GENERAL INFORMATION ABOUT PERSONAL DATA PROCESSING
(hereafter referred to as "PII").
Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, in force and effective as of 25.05.2018 (hereinafter referred to as the "Regulation") and Act No. 18/2018 Coll. on the protection of personal data (hereinafter referred to as (the "Act") and (hereinafter also referred to as the „PDPA“)
1. WHO WE ARE?
Protecting your privacy when using our website hosted on the domain deismartes.com is extremely important to us. We therefore inform you thoroughly about the processing of your personal data in the following text.
The company responsible for the privacy of this website is: Deismartes s.r.o., with registered office: Kopčianska 10, registered in the Commercial Register Bratislava III, section: Sro, insert: 94257/B, ID: 47521309 (hereinafter referred to as "Operator" or "We" or "Company") is the operator of the website located at domain deismartes.com (hereinafter referred to as the "Website"). The Company strictly complies with the relevant data protection regulations when using and processing personal data.
Contact details of the operator
E-mail: hricova@deismartes.com
The company is the holder of the domain name and is also the owner of the rights associated and related to this website. All published content on our website, (such as text, logos, trademarks, photographs, images, audio or audio-visual recordings/ is copyrighted and owned by us or used under license to which we have reserved rights. We only allow downloading of materials for personal, non-commercial purposes and in accordance with this usage policy.
Access to our website is free of charge. You bear all costs incurred by you in connection with accessing our website. The content of our website may not be available continuously, mainly due to technical errors by us, if we decide to make the content of the website or any part of it unavailable.
We will not be liable for any damages (direct or indirect), loss, costs or expenses of any kind that you may incur in connection with your access to or use of our website or the disclosure of any outdated, false or incorrect information that constitutes the content of our website, whether created by us or caused by technical equipment, human error or software application associated with our website. We are not responsible for the compatibility of our website with your computer system or software. Nor do we warrant that this website is free of malicious code or that the server that makes it available is free of malicious code or other harmful components.
It is expressly forbidden to link our website to another website or to remove any part of it without our consent; to use our website for illegal purposes or to distribute malicious code; to change or modify its content.
2. DATA SECURITY
2.1. Data Security.
The Company maintains strict security measures to protect personal data to prevent unauthorized or accidental access, alteration, destruction or loss, unauthorized transmission, or other unauthorized processing or misuse of such personal data. The Company requires all processors it uses to comply with the same stringent measures to ensure the security of the processing of personal data on the basis of contracts concluded for the processing of personal data within the meaning of Article 28 of the Regulation.
The measures taken are subject to regular review and are continuously adapted to the state of the art. Should there be a breach of the protection of your personal data, we will inform you without undue delay within 72 hours if such a breach of the protection of your personal data could lead to a high risk to your rights.
If you log in to your user account, you have an obligation to keep your login details confidential and to restrict unauthorised access to the devices you use to log in to that account. You must take all necessary steps to ensure the security of your user account. If you believe that your login credentials have been used in an unauthorised manner or your account has been misused, you have a duty to notify us immediately.
3. BASIC CONCEPTS
Affected person. Any natural person whose personal data is processed.
Consent of the data subject. Any serious and freely given, specific, informed and unambiguous indication of the data subject's wishes in the form of a statement or an unambiguous confirmatory act by which the data subject consents to the processing of his or her personal data.
Personal data. Data relating to an identified natural person or an identifiable natural person who can be identified, directly or indirectly, in particular by reference to a commonly used identifier, such as a first name, surname, identification number, location data or online identifier, or to one or more of the characteristics or attributes that make up his or her physical identity, physiological identity, genetic identity, psychological identity, mental identity, economic identity, cultural identity or social identity.
Processing of personal data A processing operation or set of processing operations concerning personal data or sets of personal data, in particular the obtaining, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise, alignment or combination, restriction, erasure, whether or not carried out by automated or non-automated means.
Privacy Breach. A breach of security that results in the accidental or unlawful destruction, loss, alteration or unauthorised disclosure of, or unauthorised access to, transmitted, stored or otherwise processed personal data.
Operator. Anyone who, alone or jointly with others, defines the purpose and means of the processing of personal data and processes personal data on their own behalf.
Processor. Anyone who processes personal data on behalf of the controller.
