obligation requiring processing under Union law or the law of the Member State to which the controller is subject, or to fulfill a task carried out in the public interest or in the exercise of official authority conferred on the controller; (c) for reasons of public interest in the field of public health in accordance with Article 9 (2). 2 letter (h) and (i) as well as Article 9 (2). 3 of the Regulation; (d) for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (2). 1 of the Regulation, if the law referred to above is likely to make it impossible or seriously difficult to achieve the objectives of such processing, or (e) to establish, assert or defend legal claims.
Right to restrict processing under Article 18:
The data subject has the right to have the controller restrict processing in one of the following cases: (a) the data subject challenges the accuracy of the personal data during a period allowing the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject objects to the deletion of the personal data and calls instead for their use to be restricted; (c) the controller no longer needs the personal data for processing purposes but the data subject needs them to prove, assert or defend legal claims; (d) the data subject has objected to the processing under Article 21 (2). 1 of the Regulation, until it is verified that the legitimate reasons on the part of the operator outweigh the legitimate reasons of the person concerned.
Where processing in accordance with the above is restricted, such personal data shall, with the exception of retention, be processed only with the consent of the data subject or to establish, assert or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of overriding public interest or a Member State.
The controller shall inform the person concerned who has reached the processing restriction in accordance with the above before the processing restriction is lifted.
Right of data portability pursuant to Article 20:
The data subject shall have the right to obtain personal data concerning him or her which he or she has provided to the controller, in a structured, commonly used and machine-readable format, and shall have the right to transfer such data to another controller without being prevented by the controller to whom the personal data were provided, if: (a) the processing is based on consent in accordance with Article 6 (2); 1 letter (a) or Article 9 (1) 2 letter (a) of the Regulation or in a contract pursuant to Article 6 (1) 1 letter and (b) if the processing is carried out by automated means.
In exercising his right to data portability, the data subject shall have the right to transfer personal data directly from one controller to another, as far as technically possible.
The application of the right is without prejudice to Article 17 of the Regulation. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. The right to data portability must not adversely affect the rights and freedoms of others.
Right to object to processing, including objections to profiling (if any) under Article 21:
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out pursuant to Article 6 (2). 1 letter (e) or (f) of the Regulation, including objections to profiling based on those provisions. The controller may not further process personal data unless it demonstrates the necessary legitimate reasons for the processing which outweigh the interests, rights and freedoms of the data subject, or the reasons for proving, asserting or defending legal claims. Where personal data are processed for the purposes of direct marketing, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for the purposes of such marketing, including profiling to the extent that they relate to such direct marketing. If the data subject objects to processing for direct marketing purposes, personal data may no longer be processed for such purposes.
With regard to the use of information society services, and notwithstanding Directive 2002/58 / EC, the data subject may exercise his or her right to object by automated means using technical specifications. Where personal data are processed for the purposes of scientific or historical research or for statistical purposes pursuant to Article 89 (2), 1 of the Regulation, the data subject has the right to object, on grounds relating to his or her specific situation, to the processing of personal data concerning him or her, except where the processing is necessary for the performance of a task in the public interest.
Right to lodge a complaint to the supervisory authority:
The supervisory body to which the data subject addresses his complaint in justified cases is the Office for Personal Data Protection of the Slovak Republic.
Right to withdraw processing consent:
Where the legal basis for the processing of personal data is the consent of the data subject, the data subject shall be entitled to withdraw his or her consent at any time, without prejudice to the lawfulness of the processing based on the consent given prior to his or her withdrawal.
The right to withdraw consent at any time, even before the expiry of the period for which the consent was given, may be exercised by the person concerned in the following ways: a) by e-mail sent to the address email@example.com b) by sending a written request to the correspondence address of the operator Oľga Apoleníková SHR, with its registered office at Pružina 391 018 22 Pružina with the text “GDPR - withdrawal of consent” on the envelope.
