+421 32 2856 501
PRIVACY POLICY
KONŠTRUKTA – Industry, akciová spoločnosť
This Privacy Policy (hereinafter referred to as the "Policy") contains information about the processing of your personal data by the company KONŠTRUKTA – Industry, akciová spoločnosť, with registered seat K výstavisku 13, 912 50 Trenčín, ID No. :34 139 664, company registered in the business register of the District Court Trenčín, section: Sa, insert No. 121/R (hereinafter as „the Controller“).
Through this Policy, the Controller provides you with information on why your personal data are processed, how they are processed, how long they are stored by the Controller, what are your rights in relation to the processing of your personal data and other relevant information about the processing of your personal data.
The Controller processes your personal data in accordance with Regulation 2016/679 of the European Parliament and of the Council of the European Union on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "Regulation"), relevant Slovak legislation, in particular Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Acts (hereinafter referred to as the "Act") and other regulations on the protection of personal data (Regulation, the Act and other regulations on the protection of personal data, hereinafter collectively referred to as the "Personal Data Protection Regulations").
You can contact the controller in matters related to the processing and protection of personal data at: KONŠTRUKTA – Industry, akciová spoločnosť, K výstavisku 13, 912 50 Trenčín, Slovak Republic, via e-mail miscik@kotaind.sk or via phone No. +421 32 2856 509.
INFORMATION ON PROCESSING OPERATIONS (categories of personal data, purposes of processing, legal bases and retention periods)
The Controller processes your personal data exclusively in accordance with the principle of minimization, which means that the Controller does not require personal data that are not necessary for a specific and justified purpose of processing. The controller processes personal data only if there is a legal basis for their processing and they are processed in accordance with the principle of legality. The specific purposes, including the specified legal basis and the retention period for which the Controller processes your personal data, can be found in the table below.
| Purpose of processing | Keeping records of job seekers |
| Legal basis | Article 6(1)(a) of the Regulation - the processing of personal data is carried out on the basis of consent to the processing of personal data |
| Categories of personal data | Name, surname, e-mail, work experience data, other personal data specified in the CV and / or cover letter |
| Retention period | 1 year from the date of consent or until its withdrawal, whichever occurs first |
| Purpose of processing | Conducting the selection procedure (ensuring the selection of new staff) |
| Legal basis | Article 6(1)(b) of the Regulation - the processing of personal data is carried out in the performance of the contract and the implementation of pre-contractual relations |
| Categories of personal data | Name, surname, e-mail, work experience data, other personal data specified in the CV and / or cover letter |
| Retention period | During the selection procedure (i.e. no later than 90 days from the date of receipt of the CV and/or cover letter, if no employment relationship or similar employment relationship is established) |
| Purpose of processing | Processing of accounting documents |
| Legal basis | Article 6(1)(c) Regulations - the processing of personal data is carried out in compliance with legal obligations |
| Categories of personal data | Common personal data necessary for the fulfilment of legal obligations (name, surname, address of residence / place of business, address of service delivery, contact details - phone number, email address, bank details), other personal data necessary for the processing of accounting agenda |
| Retention period | 10 years following the year to which they relate |
| Purpose of processing | Registry administration, registration and handling of received and outgoing mail (including electronic communication with relevant institutions) |
| Legal basis | Article 6(1)(c) Regulations - the processing of personal data is carried out in compliance with legal obligations |
| Categories of personal data | Common personal data |
| Retention period | Post office - 5 years following the year to which they relate, other records forming the registry within the meaning of the relevant provisions of Act No. 395/2002 Coll. on archives and registries and on the amendment of certain acts, as amended |
| Purpose of processing | Conduct of judicial and administrative proceedings |
| Legal basis | Article 6(1)(c) Regulations - the processing of personal data is carried out in compliance with legal obligations |
| Categories of personal data | Common personal data necessary to comply with legal obligations |
| Retention period | For the time of the relevant proceedings and until the expiry of limitation periods (unless otherwise provided by applicable law) |
| Purpose of processing | Handling of asserted rights of data subjects |
| Legal basis | Article 6(1)(c) Regulations – the processing of personal data is carried out in compliance with legal obligations |