Recipient. Anyone to whom personal data is disclosed, regardless of whether they are a third party. A recipient is not a public authority which processes personal data on the basis of a special regulation or an international treaty by which the Slovak Republic is bound in accordance with the rules on the protection of personal data applicable to the purpose of the processing of personal data.
Third party. Anyone who is not a data subject, controller, processor or other natural person who processes personal data on behalf of the controller or processor.
4. WHAT PERSONAL DATA DO WE NEED AND HOW DO WE PROCESS IT ?
COLLECTION AND PROCESSING OF PERSONAL DATA
4.1. Personal data provided by you
We process personal data in accordance with the currently applicable legal provisions on the protection of personal data.
4.2. The persons concerned are
Website visitors, prospective clients/customers, clients' employees, suppliers, subscribers, social media fans, etc.
4.3. Purpose of processing of personal data, legal basis, category of personal data and time limit for erasure
Category of personal data |
Purpose of processing | Legal basis of the processing |
Time limit for erasure of the OU |
---|---|---|---|
Common personal data [listed on the INV] |
Accounting agenda The purpose of the processing of personal data is to keep accounting records and to comply with legal obligations. This also includes the processing of orders, invoices and invoicing of customers/suppliers, etc. |
Pursuant to Article 6(1)(c), the fulfilment of legal obligations arising from specific regulations, e.g. the Accountancy Act. | Ten (10) years from the close of the fiscal year. |
Common personal data [necessary for the conclusion, performance and execution of the contract]. |
Contracts The purpose of the processing of PI is the conclusion, performance and implementation of obligations arising from contracts with suppliers/customers. |
Within the meaning of Article 6(1)(b) of the Regulation - contractual/pre-contractual relationship. | Pending settlement of the rights and obligations under the contract, but not less than ten (10) years from the termination of the contractual relationship. |
Common personal data [name, surname, title, company, classification, contact details]. |
Business communication The purpose of processing OA is to maintain a database of suppliers/customers, their representatives, or employees of suppliers and customers for the purpose of fulfilling their work, professional and functional duties to ensure smooth supplier-customer relations. What legitimate interest? Ensuring smooth supplier-customer relations and contract performance. |
Within the meaning of Article 6(1)(f) of the Regulation - legitimate interest. | Five (5) years from the termination of the contractual relationship/respectively until they object. |
Information provided in the profile |
Social networks The purpose of processing personal data is to create company profiles on social networks for the purpose of better communication with clients (former, potential).More information can be found in paragraph 4 of this policy. What legitimate interest? The legitimate interest of the operator is better communication with clients/future clients. Informing about news on the web application. |
Within the meaning of Article 6(1)(f) of the Regulation - legitimate interest. | Until the data subject cancels the tracking of the page. |
Common personal data [first name/last name or initials review/reference]. |
References/Reviews The purpose of the processing of personal data is to increase the visibility, increase the sale of services, promotion of the operator. |
Within the meaning of Article 6(1)(a) of the Regulation - consent of the data subject. | Five (5) years from the date of the reference/review or until consent is withdrawn. |
Common personal data [data provided in the application]. |
Exercise of the rights of data subjects The purpose of the processing of personal data is to exercise the rights of data subjects (GDPR claims). |
Within the meaning of Article 6(1)(c) of the Regulation - a legal obligation. | Five (5) years from the processing of the application. |
Common personal data [title, name, surname, address and in case of a foreigner (type of residence), bank account number, payment details, telephone number, e-mail, signature, ID number, VAT number]. |
Legal/statutory claims The purpose of the processing of personal data is to resolve disputes between the controller and users and to recover claims and other claims of the controller through out-of-court (e.g. mediation), judicial and enforcement proceedings or bankruptcy proceedings, including legal representation. What is the legitimate interest? Asserting or defending the legal claims of the controller, preventing damage and ensuring the fulfilment of claims and other legal claims of the controller. |
Within the meaning of Article 6(1)(f) of the Regulation - legitimate interest. | Five (5) years from the final conclusion of the proceeding or settlement of the legal claim. |
Common personal data [name, surname, phone number, e-mail]. |
Contact form The purpose of the processing of personal data is to process the enquiry. |
Within the meaning of Article 6(1)(b) of the Regulation pre-contractual relationship. | One (1) month from the date of enquiry. |
4.4. Purpose of processing of personal data, legal basis, category of personal data and time limit for erasure in the position as "Processor"
Category of personal data |
Purpose of processing | Legal basis of the processing |
Time limit for erasure of the OU |
---|---|---|---|
Ordinary personal data [general personal data (in particular name, surname, home address, date and place of birth, information on private life - marital status, number of children, economic and financial data - income, financial situation), as well as health-related data constituting a special category of personal data]. |
Relocation services The purpose of personal data processing is the personal data of Employees and future Employees of the Client, which is necessary to obtain residence in the territory of the Slovak Republic and/or the residence of their family members and to obtain the relevant documents. |
Within the meaning of Article 6(1)(b), the contractual relationship | The period of processing of personal data is identical to the period of provision of relocation services according to the contract with the controller (Employer). |
4.4.1. The persons concerned are in the capacity of the Intermediary:
Client's Employees, spouses and dependent children of Client's Employees, future Client's Employees.
