Privacy policy

Information obligation of the Controller

The Controller is the responsible entity for the processing of personal data. We take the protection of your privacy and personal data very seriously. We collect, process, and utilize your personal data in accordance with the content of this data protection declaration, as well as the relevant regulations on the protection of personal data. Through this data protection declaration, the Controller would like to inform you about the extent to which they collect, process, protect, and utilize your personal data.

Controller Information

  • Company Name: Praxuj, s.r.o.
  • Address: Nový Svet 40, 97401, Banská Bystrica
  • Company ID (IČO): 50597523
  • Name of Statutory Representative: Mgr. Jozef Gašparík
  • Contact Person: Mgr. Jozef Gašparík
  • Contact: gdpr@testzebra.com

Processing of Personal Information

The Controller stores your personal data on secure servers within the European Union. These are protected against loss, as well as unauthorized access, alteration, or dissemination of your data by technical and organizational measures. Access to your data is only possible for a limited number of informed and authorized individuals. Despite regular checks, complete protection against all threats is not guaranteed.

How We Obtain Your Personal Data?

We most commonly obtain your personal data directly from you. In such cases, the provision of personal data is voluntary. You can provide your personal data to our company in various ways, including:

  • registering on our websites (as a job applicant)
  • during the process of entering into a business or employment contract with our company
  • through ordering
  • via a complaint
  • through communication with you
  • participating in events organized by our company
  • engaging in activities of our company on social media
  • submitting a contact form with your comments, inquiries, or questions
  • from publicly available sources and registers
  • when submitting a resume (CV)

Categories of Processing Operations

The Controller, as per its needs, performs the following processing operations with your personal data:

  • copying, obtaining, gathering, disseminating, recording, pseudonymization, viewing, organizing, processing or alteration, searching, browsing, reshuffling, combining, relocating, utilizing, storing, blocking, erasing, their cross-border transfer, providing, making available, or publishing, ... etc.

Purpose of Data Processing

All of the mentioned data categories are necessary to fulfill legal requirements and internal needs of the Controller within the scope of its business.

Authorized Persons

Our employees and staff may have access to your personal data exclusively on a "need-to-know" basis. This means that only authorized employees of the specific department related to the processing of personal data may have legitimate access, and such access is typically restricted based on the position, function, and job responsibilities of the specific employee. Each such employee is informed and authorized.

Categories of Personal Data

Individual
First Name
Last Name

Contact Information
Personal Email
Work Email
Personal Phone
Work Phone

Addresses
Residential Address
Place of Birth

Dates Related to the Individual
Date of Birth
Year of Birth
Start Date
End Date of Employment

Sensitive Personal Data
Gender of Candidate/Employee
Personality Profile of Candidate/Employee
Results of Assessment Testing
Health Disability Status (yes/no)
Employee's Health Disability
Information about Work-Related Injuries

Other Personal and Event-Related Information
Type of Pension
Signature
Marital Status
Nationality
Information on Offenses and Violations of Regulations
Worked Hours
CV (Curriculum Vitae)
References

Banking Information
Bank Account Number
IBAN
SWIFT

Birth Certificate
Personal Identification Number

Identification Documents (ID Card, Driver's License, Passport, etc.)
ID Card Number

Financial Data
Loan - Income Amount
Salary Amount
Payroll Slip
Hourly Wage
Social Security Contributions
Contribution Amount
Deduction Amount

Education, Knowledge, Skills
Language Proficiency
Professional Skills
Assessment Test Evaluation
Academic Title
Education
University - Faculty
University - Name
University - Field of Study
University - Academic Year
University - Graduation Year
Other Personal Information in the Curriculum Vitae

Employment and Performance-Related Data
Employment Contract
Addendum to Employment Contract
Length of Employment
Reason for Termination of Employment
Job Type
Workplace, Place of Employment
Job Classification, Position
Work Experience

Contracts with Business Partners
Supplier Contracts
Customer Contracts
Brokerage - Business
Brokerage - Data Processing Agreement (DPA)

Audiovisual Recordings: Photographs, Audio-Visual Recordings
Video: from Testing
Audio: from Testing

System Data for IT
User Name
Role (Role, Authorization)
User Identifier
Provided Access Password to the Application
IP Address
Access Rights Record