| Categories of personal data | Common personal data that form part of the data subject's request and are necessary for its processing in accordance with the relevant legislation |
| Retention period | Until the processing of the exercised rights in accordance with the relevant provisions of the Regulation (maximum 120 days) |
| Purpose of processing | Records of exercised rights of data subjects |
| Legal basis | Art. 6(1)(f) Regulation – the processing of personal data is carried out on the basis of the legitimate interest of the Controller, which is to record the exercised rights of the persons concerned in order to prove the fulfilment of obligations arising from legal regulations |
| Categories of personal data | Common personal data that form part of the data subject's request and are necessary for its processing in accordance with the relevant legislation |
| Retention period | 5 years following the date on which the right exercised or the request made by the data subject was dealt with |
| Purpose of processing | Preparation and maintenance of supplier-customer relations with business partners. As part of the agenda, contractual relations, invoices and orders, records of deliveries and collections of goods are kept |
| Legal basis | Article 6(1)(c) Regulations - the processing of personal data is carried out in compliance with legal obligations |
| Categories of personal data | Common personal data |
| Retention period | 10 years after the termination of the contractual relationship due to registration within the accounting agenda |
| Purpose of processing | Records of contact persons of employees, suppliers, customers and other business partners (their contact persons / representatives if business partners are legal entities) in contractual relations |
| Legal basis | Article 6(1)(f) The processing of personal data is carried out on the basis of the legitimate interest of the Controller, which consists in the necessity of records of contact persons of employees, representatives and contact persons of business partners in the position of legal entities for the needs of bookkeeping, ensuring internal control activities, fulfilment of contractual obligations towards legal entities and for the enforcement of legal and other claims arising from concluded contracts |
| Categories of personal data | Name, surname, title, identifier of affiliation to a legal entity (function or job position), contact details (phone number, e-mail address) |
| Retention period | During the duration of the contractual relationship with the legal entity and after its termination until the expiry of the relevant limitation periods and until the full settlement of contractual and other claims arising from the contractual relationship or until the termination of the status of a natural person as a representative or contact person of the partner - legal entity, if further processing of personal data after the termination of such status is not necessary for the specified purpose |
| Purpose of processing | Fulfilment of contractual obligations (based on contracts with customers, suppliers of goods and services, other business partners in the position of natural and legal persons) and implementation of pre-contractual relations |
| Legal basis | Article 6(1)(b) Regulations – the processing of personal data is carried out in the performance of the contract and the implementation of pre-contractual relations |
| Categories of personal data | Name, surname, business name, address of the place of business, ID, VAT ID, VAT number, contact details (tel. no., e-mail), bank details |
| Retention period | During the contractual relationship and after its termination, until the full settlement of contractual and other claims arising from the contractual relationship or until the expiry of the relevant limitation periods, whichever occurs first |
| Purpose of processing | Fulfilment of contractual obligations (based on contracts for the provision of practical training in the form of professional practice) and implementation of pre-contractual relations |
| Legal basis | Article 6(1)(b) Regulations – the processing of personal data is carried out in the performance of the contract and the implementation of pre-contractual relations |
| Categories of personal data | Name, surname of pupils in practical education, first name, surname of school representative and signature of school headteacher |
| Retention period | During the contractual relationship and after its termination, until the full settlement of contractual and other claims arising from the contractual relationship or until the expiry of the relevant limitation periods, whichever occurs first |
| Purpose of processing | Fulfilment of contractual obligations on the basis of concluded contracts on the lease of non-residential premises and implementation of pre-contractual relations |
| Legal basis | Article 6(1)(b) Regulations – the processing of personal data is carried out in the performance of the contract and the implementation of pre-contractual relations |
| Categories of personal data | Name, surname, business name, address of the place of business, IČO, VAT ID, VAT number, contact details (tel. no., e-mail), bank details |
| Retention period | During the contractual relationship and after its termination, until the full settlement of contractual and other claims arising from the contractual relationship or until the expiry of the relevant limitation periods, whichever occurs first |
