Privacy and Cookies Policy
This notice on the processing of personal data (hereinafter referred to as the "Notice") has been prepared by KODYS SLOVENSKO, s.r.o., with its registered office at Sliačska 2, 831 02 Bratislava, ID No.: 31 387 454, registered in the Commercial Register of the District Court Bratislava I, Section Sro, Insert No.: 8247/B (hereinafter referred to as the "Company") for the purpose of providing concise, transparent, comprehensible and easily accessible information regarding the processing of your personal data.
1. General introduction
This Notice is prepared in accordance with Articles 13 and 14 of the GDPR, Sections 19 and 20 of the Act and other generally applicable laws.
As the Company is the controller that processes your personal data, it takes the liberty of providing you with all necessary information regarding this processing.
The Company is also the operator of the website https://www.kodys.sk, on which it uses cookies. Some cookies may, among other functions, collect your personal data. In such cases, the Company is also the controller within the meaning of Article 4(7) of the GDPR or Section 5(o) of the Act. More information about cookies is available here.
At the same time, in connection with the processing of your personal data, the Company has designed and implemented standard and specific data protection measures, including appropriate technical and organisational measures, to ensure a high level of security for your personal data. If you have any questions in connection with this Notice or the processing of your personal data or in connection with the exercise of your rights under the GDPR and the Act, you may contact the Company at any time:
(a) by mail to KODYS SLOVENSKO, s.r.o., Sliačska 2, 831 02 Bratislava;
b) by e-mail to the following e-mail address: info@kodys.sk;
c) by telephone: +421 2 4342 3844.
2. Definitions of terms used
In accordance with the principle of transparency and clarity, the Company uses the following terms for the purposes of providing information in this Announcement:
- You are the data subject if the Company processes your personal data in the manner described in this Notice;
- GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation);
- Portal means the web portal https://www.kodys.sk, including all subdomains, subpages and components;
- Act is Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments and Additions to Certain Acts, as amended;
3. Information on the processing of personal data
The Company provides below an overview of the individual processing activities, as well as the personal data processed, the purpose of processing, the legal basis for processing, the retention period and other information.
|
Personal data processed |
Purpose of processing of personal data |
Legal basis for processing personal data |
Retention period of personal data |
Legal or contractual requirement and possible consequences of not providing personal data |
|
Personal data necessary to ensure mutual communication, inparticular name, surname, e-mail, telephone contact and content of communication. Such communication may take place online (email, contact form, etc.) or by postal mail. |
Ensuring communication (sending, receiving and recording of physical and electronic mail) between the Company and the Data Subject. |
Legitimate interest of the Company. The Company'slegitimate interest is to ensure effective and seamless communication with the Data Subject. |
For a period of 3 years from the last electronic communication between the Company and the Data Subject. For a period of 10 years from the date of receipt or dispatch of physical mail. |
Voluntary Disclosure. The Data Subject may exercise with the Company his/her right to object to the processing of personal data in accordance with Article 21 of the GDPR and Section 27 of the Act. |
|
Personal data necessary for the maintenance of a list of subjects (black list) with whom the Company does not wish to enter into a contractual relationship, inparticular first and last name and surname. |
Maintaining a list of entities (black list) with which the Company does not wish to enter into a contractual relationship |
Legitimate interest of the Company. The Company'slegitimate interest is to protect its business against entities that have breached their contractual obligations and with which the Company does not wish to enter into a further contractual relationship. |
For a period of 10 years from the date of inclusion of the entity on the list of entities (black list) with which the Company does not want to enter into a contractual relationship. |
The Company processes personal data on the basis of legitimate interests on the grounds that it has carried out a purpose compatibility test, whereby the original purpose for which it processed the personal data is compatible with that purpose. |
|
Personal data contained in documentation which forms part of the register, in particular title, first name, surname, signature, residence, e-mail address, telephone number and other data pursuant to a special regulation. |
Management of the register. |
Legal obligation of the Company. The Company fulfils its legal obligations under Act No. 395/2002 Coll. on Archives and Registers and on the Amendment of Certain Acts, as amended, and Decree No. 410/2015 Coll. on the Details of the Execution of the Administration of the Registers of Public Authorities and on the Creation of Files, as amended. |
For a period of 10 years from the date of inclusion of the document in the register. |
The provision of personal data is a legal requirement. Failure to provide personal data shall result in a breach of obligations under the legislation. |
|
Personal data necessary for the exercise and enforcement of the Company's rights, inparticular name, permanent or temporary residence address, date of birth and other personal data processed in the context of individual proceedings.