Marketing
Newsletter (individuals with a legal relationship) - Existing Customer
Newsletter (individuals without a legal relationship) - New (Potential) Customer
Social Media (Facebook, Instagram, and LinkedIn)
Cookies
Metadata

Categories of Processing Operations

Sending amendment documents and information
Employee registration with social and health insurance
Sending original documents
Consultation and processing of tax returns - inpat
Processing data of job applicants through the company's web form
Processing data of job applicants through job portals (Profesia.sk + Kariéra.sk)
Interview/selection of job applicants
Processing job applicant data in cooperation with HR agencies and ADZ
Personal form for signing employment contract
Recruitment - interview with candidate
Employment contract signing for candidates under employment contract
Employees under employment contract - signing addenda
Employees under employment contract - reporting changes in personal data
Employees under employment contract - updating job position information
Employees under employment contract - disciplinary investigation
Capturing and publishing photos and videos with employees
Organizing competitions in cooperation with external partners
Employee registration for internal company events
Providing participant data (employees) to external organization
Providing information to journalists
Company events with photo-audio-video recordings
Newsletter - sending to new data subjects
Newsletter - sending to data subjects with past legal relationships
GDPR - fulfilling pre-information obligations for job applicants
GDPR - fulfilling pre-information obligations for new employees
GDPR - complying with the rights of data subjects
GDPR - informing and authorizing authorized persons
GDPR - internal training completion by employees
GDPR - completion of training provided by external partners for employees
Occupational Safety and Health (BOZP) - completion of training provided by external partners for employees
Personnel Security (PO) - internal training completion by employees
Personnel Security (PO) - completion of training provided by external partners for employees
Creating a record of a work-related accident - foreman/Team leader/Manager
Processing and investigating a serious injury
Investigating suspicion of an occupational disease
Job performance and workload assessment
Reporting a fire incident to employees
Reporting an emergency medical service intervention - ambulance dispatch
Consent for wage deductions
Access for tax advisors and auditors to internal systems
Assessing the employment potential of graduates in the trainee program
Reimbursement of travel expenses based on receipts
Organizing business trips
Settlement of business trip expenses
Processing provided documents after a business trip
Recording attendance (e.g., through an info terminal and others)
Document submission to the archive
Document removal from the archive, shredding
Deduction and taxation of employee contributions
Notification obligation to authorities in criminal proceedings
Sending information about selected employees to external entities
Sending salaries to university and high school students
Advisory on salary and attendance calculations
Sending and delivering pay slips to employees
Providing data from an employee's personal file
Document submission to the company archive
Document removal from the archive, shredding
Mail receipt
Mail parcel delivery
Processing business cards
Psychodiagnostics for selecting candidates for the trainee program
Storing data on profiles of trainee candidates
Providing assessment outputs
Planning, preparation, and development of talents for managerial positions
Recording ideas in the system
Approval of submitted ideas
Storage and archiving of proposals and contracts
Employees leaving employment: contract closure and reward payment
Processing photos and videos of employees on a team board
Creating a business case
Business negotiation
Online business negotiation
One-time purchase
Processing contracts, orders, and complaints
Sale of goods and services
Testing candidates
Video recording of candidate testing

Categories of Data Subjects

Job candidates submitting CVs
Candidates in job interviews
New employees
Permanent employees
Spouses/Partners of employees, their dependent children, parents of dependent children of employees, close associates
Contract employees
Students
Part-time employees
Customers
Suppliers of goods and services
Website visitors
Social media visitors
Newsletter subscribers
Tested individuals

The Controller is authorized, within the legal regulations on the protection of personal data, to partially or completely entrust the processing of your personal data to external service providers who act as processors for the Controller under Article 4(8) of the General Data Protection Regulation (GDPR).

External service providers assist us, for example, in the technical operation and support of websites and applications, data management, service preparation and delivery, marketing, and website and application analysis. However, the Controller remains responsible for the protection of the provided data. Service providers entrusted by the Controller process your data exclusively according to our instructions. This is ensured through strict contractual arrangements, technical and organizational measures, and our additional controls. Our processors include:

