Below are the conditions of EXTEC s.r.o. regarding personal data protection:
The company’s personal data protection policy is based on the terminology used by the GDPR.
a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as the data subject); an identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier, or by reference to one or more elements that are specific to the physical, physiological, genetic, mental , economic, cultural or social identity of this natural person.
b) The affected person
The affected person is any identified or identifiable natural person whose personal data is processed by the operator.
Processing is an operation or set of operations with personal data or sets of personal data, for example obtaining, recording, arranging, structuring, storing, processing or changing, searching, browsing, using, providing by transmission, dissemination or otherwise making available, rearranging or combining, limiting, erasure or disposal, whether by automated or non-automated means.
d) Limitation of processing
Restriction of processing is the designation of stored personal data with the aim of limiting their processing in the future.
Profiling is any form of automated processing of personal data, which consists of the use of this personal data to evaluate certain personal aspects related to a natural person, in particular to analyze or predict aspects of the natural person concerned related to performance at work, financial conditions, health, personal preferences , with interests, with reliability, with behavior, with location or with movement.
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, as long as such additional information is kept separately and refers to non-technical and organizational measures to ensure that the personal data is not assigned to an identified or identifiable to a natural person.
The operator is a natural or legal person, public authority, agency or other entity that alone or together with others determines the purposes and means of personal data processing; in the event that the purposes and means of this processing are determined in the law of the Union or in the law of a Member State, the operator or specific criteria for its determination may be determined in the law of the Union or in the law of a Member State.
An intermediary is a natural or legal person, public authority, agency or other entity that processes personal data on behalf of the operator.
The recipient is a natural or legal person, public authority, agency or other entity to which personal data is provided, regardless of whether it is a third party. However, public authorities that may receive personal data as part of a specific investigation in accordance with Union law or the law of a Member State are not considered recipients; the processing of said data by said public authorities is carried out in accordance with applicable data protection rules, depending on the purposes of processing.
j) Third party
A third party is a natural or legal person, public authority, agency or entity other than the affected person, operator, intermediary and persons who, based on the direct authorization of the operator or intermediary, are entrusted with the processing of personal data.
k) Consent of the person concerned
The consent of the person concerned is any freely given, specific, informed and unambiguous manifestation of the will of the person concerned, by which, in the form of a statement or a clear affirmative act, he expresses his consent to the processing of personal data concerning him.
The controller of personal data in the sense of the GDPR and other laws on data protection in the member states of the European Union and other provisions related to data protection is:
Vlčie hrdlo 1
821 07 Bratislava
Phone: +421 2 2211 3313
Tax ID: 48 18 0297
For secure processing of personal data and processing compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in the processing of personal data and on the free movement of such data, which repeals Directive 95/46/EC (general regulation on data protection) and Act no. 18/2018 Coll. on the protection of personal data and on the amendment of certain laws in the company EXTEC, s.r.o. overseen by a responsible person who you can contact in case of exercising your rights, namely
• at the address of the company headquarters: responsible person GDPR, EXTEC s.r.o., Vlčie hrdlo 1, 821 07 Bratislava
• by e-mail at the address: firstname.lastname@example.org.
The website contains information that enables quick electronic contact with our company (general e-mail address, contact form). If the data subject contacts the data controller by e-mail or contact form, the personal data provided by the data subject will be automatically saved. Such personal data, which is voluntarily submitted by an individual to the operator, is stored for the purpose of processing or contacting the person concerned. These personal data are not disclosed to third parties.
The operator processes and stores the personal data of the person concerned only for the period necessary to achieve the purpose of storage or according to the circumstances of European directives or regulations or any other legislator in the laws or regulations to which the operator is subject.
If the purpose of storage ceases to apply or if the storage period prescribed by the European regulatory authority or other relevant legislator expires, personal data will usually be blocked or deleted in accordance with legal provisions.
a.) Right to confirmation
Each affected person has the right to request from the operator to confirm whether it is processing personal data concerning him. If the person concerned wants to exercise the right to confirmation, he can contact the person responsible for personal data protection at any time.
b.) The right to access personal data
The data subject has the right to obtain confirmation from the controller as to whether personal data concerning him or her is being processed, and if so, he or she has the right to obtain access to that personal data and the following information:
• processing purposes
• categories of affected personal data
• recipients or categories of recipients to whom personal data have been or will be provided, especially recipients in third countries or international organizations
• if possible, the expected period of storage of personal data or, if this is not possible, the criteria for its determination
• the existence of the right to request from the operator the correction of personal data concerning the person concerned or their deletion or restriction of processing, or the right to object to such processing
• the right to file a complaint with a supervisory authority
• if the personal data has not been obtained from the data subject, any available information as to its source
If the person concerned wants to exercise the right to access personal data, he can contact the person responsible for personal data protection at any time.
c.) Right to repair
The person concerned has the right to have the operator correct incorrect personal data concerning him without undue delay. With regard to the purposes of processing, the data subject has the right to supplement incomplete personal data, including by providing a supplementary statement.
d.) Right to erasure
The person concerned also has the right to obtain from the operator the deletion of personal data concerning him without undue delay, and the operator is obliged to delete personal data without undue delay if any of the following reasons are met:
• personal data are no longer necessary for the purposes for which they were obtained or otherwise processed
• the person concerned revokes the consent on the basis of which the processing is carried out, according to Article 6 par. 1 letter a) or Article 9 par. 2 letters a), and if there is no other legal basis for processing;
• the person concerned objects to the processing according to Article 21 paragraph 1 and there are no valid reasons for the processing or the data subject objects to the processing according to Article 21 par. 2;
• personal data were processed illegally;
• personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State to which the controller is subject;
• personal data was obtained in connection with the offer of information society services according to Article 8, paragraph 1.
