Dear client, this document is used to provide you with basic information about why we collect your personal data, the only purpose we can use it for, whom we will provide the information to as well as any other necessary information resulting from legislation within personal data protection. If you have any questions, please, do not hesitate to contact us using the contact details below.
Pursuant to S. 5(o) of Act No. 18/2018 Coll. on the Personal Data Protection, as subsequently amended (hereinafter referred to as the “Act”), the controller is SPIRAM s.r.o., Company ID: 36668125, with its registered office at Priemyselná 444, 965 01 Ladomerská Vieska, Slovakia (hereinafter referred to as the “Controller”).
Controller´s contact information:
Address: SPIRAM s.r.o., Priemyselná 444, 965 01 Ladomerská Vieska
THE TYPES OF PERSONAL DATA WE COLLECT AND WHY WE NEED THEM
- Economic and accounting agenda
Name, surname, title, address of permanent residence, date of birth, type and number of identity document, temporary residence address, telephone number, email address, signature, bank account number of a natural person
- Collection of receivables
Name, surname, address of permanent residence, date of birth or any other identification data, contact details
- Contractual relations
Title, name, surname, date of birth, personal ID No., phone number, email address, ID card number, license no., price, account number
- Self-employed person registration
Name, surname, title, address, place of residence, date of birth, bank – account number, contact details
- Keeping the records on the representatives of suppliers and customers
Name, surname, title, job, functional or service position, employee's personal number, employee's number, department, place of work, telephone number, fax number, work email address, employer's ID No.
- Client records
Title, first name, last name, email address, phone number
- Contractual relations – Natural persons
Name, surname, address, phone number, email
- Publication of contracts
Name, surname, position, contact details of the person and/or employee acting on behalf of the party concerned
- Records of complaints
Name, surname, address of permanent residence or residence, contact details, account number
- CCTV system monitoring areas accessible to the public
- Recording documents for obtaining permits to perform the subject of the Controller's activity
Issuer of the document or certificate, identification data of the issuer of the document or certificate, name, surname and signature of the issuer of the document or certificate, data of the document or certificate
- Register of job applicants
The data specified in the CV, cover letter and any other required documents confirming the required qualification, in particular name, surname, name at birth, title, education, work experience, employment, job title, position, course of previous employment, date of birth, place of birth, district of birth, permanent residence, temporary residence, previous residence, marital status, contact – by phone, email, ID or any other travel document number, other identification data, extract from the criminal record, certificate of education in the field
The Controller does not carry out a cross-border transfer of personal data.
SECURITY OF PERSONAL DATA
In order to protect your personal data, we have implemented appropriate technical, security and organizational measures in accordance with the requirements and regulations of applicable legislation. All your personal data in electronic form is stored on secure data servers.
TIME PERIOD WE KEEP YOUR PERSONAL DATA FOR
We keep your personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between us and the exercise of claims under this contractual relationship.
We must keep personal data, the retention of which is necessary for the fulfilment of all our obligations under statutory regulations, for the period specified by the relevant legal regulations, regardless of the consent granted by you. For tax and accounting documents, this period is usually 10 years.
In the case of marketing activities or in any other cases for which you have given us your consent, we keep your data until your consent is withdrawn.
In connection with the protection of personal data, you have several rights you can exercise in writing or electronically with the Controller's contact person:
- Right to information
Each person whose personal data is processed by the Controller has the right to the information provided by the GDPR and the Personal Data Protection Act. To this end, the Controller shall be obliged to take appropriate measures to provide the data subject with this information. The information may be provided via the website, by email or in paper form. The information must be provided in a concise, transparent, comprehensible and easily accessible form, formulated clearly and simply.
- Right of access to data
Any person whose personal data is processed by the Controller has the right to obtain confirmation as to whether or not personal data concerning them are being processed by a particular controller. If the personal data of this person are processed, the data subject has the right to access these data and information about their processing provided for by law.
- Right to rectification
Each person has the right to have the Controller process only their correct and up-to-date data. If the data subject requests the Controller to do so, the Controller must correct any incorrect and outdated data.
- Right to erasure
In certain cases, the person whose data is processed by the Controller has the right to delete their personal data. If the legal conditions are met, the Controller is obliged to delete its data.
- Right to Restrict Processing
In certain cases, the person whose data is processed by the Controller has the right to limit the processing of their personal data. During the restriction of processing, the Controller may only keep the data, the Controller may not process it in any other way.
- The Right to data portability
If the Controller processes personal data in electronic form on the basis of the consent of the person concerned, the Controller may request that the personal data be provided to the person concerned in a form allowing transfer to another controller.
- The right to object
- Under certain circumstances, the data subject has the right to object to the processing of their data.
- The data subject shall be assured by the Controller of the trouble-free exercise of their rights, in the simplest possible form, without any obstacles. Therefore, it has established a system through which data subjects could exercise their rights.
- The data subject is always provided with information about the processing of their personal data and is informed about their rights. The Controller provides this information in an appropriate manner according to the circle of data subjects, for example in writing in paper form, by email or by publication on the website.
- Data subjects may exercise their rights by email to firstname.lastname@example.org or by post to the address of the company with the shipment designation "Personal Data Protection".
- When exercising the rights by the data subject, the competent person shall notify the Controller by phone of the appropriate form in which they can exercise their rights.