These rights may be exercised by the Company both judicially and extra-judicially. |
Exercise of the Company's claims through courts, arbitration tribunals, bailiff's offices, law firms, notary offices, etc. |
Legal obligation of the Company. The legal obligation consists in the identification of the Affected Person and the Company's claim in the exercise and enforcement of rights. This obligation arises in particular from Act No. 160/2015 Coll., Act No. 233/1995 Coll., Act No. 40/1964 Coll., Act No. 513/1991 Coll., Act No. 301/2005 Coll., Act No. 7/2005 Coll. and related legislation. Legitimate interest of the Company.
If there is no legal obligation to process the Data Subject's personal data, but such personal data is necessary for the exercise or enforcement of the Company's rights, the Company shall process the personal data on the basis of legitimate interest. The legitimate interest of the Company is the exercise and subsequent enforcement of rights. |
For the duration of the limitation or prescription period or for a period of 10 years from the final termination of the proceedings. |
The Company processes the Data Subject's personal data on the basis of its legal obligation. Failure to provide personal data results in the Company not being able to fulfil its legal obligations and therefore its rights to pursue claims are limited.
The Company processes personal data on the basis of legitimate interests on the grounds that it has carried out a purpose compatibility test, whereby the original purpose for which it processed the personal data is compatible with the purpose for which it is exercising claims. |
|
Personal data necessary for entering into a contractual relationship, ensuring communication between the parties and the proper performance of contractual obligations, in particular name, surname, email, telephone contact, job title and signature.
The Company processes the personal data of the Data Subject who acts as a representative or contact person of the other party (e.g. statutory body, member of the statutory body, proxy, attorney, contact person, etc.). |
Entering into the contractual relationship, ensuring communication between the parties and the proper performance of contractual obligations. |
Legitimate interest of the Company. Thelegitimate interest of the Company is to enter into the contractual relationship, to ensure the fulfilment of its contractual obligations under the contractual relationship in question and to ensure communication between the parties. |
For the duration of the limitation or prescription period applicable to the Company's claims arising out of the contractual relationship. |
Voluntary disclosure of data. The data subject may exercise with the Company his or her right to object to the processing of personal data in accordance with Article 21 of the GDPR and Section 27 of the Act. In the event that the Data Subject's employer discloses the Data Subject's personal data in the context of a contractual relationship, Section 78(3) of the Act shall apply, pursuant to which the employer may provide such data. |
|
Personal data necessary for contacting the other contracting party, which is the Data Subject, inparticular name, surname, email, telephone contact and signature. |
Entering into a contractual relationship, ensuring communication between the parties and the proper performance of contractual obligations. |
Pre-contractual negotiation and contractual obligation of the Company. Contractual obligation arising from the Contract concluded with the Concerned Party. |
For the duration of the limitation or prescription period applicable to the Company's claims arising from the contractual relationship. |
The provision of personal data is a contractual requirement. Failure to provide personal data shall result in the Company being unable to enter into a contractual relationship with the Data Subject. |
|
Personal data necessary for sending the newsletter, in particular e-mail, first and last name. |
Sending general advertising notices about the Company's activities, products and services to Data Subjects who have requested it. |
Consent of the Data Subject to the processing of his/her personal data. Consent may be withdrawn at any time. |
For a period of 3 years from the date of consent or until the consent to the processing of personal data is withdrawn . |
Voluntary provision of data. Failure to give consent will result in commercial offers about products and services not being sent. |
|
Personal data necessary for sending the newsletter, in particular e-mail, first and last name. |
Sending promotional communications about the Company's products and services to Data Subjects with whom the Company has a previous business relationship. |
Legitimate interest of the Company. The Company'slegitimate interest is to promote the Company's goods and services. |
For a period of 3 years from the conclusion of the last business relationship. |
