The principles of personal data processing and the personal data protection system according to the GDPR regulation
The purpose of these principles is to demonstrate that the processing of personal data by the operator is carried out in accordance with the currently valid legislation, in particular Act 18/2018 Coll. on the protection of personal data (hereinafter referred to as the "new GDPR Act") and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in the processing of personal data and on the free movement of such data (hereinafter referred to as the "GDPR Regulation") ). The new legal regulation obliges the operator, taking into account the nature, scope and purpose of the processing of personal data and the risks of varying probability and severity for the rights of a natural person, to take appropriate technical and organizational measures to ensure and prove that the processing of personal data is carried out in accordance with new legislation. The operator is obliged to update the measures taken as necessary.
This document is the result of an assessment of the processing of personal data by the operator for the purposes of legal standards governing the protection of personal data. By introducing standardized personal data protection based on the principles listed here, the risk of personal data protection violations is minimized.
OPERATOR:
Business name: LIANA GOLIAŠ sro
Registered office: Lopuchovská 734/1, 086 41 Raslavice
Office: Hlavná 352/15, 086 41 Raslavice
Legal form: Limited liability company
ID: 53 423 526
Registration: Commercial Register of the Prešov District Court, Department: Sro, Insert number: 41246/P
Statutory body: Executive
(further on in the policy text only as "operator" )
Joint Operator for management of the personnel and payroll agenda and monitoring by camera system: GOLIAŠ STAVEBNINY sro, Hlavná 352/15, 086 41 Raslavice
CONTACT INFORMATION:
If you want to contact us during the processing of your personal data, you can contact us HERE
- a contact person who supervises the processing of personal data and is authorized to process requests and provide information to exercise the rights of the persons concerned
- contact person for reporting security incidents
GENERAL INFORMATION ON THE PROCESSING OF PERSONAL DATA:
The operator of the site is responsible for the processing of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in the processing of personal data and on the free movement of such data, (hereinafter referred to as GDPR)
LEGAL REASON FOR PROCESSING PERSONAL DATA:
The legal basis for the processing of personal data by the operator about affected persons of all categories is the following provisions of the GDPR, respectively. of the new ZOOÚ Act:
- the processing of personal data is necessary for the performance of a contract to which the affected person is a party, or for the implementation of measures prior to the conclusion of the contract based on the request of the affected person, - according to § 13 par. 1 letter b) ZOOÚ, or Art. 6 letters b) GDPR.
(orders, employment contracts) - According to § 78 par. 3 ZOOÚ the operator, who is the employer of the person concerned, is authorized to provide his or her personal data or to publish his or her personal data in the scope of title, first name, last name, job classification, service classification, functional classification, employee's personal number or employee's employment number, professional department, location performance of work,
telephone number, fax number, e-mail address for the workplace and identification data of the employer, if this is necessary in connection with the performance of work duties, official duties or functional duties of the person concerned. The provision of personal data or the publication of personal data must not violate the seriousness, dignity and security of the person concerned. - the processing of personal data is necessary according to a special regulation or an international treaty to which the Slovak Republic is bound, - according to § 13 par. 1 letter c) ZOOÚ, or Art. 6 letters c) GDPR (in particular: Commercial Code, Labor Code, Health Insurance Act, Social Insurance Act, Income Tax Act)
- the processing of personal data is necessary for the purpose of the legitimate interests of the operator or a third party, except in cases where these interests are overridden by the interests or rights of the data subject requiring the protection of personal data, especially if the data subject is a child, - according to § 13 par. 1 letter f) ZOOÚ, or Art. 6 letters f) GDPR (camera recordings)
- further processing of personal data for the purpose of archiving , for scientific purposes, for the purpose of historical research or for statistical purposes, if it is in accordance with a special regulation and if adequate guarantees for the protection of the rights of the person concerned are observed.
STATEMENT:
We declare that, as the operator of your personal data, we fulfill all legal obligations required by applicable legislation, in particular the Personal Data Protection Act and the GDPR, and therefore that:
- we will only process your personal data based on the valid legal basis described above.
- In accordance with Article 13 of the GDPR, we hereby fulfill our obligation to provide information to the persons concerned
- we will enable and support you in exercising and fulfilling your rights according to the new Act on the Protection of Personal Data and the GDPR regulation.