Purpose and legal basis of personal data processing
The operator processes your personal data for the following purposes:
a) The purpose of processing personal data in the field of accounting and business agenda is to fulfill the legal obligations of the operator arising from special regulations (the Accounting Act, the Value Added Tax Act, the Income Tax Act, etc.). The legal basis for the processing of personal data (including their provision to third parties) is the fulfillment of the legal obligation within the meaning of Art. 6 par. 1 letter c) Regulations. The retention period for personal data is 10 years. The recipients of personal data are public authorities, the auditor and the lawyer.
b) The purpose of personal data processing in the field of business communication is the preparation and implementation of the operator's business activities. The legal basis for the processing of personal data is the legitimate interest monitored by the controller in accordance with Art. 6 par. 1 letter f) Regulations. The legitimate interest of the operator is the right to conduct business within the scope of its activities. The retention period of personal data is determined by the preparation and duration of the business relationship, as well as the period of 2 years from the termination of this business relationship. The recipients of personal data are information technology management and support companies, external audit entities, telecommunications service providers, data storage providers and, in justified cases, courts and law enforcement agencies.
c) The purpose of personal data processing in the area of ??personnel and payroll is the preparation and conclusion of an employment contract or agreement on work outside employment, registration of documents on working capacity, payment of wages, levies, fulfillment of obligations to state administration bodies, attendance records, training records, records of issued authorizations and authorizations, records of provided protective work aids, property or equipment, concluding agreements on material liability, records of issuing cash, provision of employee benefits, records of damages caused by employees to the employer's property, catering, copying documents necessary for employment purposes or similar relationship, as well as the fulfillment of other legal and contractual obligations. The legal basis for processing is the fulfillment of the legal obligation in the sense of Art. 6 par. 1 letter c) Regulations and employment contract or agreement within the meaning of Art. 6 par. 1 letter b) Regulations concluded with the affected person according to the Labor Code. The data subject is obliged to provide personal data to the extent necessary; in the absence of personal data, it is not possible to conclude an employment or similar contract. The personal data of the employee will be provided to the following beneficiaries: health insurance companies, supplementary pension savings banks, pension management companies, entity providing statistics, guard service, training agencies and trainers, entity providing occupational health service, occupational health assessments and assessment of medical fitness, entities providing postal services, information technology development, management and support entities, external audit entities, telecommunications service providers, catering service providers, the company on whose personal data are stored, employer customers, employer suppliers, public authorities, lawyers and, in justified cases, courts , law enforcement agencies and executors. The period of retention of personal data in the employee's personal file is a period limited by the preparation of the employment relationship and the completion of the 70th year of life of the employee (including the former).
d) The purpose of processing personal data in the field of occupational safety and health is to fulfill the related obligations of the employer, in particular, but not only the implementation of training, registration of occupational accidents and the provision of medical examinations. The legal basis for the processing of personal data (including their provision to third parties) is the fulfillment of legal obligations of the controller in accordance with Art. 6 par. 1 letter c) Regulations (especially obligations arising from the Health and Safety Act). The employee's personal data will be provided to the following beneficiaries: the Labor Inspectorate and, in justified cases, also bodies active in criminal or criminal proceedings. The retention period for personal data is a period limited by the preparation of the employment relationship and the expiration of 2 years from the termination of this relationship. The provision of personal data is a legal obligation of the data subject
e) Personal data for the purpose of registry administration are processed within the framework of fulfilling the legal obligations of the operator in accordance with Art. 6 par. 1 letter c) Regulations (especially obligations arising from Act No. 395/2002 Coll. on Archives and Registries and on Amendments to Certain Acts, as amended, and obligations arising from Act No. 305/2013 Coll. on the electronic form of exercise of public authority powers and amending certain laws - the e-Government Act). The provision of personal data is a legal obligation of the data subject. The personal data of the employee will be provided to the following recipients: entities providing development, administration and support of information technologies, entities providing external audit, telecommunications service providers, the company on whose servers the personal data is stored. Retention periods are set by special regulations.