INFORMATION MEMORANDUM
Declaration of controller regarding personal data protection
CONTENT:
General information
Controller of personal data
Data that we process
Grounds for and purpose of processing
Rights of data subjects
Refusal to provide personal data, withdrawal of consent, right to bring proceedings
Data protection officer
Glossary
General information
The new rules on the protection of personal data established by Regulation (EU) 2016/679 of the EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), as well as Act No. 18/2018 Coll. of 29 November 2017 on the protection of personal data and on the amendment of certain acts, apply with effect from 25 May 2018.
Spoločnosť ECS Slovensko, s r.o., having its registered office at Opletalova 75, 841 07 Bratislava, Slovak Republic, Identification No. (IČO): 44 996 365, would like to inform you, as the controller, that it respects the privacy of all data subjects with whom it comes into contact; regardless of whether it processes personal data itself or through another party. It is therefore important to us that everyone understands what personal data we process about you, why we do it and what your rights are.
We may process personal data about you in different ways and in different situations depending on whether you are a customer, supplier, employee or job applicant, or other data subject. We may also process personal data about visitors to our website(s) as well as our headquarters, depending on how you choose to interact with us.
We have prepared this "Information Memorandum" for you, and we encourage you to read it, in order to obtain information on how we handle your personal data.
If, after reading it, you still have any questions for us, please send them by email to: gdpr@sdcba.sk, or to the address of the controller, Slovakian Door Company, s r.o., Opletalova 75, 841 07 Bratislava, Slovak Republic.
Controller of personal data
The controller of personal data is ECS Slovensko, s r.o., Opletalova 75, 841 07 Bratislava, SR, IČO: 44 996 365, to whom you have provided your personal data for one or more purposes. The controller manages, processes, handles and is responsible for the lawful processing of your personal data. You can exercise your rights in respect of the controller.
Data that we process
We only process those personal data that enable us to offer you professional services and products and at the same time to comply with our legal obligations and to protect our legitimate interests. In particular, we collect data about our employees and our business partners.
We process the following categories of personal data:
Identification data:
Such data are: first name, surname, birth number, sex, your marital status, date of birth, identity card number (passport, ID card), address of residence, citizenship, nationality and – in case you are an entrepreneur – identification number and address of the company you represent.
We process identification data to the extent that the law allows us to do so in order to comply with our legal obligation, but also to fulfil our obligations under a contract with you or a legitimate interest.
Contact data:
We also process phone number and email. We also process data that is linked to our products and services that you use.
Protection of property - CCTV footage
In order to protect the property and health of persons on the company premises, we also process CCTV footage. The areas that are recorded are clearly marked so that you are informed where the areas concerned begin and end. The CCTV footage is only used for the purpose of protecting the property and health of persons.
Grounds for and purpose of processing:
SWe always process personal data that we obtain from you or that is obtained from you by third parties, such as recruitment agencies, who provide us with your personal data on the basis of your consent to the extent necessary.
|
Activity |
Purpose of
processing |
Legal
ground for the processing activity |
Categories
of data subjects |
|
We share personal data with
the processor |
Preparation for hiring +
initial interview |
Framework agreement with
processor |
Job applicant |
|
We store data for the purpose
of preparation of the employment contract |
Preparation for hiring +
initial interview |
Consent |
Job applicant |
|
We keep the employee's
details on file |
Determining qualifications
of a potential employee |
Consent |
Job applicant |
|
Used by us for the purpose
of registration of the employee in accordance with specific rules laid down in
the law |
We have to meet the legal
obligations for hiring and registering an employee |
Act No. 311/2001 Coll. Labour
Code as amended, Act No. 461/2003 Coll. on social insurance as amended, Act
No. 584/2004 Coll. on health insurance as amended, Act No. 595/2003 Coll. on
income tax as amended |
Company’s employee |
|
Used by us for the purpose
of deregistration of the employee in accordance with specific rules laid down
in the law |
We have to meet the legal obligations
for deregistration of an employee |
Act No. 311/2001 Coll. Labour
Code as amended, Act No. 461/2003 Coll. on social insurance as amended, Act
No. 584/2004 Coll. on health insurance as amended, Act No. 595/2003 Coll. on
income tax as amended |
Company’s employee |
|
Stored by us for the purpose
of preparation of the employment contract |
Preparation for hiring +
initial interview |
Consent |
Job applicant |
|
Personal data is stored for
the purpose of keeping records of agency employees |
Our legal obligation |
Act No. 5/2004 Coll. as
amended, Permit dated 29 July 2008 AA2008/36/328/11612/0ISS of the Center for Labor, Social
Affairs and the Family, Mediation Department, Act No. 311/2001 Coll. Labour
Code as amended, Act No. 461/2003 Coll. on social insurance as amended, Act
No. 584/2004 Coll. on health insurance as amended, Act No. 595/2003 Coll. on
income tax as amended, Act No. 124/2006 Coll. on safety and protection of
