Personal data processing statement
PERSONAL DATA PROCESSING STATEMENT
The company ŽIAROMAT a.s., (hereinafter referred to as "Controller") collects, processes and uses personal data in compliance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27,2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and with the Act. 18/2018 Coll. on the protection of personal data and does everything necessary so as to ensure compliance with this legislation.
The Controller: ŽIAROMAT a.s.
Responsible person – contact data: email@example.com
Recipients or categories of recipients: ŽIAROMAT a.s.
Transfer of personal data to third countries: not applicable
Retention period for personal data: two years
The Controller shall process personal data only for the purpose for which they were acquired. The Controller declares that personal data shall be processed only in accordance with fair practice and the Controller will not act in a manner that is contrary to the Act on the protection of personal data, or to other generally binding legal regulations, or circumvent these rules. After fulfilling the purpose of personal data processing the Controller shall, without undue delay, ensure the disposal of personal data unless stipulated otherwise by a specific regulation.
The Controller shall ensure an adequate level of personal data protection. The Controller also protects personal data against damage, destruction, loss, alteration, unauthorized access and disclosure or publication as well as against any other unauthorized forms of processing and for this purpose the Controller has adopted appropriate security measures corresponding to the manner of personal data processing.
The Controller shall process personal data in accordance with the rights of the data subject. The data subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed. If the Controller processes such personal data, the data subject has the right to access this personal data and information on:
- Purpose of personal data processing
- Category of personal data processed
- Identification of the recipient or the category of a recipient to whom the personal data have been or are to be transferred, in particular, identification of a recipient in a third country or an international organization, if possible
- Retention period of personal data; if this is not possible, information on the criteria for the period determination
- The right to request the Controller to correct personal data relating to the data subject, delete them or restrict their processing, or the right to object to the processing of personal data
- The right to initiate proceedings under ……???
- The source of personal data, if personal data are not obtained from the data subject
- The existence of automated individual decisions, including profiling.
The data subject has the right to immediate correction of personal data relating to him or her by the Controller.
Having regard to the purpose of personal data processing the data subject has the right to supplement incomplete personal data.
The data subject has the right to immediate deletion of personal data relating to him or her by the Controller in the following cases:
- Personal data are no longer necessary for the purpose for which they were collected or otherwise processed.
- The data subject withdraws his or her consent on which the processing of personal data is based and where there is no other legal ground for the processing.
- The data subject objects to the processing of personal data and no legitimate grounds for personal data processing prevail.
- The personal data have been unlawfully processed. The data subject has the right to limitation of personal data processing by the Controller if:
- The data subject raises objections to the personal data accuracy for a period enabling the Controller to verify the accuracy of personal data.
- The processing is illegal and the data subject opposes their erasure and requests the restriction of their use instead.
- The Controller no longer needs the personal data for the purpose of personal data processing, but they are required by the data subject for issuing a legal claim.
- The data subject objects to the processing of his or her personal data.
The data subject has the right to obtain personal data relating to him or her that have been provided to the Controller, in a structured and commonly used machine-readable format and has the right to transfer such personal data to another Controller, if technically possible. The data portability right does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of public power entrusted to the Controller.
The data subject has the right to object to the processing of his or her personal data on grounds relating to his or her particular situation carried out under the legitimate interest of the Controller, including profiling based on these provisions. The Controller must not further process personal data unless the necessary legitimate interests of the personal data processing are proven that outweigh the rights or interests of the data subject, or the reasons for the issuing a legal claim.
The data subject has the right to object to the personal data processing relating to him or her for the purpose of direct marketing, including profiling to the extent that it relates to direct marketing. If the data subject objects to the processing of personal data for direct marketing purposes, the Controller must not further process the personal data for direct marketing purposes.
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her if it does not apply to personal data necessary for the conclusion or performance of a contract between the data subject and the Controller.
The data subject has the right to initiate an investigation pursuant to the §100 of the Act No. 18/2018 Coll. on the protection of personal data if he or she suspects that his or her personal data is treated in an unlawful manner or there has been an infringement of his or her rights due to his or her personal data processing or breach of the security of processing.
The Controller or intermediary may, under the conditions laid down by a special regulation or an international treaty having binding effect on the Slovak Republic, limit the scope of the obligations and rights when such a restriction is laid down to ensure:
- the security of the Slovak Republic
- the Defence of the Slovak Republic
- public policy
- the performance of tasks for the purpose of criminal proceedings
- other important objectives of general public interest of the European Union and the Slovak Republic, in particular the subject of an important economic interest or significant financial interest of the European Union and the Slovak Republic, including monetary, budgetary and taxation matters, public health or social security
- the protection of judicial independence and judicial proceedings
- prevention of breaches of ethics in the regulated professions or regulated professional activities
- monitoring function, control function or regulatory function associated with the exercise of official authority
- protection of rights of the data subject and others
- fulfilment of a legal claim
- economic mobilization
The data subject has the right to defend his or her rights with a help of a responsible person or through the initiative of the investigation or complaint to a supervisory authority, the Office for Personal Data Protection in of the Slovak Republic, pursuant to the § 100 of the Act No. 18/2018 Coll.
Responsible person - contact data: firstname.lastname@example.org