Dear clients,
these Terms of Privacy Protection provides you with detailed and understandable information about the processing of your personal data in the terms of our company pursuant to Art. 13 and 14 of the GDPR Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "GDPR"). These Terms of Privacy Protection applies to all persons concerned about whom we process personal data, including clients, employees, suppliers, contractual partners and persons located on our premises.
The controller that processes your personal data is
SlovTan Contract Tannery spol. s r.o., with registered seat: Priemyselná 1, 031 01 Liptovský Mikuláš, Slovenská republika, Comp. Reg. No.: 31 592 635, e-mail: gdpr@slovtan.sk.
We need to process personal data in order to provide our clients with proper services, products and customer support, to comply with our legal obligations and also to protect our legitimate interests.
Purpose of personal data processing | Legal basis |
---|---|
Contact data in connection with communication and the conclusion of contractual-obligatory relations | Art. 6 (1) (f) GDPR the processing of personal data is necessary for the purpose of the legitimate interests pursued by the controller |
Contractual and pre-contractual relations | Art. 6 (1) (b) GDPR the processing of personal data is necessary for the performance of the contract |
Processing of accounting documents | Art. 6 (1) (c) GDPR Act No. 431/2002 Coll. on Accounting, as amended, Act No. 222/2004 Coll. on Value Added Tax, as amended, Act no. 145/1995 Coll. on Administrative Charges, as amended, Act No. 40/1964 Coll., the Civil Code, as amended, Act No. 152/1994 Coll. on the Social Fund to amend Act No. 286/1992 Coll. on Income Taxes, as amended, Act no. 311/2001 Coll., the Labor Code, as amended, Act No. 55/2017 Coll. on Civil Service and on amendments to certain laws |
Complaints and damage reports | Art. 6 (1) (c) GDPR Act No. 250/2007 Coll. on Consumer Protection. Act No. 40/1964 Coll., the Civil Code |
Network security and security of information systems | the processing is necessary for the purposes of the legitimate interests pursued by the controller |
Registry administration including mail records | Act No. 395/2002 Coll. on Archives and Registries |
Processing and records of exercised rights of the data subjects | Chapter III of Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data |
Litigation, exercise of legal claims (in general, not only in court) and judicial powers | Act No. 160/2015 Coll. the Code of Civil Adversarial Procedure Act No. 160/2015 Coll. the Administrative Procedure Code Art. 9 (2) (c) of Regulation (GDPR), if personal data of a special category is necessary for the exercise of legal claims and judicial powers under Art. 9 of the Regulations (GDPR) |
Identification of a non-logged-in website user (cookies) | Art. 6 (1) (c) GDPR the data subject has given consent to the processing of his or her personal data for one or more specific purposes |
User login to online services – web customer zone | Art. 6 (1) (b) GDPR the processing of personal data is necessary for the performance of the contract |
Contact form on the website | Art. 6 (1) (f) GDPR the processing of personal data is necessary for the purpose of the legitimate interests pursued by the controller |
Protection of rights and property by camera system | Art. 6 (1) (f) GDPR the processing of personal data is necessary for the purpose of the legitimate interests pursued by the controller |
Keeping records of natural persons – high school students and university students who will participate in vocational training at the controller for a predetermined time | Art. 6 (1) (b) GDPR the processing of personal data is necessary for the performance of the contract Art. 6 (1) (f) GDPR the processing of personal data is necessary for the purpose of the legitimate interests pursued by the controller |
Ensuring occupational health and safety – organization of initial trainings, investigation, registration and record keeping of occupational accidents | Art. 6 (1) (b) GDPR the processing of personal data is necessary for the performance of the contract Art. 6 (1) (c) GDPR Act No. 124/2006 Coll. on Occupational Safety and Health and on amendments to certain acts as amended Act No. 355/2007 Coll. on the Protection, Support and Development of Public Health and on the amendment of certain acts as amended Art. 6 (1) (f) GDPR the processing of personal data is necessary for the purpose of the legitimate interests pursued by the controller |
Identification of a natural person during a one-time entry into the premises of the controller in order to ensure the protection of property, safety and health in the premises of the controller | Art. 6 (1) (f) GDPR the processing of personal data is necessary for the purpose of the legitimate interests pursued by the controller |
Investigation of complaints under Act No. 54/2019 on the Protection of Whistleblowers of Anti-social Activity | Art. 6 (1) (c) GDPR Act No. 54/2019 Coll. on the Protection of Whistleblowers of Anti-social Activity |
Promotion of the controller, publication of photos of organized events, activities with the intention of building a goodwill | Art. 6 (1) (c) GDPR the data subject has given consent to the processing of his or her personal data for one or more specific purposes Art. 6 (1) (f) GDPR the processing of personal data is necessary for the purpose of the legitimate interests pursued by the controller |
There is no cross-border transfer of personal data.