Voluntary disclosure of data. The data subject may cancel the receipt of newsletters at any time. The Company processes personal data for this purpose on the basis of a statutory exemption pursuant to Section 116(15) of Act No. 452/2021 Coll. on Electronic Communications, as amended. |
|
Personal data necessary for the exercise of the rights of the Data Subject, inparticular name, surname, email, telephone contact, the personal data in question, the right exercised and other information. |
Exercise of the rights of Data Subjects by means of a request. |
The Company'slegal obligation . The legal obligation is to enable the Data Subject to exercise his or her rights by means of a request and to deal with the request subsequently. |
For a period of 5 years following the year in which the Data Subject's request is dealt with. |
The Company processes the Data Subject's personal data on the basis of its legal obligation. Failure to provide personal data results in the Company being unable to fulfil its legal obligations and therefore unable to process the Data Subject's request. |
|
Personal data necessary for the storage of information about unsuccessful job applicants or potential job applicants, in particular name, surname, e-mail, telephone contact, date of birth, permanent home address and other personal data included in the CV. |
Storage of personal data of unsuccessful job applicants or potential job applicants for the purpose of contacting them in the future in the event of a new job position. |
Consent of the Data Subject to the processing of his/her personal data. Consent may be withdrawn at any time. |
For a period of 3 years from the date of consent or until the consent to the processing of personal data is withdrawn . |
Voluntary provision of data. Failure to provide consent will result in the Company automatically deleting the personal data of job applicants or not retaining the personal data of potential job applicants. |
|
Personal data necessary for the selection process of the employee, in particular name, surname, e-mail, telephone contact, date of birth, permanent address and other personal data provided in the CV. |
Communication with applicants for employment with the Company and selection of successful and unsuccessful job applicants. |
Pre-contractual negotiations and the Company's contractual obligation . Pre-contract negotiation is the selection process of a job applicant. |
For the duration of the selection process or until the conclusion of the employment contract or agreement for work performed outside the employment relationship. |
The provision of personal data is a contractual requirement. Failure to provide personal data will result in the jobseeker not being able to participate in the selection process. |
|
Personal data necessary for accounting and tax purposes, in particular name, surname, email and telephone contact details and other data on the invoice. |
Maintaining the accounting and tax agenda. |
The Company's legal obligation . The Company fulfils its legal obligations arising in particular from Act No. 431/2002 Coll., Act No. 222/2004 Coll., Act No. 40/1964 Coll., Act No. 311/2001 Coll., Act No. 595/2003 Coll., Act No. 582/2004 Coll., Act No. 283/2002 Coll. and Act No. 563/2009 Coll. |
For a period of 10 years following the year in which the personal data were first processed. |
The provision of personal data is a legal requirement. Failure to provide personal data shall result in a breach of the legal obligations. |
|
Personal data processed via cookies. More information is available here. |
More information is available here. |
4. Rights of Data Subjects
In connection with the processing of personal data, you, as a Data Subject, are entitled to the rights set out below, which you may exercise at any time by submitting a request to the Company. In such a case, the Company is obliged to provide the Data Subject with information on the measures taken on the basis of his/her request without undue delay and at the latest within 1 month. The Company may extend this period by a further 2 months, in which case it shall inform the Data Subject of any such extension within 1 month of receipt of the request, together with the reasons for the delay.
- Right of access (Article 15 of the GDPR or Article 21 of the Act)
The Data Subject shall have the right to obtain confirmation as to whether the Company is processing his or her personal data and, if so, to obtain access to such personal data. The data subject also has the right to be provided with all information within this Notice, and the Company will update this Notice periodically.
- Right to rectification (Art. 16 GDPR or Art. 22 of the Act)
The data subject has the right to rectification of the personal data processed by the Company about him or her without undue delay. The data subject also has the right to have incomplete personal data completed.