FULFILLMENT OF THE INFORMATION OBLIGATION TO THE PERSONS CONCERNED pursuant to Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons in the processing of personal data and on the free movement of such data, which repeals Directive 95/46/EC (General Data Protection Regulation) / hereinafter referred to as the "Regulation" or " GDPR"/:
WE PROCESS YOUR PERSONAL DATA FOR THE FOLLOWING PURPOSES:
- Information for CUSTOMERS PURCHASING THROUGH THE ELECTRONIC STORE
information for customers shopping via e-commerce - unregistered customer information for customers shopping via e-commerce - registered customer - Information for CUSTOMERS SHOPPING IN A STONE STORE
- Information for WEBSITE VISITORS Marketing communication (newsletter) - legitimate interest Marketing communication (newsletter) - consent
- Information for EMPLOYEES
- Information for TRADERS
- Information for CONTRACTUAL BUSINESS PARTNERS - CLIENTS AND THEIR EMPLOYEES, RESPONSIBLE REPRESENTATIVES
- Information for CONTRACTUAL BUSINESS PARTNERS - SUPPLIERS AND THEIR EMPLOYEES, RESP. REPRESENTATIVES
- Information for PERSONS WHO HAVE SUBMITTED A REQUEST OR EXERCISED THEIR RIGHTS
- Administration of the registry
- Claimed rights, processing of claimed rights and related records
- NOTIFYING THE RECIPIENT, THIRD PARTY, ABOUT THE CHANGE OF PERSONAL DATA
- PROVIDING INFORMATION TO THE PERSON CONCERNED BASED ON THEIR REQUEST
- CONSENT TO THE PROVISION OF PERSONAL DATA
- Sample REVOCATION OF CONSENT TO THE PROCESSING OF Ú
- REQUEST OF THE PERSON CONCERNED TO RESTRICT THE PROCESSING OF Ú
- REQUEST TO CORRECT PERSONAL DATA
- REQUEST FOR THE PORTABILITY OF PERSONAL DATA
- REQUEST FOR ACCESS TO PERSONAL DATA
- REQUEST TO DELETE PERSONAL DATA
- REQUEST TO OBJECT PERSONAL DATA PROCESSING
- Information for SOCIAL NETWORK VISITORS
SECURITY AND PROTECTION OF PERSONAL DATA:
We protect personal data to the maximum extent possible. We protect them as if they were our own. We have implemented all possible technical and organizational measures that prevent misuse, damage or destruction of your personal data.
YOUR RIGHTS REGARDING THE PROTECTION OF PERSONAL DATA:
Method and form of feedback:
Responses to requests and information will be provided in the form in which the request was submitted (written/electronic/oral), unless the person concerned has requested another method. Verbal provision of information can be conditioned by proving the identity of the person concerned. If the operator has legitimate doubts about the identity of the natural person who submits the application, he may request the provision of additional information necessary to confirm his identity. In order to ensure the security of personal data, the operator reserves the right not to respond electronically to messages without a qualified electronic signature. For this reason, it is more appropriate to handle requests in which personal data are made available in writing in one's own hands, in order to prevent a situation where an anonymous person may request protected data about another person.
Application deadline:
Pursuant to § 29 par. 3 of the new ZOOÚ, the deadline for processing the application of the affected persons is one month from the delivery of the application. The deadline can be extended in justified cases, taking into account the complexity and number of requests, by another two months, even repeatedly. The person concerned must be informed of any such extension, along with the reasons for the extension. According to the law, an objective reason for the extension of the deadline can be considered, for example, a situation where the employer asks the person concerned to add some information for the assessment and processing of his application, while the addition of the required information will not be provided in return. Likewise, the occurrence of security incidents that temporarily paralyzed the employer's information systems, etc.
Transparent information about the introduction and amount of fees:
For processing applications and providing information, the operator is entitled to demand related fees from the applicant. The requests of the affected person and information are primarily handled, respectively. they provide free of charge. A reasonable fee, taking into account administrative costs, can be requested for the second and further copies of the documents with which the employer fulfills the request of the person concerned. Likewise, a fee can also be introduced for the administrative costs of processing a request that is clearly unfounded or disproportionate, especially due to its recurring nature. The obvious groundlessness or inadequacy of the request is demonstrated by the operator. The recurring nature of the request is one that concerns the same personal data as well as the same asserted right. Thus, a request submitted, for example, for the right of access to personal data, and then a request submitted for the right to delete those data, the processing of which was determined based on the request for the right of access, do not have a repetitive nature of the request.
Appropriate measures for exercising the rights of the person concerned and measures facilitating the exercise of his rights.
The operator reserves the right to process requests online if it deems this option to be the most appropriate.
Calculation of rights. which the new legal regulation in the field of personal data protection grants to the persons concerned:
This calculation of rights is applicable, and the person concerned may exercise these rights with the operator only if the legal conditions are met, which are further specified in the text.
1. Right of access
The person concerned has the right to obtain confirmation from the operator as to whether personal data relating to him or her is being processed, and if so, he or she has the right to obtain access to this personal data and the information specified in the information obligation.
