SK EN

INFORMATION MEMORANDUM
Declaration of controller regarding personal data protection

 


CONTENT:

General information
Controller of personal data
Data that we process
Grounds for and purpose of processing
Rights of data subjects
Refusal to provide personal data, withdrawal of consent, right to bring proceedings
Data protection officer
Glossary



General information

The new rules on the protection of personal data established by Regulation (EU) 2016/679 of the EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), as well as Act No. 18/2018 Coll. of 29 November 2017 on the protection of personal data and on the amendment of certain acts, apply with effect from 25 May 2018.

Spoločnosť ECS Slovensko,  s r.o., having its registered office at Opletalova 75, 841 07 Bratislava, Slovak Republic, Identification No. (IČO): 44 996 365, would like to inform you, as the controller, that it respects the privacy of all data subjects with whom it comes into contact; regardless of whether it processes personal data itself or through another party. It is therefore important to us that everyone understands what personal data we process about you, why we do it and what your rights are.

We may process personal data about you in different ways and in different situations depending on whether you are a customer, supplier, employee or job applicant, or other data subject. We may also process personal data about visitors to our website(s) as well as our headquarters, depending on how you choose to interact with us.

We have prepared this "Information Memorandum" for you, and we encourage you to read it, in order to obtain information on how we handle your personal data.

If, after reading it, you still have any questions for us, please send them by email to: gdpr@sdcba.sk, or to the address of the controller, Slovakian Door Company, s r.o., Opletalova 75, 841 07 Bratislava, Slovak Republic.

Controller of personal data

The controller of personal data is ECS Slovensko,  s r.o., Opletalova 75, 841 07  Bratislava, SR, IČO: 44 996 365, to whom you have provided your personal data for one or more purposes. The controller manages, processes, handles and is responsible for the lawful processing of your personal data. You can exercise your rights in respect of the controller.

Data that we process

We only process those personal data that enable us to offer you professional services and products and at the same time to comply with our legal obligations and to protect our legitimate interests. In particular, we collect data about our employees and our business partners.

We process the following categories of personal data:

Identification data:

Such data are: first name, surname, birth number, sex, your marital status, date of birth, identity card number (passport, ID card), address of residence, citizenship, nationality and – in case you are an entrepreneur – identification number and address of the company you represent.

We process identification data to the extent that the law allows us to do so in order to comply with our legal obligation, but also to fulfil our obligations under a contract with you or a legitimate interest.

Contact data:

We also process phone number and email. We also process data that is linked to our products and services that you use.

Protection of property - CCTV footage

In order to protect the property and health of persons on the company premises, we also process CCTV footage. The areas that are recorded are clearly marked so that you are informed where the areas concerned begin and end. The CCTV footage is only used for the purpose of protecting the property and health of persons.

Grounds for and purpose of processing:

SWe always process personal data that we obtain from you or that is obtained from you by third parties, such as recruitment agencies, who provide us with your personal data on the basis of your consent to the extent necessary.

  • Processing of personal data for the purposes necessary under a specific regulation
  • Processing of personal data is necessary for the performance of a contract
  • Processing of personal data is necessary for the purposes of the legitimate interests of the company
  • Processing of personal data on the basis of the data subject's consent

  • Activity
    (what we do with personal data)

    Purpose of processing
    (why we do it)

    Legal ground for the processing activity

    Categories of data subjects

    We share personal data with the processor

    Preparation for hiring + initial interview

    Framework agreement with processor

    Job applicant

    We store data for the purpose of preparation of the employment contract

    Preparation for hiring + initial interview

    Consent

    Job applicant

    We keep the employee's details on file

    Determining qualifications of a potential employee

    Consent

    Job applicant

    Used by us for the purpose of registration of the employee in accordance with specific rules laid down in the law

    We have to meet the legal obligations for hiring and registering an employee

    Act No. 311/2001 Coll. Labour Code as amended, Act No. 461/2003 Coll. on social insurance as amended, Act No. 584/2004 Coll. on health insurance as amended, Act No. 595/2003 Coll. on income tax as amended

    Company’s employee

    Used by us for the purpose of deregistration of the employee in accordance with specific rules laid down in the law

    We have to meet the legal obligations for deregistration of an employee

    Act No. 311/2001 Coll. Labour Code as amended, Act No. 461/2003 Coll. on social insurance as amended, Act No. 584/2004 Coll. on health insurance as amended, Act No. 595/2003 Coll. on income tax as amended

    Company’s employee

    Stored by us for the purpose of preparation of the employment contract

    Preparation for hiring + initial interview

    Consent

    Job applicant

    Personal data is stored for the purpose of keeping records of agency employees

    Our legal obligation

    Act No. 5/2004 Coll. as amended, Permit dated 29 July 2008 AA2008/36/328/11612/0ISS of the Center for Labor, Social Affairs and the Family, Mediation Department, Act No. 311/2001 Coll. Labour Code as amended, Act No. 461/2003 Coll. on social insurance as amended, Act No. 584/2004 Coll. on health insurance as amended, Act No. 595/2003 Coll. on income tax as amended, Act No. 124/2006 Coll. on safety and protection of health at work as amended