  • Cloudflare, Inc. — Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA — Server
  • Fakturoid s.r.o. — Fakturoid s.r.o., V Pláni 532/7, 142 00 Praha — Lhotka, Česká republika, IČO 04656679 — Invoicing
  • Google Ads — Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland — PPC reklamy, Analytika — Cloud storage
  • Ing. Veronika Buranovská — Ing. Veronika Buranovská, Strážovská 6442/2, 97411 Banská Bystrica, Slovensko, IČO 46 303 367 — Accounting and HR
  • Mailjet SAS — Mailjet SAS, 4, rue Jules Lefebvre, 75009 Paris, France — Emails
  • Praxuj s.r.o. — Praxuj s.r.o., Nový Svet 1182/40, 974 01 Banská Bystrica, Slovensko, IČO 50597523 — Camera recording
  • Slack — Slack Technologies Limited, Salesforce Tower, 60 R801, North Dock, Dublin, Ireland — Communicator
  • Stripe — Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland — Payment gateway
  • Thalento® — Thalento® Headquarters, Corda Campus - Corda 6 Hall A | Kempische Steenweg 303/43, 3500 Hasselt, Belgium — Tests
  • United Jobs, j.s.a. — United Jobs, j.s.a., Račianska 88B, 831 02 Bratislava - mestská časť Nové Mesto, Slovensko, IČO 53863241 — Server, emails, database
  • Websupport s.r.o. — Websupport s.r.o., Karadžičova 7608/12, 821 08 Bratislava – mestská časť Ružinov, IČO: 36 421 928 — Web hosting, domains, emails

Categories of Recipients/Third Parties

Categories of Recipients/Third Parties

The transfer of your data to third parties occurs when we are legally obligated to do so, or when providing data is necessary to fulfill our legal and contractual obligations. This mostly involves public authorities such as the Social Insurance Agency, health insurance, tax office, police, courts, legal services, bailiffs, banks, post office, etc.

Purposes and Legal Bases

Acquisition of personal data of candidates/applicants for a specific job position
Art. 6(1)(a), (b), Art. 13 of the GDPR

Uschovanie OÚ neúspešného kandidáta na neskoršie prípadné použitie
Art. 6(1)(a), Art. 13 of the GDPR

Fulfillment of employer obligations related to employment relationships and similar relationships (contributions, payroll, pay slips, processing accounting documents, taxes, registration with insurance companies, recording of worked hours, sick leave, access to premises, access data to IS, provision of personal data of employees during checks of legal employment, OHS, labor law, and GDPR training, catering arrangements for employees, employment records, travel orders, issuance of work tools, recording of work accidents, alcohol testing)
Art. 6(1)(b), (c), (f), Art. 13 of the GDPR, Act No. 311/2001 Coll. Labor Code, Act No. 55/2017 Coll. on state service, Act No. 552/2003 Coll. on performing work in the public interest, Act No. 5/2004 Coll. on employment services, Act No. 553/2003 Coll. on remuneration of some employees in the performance of work in the public interest, Act No. 595/2003 Coll. on income tax, mandatory entry and regular training: Act No. 124/2006 Coll. on safety and health protection at work, creation of a protocol on a work accident, Act No. 355/2007 Coll. on protection, support, and development of public health and ensuring (preventive) health examinations, registration with the Social Insurance Company under Act No. 461/2003 Coll. on social insurance, Act No. 43/2004 Coll. on old-age pension savings, Act No. 650/2004 Coll. on supplementary pension savings, Act No. 580/2004 Coll. on health insurance, amendment and supplementation of Act No. 95/2002 Coll. on insurance, Act No. 431/2002 Coll. on accounting, Act No. 222/2004 Coll. on value-added tax, Act on income tax No. 595/2003 Coll. No. 286/1992 Coll., Act No. 152/1994 Coll. on the social fund, Act No. 125/2006 Coll. on labor inspection in its current wording, Act No. 82/2005 Coll. on illegal work and illegal employment, Act No. 145/1995 Coll. on administrative fees, Act No. 40/1964 Coll. Civil Code

Occupational Health Service
Act No. 576/2004 Coll. - Act on Healthcare, Services Related to the Provision of Healthcare

Legal Counseling and Representation
Art. 6(1)(b), (f), Art. 13 of the GDPR

Participation in Execution Proceedings
Art. 6(1)(c), (f), Art. 13 of the GDPR, Act No. 233/1995 Coll. on Judicial Executors and Execution Activities (Execution Order)

Clarification of Criminal Activities
Art. 6(1)(b), (c), (f), Art. 13 of the GDPR, Act No. 99/1963 Coll. Civil Procedure Code in its current wording, Act No. 301/2005 Coll. Criminal Procedure Code in its current wording, Act on Reporting Anti-Social Activities

