Operator:

Business name: IDS Východ, s.r.o.
Registered office: Turgenevova 36, 040 01 Košice
Delivered address: Bačíkova 7, 040 01 Košice
ID of organization: 52 681 734
Commercial Register of the Municipal Court of Košice I, Section: Sro, File No.: 47373/V
Statutary body: Ing. Milan Škorupa, PhD. – managing director,
Ing. Radovan Hužvík – managing director

e-mail: info@idsvychod.sk
mobile: +421 948 262 792

In connection with the processing of personal data of the data subjects, the controller proceeds in accordance with Regulation 2016/679 GDPR on the protection of physical people with regard to the processing of personal data and on the free movement of such data and Act No. 18/2018 Coll. on the protection of personal data and on amendments and supplements to certain acts.

 

1. PRINCIPLES OF PERSONAL DATA PROTECTION

Personal data is stored securely and only for the time necessary to fulfil the purpose of processing. Access to personal data is restricted to people authorised by the controller to process personal data and who process it on the basis of the controller’s instructions. The personal data processed shall not be disclosed to third parties unless expressly required by contract or law.

2. DEFINITIONS

(a) Personal data – any information relating to an identified or identifiable physical people (hereinafter referred to as ‘data subject’); an identifiable physical person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that physical person.

 

(b) Processing – an operation or set of operations on personal data or sets of personal data, such as obtaining, recording, organizing, structuring, storing, transforming or altering, retrieving, viewing, using, providing by transmission, disseminating or otherwise making available, rearranging or combining, Restriction, erasure or destruction, whether or not by automated or non-automated means. 

 

(c) Restriction of processing – the marking of personal data held in order to restrict its processing in the future.

 

(d) Profiling – is any form of automated processing of personal data which consists of using that personal data to evaluate certain personal aspects relating to a physical person, in particular to analyse or predict aspects of the physical person concerned relating to job performance, financial situation, health, personal preferences, interests, reliability, behaviour, location or movements.

 

(e) Pseudonymisation – the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and relates to non-technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable physical person.

 

(f) Personal data information system – any organised collection of personal data that is accessible according to specified criteria, whether the system is centralised, decentralised or distributed on a functional or geographical basis

 

(g) ‘Controller’ means the physical person or organization, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are laid down in Union law or in the law of a Member State, the controller or the specific criteria for its determination may be determined in Union law or in the law of a Member State.

 

(h) Processor – a physical person or organization, public authority, agency or other body which processes personal data on behalf of the controller.

 

(i) Recipient – a physical person or organization, public authority, agency or other body to whom the personal data are disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the context of a specific survey in accordance with Union or Member State law shall not be considered as recipients; the processing of those data by those public authorities shall be carried out in accordance with the applicable data protection rules, depending on the purposes of the processing.

 

(j) Third party – a physical person or organization, a public authority, an agency or an entity other than the data subject, the controller, the processor and persons who are entrusted with the processing of personal data on the basis of a direct mandate from the controller or processor.

k) Consent of the data subject – any freely given, specific, informed and unambiguous expression of the data subject’s will by which he or she consents to the processing of personal data concerning him or her by means of a declaration or an unambiguous confirmatory act.

 

l) Personal data breach – a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data that is transmitted, stored or otherwise processed.

 

(m) Cross-border processing –

1. Processing of personal data which takes place in the Union in the context of the activities of establishments of a controller or processor in more than one Member State, where the controller or processor is established in more than one Member State.

 

2. Processing of personal data which takes place in the Union in the context of the activities of a single establishment of the controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.

 

(n) Relevant and reasoned objection – means an objection to a draft decision as to whether there has been an infringement of this Regulation or whether the envisaged measure in relation to the controller or processor complies with this Regulation, which must clearly demonstrate the seriousness of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free movement of personal data within the Union.

 

3. RIGHTS OF THE DATA SUBJECT

(a) Right to withdraw consent – where we process personal data of a data subject on the basis of his or her consent, the data subject has the right to withdraw that consent at any time. Consent may be withdrawn electronically, at the address of the person responsible, in writing, by notice of withdrawal of consent or in person at our registered office. Withdrawal of consent does not affect the lawfulness of the processing of personal data about the data subject that was processed on the basis of the consent prior to its withdrawal.

 

(b) Right of access – the data subject has the right to be provided with a copy of the personal data we hold about him or her, as well as information about how we use his or her personal data. In most cases, personal data will be provided to the data subject in written paper form, unless the data subject requests otherwise. If we request the provision of this information has been requested by electronic means, it will be provided electronically where technically feasible.

c) Right to rectification – we take reasonable steps to ensure that the information we hold about the data subject is accurate, complete and up to date. If the data subject considers that the information we hold is inaccurate, incomplete or out of date, please do not hesitate to ask us to correct, update or complete the information.

d) Right to erasure (oblivion) – The data subject has the right to ask us to erase his or her personal data if any of the following grounds are met:

1) the purpose of the processing has been fulfilled,

2) withdrawal of consent and there is no other legal basis for the processing,

3) objection to processing,

4) unlawful processing of personal data,

5) compliance with a legal obligation,

6) the personal data were collected in connection with an information society service.

 

The controller is obliged to inform all those to whom the personal data have been provided of the erasure request. The right to erasure may not be exercised if the processing is necessary for the exercise of the right to freedom of expression or the right to information; for compliance with a legal obligation; for reasons of public interest in the field of public health; for archiving, statistical, historical and scientific research purposes and for the exercise of a legal claim.

e) Right to restriction of processing – the data subject has the right to ask us to stop using their personal data. This is for example if he or she believes that the personal data we hold about him or her may be inaccurate or that we no longer need his or her personal data.

(f) Right to data portability – the data subject has the right to the portability of personal data where the processing is based on the data subject’s consent or on a contract and where the processing is carried out by automated means, as far as technically feasible.

g) Right to object – the data subject has the right to object to processing based on our legitimate interests. If we do not have compelling legitimate grounds for processing and the data subject objects, we will no longer process his or her personal data. If the data subject wishes to object to the way in which we process his or her personal data, please contact us by email or in writing.

 

If you believe that your personal data is being processed unfairly or unlawfully, you may lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, tel. no.: +421/2/3231 3214, e-mail: statny.dozor@pdp.gov.sk , https://dataprotection.gov.sk