| Purpose of processing | Fulfilment of contractual obligations (based on contracts with customers) and implementation of pre-contractual relations – registration form on the website of the Controller |
| Legal basis | Article 6(1)(b) Regulations – the processing of personal data is carried out in the performance of the contract and the implementation of pre-contractual relations |
| Categories of personal data | Username, email, company, phone number, country |
| Retention period | During the contractual relationship and after its termination, until the full settlement of contractual and other claims arising from the contractual relationship or until the expiry of the relevant limitation periods, whichever occurs first |
| Purpose of processing | Maintaining customer accounts (profiles) of registered visitors on the website and providing free services associated with this |
| Legal basis | Article 6(1)(b) Regulations – the processing of personal data is carried out in the performance of the contract and the implementation of pre-contractual relations |
| Categories of personal data | Name, surname, e-mail address (login name), password, telephone, company |
| Retention period | For the duration of the registration agreement in accordance with the relevant terms and conditions, but always no later than 18 months from the date of the last login to the registered account |
| Purpose of processing | Handling of complaints |
| Legal basis | Article 6(1)(c) Regulations - - the processing of personal data is carried out in compliance with legal obligations |
| Categories of personal data | Common personal data necessary to comply with legal obligations |
| Retention period | 4 years following the date of the complaint, in the case of natural persons - non-entrepreneurs 3 years following the date of the complaint |
| Purpose of processing | Responding to messages and handling queries / requests from messages delivered to the Controller through the published contact on the website, e-mail communication or by phone |
| Legal basis | Article 6(1)(f) Regulations - the processing of personal data is carried out on the basis of the legitimate interest of the Controller, which is to respond to received messages for the proper conduct of business communication, improving the quality of services provided and attracting new clientele. |
| Categories of personal data | Name, surname, e-mail, phone number, other data contained in the message |
| Retention period | 60 days from the date of receipt of the request or until the request is processed (fulfilment of the purpose), whichever occurs first |
| Purpose of processing | Making photo, video-audio recordings of the person concerned and publishing them on the websites of the Controller and on other communication channels and/or social networks of the Controller, including publication in brochures, presentations and noticeboards in the Controller's company |
| Legal basis | Article 6(1)(a) Regulation - the processing of personal data is carried out on the basis of consent to the processing of personal data |
| Categories of personal data | Photo, video-audio recordings (photo/video) |
| Retention period | 5 years from the date of consent or until its withdrawal, whichever occurs first |
| Purpose of processing | Measuring website traffic and targeting the Controller's advertising through the use of cookies |
| Legal basis | Article 6(1)(a) Regulations - the processing of personal data is carried out on the basis of consent to the processing of personal data |
| Categories of personal data | Common personal data - data about website activity and preferences in the online environment |
| Retention period | Up to 2 years following the year to which they relate |
| Purpose of processing | Protection of the property of the Controller, protection of health of persons located in the monitored premises, prevention of illegal activities in the monitored premises and their detection in case of their occurrence through monitoring of the specified areas of the Controller 's operation by a camera system |
| Legal basis | Art. 6(1)(f) Regulation – the processing of personal data is carried out on the basis of the legitimate interest of the Controller, which is to record the exercised rights of the persons concerned in order to prove the fulfilment of obligations arising from legal regulations |
| Categories of personal data | Images and expressions of a personal nature captured by CCTV |
| Retention period | 72 hours from the capture of the CCTV recording (except when the relevant part of the recording is cut and provided to the relevant law enforcement authorities or authorized to solve the offence) |
In order to ensure the protection of your personal data, the Controller has taken appropriate security measures, which are documented, both at the organizational and technical level.
To whom the Controller provides your personal data?
In certain cases, the Controller is obliged to provide your personal data to public authorities authorized to process your personal data, e.g. courts, law enforcement authorities as well as supervisory and supervisory authorities (e.g. the Office for Personal Data Protection in case of inspection) (third parties).