health at work as amended |
Agency employee |
|
We put personal data into
the archive |
To record the attendance of
agency employees |
Legitimate interest |
Agency employee |
|
Fingerprint data is stored
in the access control system |
To record the attendance of
agency employees |
Legitimate interest |
Agency employee |
|
Printing from Patrol system |
We want to create attendance
sets that are used for payroll preparation |
Legitimate interest |
Agency employee |
|
Recorded by us to the
attendance system |
Ensuring the technical
operation of the attendance system |
Legitimate interest |
Company’s employee |
|
We provide to a supplier /
manufacturer only numbers of pieces and dimensions |
Protection of the employee
against accidents at work and consequences |
Legitimate interest |
Company’s employee |
|
We provide to a supplier
anonymized personal data and data for the production of clothing |
We need to provide the
manufacturer with the dimensions of the clothing |
Legitimate interest |
Company’s employee |
|
We send personal data to a physician |
Record keeping for medical
examinations |
Act No. 311/2001 Coll. Labour
Code as amended |
Company’s employee |
|
Personal data is sent to a
customer for the purpose of record keeping |
Record keeping for medical
examinations for a customer - forklift trucks |
Legitimate interest |
Company’s employee |
|
Personal data is sent to a
customer for the purpose of record keeping |
Verification whether an
employee may perform a specialized activity – listening |
Legitimate interest |
Company’s employee |
|
Personal data is processed
by SDC |
For the processing of travel
allowances for employees |
Act No.
311/2001 Coll. Labour Code as amended, Act No. 461/2003 Coll. on social
insurance as amended, Act No. 584/2004 Coll. on health insurance as amended, Act
No. 595/2003 Coll. on income tax as amended, Act No. 663/2007 Coll. on
minimal wage as amended, Act No. 283/2002 Coll. on travel allowances as
amended |
Company’s employee |
|
We register persons who will
supply and also resell our products |
Supplies of goods |
Legitimate interest |
Supplier |
|
We keep records of customer
contacts |
Supplies of goods |
Legitimate interest |
Supplier |
|
We provide presentation
training to a third party |
Ensuring record keeping for
training |
Consent |
Company’s employee |
|
We keep records of which
employees have received training |
Ensuring record keeping for
training |
Consent |
Company’s employee |
|
We provide presentation
training to a third party |
Ensuring record keeping for
training Protection of health at work |
Act No. 311/2001 Coll. Labour
Code as amended, Act No. 124/2006 Coll. on safety and protection of health at
work as amended |
Company’s employee |
|
We provide presentation
training to a third party |
Ensuring record keeping for
training |
Act No. 311/2001 Coll. Labour
Code as amended, Act No. 121/2002 on fire protection as amended |
Company’s employee |
|
We provide presentation
training to a third party |
Protection of health at work
concerning a specific condition |
Act No. 311/2001 Coll. Labour
Code as amended, Act No. 124/2006 Coll. on safety and protection of health at
work as amended |
Company’s employee |
|
We keep records of members
of the works council |
Payment of wages to members
of the works council |
Legitimate interest |
Company’s employee |
Rights of data subjects:
We would also like to inform you what rights you have in relation to the processing of personal data:
Right of access to personal data
If you proactively contact us as a controller to request access to your personal data, we will inform you whether and to what extent your personal data is processed. We will inform you for what purpose we are processing your personal data, what categories of personal data are concerned, the list of recipients or categories of recipients of personal data to whom your personal data have been disclosed, the period for which we will keep your personal data, we will inform you of your right to request the rectification or erasure of your personal data, of your right to object, of your right to lodge a complaint with a supervisory authority, and we will inform you about any available information about the source of the personal data, if we have obtained it from someone other than you, whether automated decision-making, including profiling, is taking place in your case and, in the event we do not process your personal data, we must inform you about this.
Right to rectification, to have personal data completed
You have the right to have us rectify your personal data if you find that they are inaccurate or incorrect and you exercise this right./p>
Right to erasure
You have the right to request us to destruct your personal data we process. This applies to paper documents that are shredded or data that is erased. We will only comply if we are under no legal obligation to process your personal data and we are not bound by any other contracts.
If your personal data are not necessary for the purposes for which they were collected or otherwise processed or you withdraw consent to the processing of your personal data and there is no further legal basis for their processing or you object to the processing and there are no overriding legitimate grounds for processing or the personal data have been unlawfully processed or the personal data must be erased to comply with a legal obligation or the personal data were collected in connection with the design of information society's services, we will erase your personal data.
Right to restriction of processing
If you exercise this right, you have the right to suspend the processing of your personal data.
Right to portability
If you are in a situation where you need to obtain your personal data in a structured, commonly used and machine-readable format or to transmit personal data directly to the controller, we are obliged to provide those structured data if technically possible.