Deletion of Personal Data/Fulfillment of Rights and Obligations Arising from Contract and Law
Art. 5(1)(e), Art. 17 of the Regulation, § 10, § 23 of the Act on Personal Data Protection

Archiving of Personal Data
Act No. 395/2002 Coll. on Archives and Registries and on the Amendment of Some Laws in its current wording

Recording Requests of Data Subjects
Act No. 211/2000 Coll. on Free Access to Information and on the Amendment of Some Laws (Freedom of Information Act)

Order Processing
Art. 6(1)(b), (f) of the GDPR

Complaints Handling
Art. 6(1)(b), (c) of the GDPR

Conclusion of Business Contracts
Art. 6(1)(b), (f) of the GDPR

Maintaining a List of Suppliers
Art. 6(1)(f) of the GDPR

Acquisition and Maintenance of Customer Personal Data
Art. 6(1)(f) of the GDPR

Postal Services (Company Mail)
Art. 6(1)(b), (c), (f) of the GDPR

Hotel Accommodation Reservation on Business Trips
Art. 6(1)(b) of the GDPR

Transportation Reservation (Flights, Car Rentals)
Art. 6(1)(b) of the GDPR

Voluntary and Legal Training in Slovakia
Art. 6(1)(c), (f) of the GDPR

Voluntary Training Abroad
Art. 6(1)(b), (c), (f) of the GDPR - contractual relationship

Consultations and IT Services
Art. 6(1)(b) of the GDPR

Web Hosting, Email, Administration
Art. 6(1)(b) of the GDPR

Cloud Storage
Art. 6(1)(b) of the GDPR

Personal Data from the Web Form
Art. 6(1)(f) of the GDPR

Processing Cookies on the Website
Art. 6(1)(a) of the GDPR

Marketing Outreach - Cold Call
Act No. 452/2001 Coll. on Electronic Communications, Act No. 22/2004 Coll. on Electronic Commerce, Act No. 128/2002 Coll. on State Control of the Internal Market in Consumer Protection Matters

Newsletter Subscription Request from the Website
Art. 6(1)(a), (f) of the GDPR

Registration - eShop
Art. 6(1)(b) of the GDPR

Registration - Loyalty Program
Art. 6(1)(b), (c), (f) of the GDPR - contractual relationship

External HR Administration, External Employee Recruitment, Temporary Employment Agencies
Art. 6(1)(b) of the GDPR, Act No. 431/2002 Coll. on Accounting, Act No. 595/2003 Coll. on Income Tax

Video Recording of Candidate Testing
Consent of the data subject - Art. 6(1)(a), § 13, para. 1, letter a

Processing Results of Personality and Skills Tests
Consent of the data subject - Art. 6(1)(a), § 13, para. 1, letter a

Marketing Services
Art. 6(1)(b) of the GDPR

Authorization of the Authorized Person
GDPR Regulation

Minutes for Exercising the Rights of the Data Subject
GDPR Regulation

Photos and Videos from a Social Event Processed by an External Photographer - Employee and Business Partners
Legitimate interest (Art. 6(1)(f) of the GDPR or § 13(1)(f) of Act No. 18/2018 Coll., Mediator Agreement

Transfer to Foreign Countries

The Controller undertakes to respect the GDPR regulation, which allows transfers not only to third countries but also to the territory or specified sector in a third country or to an international organization, provided that a decision on adequacy has been granted to them (list)

In case there is no decision on adequacy, the Controller (or Mediator) uses at least one of the security measures, including:

  • Explicit consent of the data subject
  • Legally binding and enforceable instrument imposed by public authorities
  • Binding corporate rules
  • Standard contractual clauses for the protection of personal data adopted by the Commission in accordance with the GDPR review procedure. Standard contractual clauses for the protection of personal data adopted by the supervisory authority and approved by the Commission in accordance with the GDPR review procedure
  • Approved code of conduct with binding and enforceable commitments of the Controller or Mediator in a third country to provide the necessary safeguards, including the rights of data subjects.
  • Approved certification mechanism with binding and enforceable commitments of the Controller or Mediator in a third country to provide the necessary safeguards, including the rights of data subjects.

Monitoring (CCTV)

The Controller has not utilized this option and does not monitor its operations through a camera system for a legal purpose and legal basis in accordance with the GDPR regulation and internal guidelines. The conducted proportionality test evaluated the risks and the intensity of infringement on the rights and freedoms of the data subject as negligible.