- The Controller shall register and process each request without undue delay, but no later than within one month. Within that period, the Controller shall inform the data subject who made the request of the action taken on their request. That period may be extended by a further two months, if necessary, taking into account the complexity of the application and the number of applications. The Controller shall inform the data subject of the extension of the time limit within one month following the submission of the request, together with the justification for the missed time limit. The notification of the method of processing the request shall be made in the same way as the request was made, unless the data subject requests a different method.
- When using any of the above means of exercising the rights of data subjects, it is necessary to ensure the following:
- Accurate identification of the applicant. Its authenticity. Proven assurance of the fact that the request for information is indeed from the data subject or a person who is entitled to request information on behalf of the data subject.
- Non-repudiation of sending the request, demonstrable assurance of impossibility to deny the fact that the request for information was sent to the data subject.
- Ensuring the confidentiality and integrity of the information sent during its transmission to the data subject.
- Demonstrable assurance that the information was delivered to the data subject through the communication channel.
Pursuant to Article 13 and the relevant recitals of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the Protection of Natural Persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”) and the Act of the National Council of the Slovak Republic No. 18/2018 Coll. on the Protection of Personal Data and on changes and amendments to some acts (hereinafter referred to as the “Personal Data Protection Act”).
Pursuant to Article 14 and the relevant recitals of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the Protection of Natural Persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "Regulation") and the Act of the National Council of the Slovak Republic No. 18/2018 Coll. on the Protection of Personal Data and on changes and amendments to some acts (hereinafter referred to as the "Personal Data Protection Act").
The Controller processes personal data through authorized persons in accordance with the instructions of the Controller and in compliance with all adopted security measures. The processing of personal data complies with the principle of legality. Processing only those personal data that are considered necessary to achieve a precisely defined purpose of personal data processing. Ensuring the destruction of personal data from all data carriers after the necessary period for their storage has elapsed. Fulfilling the information obligation towards data subjects resulting from Articles 12 et seq. of the GDPR. When processing personal data, the Controller is obliged to comply with the principle of transparency. As part of this principle, the Controller shall inform the data subject about the conditions for the processing of personal data and then actually process their data in accordance with this information. Ensuring confidentiality of employees and persons present in the premise(s). Concluding contractual relationships with the processor and ensuring compliance with all legislative requirements governing the controller-processor relationship. Respecting the fundamental rights of data subjects and ensuring their observance.
Basic principles relating to personal data processing:
- Principle of legality
The Controller may process personal data only on one of the legal bases stipulated in the GDPR, and this obligation shall apply to compliance not only with the GDPR and the Personal Data Protection Act, but also with any other relevant legal regulations.
- Principle of purpose limitation
Personal data may be obtained by the Controller only for a specific, explicit and legitimate purpose. Further processing of personal data obtained in such way for another purpose that is incompatible with the original purpose is prohibited.
- Principle of data limitation
The Controller is entitled to process only those personal data that, in their scope and content, correspond to the purpose of their processing and are necessary to achieve it. It is forbidden to process such personal data that are redundant, unnecessary and not necessary to achieve the intended purpose.
- Principle of accuracy
If you find that your personal data is incorrect, you shall take all available measures to correct or delete it.
- Principle of retention minimisation
Pursuant to the GDPR, personal data may be processed only for the period necessary to achieve the specified purpose. After the processing of personal data for this purpose has been completed, the personal data must be disposed of.
- Principle of integrity and confidentiality
The Controller is obliged to ensure the protection of the personal data it processes. To this end, the Controller shall be obliged to take appropriate technical and organizational measures.
- Principle of Accountability
The Controller shall be obliged to document the compliance of the processing of personal data with the GDPR and the Personal Data Protection Act and compliance with all its obligations so that the Controller can prove the fulfilment of individual obligations in the event of control.
In order to ensure the proper functioning of this website and improve the services provided, we sometimes store small data files, so-called cookies, on your device.
WHAT ARE COOKIES?
Cookies are small text files created by communication between this website and the browser. Cookies are stored by our servers, using a browser, on your device (computer, mobile phone, tablet). Thanks to cookies, our site recognises your device the next time you visit.
- collect, analyse and evaluate information about your access and behaviour on the web
- recognize and simplify the use of the website when revisiting
- provide information about your interests and needs
- recommend a service that matches your interests and needs
- monitor the proper functioning of the website
- improve the quality of services provided
Almost every website uses cookie. When revisiting, cookies will help you remember the pages you visited and your previous settings. By browsing this website, you agree to the storage of cookies for that purpose. The data collected is anonymous and does not lead to your direct identification.
THE TYPES OF COOKIES
- Session cookies are only stored on your device for the duration of your visit until you close the website.
- Persistent cookies are stored on your device and remain there until you delete them or until the time set in your browser expires.
In terms of content, the Controller uses the following cookies:
- Essential cookies that are necessary for the proper and quality use of the website (e.g. login details).
- Operational cookies which can analyse your behaviour on the website (e.g. the number of sites you visited, or how long you spent on each site).
- Functional cookies helping us to improve the functionality of the website by recording which services have already been offered to you.
- Advertising cookies using which it is possible to evaluate the range of your interests and needs and, on this basis, to offer you relevant services.
We only use advertising cookies with your consent.
HOW TO CHANGE THE STORAGE OF COOKIES?
Most web browsers support cookie management. You can delete, block or completely disable cookies in your browser, or limit them to the types you select.
Information about browsers and how to manage cookies can be found on this website or in other documentation of Internet browsers.
There are also links and references to other websites on our website. Therefore, cookies that are not under our control may be created while browsing our website.
WHO TO CONTACT
Address: SPIRAM s.r.o., Priemyselná 444, 965 01 Ladomerská Vieska