Refusal to provide personal data:
You have the right to refuse to provide your personal data, but if it is necessary to request them from you, we cannot subsequently provide you with our service, sell you goods, employ you, interview you, admit you to the controller's premises, etc.
Withdrawal of consent
In the event we require your consent to process your personal data, you are entitled to withdraw this consent at any time. Withdrawal of consent does not affect the processing of your data for as long as this consent has been validly given by you, nor the processing of your personal data for other legal reasons, if applicable.
We process your personal data transparently, fairly and in accordance with the law. If you believe that something is wrong with your data, you can contact our data processing officer. You can contact him at the following email address: gdpr@sdcba.sk or at the address of the controller : <gdpr@sk.ecs-engineering.netor at the address of the controller ECS Slovensko, s r.o., Opletalova 75, 841 07 Bratislava, SR.
Right of the data subject to bring proceedings for personal data protection
A data subject who considers that in connection with the processing of his or her personal data by ECS Slovensko, s r.o., Opletalova 75, 841 07 Bratislava, SR, IČO: 44 996 365, his or her rights under the Regulation, the Act on protection of personal data or a special regulation in the field of personal data protection, is entitled to bring proceedings before the Office for Personal Data Protection of the Slovak Republic https://dataprotection.gov.sk/uoou/ pursuant to Section 100 of the Act on protection of personal data.
The protection of privacy and personal data is overseen by:
Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov Slovenskej republiky)
Hraničná 12, 820 07 Bratislava, SR
IČO: 36 064 220
Tel.: +421 /2/ 3231 3214
Email: statny.dozor@pdp.gov.sk
Data protection officer
ECS Slovensko, s.r.o., Opletalova 75, 841 07 Bratislava, SR, IČO: 44 996 365 has appointed a data protection officer for the purpose of proper and timely performance of activities related to the protection of personal data pursuant to the Regulation and the Act on the protection of personal data. The data subject may contact the data protection officer with questions concerning the processing of his/her personal data by the company and the exercise of his/her rights.
At gdpr@sk.ecs-engineering.net we deal strictly with questions and consultations related to the applicable data protection legislation (GDPR).
Contact data of the data protection officer are:
Data protection officer at the controller:
Name: Ing. Michal Marák
Email :marak@sdcba.sk
Tel.: +421 907 813 338
Glossary
Personal data means data relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to a commonly used identifier, to another identifier such as a first name, surname, identification number, location data, or to an online identifier, or to one or more characteristics or attributes which constitute his or her physical, physiological, genetic, psychological, mental, economic, cultural or social identity.
Consent of the data subject means any serious and freely given, specific, informed and unambiguous indication of the data subject's wishes in the form of a statement or an unambiguous affirmative act by which the data subject consents to the processing of his or her personal data.
Genetic data means personal data relating to inherited genetic characteristics of a natural person or acquired genetic characteristics of a natural person which provide unique information about the physiology or health of that natural person and which result, in particular, from the analysis of a biological sample of that natural person.
Biometric data means personal data resulting from specific technical processing of personal data relating to the physical characteristics of a natural person, the physiological characteristics of a natural person or the behavioural characteristics of a natural person and which allow the unique identification or confirm the unique identification of that natural person, such as, in particular, facial images or dactyloscopic data.
Health data means personal data relating to the physical health or mental health of a natural person, including data about the provision of healthcare or healthcare-related services that reveals information about his or her health.
Processing of personal data means a processing operation or set of processing operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing of personal data means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal attributes or characteristics relating to a natural person, in particular to analyse or predict attributes or characteristics concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data could not be attributed to an identified or identifiable natural person.
Log means a record of a user's course of action in an automated information system.
Encryption means the transformation of personal data in such a way that reprocessing is only possible after a selected parameter, such as a key or password, has been entered.
Online identifier means an identifier provided by an application, tool or protocol, in particular an IP address, cookies, logins to online services, radio-frequency identification, which may leave traces that can be used, in particular in combination with unique identifiers or other information, to create a profile of the data subject and to identify him or her.
Filing system means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Data subject means any natural person whose personal data are processed.
Controller means any person which, alone or jointly with others, determines the purposes and means of the processing of personal data a processes personal data on his or her behalf; where the purposes and means of such processing are provided for in a special regulation or international treaty by which the Slovak Republic is bound, the controller or specific criteria for its nomination may be provided for in that regulation or treaty.
Processor means any person which processes personal data on behalf of the controller.
Recipient means any person, to which the personal data are disclosed, whether a third party or not; a public authority, which processes personal data by virtue of a special regulation or international treaty by which the Slovak Republic is bound in accordance with the rules on personal data protection relating to the given purpose of processing of personal data, shall not be regarded as the recipient.
Third party means any person other than the data subject, controller, processor or another natural person, who, under the authority of the controller or processor, processes personal data.
Data protection officer means a person designated by the controller or processor to carry out tasks under the law.
Controller:
ECS Slovensko, s r.o.
Ing. Michal Marák - statutory body – CEO