5. SOCIAL NETWORKS
We use hyperlinks to third-party websites. By clicking on these links, you will be redirected to these websites, (e.g. social networking websites or websites of our partners). We have no influence on the style and content of linked third-party websites, and we also disassociate ourselves from any content on any such websites and from adopting such content as our own. This Terms of Use Policy does not apply to third party websites. If you are interested in learning more about the usage policies of third party websites, please visit the relevant third party website.
The purpose of processing personal data is to create a company profile on social networks for the purpose of promoting the web application and our services.
The legal basis for the processing of personal data is Article 6(1)(f) legitimate interest.
The personal data you post on our sites and social media accounts, such as comments, likes, videos, images, etc., will be published through the social media platform. We do not subsequently process the personal data for any other purpose. The controller does not reserves the right to delete comments and other content (videos, images, etc.) if they violate applicable legislation (hateful comments, racist or otherwise violating fundamental human rights and freedoms) and the right to share your posts if you communicate via social networks.
Posts are stored in our timeline on the social networking site indefinitely, or until you delete them, or until we as the operator delete them.
6. RECIPIENTS
Your personal data may be disclosed to recipients. These include, for example, postal companies; professional advisers (e.g. lawyers, bailiffs, notaries, courts, translators); providers of standard software (e.g. Microsoft, Google); o providers of technical support, development and administration of IT systems and applications, data processing and storage; o providers of hosting services; o social network operators; external collaborators of the PROVIDER (e.g. accounting company) and in relation to the published data, the recipients of personal data are also persons visiting the website, users of social networks.
Personal data is provided in the performance of obligations arising from applicable law (e.g. law enforcement authorities, public authorities, etc.) or EU regulations that are directly enforceable and applicable in the Slovak Republic or to processors in contractual relationships in accordance with the GDPR and the Personal Data Protection Act.
We select our partners, among other things, taking into account the guarantees of their professional care, while these entities are bound by confidentiality and the obligation to take appropriate technical and organizational measures to ensure that the processing of personal data complies with the requirements of the GDPR and the Act.
7. UNDER 16 YEARS OF AGE
Please note that all services on our website may only be used by persons over the age of sixteen (16). The use of the services, and the resulting data processing, by persons under the age of majority without the consent of their parents/legal guardians is prohibited. In the event that you become aware of such processing of personal data, we ask that you notify us immediately and we will make corrections.
8. PROCESSING TIME
The controller shall only process the Personal Data for the necessary time and shall comply with the principles of processing of Personal Data. Where consent has been given, for the period of consent or withdrawal of consent. Where we process PII on the basis of law, e.g. accounting documents, we process these for a period of 10 years. The exact retention period is set out for each purpose of processing in section 4.3.
9. TRANSFER TO A THIRD COUNTRY
We restrict the transfer of Personal Data to a third country or international organisation, including the identification of the country or international organisation. However, some of the recipients may have servers located outside the EU (Google, Facebook). These servers may be located in the United States of America (USA). The transfer of personal data is based on the European Commission's adequacy decision and the organisations are registered with the Data Privacy Framework (DPF). To check whether organisations are registered with the DPF, you can follow this link https://www.dataprivacyframework.gov/s.