Website

The Controller processes personal data on its websites based on your consent (use of all non-technically necessary cookie files; opt-out extensions - see below; communication through forms or email newsletters), as well as for the purpose of fulfilling its legal obligations and ensuring secure purchases (e-commerce) in legitimate interest.

When using our websites for purely informative purposes, i.e., when you do not register or otherwise provide information, we only collect personal data sent by your browser. During your visit to our website, we collect the following data, which is technically important for us to display the website to you and ensure its stability and security: IP address and IP location, date and time of the request, deviation from the Greenwich Mean Time (GMT) time zone, content of the request (specific page), access status/HTTP status code, each volume of transmitted data, the website from which the request came, operating system and its interface, language and version of the browser software, number, duration, and time of initiation, search engines and keywords used, type of browser, screen size, and operating system. More information about the use of cookies can be found below in the "Use of Cookies" section.

Links to Other Websites

On our websites, we also place links to other websites; this is for informational purposes only. We do not control these websites, and therefore, the provisions of this privacy statement do not apply to them. If you activate a link, the operator of that website may collect data about you and process it in accordance with its own privacy statement, which may differ from our version.

Personal data transferred from your browser during the informative use of our website and collected by the Operator ("log files") is typically retained for a period of 3 months. Log files are stored for a more extended period in our systems only for the purpose of investigating discrepancies or in case of security threats.

The Operator generally retains your personal data only as long as necessary for the purpose for which it was obtained. In any case, the Operator stores your data for the duration of our contractual relationship. The Operator may store your personal data for a more extended period for compliance with legal retention obligations (e.g., adherence to a 7-year archiving period under applicable tax and commercial laws). If necessary, the Operator may keep your data until potential legal claims against the Operator are statute-barred; for some claims, the limitation period may be up to 30 years.

When there are no legitimate reasons for further retention of personal data, this data will be deleted or anonymized.

E-commerce

To address your questions, process your orders and contracts in the online store, we process the following personal data: name, surname, title, email address, password, date of birth, company name, contact person, registration number, VAT ID, telephone number, fax number, delivery address, billing address, payment card information, and account number. More information about the use of cookies in the online store can be found below in the "Use of Cookies" section.

Newsletter

Through the newsletter, the Operator informs about current topics, developments, and offers. To subscribe to the newsletter offered on the website, the user needs an email address and information that allows verifying whether the user is the owner of the provided email address or whether the email address owner agrees to receive the newsletter. A valid email address is required for newsletter subscription. During registration, the IP address and date of subscription are stored. This process enhances security in case a third party misuses the email address and subscribes to the newsletter without the knowledge of the rightful user. The Operator uses this data exclusively for sending the requested information. To subscribe to the newsletter in the online store, both an email address and a name are required. After registration, the user receives an email to confirm the subscription by clicking on a link ("double opt-in"). By ordering the newsletter, you agree that all provided data will be processed. You can revoke consent to data storage, email address, and its use for newsletter purposes at any time by clicking a link in the newsletter or by sending a message to the Operator.

However, if you are a customer of the Operator and have a contractual relationship from the past, the Operator may not need your consent because it processes your personal data based on the Legitimate Interest legal basis. In this case, you can still cancel the storage of your data, email address, and its use for newsletter purposes at any time.

Contact Form

The data provided in the form for processing requests and potential follow-up questions are stored by the Operator for an essential period. Before submitting the form, you must actively consent to the electronic collection and processing of your data. Forms designed for complaint procedures or orders are exceptions. Personal data obtained through such forms is used on different legal bases.

Use of Cookies and Third-Party Applications

When using the website, small data files known as "cookies" are stored on the visitor's device. Cookies enable the storage of information related to the device on the access device (PC, smartphone, etc.). They serve for the user-friendly use of websites and user convenience (e.g., storing login details) and for collecting statistical data on website usage, analyzing it for improving the offer. Users can influence cookie usage by restricting or completely preventing their storage in most browsers. However, it's important to note that without cookies, the use and especially the comfort of use may be limited.

When using the online store, cookies are stored on the visitor's computer to track movements in the online store, use the shopping cart, and enable the recognition of visitors upon repeated visits to our website.

