Information on personal data processing with regard to data subjects pursuant to § 19 and § 20 of Act No 18/2018 Coll., on the protection of personal data and amending certain acts (hereinafter referred to as the ‘Act’) and Articles 13 and 14 of Regulation (EC) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to personal data processing and on the free movement of such data (hereinafter referred to as the ‘GDPR’)
The purpose of this information is to provide you with information about which personal data we process, how we treat such personal data, for which purposes we use the data, to whom we can provide it, where you can obtain information concerning your personal data and exercise your rights within the personal data processing.
Identification and contact details:
The data controller processing your personal data is HIMEX PLUS s.r.o., Mudrochova 2, 835 27 Bratislava, Business ID No: 35 837 187, email: email@example.com (hereinafter referred to as the ‘Data Controller’).
The purpose personal data processing and legal basis of processing
The purpose of personal data processing is to keep records of data subjects of business partners/Data Controller clients.
Personal data is processed on the basis of § 13(1)(f) of the Act and Article 6(1)(f) of the GDPR if the data subject is an employee of the Data Controller’s business partner/client.
Personal data is processed on the basis of § 13(1)(b) of the Act and Article 6(1)(b) of the GDPR if the data subject is a statutory body or a person acting on behalf of the Data Controller’s business partner/client.
Legitimate interests of the Data Controller or third party
Personal data processing is carried out for the purpose of legitimate interests of the Data Controller or a third party.
Identification of the processed personal data of data subjects
The data subjects whose personal data is processed are:
employees of the Data Controller’s business partners/clients or the statutory body/person acting on behalf of the Data Controller’s business partner/client.
Scope of processed personal data:
degree, first name, surname, job, seniority, functional classification, employee’s personal number or employee’s employment number, business department, place of work, telephone number, fax number, workplace email address and employer identification data.
Identification of recipients, categories of recipients
The Data Controller may provide personal data to the authorised entities such as institutions and organisations, authorised by a specific law, or contractors (especially data processors) who have undertaken to accept reasonable guarantees to maintain processed personal data protection as follows:
Other authorised entity
general binding law in accordance with § 13(1)(c) of the Act and Article 6(1)(c) of the GDPR
Personal data may be provided to other recipients with the data subject’s consent or by their order.
Transfer of personal data to a third country/an international organisation
Transfer to the third countries or to the international organisations is not carried out.
Identification of the source from which personal data was collected
Directly from the data subject or the data subject’s employer
Term of keeping personal data
The Data Controller processes personal data for the time necessary to fulfil the purpose, but no longer than 1 year after its end.
The Data Controller does not process personal data by profiling or similar manners based on automated individual decision-making.
The data subject’s rights
The data subject has the right to request access to the data processed data from the Data Controller, and also the right to personal data rectification, the right to erase or restrict personal data processing, the right to object to personal data processing, the right to ineffectiveness of automated individual decision-making, including profiling, the right to personal data portability, as well as the right to bring proceedings to the supervisory authority. If the Data Controller processes personal data with the data subject’s consent, the data subject has the right to withdraw their consent to personal data processing at any time. Withdrawal of the consent does not affect the lawfulness of personal data processing based on consent prior to its withdrawal. The data subject can exercise their rights by sending an email to firstname.lastname@example.org or in writing to the Data Controller’s address.
Obligation to provide personal data
The provision of personal data is a contractual requirement, personal data processing is necessary. If personal data is not provided, a contractual relationship will not be concluded with the data subject or with the company which the data subject represents and on the behalf of which they act. The data subject has the obligation to provide true personal data; the data subject violates the law such data is not provided.