- Right to erasure/forgetting (Art. 17 GDPR or Art. 23 of the Act)
The data subject has the right to have the personal data processed by the Company about him or her erased without undue delay. However, the right to erasure is not absolute and it is necessary that at least one of the grounds within the meaning of Article 17(1) of the GDPR and Section 23(2) of the Act is fulfilled, or the Company is not obliged to erase such personal data in the cases referred to in Article 17(3) of the GDPR and Section 23(4) of the Act.
- Right to restriction of processing (Art. 18 GDPR or Art. 24 of the Act)
The data subject has the right to have the Company restrict the processing of his or her personal data under the conditions set out in Article 18 GDPR and Section 24 of the Act.
- Right to portability (Art. 20 GDPR or Art. 26 of the Act)
The data subject has the right to obtain the personal data he or she has provided to the Company in a structured, commonly used and machine-readable format and has the right to transfer such personal data to another controller if he or she has provided his or her personal data on the basis of consent and such personal data is processed by the Company by automated means.
- Right to object (Art. 21 GDPR or Art. 27 of the Act)
The data subject shall have the right to object to processing of personal data concerning him or her by the Company if such processing is carried out for the performance of a task carried out in the public interest or for legitimate purposes of the Company or third parties, including objecting to profiling based on these legal bases. The data subject shall also have the right to object to the processing of personal data about him or her by the Company for direct marketing purposes, including profiling.
- Right in relation to automated individual decision-making, including profiling (Art. 22 GDPR or Art. 28 of the Act)
The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and which has effects concerning him or her or similarly significantly affects him or her.
- Right to bring proceedings (Section 100 of the Act)
A data subject has the right to bring a data protection proceeding under Section 100 of the Act before a supervisory authority if he or she believes that the Company is processing his or her personal data in breach of the GDPR or the Act. The data subject may file a petition to initiate proceedings with the Office for Personal Data Protection of the Slovak Republic, located at Hraničná 12, 820 07 Bratislava. More information is available on the website of the Office for Personal Data Protection of the Slovak Republic.
- Right to withdraw consent (Article 7 of the GDPR or Article 14 of the Act)
If personal data are processed on the legal basis of the Data Subject's consent, the Data Subject has the right to withdraw his or her consent at any time without affecting the lawfulness of processing based on consent given before its withdrawal. You may withdraw your consent at any time by sending an email to: info@kodys.sk
5. Sources of collection of personal data
The Company primarily obtains personal data directly from Data Subjects. In some cases, however, Data Subjects do not directly interact with the Company, in which case the Company obtains personal data from other sources, which are:
- publicly available sources where the Data Subject's personal data is listed;
- another person who provides the Company with the Data Subject's personal data - in such case, the providing person shall be obliged to have the Data Subject's consent within the meaning of Section 78(6) of the Act;
6. Recipients of personal data
The Company may also disclose the personal data of Data Subjects to other natural or legal persons, public authorities or international organisations.
The Company shall ensure the highest possible level of protection of personal data in the case of provision of personal data of Data Subjects, and in the case of provision of personal data to its processors or joint controllers, the Company shall have a contractual relationship within the meaning of Article 26 or Article 28 of the GDPR, or Article 33 or Article 34 of the Act, as the case may be.
The Company provides personal data of Data Subjects to the following categories of recipients or public authorities:
- Controlling or controlled entities and other entities in the horizontal or vertical hierarchy of the Company's organizational structure;
- business partners;
- legal, tax, accounting, IT and other advisors;
- public authorities.
7. Retention period of personal data
In addition to the retention periods set out for individual personal data in paragraph 3 of this Notice, the Company may retain the personal data of Data Subjects for longer periods if it is necessary to retain the personal data for longer than the set period because of the Company's legitimate interests or because of a change in the Company's legal obligations.
8. Transfer of personal data to third countries or international organisations
The Company may transfer personal data of Data Subjects to other third countries or international organisations. In the event of any transfer of personal data to third countries or international organisations, the Company shall at all times undertake to ensure an adequate level of protection for the personal data of Data Subjects.
The Company does not transfer personal data to other third countries or international organisations.
9. Automated individual decision-making, including profiling
The Company does not use automated individual decision-making, including profiling, when processing the personal data of Data Subjects.