In order to improve the quality of the services we provide, we process your personal data automatically. Automated processing shall mean any processing of personal data that uses automatic information systems, such as IT applications, software, etc. We currently do not perform profiling.
Personal data are stored no more than for the time necessary to fulfil the purpose of processing. In general, the retention period results from legal regulations. If it does not follow from the legal regulations, the retention period for your personal data is always determined based on specific purposes through our internal regulations and our registry plan. If we process your personal data on the basis of the consent, once the consent is withdrawn, we are obliged to stop processing the personal data for the given purpose. However, this does not rule out that your personal data may continue to be processed on another legal basis, especially if it necessary to meet legal obligations. The general personal data retention periods for the purposes of personal data processing defined by us are as follows:
Purpose of personal data processing | Retention period or criteria for its determination |
---|---|
Contact data in connection with communication and the conclusion of contractual-obligatory relations | for 10 years |
Contractual and pre-contractual relations | the term specified in the contract |
Processing of accounting documents | for 10 years |
Complaints and damage reports | for 10 years |
Network security and security of information systems | for 1 year |
Registry administration including mail records | for 10 years |
Processing and records of exercised rights of the data subjects | for 5 years |
Litigation, exercise of legal claims (in general, not only in court) and judicial powers | for 10 years |
Identification of a non-logged-in website user (cookies) | for 5 years |
User login to online services – web customer zone | during the registration period |
Contact form on the website | for 5 years |
Protection of rights and property by camera system | for 72 hours |
Keeping records of natural persons – high school students and university students who will participate in vocational training at the controller for a predetermined time | for 10 years |
Ensuring occupational health and safety – organization of initial trainings, investigation, registration and record keeping of occupational accidents | for 10 years |
Identification of a natural person during a one-time entry into the premises of the controller in order to ensure the protection of property, safety and health in the premises of the controller | for 5 years |
Investigation of complaints under Act No. 54/2019 on the Protection of Whistleblowers of Anti-social Activity | for 5 years |
Promotion of the controller, publication of photos of organized events, activities with the intention of building a goodwill | for 10 years |
Where the legal basis for your personal data processing is the conclusion or fulfilment of a contractual relationship, personal data need to be provided for conclusion of the contract. Failure to provide personal data results in failure to conclude a contractual relationship. Where the legal basis for your personal data processing is our compliance with any legal obligation, your personal data need to be provided for legal purposes. Failure to provide personal data may result in failure to secure the completed task or to issue the decision you are requesting from us. Where the legal basis for your personal data processing is a legitimate interest and we use the legal basis for your personal data processing, you are obliged to tolerate this processing, but you have the right to object to it.
Where the legal basis for your personal data processing is
consent to the personal data processing, you are not obliged to provide your personal data. You are entitled to withdraw the given consent at any time. Failure to provide personal data should not have any negative and significant consequences for you, but the comfort of using some services and your information about news may be reduced.
It is our duty to protect your personal data in an appropriate manner and for this reason we pay due attention to their protection. We have implemented generally accepted technical and organizational standards for the purpose of maintaining the security of processed personal data, especially against their loss, misuse, unauthorized modification, destruction or other impact on the rights and freedoms of the data subjects.
Our website uses the so-called cookies in order to adapt its content and design
to your preferences. Cookies are understood as IT data, including but not limited to text files, stored by the user on the computer for the purpose of using the website. These text files make it possible to recognize the user's computer and display the website in a relevant way, adapting to the user's preferences. Cookies usually contain the name of the website from which they originate, the time of storage on the computer and the original number. Cookies are used to adapt the content of the website to the user's preferences and to optimize the use of the website. They are also used to prepare anonymous,
summary statistics that help us understand how the user can make the best use of the website, which enables the improvement of its structure and content except for user's personal data. We use two types of cookies: “session” and “persistent” cookies. Session cookies are temporary text files that remain on the user's computer until he/she logs out of the website or closes the web browser application. Persistent cookies are stored on the user's device for the time specified in the parameters of the cookie file or until the user deletes them. Personal data collected using cookies can only be collected to perform certain functions for the user. This data is encrypted in such a way that unauthorized persons cannot access it.
The web browser uses the option to store cookies on your computer by default. These settings can be changed so that the automatic management of cookies is blocked in the web browser settings or the user is informed each time cookies are sent to his/her computer. Detailed information about options and methods of using cookies are available in the application (web browser) settings. Restricting the use of cookies may
affect some functions on the website.