    Agency employee

    We put personal data into the archive

    To record the attendance of agency employees

    Legitimate interest

    Agency employee

    Fingerprint data is stored in the access control system

    To record the attendance of agency employees

    Legitimate interest

    Agency employee

    Printing from Patrol system

    We want to create attendance sets that are used for payroll preparation

    Legitimate interest

    Agency employee

    Recorded by us to the attendance system

    Ensuring the technical operation of the attendance system

    Legitimate interest

    Company’s employee

    We provide to a supplier / manufacturer only numbers of pieces and dimensions

    Protection of the employee against accidents at work and consequences

    Legitimate interest

    Company’s employee

    We provide to a supplier anonymized personal data and data for the production of clothing

    We need to provide the manufacturer with the dimensions of the clothing

    Legitimate interest

    Company’s employee

    We send personal data to a physician

    Record keeping for medical examinations

    Act No. 311/2001 Coll. Labour Code as amended

    Company’s employee

    Personal data is sent to a customer for the purpose of record keeping

    Record keeping for medical examinations for a customer - forklift trucks

    Legitimate interest

    Company’s employee

    Personal data is sent to a customer for the purpose of record keeping

    Verification whether an employee may perform a specialized activity – listening

    Legitimate interest

    Company’s employee

    Personal data is processed by SDC

    For the processing of travel allowances for employees

    Act No. 311/2001 Coll. Labour Code as amended, Act No. 461/2003 Coll. on social insurance as amended, Act No. 584/2004 Coll. on health insurance as amended, Act No. 595/2003 Coll. on income tax as amended, Act No. 663/2007 Coll. on minimal wage as amended, Act No. 283/2002 Coll. on travel allowances as amended

    Company’s employee

    We register persons who will supply and also resell our products

    Supplies of goods

    Legitimate interest

    Supplier

    We keep records of customer contacts

    Supplies of goods

    Legitimate interest

    Supplier

    We provide presentation training to a third party

    Ensuring record keeping for training
    We provide training to employees

    Consent

    Company’s employee

    We keep records of which employees have received training

    Ensuring record keeping for training
    We provide training to employees

    Consent

    Company’s employee

    We provide presentation training to a third party

    Ensuring record keeping for training Protection of health at work

    Act No. 311/2001 Coll. Labour Code as amended, Act No. 124/2006 Coll. on safety and protection of health at work as amended

    Company’s employee

    We provide presentation training to a third party

    Ensuring record keeping for training
    Fire protection training

    Act No. 311/2001 Coll. Labour Code as amended, Act No. 121/2002 on fire protection as amended

    Company’s employee

    We provide presentation training to a third party

    Protection of health at work concerning a specific condition

    Act No. 311/2001 Coll. Labour Code as amended, Act No. 124/2006 Coll. on safety and protection of health at work as amended

    Company’s employee

    We keep records of members of the works council

    Payment of wages to members of the works council

    Legitimate interest

    Company’s employee


    Rights of data subjects:

    We would also like to inform you what rights you have in relation to the processing of personal data:

  • Right of access to personal data,
  • Right to rectification or to have personal data completed
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right not to be subject to automated individual decision-making with legal or similar effects, including profiling
  • Right of the data subject to bring proceedings for personal data protection
  • Right of access to personal data

    If you proactively contact us as a controller to request access to your personal data, we will inform you whether and to what extent your personal data is processed. We will inform you for what purpose we are processing your personal data, what categories of personal data are concerned, the list of recipients or categories of recipients of personal data to whom your personal data have been disclosed, the period for which we will keep your personal data, we will inform you of your right to request the rectification or erasure of your personal data, of your right to object, of your right to lodge a complaint with a supervisory authority, and we will inform you about any available information about the source of the personal data, if we have obtained it from someone other than you, whether automated decision-making, including profiling, is taking place in your case and, in the event we do not process your personal data, we must inform you about this.

    Right to rectification, to have personal data completed

    You have the right to have us rectify your personal data if you find that they are inaccurate or incorrect and you exercise this right./p>

    Right to erasure

    You have the right to request us to destruct your personal data we process. This applies to paper documents that are shredded or data that is erased. We will only comply if we are under no legal obligation to process your personal data and we are not bound by any other contracts.

    If your personal data are not necessary for the purposes for which they were collected or otherwise processed or you withdraw consent to the processing of your personal data and there is no further legal basis for their processing or you object to the processing and there are no overriding legitimate grounds for processing or the personal data have been unlawfully processed or the personal data must be erased to comply with a legal obligation or the personal data were collected in connection with the design of information society's services, we will erase your personal data.

    Right to restriction of processing

    If you exercise this right, you have the right to suspend the processing of your personal data.

    Right to portability

    If you are in a situation where you need to obtain your personal data in a structured, commonly used and machine-readable format or to transmit personal data directly to the controller, we are obliged to provide those structured data if technically possible.

    Refusal to provide personal data:

    You have the right to refuse to provide your personal data, but if it is necessary to request them from you, we cannot subsequently provide you with our service, sell you goods, employ you, interview you, admit you to the controller's premises, etc.

