Personal Data Processing Principles and Personal Data Protection System according to GDPR

Prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data pursuant to Articles 13 and 14 of the Regulation (hereinafter referred to as “GDPR”) and Act No. 18/2018 Coll. on the protection of personal data (hereinafter referred to as the “Data Protection Act”)

Administrator:

SUPRATEK s.r.o.

Coburgova 72

917 02 Trnava

ID: 44 195 940

Tel.: 0903 274 413

e-mail: info@supratek.sk

What is personal data?

Personal data refers to data relating to an identified or identifiable natural person who can be identified directly or indirectly, in particular by reference to a generally applicable identifier, another identifier such as a name, surname, identification number, location data, or an online identifier, or based on one or more characteristics or traits that constitute their physical, physiological, genetic, mental, economic, cultural, or social identity.

What is personal data processing?

Personal data processing is any operation or set of operations performed on personal data or sets of personal data, such as collecting, recording, organizing, structuring, storing, modifying, retrieving, browsing, using, providing by transmission, disseminating or otherwise, rearranging or combining, restricting, deleting, regardless of whether it is carried out by automated or non-automated means.

The Administrator is not obligated to appoint a Data Protection Officer.

Sources and categories of personal data:

The Administrator processes personal data (directly from you) that you have provided or personal data obtained based on the fulfillment of your order.

Your identification and contact details and data necessary for the performance of the contract.

Legal reason and purpose of processing:

The legal reason for processing is:

  • Your consent to the processing of personal data for direct marketing purposes according to Article 6(1)(a) GDPR.
  • Fulfillment of the contract between you and the Administrator according to Article 6(1)(b) GDPR.
  • Processing is necessary for the fulfillment of the Administrator legal obligation according to Article 6(1)(c) GDPR.

The purpose of processing personal data is:

  • Processing your order and exercising the rights and obligations arising from the contractual relationship between you and the Administrator. When placing an order, personal data necessary for successful order fulfillment is required according to Article 6(1)(b) of the Regulation (this includes subsequent payment, service delivery, handling complaints, etc.); the customer’s personal data is processed without their consent as the legal basis for processing their personal data for contract performance is the specific order between the customer and the Administrator. Providing personal data is a necessary requirement for the creation and fulfillment of an order; without providing personal data, it is not possible to create an order or fulfill its conditions by the Administrator.
  • Providing the agreed service in the field of engineering production.

The Administrator declares that it does not process records in any way and does not provide them to third parties or entities.

Retention period:

The Administrator retains personal data:

  • For the time necessary to exercise the rights and obligations arising from the contractual relationship between you and the Administrator and the enforcement of claims arising from these contractual relationships.
  • For the period until the consent to the processing of personal data for marketing purposes is revoked.
  • After the retention period of personal data as required by Act No. 395/2002 Coll. on Archives and Registries and amending certain laws, the Administrator deletes the personal data.

Recipients of personal data

Who is a recipient?

A recipient is anyone to whom personal data is provided, regardless of whether it is a third party. A public authority that processes personal data based on a specific regulation is not considered a recipient.

  • Persons involved in the delivery of goods, services, and realization of payments based on a contract.
  • The Administrator does not provide, disclose, or make personal data accessible to third countries.

Conditions for securing personal data

The Administrator declares that it has taken appropriate personnel, technical, and organizational measures to secure personal data protection.

The Administrator has taken technical measures to secure data storage and personal data storage in physical form.

The Administrator declares that only authorized persons have access to personal data.

Your rights:

Under the conditions set out in the GDPR, you have:

  • The right to access your personal data according to Article 15 GDPR.
  • The right to rectify personal data according to Article 16 GDPR.
  • The right to restrict processing.
  • The right to erasure according to Article 17 GDPR.
  • The right to object according to Article 21 GDPR.
  • The right to data portability according to Article 21 GDPR.
  • The right to withdraw consent (electronically or to the correspondence address).
  • The right to file a complaint with the data protection authority if you believe that your rights to personal data protection have been violated.

How can you exercise your rights?

Right to access data

You have the right to know whether we process your personal data. If we do, you can request access to it. Based on your request, we will issue a confirmation with information about the processing of your personal data. You can submit a request electronically to the email address info@supratek.sk or by post to the address SUPRATEK s.r.o., Coburgova 72, 917 02 Trnava.

Right to rectification

You have the right for your personal data, which we process, to be correct, complete, and up-to-date. If your personal data is incorrect or outdated, you can request a correction or addition, electronically at the email address info@supratek.sk or by post to the correspondence address SUPRATEK s.r.o., Coburgova 72, 917 02 Trnava.

Right to erasure

Under certain circumstances, you have the right to have your personal data erased. You can request the erasure of your data at any time. We will delete your personal data if:

  • We no longer need your personal data for the purpose you provided it,
  • You withdraw your consent,
  • You object to the processing of your personal data,
  • We process your personal data unlawfully,
  • Personal data must be erased to fulfill a legal obligation,
  • If you are a child, or the parent of a child who consented to the processing of personal data via the internet.

Right to restrict processing

You can ask us to restrict the processing of your personal data. If we comply with your request, we will only store your personal data and will not further process it. Processing of your data will be restricted if:

  • You inform us that your personal data is incorrect, until we verify its accuracy,
  • We process your personal data unlawfully, but you do not agree with its erasure and instead request that we only restrict its processing,
  • We no longer need your data, but you need it to prove, exercise, or defend your rights,
  • You object to the processing of your personal data, until we verify whether our legitimate interests outweigh your reasons.

Right to data portability

You have the right to request that we provide your personal data in electronic form (e.g., XML or CSV file) that allows you to easily transfer data to another company. You can also request that we transfer your personal data directly to the chosen company. We will comply with your request if you provided the personal data directly to us and gave us consent for their processing.

Right to object

You have the right to object to our processing of your personal data. If we process your personal data in the following cases:

  • Due to our legitimate interest,
  • Creating a customer profile,
  • You can object to their processing if you have personal reasons for doing so.

How can you exercise these rights?

You can contact us with your request in any of the following ways:

By email: info@supratek.sk, or by post to the business address:

SUPRATEK s.r.o., Coburgova 72, 917 02 Trnava, ID: 44 195 940

If you believe that your rights to personal data protection have been violated, you have the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection at:

Hraničná 12

820 07 Bratislava 27

Slovak Republic

Identification data:

ID: 36064220

Tax ID: 2021685985

Office Secretariat:

+421 /2 3231 3214

E-mail: statny.dozor@pdp.gov.sk

Given the epidemiological situation in the Slovak Republic, the Office recommends making submissions through postal or electronic services (www.slovensko.sk). Personal submissions from 29.11.2021 can only be made in urgent cases no later than 12:00 pm.