Article 45 of the GDPR provides for the transfer of data on the basis of an adequacy decision by the European Commission. The European Commission's adequacy decision for the EU-US DPF entered into force on 10 July 2023.
These transfers are only made on the basis of standard contractual clauses approved by the Commission and appropriate safeguards have been provided within the meaning of Article 46 of the GDPR:
Privacy Policy
https://policies.google.com/privacy?hl=en-US | |
https://www.linkedin.com/legal/privacy-policy |
Provided adequate safeguards within the meaning of Article 46 of the GDPR.
https://privacy.google.com/businesses/controllerterms/mccs/ |
10. AUTOMATED PROFILING
Company do not use automated profiling within the meaning of Article 22 of the Regulation.
11. RIGHTS OF THE DATA SUBJECT
You have the right to exercise your rights under the GDPR, namely (i) the right to rectification, (ii) the right to erasure, (iii) the right to data portability, (iv) the right to object, (v) the right to withdraw consent, (vi) the right of access to information, (vii) the right to restriction. You can exercise these rights directly with the company by notifying the company at the following email address hricova@deismartes.com or in writing to Deismartes s.r.o., Kopčianska 10, 85101 Bratislava.
Right of access
You can request confirmation/information from us, but also a copy of the personal data processed, whether and to what extent your personal data is processed. We, as a company, are obliged to provide the information upon your request within thirty (30) days of receipt of such request. We may extend this period by a further sixty (60) days. We will inform you of the postponement.
Right to repair
You have the right to have us correct your incorrect PI concerning you or complete your incomplete PI without undue delay.
Right to erasure
As a data subject, you have the right to have the personal data concerning you erased by the controller without undue delay. The controller is obliged to erase the personal data without undue delay if one of the following grounds is met:
- the personal data are no longer necessary for the purpose for which they were collected or processed by the controller,
- if you withdraw your consent to the processing of personal data for at least one (1) specific purpose, or the consent is invalid if its provision is precluded by a specific regulation,
- if you object to the processing of personal data and there are no overriding legitimate grounds for the processing of personal data or if you object to the processing of personal data relating to direct marketing, including profiling,
- if we process personal data unlawfully,
- if the reason for deletion is the fulfilment of an obligation under this Act, a special regulation or an international treaty by which the Slovak Republic is bound,
- if the personal data was collected in connection with the offer of information society services pursuant to (Section 15(1) of the Bill) and you are under 16 years of age.
Right to data portability
You may require us to make the PII you have provided to us available, in a structured, commonly used and machine-readable format, to another controller where technically feasible and provided that the PII is processed on the basis of the data subject's consent, on the basis of a contract and the processing of the PII is carried out by automated means.
Right to object
If we process your PI on the basis of a legitimate interest, you may object to the processing of your personal data at any time on grounds relating to your particular situation. We may not further process personal data unless we can demonstrate our compelling legitimate grounds for processing which override your interests, rights and freedoms, or where there are grounds for establishing, exercising or defending legal claims.
Withdrawal of consent
In cases where you have given us your consent, we inform you that you can withdraw this consent at any time. You can revoke it in the same way as you gave it. Revocation does not affect the lawfulness of the processing from the consent prior to its revocation.
You have the right to request restriction of the processing of your data
- if you deny the accuracy of the data, for a period of time that allows us to verify the accuracy of the data,
- if the processing of your data is unlawful, but you refuse erasure and instead request a restriction on the use of the data,
- if we no longer need the data for the intended purpose, but you still need the data to assert, exercise or defend legal claims
- if you have lodged an objection to data processing.
Right to bring proceedings by the person concerned
If you are of the opinion that we have violated the Act and/or the GDPR in processing your personal data, please contact us so that we can clarify any objections. You have, of course, the right to lodge a complaint with the Data Protection Authority. A template is published on the website Office for Personal Data Protection, Hraničná 12, 820 02 Bratislava, Slovak Republic. The Authority will consider your complaint within thirty (30) days and make a decision within ninety (90) days, or it may extend the time limit accordingly.
12. FINAL PROVISIONS
This information shall come into force and effect on 19. February 2024. The Controller reserves the right to change this Policy in the event of a change in the processing of Personal Data in the Company and in the event of a legislative change.