Procedure for processing personal data
This document describes the method and purpose of personal data processing by the company SOAS Inc., Kláry Jarunkovej 2, Banská Bystrica 974 01, the controller (hereinafter referred to as „SOAS Inc.“ or „controller“), and also provides any other information required by law, including information on rights of the person concerned and how to apply them.
Regulation (EU) 2016/679 on the protection of personal data (hereinafter „the Regulation“) constitutes legislation on the protection of individuals with regard to the processing of personal data and on the free movement of such data and protects fundamental rights and freedoms of individuals, in particular with regard to protection of personal data.
According to Article 4 (1) of the Regulation, the term „personal data“ means any information relating to an identified or identifiable natural person (hereinafter „data subject“).
„Processing“ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Article 4 (2) of the Regulation).
According to Article 12 and further Regulation, the data subject must also be provided with relevant information on the processing activities of the controller and on the rights of the data subject.
1. ON WHAT BASIS CAN WE PROCESS YOUR PERSONAL DATA?
Processing shall be lawful only if and to the extent that at least one of the following applies:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes,
- processing is necessary for compliance with a legal obligation to which the controller is subject; or that, at the request of the person concerned, measures be taken before the conclusion of the contract,
- processing is necessary to fulfill a legal obligation,
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
2. WHAT IS THE PURPOSE OF THE PROCESSING OF PERSONAL DATA, WHAT PERSONAL DATA DO WE PROCESS, HOW LONG DO WE KEEP YOUR PERSONAL DATA STORED?
Your personal data will be processed on the basis of special legal regulations and purposes, which are determined by the controller. These are listed individually in the INFORMATION ON PURPOSE OF PROCESSING.
The company as the controller processes your personal data in the following way / for the following purposes:
- ACCOUNTING AND BUSINESS AGENDA
- The purpose is to fulfill the legal obligations of the controller arising from special regulations (e.g. the Accounting Act, the Value Added Tax Act, the Income Tax Act).
- Legal basis (including their provision to third parties): legal obligation.
- Retention period: 10 years.
- BUSINESS COMMUNICATION
- The purpose of processing is the preparation and implementation of the business activities of the controller.
- Legal basis: The legitimate interest pursued by the controller in the right to conduct business in the scope of the objects of activity entered in the extract from the relevant register.
- Retention period: is conditional on the preparation and duration of the commercial relationship, as well as the expiry of the limitation period.
- PERSONNEL AND WAGE AGENDA
- The purpose of processing is the preparation and signing of an employment contract or agreement on work outside employment, records of documents on working capacity, wage payments, levies, fulfillment of obligations to state administration bodies, attendance records, training records, records of issued credentials and authorizations, records of assets or equipment, concluding agreements on material liability, records of issuing cash, providing employee benefits, records of damages caused by employees at the workplace or property of the controller (employer), catering, copying documents necessary for employment or similar relationship, as well as compliance with other legal requirements and contractual obligations.
- Legal basis: performance of a legal obligation, fulfillment of a contract, consent given or a legitimate interest
- Retention period: for the duration of the employment relationship or other similar relationship until the employee reaches the age of 70 (also a former employee).
- EMPLOYMENT APPLICATIONS
- The controller processes the personal data of job seekers for the purposes of their registration in the selection process to fill the vacancy of the controller, or records personal data of job seekers without the intention to fill a specific job position. In the event that the controller decides to sign an employment contract with one of the job seekers, or any of the agreements outside the employment relationship, the civil service contract, i.e. the applicant is successful, the personal data of this applicant will be further processed by the controller for the purpose of fulfilling the obligations arising from the signing of the employment relationship.
- Legal basis: in accordance with the provisions of Article 6 (4) of Regulation 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter „GDPR regulations“).
- Retention period: for a period of 2 years from the date of submitting of the CV and after this period the documents will be discarded.
- REGISTRATION ADMINISTRATION
- Administration of the registry, processing the agenda of whistleblowers of anti-social activities. The purpose of processing is the fulfillment of legal obligations and especially resulting from Act no. 395/2002 Coll. on the archives of registries on the amendment of certain laws as amended.
- Legal basis: fulfillment of a legal obligation.
- Retention period: is determined by specific regulations.
- CONSUMER COMPETITIONS
- The controller processes the personal data of the data subjects on the basis of the consent explicitly given by the data subject.
- Legal basis: the controller retains personal data processed with the consent of the data subject for no longer than the end of the consumer competition.
- The data subject has the right to freely withdraw his consent to the processing of personal data at any time. Withdrawal of consent shall not affect the lawfulness of the processing resulting from the consent prior to its withdrawal.
- SENDING MESSAGES FOR DIRECT MARKETING AND BACK CONTACTING PURPOSES
- The purpose of processing direct marketing is to offer you information about current news and products that may be relevant and interesting for you.