If one of the above-mentioned reasons applies and the person concerned wishes to delete the personal data stored by the company, he can contact the person responsible for personal data protection at any time.
If personal data was published by Extec, s.r.o. and as an operator, our company is obliged according to Article 17 par. 1 GDPR to delete the data, the company will take appropriate measures, including technical measures, taking into account the available technology and implementation costs to inform other data controllers who process published personal data that the data subject has requested the deletion of all links to this data, copies or replications of this data, unless processing is required.
e.) Right to restriction of processing
The data subject has the right to have the controller restrict processing in one of the following cases:
• the data subject contests the correctness of the personal data, during the period allowing the operator to verify the correctness of the personal data
• the processing is illegal and the data subject objects to the deletion of personal data and instead requests the restriction of their use
• the operator no longer needs personal data for processing purposes, but the data subject needs them to prove, exercise or defend legal claims
• the person concerned has objected to the processing according to Article 21 par. 1, until it is verified whether the legitimate reasons on the part of the operator prevail over the legitimate reasons of the person concerned.
If one of the above conditions exists and the data subject wishes to request the restriction of personal data stored by the company, he or she can contact the person responsible for personal data protection at any time.
f.) The right to transfer data
The person concerned has the right to obtain the personal data concerning him and which he provided to the operator in a structured, commonly used and machine-readable format and has the right to transfer this data to another operator without being hindered by the operator to whom the personal data was provided, if:
• the processing is based on consent according to article 6 par. 1 letter a) or Article 9 par. 2 letters a), or on the contract according to Article 6 par. 1 letter b), a
• if the processing is carried out by automated means.
When exercising his right to data portability according to paragraph 1, the person concerned has the right to transfer personal data directly from one operator to another operator, as long as this is technically possible.
If the company processes personal data for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning him for the purposes of such marketing, including profiling to the extent that it is related to such direct marketing. If the person concerned objects to processing for direct marketing purposes, the personal data will already be processed by Extec s.r.o. will not process for such purposes.
g.) Automated individual decision-making, including profiling
The data subject has the right not to be subject to a decision that is based solely on automated processing, including profiling, and which has legal effects that concern him or similarly significantly affect him:
if the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the operator or (2) permitted by Union law or the law of a Member State to which the operator is subject and which also establish appropriate measures guaranteeing the protection of the rights and freedoms and legitimate interests of the data subject or (3) based on the express consent of the data subject.
In the cases mentioned (1) and (3), the operator will take appropriate measures to protect the rights and freedoms and legitimate interests of the person concerned, namely at least the right to human intervention on the part of the operator, the right to express his opinion and the right to challenge the decision.
h.) The right to withdraw consent to the processing of personal data at any time
The person concerned has the right to withdraw his consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal. Before giving consent, the person concerned must be informed of this fact. Withdrawing consent must be as easy as giving it.
The operator has integrated the analytical software Google Analytics (with anonymization function) on this website. Google Analytics is an internet analytics service that collects and analyzes data on the behavior of website visitors. The internet analysis service is primarily used to optimize the website.
The analytical software Google Analytics is operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
In the interests of anonymized recording of IP addresses, the operator has extended the Google Analytics service settings with the code “gat._anonymizeIp();”.
The purpose of the Google Analytics software is to analyze visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports that show the activities on our website and to provide other services related to the use of our website.
The cookie file stores information about personal data such as the time of access, the place from which the access was made and the frequency of site visits by the person concerned. Whenever the data subject visits our website, this personal data, including the IP address of the respective Internet connection, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose personal data collected through this technical process to third parties.
In addition, the person concerned has the possibility to object to the collection of data generated by Google Analytics and to prevent their collection in connection with the use of this website and the processing of this data by Google.
Article 6 par. 1 letter a) GDPR establishes the legal basis for the processing of personal data for which the data subject has expressed clear consent to the processing of personal data for one or more specific purposes.
If the processing is necessary for the performance of a contract to which the affected person is a party, such as in the case of processing operations necessary for the delivery of goods or the provision of other services, the processing is based on Article 6 para. 1 letter b) GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of questions regarding our products or services. If our company is subject to a legal obligation that requires the processing of personal data, for example to fulfill tax obligations, the processing is based on Article 6 para. 1 letter c) GDPR. In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. The above could occur, for example if a visitor were to be injured on our company’s premises and their name, age, health insurance details or other important information would have to be given to a doctor, hospital or other third parties. The processing of personal data would then be based on Article 6 para. 1 letter d) GDPR. Finally, processing operations could be based on Article 6 para. 1 letter f) GDPR. Processing operations not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data. Such processing operations are specifically permitted as they have been explicitly stated by the European legislator. In this context, the legislator considered that a legitimate interest could be assumed if the person concerned is a customer of the operator (Recital 47, sentence 2, GDPR).
The criterion for the duration of personal data retention is the relevant statutory personal data retention periods. After this period, the relevant data are normally deleted, provided that they are no longer necessary for the fulfillment or initiation of the contract.
10. Statutory or contractual requirements for providing personal data; the necessity of concluding a contract; the obligation of the data subject to provide personal data; possible consequences of failure to provide
Please note that the provision of personal data is in some cases required by law (for example, tax regulations) or may also result from contractual provisions (for example, information about the contractual partner). In some cases, it may be necessary to conclude a contract that the data subject provides us with personal data that will have to be processed by us later. For example, the data subject is obliged to provide personal data if the company enters into a contract with him. Failure to provide personal data would mean that the contract with the person concerned could not be concluded.
Before providing personal data, the person concerned should contact one of our employees. Our employee will inform the affected person in individual cases whether there is a legal or contractual requirement for the provision of personal data or whether it is necessary for the conclusion of a contract, whether the person is obliged to provide personal data and what the consequences of not providing personal data would be.