Our websites use the following types of cookies, the scope and functioning of which are explained in the following section:

NamePurposeStorage periodDisclosure to 3rd parties
__stripe_midStripe payment gateway7 daysyes
__stripe_orig_propsStripe payment gateway8 daysyes
__stripe_sidStripe payment gateway30 minutesyes
_gaGoogle Analytics2 yearsyes
_ga_NT3WQWXHSNGoogle Analytics2 yearsyes
cf_clearanceCloudinary cloud storage160 daysyes
cidStripe payment gateway70 daysyes
cookie-permsStripe payment gateway145 daysyes
FPAUCloudinary cloud storage70 daysyes
machine_identifierStripe payment gateway160 daysyes
private_machine_identifierStripe payment gateway75 daysyes
testZebraAuthenticationuser authenticationduring the sessionno

Temporary Cookies

Temporary cookies are automatically deleted upon closing the browser. They mainly include session cookies, storing a so-called session ID that allows various requests from your browser to be associated with a common session. This enables us to recognize your computer when you return to our website. These session cookies are deleted when you log out or close the browser. To use the shopping cart and checkout in the online store, session cookies must be enabled. If a customer generally does not want or cannot accept cookies, there is an option to order goods via email, fax, or telephone.

Persistent Cookies

Persistent cookies are automatically deleted after a certain period, which may vary depending on the cookie. However, you can also delete cookies at any time in your browser settings. They contribute to user-friendliness (including displaying content suitable for a specific location) and serve to analyze websites (see "Google Analytics"). In addition, integrated plugins (see below) use cookies to perform their services.

Automated Profiling

We also process your personal data through automated profiling based on the results of tests you have undergone as a job applicant.

You have the right to object to the resulting profile and request a reconsideration by a human, which we must comply with.

Your Rights

Right to Erasure (Right to Be Forgotten, Article 17 GDPR)

The data subject also has the right to obtain from the Controller the erasure of personal data concerning them without undue delay, and the Controller shall have the obligation to erase personal data without undue delay if one of the following reasons applies:

Right to Erasure (Right to Be Forgotten, Article 17 GDPR)

  • Personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • The data subject withdraws consent on which the processing is based under Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal ground for the processing.
  • The data subject objects to the processing under Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing under Article 21(2) GDPR.
  • Personal data have been unlawfully processed.
  • Personal data must be erased to comply with a legal obligation in Union or Member State law to which the Controller is subject.
  • Personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

Right to Restriction of Processing (Article 18 GDPR)

  • The accuracy of personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data.
  • The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
  • The Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims.
  • The data subject has objected to processing under Article 21(1) GDPR pending the verification of whether the legitimate grounds of the Controller override those of the data subject.

Right to Notification Obligation in Connection with Correction or Erasure of Personal Data or Restriction of Processing (Article 19 GDPR)

The Controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1), and Article 18 to each recipient to whom the personal data have been disclosed unless this proves impossible or involves disproportionate effort. The Controller informs the data subject about those recipients if the data subject requests it.

Right to Data Portability (Article 20 GDPR)

The data subject has the right to receive the personal data concerning them, which they have provided to a Controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided if:

  • The processing is based on consent under Article 6(1)(a) or Article 9(2)(a) or on a contract under Article 6(1)(b), and
  • The processing is carried out by automated means.

When exercising the right to data portability under paragraph 1, the data subject also has the right to have personal data transmitted directly from one Controller to another, where technically feasible.

Right to Object (Article 21 GDPR)

The data subject has the right to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them, based on Article 6(1)(e) or (f), including profiling based on these provisions. If you believe that the processing of your personal data violates relevant legal regulations, especially the GDPR, you can file a complaint with the Office for Personal Data Protection of the Slovak Republic.

Restriction of Data Subject's Rights

According to the provisions of Article 17(3) of the GDPR, it also specifies the reasons why the right to be forgotten does not have to be granted. The right to erasure of personal data does not apply if processing is necessary:

  • to exercise the right to freedom of expression and information;
  • to fulfill a legal obligation requiring processing under Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  • for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i), as well as Article 9(3);
  • for archival purposes in the public interest, for scientific or historical research purposes, or for statistical purposes under Article 89(1), to the extent that the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of such processing, or
  • for the establishment, exercise, or defense of legal claims.
  • the processing of personal data is subject to a specific regulation
  • she has exercised her right to rectify or delete her inaccurate, incomplete, or outdated personal data that is the subject of processing
  • she has exercised her right to delete personal data for which the purpose of processing has ended, and the requested camera recording would violate the rights of other data subjects
  • The data subject lacks full legal capacity, and her legal representative does not act on her behalf
  • The data subject is deceased, and her close relative does not act on her behalf (§ 116 of the Civil Code) The Controller is obliged to promptly notify, in writing, the data subject, their representative or close relative, as well as the supervisory authority of the restriction of rights (non-compliance with the request).