    Withdrawal of consent

    In the event we require your consent to process your personal data, you are entitled to withdraw this consent at any time. Withdrawal of consent does not affect the processing of your data for as long as this consent has been validly given by you, nor the processing of your personal data for other legal reasons, if applicable.

    We process your personal data transparently, fairly and in accordance with the law. If you believe that something is wrong with your data, you can contact our data processing officer. You can contact him at the following email address: gdpr@sdcba.sk or at the address of the controller : <gdpr@sk.ecs-engineering.netor at the address of the controller ECS Slovensko,  s r.o., Opletalova 75, 841 07  Bratislava, SR.

    Right of the data subject to bring proceedings for personal data protection

    A data subject who considers that in connection with the processing of his or her personal data by ECS Slovensko,  s r.o., Opletalova 75, 841 07  Bratislava, SR, IČO: 44 996 365, his or her rights under the Regulation, the Act on protection of personal data or a special regulation in the field of personal data protection, is entitled to bring proceedings before the Office for Personal Data Protection of the Slovak Republic https://dataprotection.gov.sk/uoou/ pursuant to Section 100 of the Act on protection of personal data.


    The protection of privacy and personal data is overseen by:

    Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov Slovenskej republiky)
    Hraničná 12, 820 07 Bratislava, SR
    IČO: 36 064 220
    Tel.: +421 /2/ 3231 3214
    Email: statny.dozor@pdp.gov.sk


    Data protection officer

    ECS Slovensko,  s.r.o., Opletalova 75, 841 07  Bratislava, SR, IČO: 44 996 365 has appointed a data protection officer for the purpose of proper and timely performance of activities related to the protection of personal data pursuant to the Regulation and the Act on the protection of personal data. The data subject may contact the data protection officer with questions concerning the processing of his/her personal data by the company and the exercise of his/her rights.

    At gdpr@sk.ecs-engineering.net we deal strictly with questions and consultations related to the applicable data protection legislation (GDPR).

    Contact data of the data protection officer are:

     

    Data protection officer at the controller:
    Name: Ing. Michal Marák
    Email :marak@sdcba.sk
    Tel.: +421 907 813 338

    Glossary

    Personal data means data relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to a commonly used identifier, to another identifier such as a first name, surname, identification number, location data, or to an online identifier, or to one or more characteristics or attributes which constitute his or her physical, physiological, genetic, psychological, mental, economic, cultural or social identity.

    Consent of the data subject means any serious and freely given, specific, informed and unambiguous indication of the data subject's wishes in the form of a statement or an unambiguous affirmative act by which the data subject consents to the processing of his or her personal data.

    Genetic data means personal data relating to inherited genetic characteristics of a natural person or acquired genetic characteristics of a natural person which provide unique information about the physiology or health of that natural person and which result, in particular, from the analysis of a biological sample of that natural person.

    Biometric data means personal data resulting from specific technical processing of personal data relating to the physical characteristics of a natural person, the physiological characteristics of a natural person or the behavioural characteristics of a natural person and which allow the unique identification or confirm the unique identification of that natural person, such as, in particular, facial images or dactyloscopic data.

    Health data means personal data relating to the physical health or mental health of a natural person, including data about the provision of healthcare or healthcare-related services that reveals information about his or her health.

    Processing of personal data means a processing operation or set of processing operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    Restriction of processing of personal data means the marking of stored personal data with the aim of limiting their processing in the future.

    Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal attributes or characteristics relating to a natural person, in particular to analyse or predict attributes or characteristics concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

    Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data could not be attributed to an identified or identifiable natural person.

    Log means a record of a user's course of action in an automated information system.

    Encryption means the transformation of personal data in such a way that reprocessing is only possible after a selected parameter, such as a key or password, has been entered.

    Online identifier means an identifier provided by an application, tool or protocol, in particular an IP address, cookies, logins to online services, radio-frequency identification, which may leave traces that can be used, in particular in combination with unique identifiers or other information, to create a profile of the data subject and to identify him or her.

    Filing system means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.

    Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

    Data subject means any natural person whose personal data are processed.

    Controller means any person which, alone or jointly with others, determines the purposes and means of the processing of personal data a processes personal data on his or her behalf; where the purposes and means of such processing are provided for in a special regulation or international treaty by which the Slovak Republic is bound, the controller or specific criteria for its nomination may be provided for in that regulation or treaty.

    Processor means any person which processes personal data on behalf of the controller.

    Recipient means any person, to which the personal data are disclosed, whether a third party or not; a public authority, which processes personal data by virtue of a special regulation or international treaty by which the Slovak Republic is bound in accordance with the rules on personal data protection relating to the given purpose of processing of personal data, shall not be regarded as the recipient.

    Third party means any person other than the data subject, controller, processor or another natural person, who, under the authority of the controller or processor, processes personal data.

    Data protection officer means a person designated by the controller or processor to carry out tasks under the law.

    Controller:
    ECS Slovensko,  s r.o.
    Ing. Michal Marák - statutory body – CEO

    Information