Personal data protection policy

CBS spol, s.r.o. Kynceľová 54, 974 01 Kynceľová, Slovak republic

The company CBS s.r.o. (hereinafter referred to as the “Operator”) in accordance with Regulation 2016/679 GDPR on the protection of natural persons in the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”) and Act No. 18/2018 Coll. on the protection of personal data and on the amendment and supplementation of certain laws (hereinafter referred to as “the law”) has developed security measures that are regularly updated. They define the scope and method of security measures necessary to eliminate and minimize threats and risks acting on the information system in order to ensure:

availability, integrity and reliability of management systems using the most modern information technologies
protect personal data from loss, damage, theft, modification, destruction and maintain their confidentiality
identify and prevent potential problems and sources of disruption.

Contact to authorized person: Mgr. Monika Vrbicka – gdpr@cbs.sk

Personal data protection policy

Your personal data will be stored securely, in accordance with the security policy of the operator and only for the time necessary to fulfill the purpose of processing. Only persons authorized by the operator to process personal data will have access to your personal data, who process them based on the operator’s instructions, in accordance with the operator’s security policy. Your personal data will be backed up in accordance with the operator’s retention rules. Your personal data will be completely deleted from the backup storage as soon as possible in accordance with the backup rules. Personal data stored on backup storages serves to prevent security incidents, in particular disruption of data availability as a result of a security incident.

Definitions

“personal data” is any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier, or by reference to one or more elements that are specific to the physical, physiological, genetic, mental , economic, cultural or social identity of this natural person

“processing” is an operation or set of operations on personal data or sets of personal data, such as obtaining, recording, arranging, structuring, storing, processing or changing, searching, browsing, using, providing by transmission, dissemination or otherwise making available, rearranging or combining; restriction, erasure or disposal, whether by automated or non-automated means

“restriction of processing” is the designation of stored personal data with the aim of limiting their processing in the future;

“profiling” is any form of automated processing of personal data, which consists of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects of the natural person concerned related to performance at work, financial conditions, health, personal preferences, interests , reliability, behavior, position or movement;

“information system” is any organized collection of personal data that is accessible according to specified criteria, regardless of whether the system is centralized, decentralized or distributed on a functional or geographical basis;

“operator” is a natural or legal person, public authority, agency or other entity that alone or jointly with others determines the purposes and means of personal data processing; in the event that the purposes and means of this processing are determined in the law of the Union or in the law of a Member State, the operator or specific criteria for its determination may be determined in the law of the Union or in the law of a Member State;

“intermediary” is a natural or legal person, public authority, agency or other entity that processes personal data on behalf of the operator;

“recipient” is a natural or legal person, public authority, agency or other entity to which personal data is provided, regardless of whether it is a third party. However, public authorities that may receive personal data as part of a specific investigation in accordance with Union law or the law of a Member State are not considered recipients; the processing of said data by said public authorities is carried out in accordance with applicable data protection rules, depending on the purposes of processing;

“third party” is a natural or legal person, public authority, agency or entity other than the data subject, operator, intermediary and persons who, on the basis of the direct authorization of the operator or intermediary, are entrusted with the processing of personal data;

“consent of the person concerned” is any freely given, specific, informed and unambiguous expression of the will of the person concerned, by which he expresses his consent to the processing of personal data concerning him in the form of a statement or a clear confirming act;
“personal data breach” is a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data that is transmitted, stored or otherwise processed;

“supervisory body” is an independent body of public authority established by a Member State pursuant to Article;

Legal basis for processing your personal data:

Your personal data will be processed on the basis of special legal regulations and purposes set by the operator. These are listed individually in the Information on purposes of processing.

The provision of personal data is a legal requirement in order to fulfill the obligations of the Operator as an employer according to special legal regulations, and therefore it will not be possible to fulfill the legal obligation without providing this personal data.

Provision of your data outside the European Union:

Personal data is not transferred to a third country or international organization.

Use of your data used for automated individual decision-making:

Personal data will not be used for automated individual decision-making, including profiling.

Period of retention of your personal data:

The storage of personal data that we process about you is subject to Act No. 395/2002 Coll. on archives and registries in connection with the Registry Plan of the Operator.
For more detailed information on the purposes of processing your personal data, legal bases and storage period, please contact the authorized person.
We keep the personal data that we process about you on the basis of the “Consent” granted for the period for which you gave us your consent.

What are your rights?

Withdraw consent – in cases where we process your personal data based on your consent, you have the right to withdraw this consent at any time. You can withdraw your consent electronically, at the address of the responsible person, in writing, by sending a notice of withdrawal of consent or in person at the office. Withdrawal of consent does not affect the legality of the processing of personal data that we processed about you on the basis of it.

Right of access – you have the right to be provided with a copy of the personal data we hold about you, as well as information about how we use your personal data. In most cases, your personal data will be provided to you in written document form, unless you request another way of providing them. If you have requested the provision of this information by electronic means, it will be provided to you electronically if it is technically possible.

Right to rectification – we take reasonable measures to ensure the accuracy, completeness and timeliness of the information we have about you. If you believe that the data we hold is inaccurate, incomplete or out of date, please do not hesitate to ask us to correct, update or supplement this information.

Right to deletion (to be forgotten) – you have the right to ask us to delete your personal data, for example, if the personal data we have obtained about you is no longer necessary to fulfill the original purpose of processing.

However, your right must be assessed in light of all the relevant circumstances. For example, we may have certain legal and regulatory obligations which mean that we will not be able to comply with your request.

Right to restriction of processing – under certain circumstances, you are entitled to ask us to stop using your personal data. These are, for example, cases when you think that the personal data we have about you may be inaccurate or when you think that we no longer need to use your personal data.

The right to data portability – in certain circumstances, you have the right to ask us to transfer the personal data you have provided to us to another third party of your choice. However, the right to portability only applies to personal data that we have obtained from you on the basis of consent or on the basis of a contract to which you are a party.

Right to object – you have the right to object to data processing based on our legitimate legitimate interests. In the event that we do not have a compelling legitimate reason for processing and you file an objection, we will not process your personal data further.

The right to submit a proposal to initiate proceedings on the protection of personal data – if you believe that your personal data is processed unfairly or illegally, you can file a complaint with the supervisory authority, which is the Personal Data Protection Office of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27; tel. number: +421 /2/ 3231 3214; e-mail: statny.dozor@pdp.gov.sk, https://dataprotection.gov.sk. In the case of submission of the proposal in electronic form, it is necessary that it fulfills the requirements according to § 19 par. 1 of Act no. 71/1967 Coll. on administrative procedure (correct order).

Place this virtual tour on your website:

Pin It on Pinterest