top of page

IV. Information for Data Subjects – Exercise of Rights under the GDPR Regulation

Exercise and processing of data subjects' rights under the GDPR Regulation and Act No. 18/2018 Coll.

 

Purpose of personal data processing: Personal data are processed for the purpose of processing requests by which data subjects exercise their rights under the GDPR and the Act on Personal Data Protection:

  • Exercised rights of the data subject and maintaining related records.

  • Processing of the exercised rights of data subjects, maintaining related records.

Data subjects or category of data subjects: A natural person who submitted a request or exercised their rights as a data subject.

Category of personal data: Ordinary personal data necessary for the fulfillment of statutory obligations.

List or scope of personal data:

  • Title,

  • First name, last name,

  • Address,

  • Signature,

  • E-mail address,

  • Other personal data relating to the exercised right of the data subject (stated in the request or submission).

Legal basis for personal data processing: Lawfulness of personal data processing: The processing of personal data is necessary for the fulfillment of a statutory obligation of the controller according to Article 6 (1) (c) of the GDPR.

Statutory obligation of personal data processing:

  • Act No. 18/2018 Coll. on Personal Data Protection,

  • Regulation (EU) 2016/679 (GDPR).

Recipients or categories of recipients to whom personal data will be provided: Personal data processed for the purposes of exercising and processing the rights of data subjects are not provided to any other recipients or processors. Personal data are processed exclusively by the Controller to the extent necessary to fulfill statutory obligations under the GDPR Regulation and Act No. 18/2018 Coll. on Personal Data Protection.

Other authorized entity: Data may be made available to authorized entities according to the law, e.g.:

  • control and supervisory authorities (e.g., Office for Personal Data Protection),

  • courts and law enforcement agencies,

  • Slovak Trade Inspection,

  • other legally authorized state authorities (e.g., tax authorities).

  • To other controllers to the extent required by the GDPR (e.g., when notifying of rectification or erasure of data).

Transfer to third countries: Personal data are not provided to third countries.

Transfer to international organizations: Personal data are not provided to international organizations.

Disclosure of personal data: The Controller does not disclose personal data.

Legitimate interest of the controller (according to Art. 6 (1) (f) of the GDPR): The Controller does not process personal data based on a legitimate interest according to Art. 6 (1) (f) of the GDPR.

Retention period / criterion for its determination:

  • 5 years from the day of exercising the rights.

  • 5 years from the day of processing the exercised rights.

Instruction on the form of the requirement for the provision of personal data from data subjects: The provision of personal data is a statutory requirement. If the data subject does not provide the necessary data to verify their identity, the controller cannot process their request.

Source of personal data: Data are obtained directly from the data subject.

Information on the existence of automated individual decision-making including profiling: The Controller declares that based on the obtained personal data, no automated individual decision-making including profiling according to Art. 22 of the GDPR occurs.

bottom of page