- Legal basis: the controller processes personal data with the consent of the data subject.
- Retention period: we will process your personal data for this purpose until you cancel your participation in the marketing list or opt out of receiving messages for direct marketing purposes (newsletter).
- RECORD OF THE RIGHTS OF THE PERSONS CONCERNED
- The purpose of processing as a legal basis is to fulfill the legal obligation of the Company.
- Retention period: 2 years from the date of processing the application of the person concerned
- The purpose of the processing as well as the legitimate interest is to prove, assert and defend the legal claims of the Company.
- Legal basis: legitimate interest of the controller in fulfilling legal claims
- Retention period: until the case is lawfully closed
3. WHO DOES THE COMPANY PROVIDE YOUR PERSONAL INFORMATION TO?
The Company provides your personal information to the following persons: state and public administration bodies, local governments, the Company’s website administrator, auditor, lawyer, information technology management and support companies, information service providers, in justified cases courts and law enforcement agencies, health insurance, supplementary pension savings banks, educational agencies, entity providing occupational health service, occupational health assessments and assessment of medical fitness, entity providing postal services.
4. PUBLICATION OF PERSONAL DATA
Personal data shall not be published.
5. AUTOMATED INDIVIDUAL DECISION-MAKING
Personal data will not be used for automated individual decision-making, including profiling.
6. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION
The transfer of personal data to a third country or international organization does not take place.
We would like to assure you that our employees and co-workers who will process your personal data are obliged to maintain the confidentiality of personal data. At the same time, this secrecy continues even after the end of their contractual relations with us.
8. PERSONAL DATA SECURITY
Your personal data is safe with us. We have put in place appropriate technical and organizational measures to prevent unauthorized access and misuse of your personal data. We care deeply about protecting your personal information. Therefore, not only do we regularly check their security, but we continuously improve their protection. We try to use security measures that provide sufficient security with regard to the current state of technology. The security measures taken are then regularly updated.
9. RIGHTS OF THE PERSON CONCERNED
Revoke consent – in cases where we process your personal data on the basis of your consent, you have the right to revoke this consent at any time. You can revoke the consent electronically, at the address of the responsible person, in writing, by notice of revocation of consent or in person at the office. Withdrawal of consent does not affect the lawfulness of the processing of personal data that we have processed about you on the basis of it.
Right of access – you have the right to be provided with a copy of the personal data we have about you, as well as information about how we use your personal data. In most cases, your personal data will be provided to you in writing, unless you require another method of providing it. If you have requested this information by electronic means, it will be provided to you electronically, if technically possible.
Right of rectification – we take reasonable steps to ensure the accuracy, completeness and timeliness of the information we have about you. If you believe that the information we hold is inaccurate, incomplete or out of date, please do not hesitate to ask us to modify, update or supplement this information.
Right of erasure (Right to forget) – you have the right to ask us to erase your personal data, for example if the personal data we have obtained about you is no longer necessary to fulfill the original purpose of processing. However, your right must be assessed in the light of all the relevant circumstances. For example, we may have certain legal and regulatory obligations, which means that we will not be able to comply with your request.
Right to restrict processing – in certain circumstances you are entitled to ask us to stop using your personal data. These are, for example, when you think that the personal information we hold about you may be inaccurate or when you think that we no longer need to use your personal information.
Right to data portability – in certain circumstances, you have the right to request us to transfer the personal data you have provided to us to another third party of your choice. However, the right to portability only applies to personal data that we have obtained from you with your consent or under a contract to which you are a party.
Right to object – you have the right to object to the processing of data which is based on our legitimate interests. If we do not have a compelling legitimate reason to process and you object, we will not process your personal data further.
The right to file a petition for personal data protection proceedings – if you believe that your personal data has been processed unfairly or illegally, you can file a complaint with the supervisory body, which is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27; tel. number: +421-2-3231 3214; email: email@example.com, https://dataprotection.gov.sk. In the case of filing a complaint in electronic form, it is necessary that it meets the requirements pursuant to the Section 19 (1) of Act No. 7181967 Coll. on administrative proceedings (administrative fee).
10. INFORMATION AND EXERCISE OF THE RIGHTS OF THE PERSON CONCERNED
In order to exercise your rights, you can contact the controller at any time as follows::
- Address: SOAS a.s.,Kláry Jarunkovej 2, Banská Bystrica 974 01
- E-mail: firstname.lastname@example.org
We will respond to your request free of charge within 30 days. In case of complexity or a large number of applications, we are entitled to extend this period by another 60 days. If this happens, we will inform you of the reasons.
In the event of a repeated request, we are entitled to charge a reasonable administrative fee to cover the costs associated with the provision of this service.