The operator will provide a copy of the personal data being processed. For any additional copies requested by the data subject, the controller may charge a reasonable fee corresponding to administrative costs. If the person concerned submitted the request by electronic means, the information will be provided in a commonly used electronic form, unless the person concerned has requested another method. The exercised right to obtain a copy of personal data must not have adverse consequences on the rights and freedoms of others.
2. Right to rectification
The person concerned has the right to have the operator correct incorrect personal data concerning him without undue delay. With regard to the purposes of processing, the data subject has the right to supplement incomplete personal data, including by providing a supplementary statement.
3. Right to erasure (right to be forgotten)
The operator is obliged to delete personal data without undue delay if the person concerned has exercised the right to deletion, and if:
- personal data are no longer necessary for the purpose for which they were obtained or otherwise processed,
- the person concerned revokes the consent pursuant to § 13(1)(a) or § 16(2)(a), on the basis of which the processing of personal data is carried out, and there is no other legal basis for the processing of personal data,
- the person concerned objects to the processing of personal data according to § 27 paragraph 1 and there are no valid reasons for the processing of personal data or the person concerned objects to the processing of personal data according to § 27 paragraph 2,
- personal data is processed illegally,
- the reason for erasure is the fulfillment of an obligation under this Act, a special regulation or an international treaty to which the Slovak Republic is bound, or
- personal data was obtained in connection with the offer of information society services according to § 15 par. 1.
The operator is not obliged to delete the processed personal data of the affected person in the event that the processing of personal data is necessary:
- to exercise the right to freedom of expression or the right to information,
- to fulfill an obligation according to this law, a special regulation or an international treaty to which the Slovak Republic is bound, or to fulfill a task carried out in the public interest or in the exercise of public authority entrusted to the operator,
- for reasons of public interest in the field of public health in accordance with § 16 par. 2 letters h) to j),
- for archiving purposes, for scientific purposes, for historical research purposes or for statistical purposes according to § 78 par. 8, if it is likely that the right according to paragraph 1 will make it impossible or seriously difficult to achieve the goals of such processing,
- to exercise a legal claim.
4. Right to restriction of processing
The data subject has the right to have the controller restrict processing in one of the following cases:
- the person concerned contests the correctness of the personal data, during the period allowing the operator to verify the correctness of the personal data;
- the processing is unlawful and the data subject objects to the erasure of personal data and requests a restriction of their use instead;
- the operator no longer needs the personal data for processing purposes, but the data subject needs them to prove, exercise or defend legal claims;
- the person concerned has objected to the processing, until it is verified whether the justified reasons on the part of the operator prevail over the justified reasons of the person concerned.
5. Right to Portability
The person concerned has the right to obtain the personal data concerning him and which he has provided to the operator in a structured, commonly used and machine-readable format and has the right to transfer this data to another operator without being hindered by the operator to whom the personal data was provided.
When exercising his right to data portability according to paragraph 1, the person concerned has the right to transfer personal data directly from one operator to another operator, as long as this is technically possible.
The right referred to in paragraph 1 must not have adverse consequences on the rights and freedoms of others.
6. The right to object to the processing of personal data
The person concerned has the right to object at any time, for reasons related to his specific situation, to the processing of personal data concerning him, which is carried out on the basis of legitimate interest or public interest, including objection to profiling. The operator may not further process personal data, unless he proves the necessary legitimate reasons for processing that outweigh the interests, rights and freedoms of the person concerned, or reasons for proving, exercising or defending legal claims.
7. The right to the ineffectiveness of automated individual decision-making, including profiling
The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and which has legal effects that concern him or similarly significantly affect him.
Paragraph 1 does not apply if the decision is:
- necessary for the conclusion or performance of the contract between the person concerned and the operator,
- permitted by the law of the Union or the law of a Member State to which the operator is subject and which also establish appropriate measures guaranteeing the protection of the rights and freedoms and legitimate interests of the person concerned, or
- based on the express consent of the person concerned.
8. The right to withdraw consent to the processing of personal data
If the operator processes personal data of the affected person only on the legal basis of consent, he is obliged to ensure the affected persons have the right to withdraw their consent at any time, in the same simple form as the consent was given. If the operator processes personal data on a legal basis other than the consent of the person concerned, this person does not have the right to revoke the consent, since it was not even provided.
You can exercise your right with us at any time, in writing or by electronically delivering your request to the above contact details.
SILENCE
We would like to assure you that as the operator as well as our Joint Operator, our employees, collaborators and intermediaries who will process your personal data, they are obliged to maintain the confidentiality of personal data, the provision of which would jeopardize the security of your personal data. This confidentiality continues even after the end of the relationship with us. Without your consent, your personal data will not be provided to a third party.
These principles of personal data processing apply from 25/05/2018 and replace the previous Personal Data Protection.