The Controller also provides your personal data to its processors, i.e. external entities that process your personal data on behalf of the Controller. Intermediaries process personal data on the basis of a contract concluded with the Controller, in which they undertake to take appropriate technical and security measures in order to safely process your personal data. The Controller's processors include:
- entity providing services in the field of work safety and fire protection,
- company providing accounting services,
- company providing hosting services (including mail hosting services),
- CCTV surveillance company.
TRANSFER to third countries and international organisations
The Controller does not transfer your personal data to third countries and/or international organizations.
The Controller does not use profiling when processing your personal data and does not process personal data in any form of automated individual decision-making that would evaluate your personal aspects.
What are your rights in relation to the processing of personal data?
In connection with the processing of your personal data, you have the following rights as the data subject:
| Right of access - as the data subject, you have the right to obtain from the Controller confirmation as to whether it processes your personal data and, if so, you have the right to access such personal data and information pursuant to Article 15 of the Regulation. The Controller will provide you with a copy of the personal data being processed. If you submit a request by electronic means, the Controller will provide you with the information in a commonly used electronic form, unless you request another method. |
Right to rectification - the Controller has taken appropriate measures to ensure the accuracy, completeness and timeliness of your personal data. As the data subject, you have the right to have the Controller correct your incorrect personal data or complete your incomplete personal data without undue delay. |
| RIGHT TO OBJECT You have the right to object to the processing of personal data, for example if the Controller processes your personal data on the basis of a legitimate interest or in processing in which profiling takes place. If you object to such processing of personal data, the Controller will no longer process your personal data unless it demonstrates compelling legitimate reasons for further processing of your personal data. |
|
| Right to erasure ("right to be forgotten") - You also have the right to obtain from the Controller the deletion of your personal data without undue delay if certain conditions are met, for example if personal data are no longer necessary for the purposes for which the Controller obtained or processed them. However, this right of yours must be assessed individually, as there may be a situation where other circumstances prevent the Controller from deleting personal data (for example, a legal obligation of the Controller). This means that in such a case, the Controller will not be able to comply with your request for deletion of personal data. | Right to data portability - Under certain circumstances, you have the right to transfer personal data to another controller you designate. However, the right to portability applies only to personal data that the Controller processes on the basis of the consent you have given to the Controller, on the basis of a contract to which you are one of the parties or if the Controller processes personal data by automated means. |
| RIGHT TO WITHDRAW CONSENT If the Controller processes your personal data on the basis of your consent, you have the right to withdraw your consent at any time in the same form as you gave it. The withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal of consent. |
|
| Right to restriction of processing - You also have the right to have the Controller restrict the processing of your personal data. This will be the case, for example, if you contest the accuracy of the personal data or if the processing is unlawful and you request the restriction of processing, or if the Controller no longer needs your personal data for processing purposes, but you need them for the establishment, exercise or defence of legal claims. The controller will restrict the processing of your personal data if you request it. | Right to file a complaint or suggestion - If you feel that your personal data are processed in violation of applicable law, you may contact the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, with its registered office Hraničná 12, 820 07 Bratislava 27; website: dataprotection.gov.sk, phone No.: 02 3231 3214; e-mail: statny.dozor@pdp.gov.sk |
You can exercise your rights listed in the table above at the contact addresses of the Controller listed at the beginning of this document.
The Controller will provide you with an answer to exercising your rights free of charge. In case of repeated, unjustified or excessive request to exercise your rights, the Controller is entitled to charge a reasonable fee for providing information. The Controller will provide you with an answer within 1 month from the day on which you exercised your rights. In certain cases, the Controller is entitled to extend this period, in case of a high number and complexity of requests from data subjects, but not more than 2 months. The Controller will always inform you about the extension of the period.
Validity
This Policy is valid and effective from the day of its publication on the website of the Controller. Due to the fact that an update of information on the processing of personal data contained in this Policy may be required in the future, the Controller is entitled to update this Policy at any time. In such a case, however, the Controller will inform you accordingly in advance.