How to Exercise Your Rights

You can assert your individual rights with the Controller through any communication channel you consider most suitable for yourself. The same communication channel will be used for the response, or you may agree on another method in writing. All notifications and statements regarding the rights you have exercised are provided free of charge. However, if the request is clearly unfounded or excessive, especially if it is repetitive, the Controller is entitled to charge a fee reflecting the administrative costs associated with providing the requested information, up to €50.

Response Time

The Controller will provide a response and any information about the actions taken as soon as possible, but no later than within 1 month. The Controller may extend this period by an additional month if necessary, considering the complexity and number of requests. You will be informed of the extension, including the reason, if applicable.

Questions and Complaints

If you have questions or doubts about the processing of your personal data, or if you wish to exercise any of the rights outlined in this notice, you can contact the designated Contact Person mentioned above.

For domestic transfers of personal data, if you have questions or complaints, you can also contact:

Office for Personal Data Protection of the Slovak Republic
Hraničná 12
820 07, Bratislava 27
Slovak Republic
General email: statny.dozor@pdp.gov.sk

For cross-border transfers of personal data, if you have questions or complaints, you can contact the supervisory authority in the EU country where the Controller or processor has its main establishment.

CountryNameWebsite
AustriaAustrian Data Protection Authorityhttp://www.dsb.gv.at/
BelgiumBelgian Data Protection Authorityhttp://www.privacycommission.be/
BulgariaCommission for the Protection of Personal Datahttp://www.cpdp.bg/
CroatiaCroatian Personal Data Protection Agencyhttp://www.azop.hr/
CyprusOffice of the Commissioner for Personal Data Protectionhttp://www.dataprotection.gov.cy/
Czech RepublicThe Office for Personal Data Protectionhttp://www.uoou.cz/
DenmarkThe Danish Data Protection Agencyhttp://www.datatilsynet.dk/
EstoniaData Protection Inspectoratehttp://www.aki.ee/en
FinlandOffice of the Data Protection Ombudsmanhttp://www.tietosuoja.fi/en/
FranceNational Commission for Information Technology and Liberties (CNIL)http://www.cnil.fr/
GermanyFederal Commissioner for Data Protection and Freedom of Informationhttps://www.bfdi.bund.de/DE/Home/home_node.html
GreeceHellenic Data Protection Authorityhttp://www.dpa.gr/
HungaryHungarian National Authority for Data Protection and Freedom of Informationhttp://www.naih.hu/
IrelandData Protection Commissionhttp://www.dataprotection.ie/
ItalyThe Italian Data Protection Authorityhttp://www.garanteprivacy.it/
LatviaData State Inspectoratehttp://www.dvi.gov.lv/
LithuaniaState Data Protection Inspectoratehttp://www.ada.lt/
LuxembourgNational Commission for Data Protectionhttp://www.cnpd.lu/
MaltaInformation and Data Protection Commissionerhttps://idpc.org.mt/en/Pages/Home.aspx
NetherlandsDutch Personal Data Authorityhttps://autoriteitpersoonsgegevens.nl/nl
PolandPersonal Data Protection Officehttps://www.uodo.gov.pl/en
PortugalThe Portuguese data protection authority (CNPD)http://www.cnpd.pt/
RomaniaThe National Supervisory Authority For Personal Data Processinghttp://www.dataprotection.ro/
SlovakiaOffice for Personal Data Protection of the Slovak Republichttp://www.dataprotection.gov.sk/
SloveniaSlovenian National Supervisory Body for Personal Data Protectionhttps://www.ip-rs.si/
SpainThe Spanish Data Protection Agencyhttps://www.agpd.es/
SwedenThe Swedish Authority for Privacy Protectionhttp://www.datainspektionen.se/
UKInformation Commissioner's Officehttps://ico.org.uk/
EU DPAEuropean Data Protection Supervisorhttp://www.edps.europa.eu/_en