Personal Data Processing Policy and Data Protection System Under GDPR
The Controller (administrator) of your personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as GDPR) is: Sofoservices s. r. o., Lermontovova 3, 811 05 Bratislava – Old Town district, Company ID: 55 333 800
Controller Contact Information
- Email:info@sofoservis.sk
- Phone:+421 905 771 151
What is Personal Data?
Personal data means data relating to an identified natural person, or an identifiable natural person who can be identified directly or indirectly, in particular by reference to a generally applicable identifier, another identifier such as name, surname, identification number, location data, or an online identifier, or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
What is Personal Data Processing?
Processing of personal data means any processing operation or set of processing operations performed on personal data or sets of personal data, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, whether or not by automated means.
Note: The Controller is not required to appoint/designate a Data Protection Officer.
Sources and Categories of Personal Data
The Controller processes personal data (directly from you) that you have provided or personal data obtained on the basis of fulfilling your order.
Your identification and contact data and data necessary for the performance of the contract.
Legal Basis and Purpose of Processing
The legal basis for processing is:
- Your consent to the processing of personal data for the purposes of direct marketing pursuant to Article 6(1)(a) GDPR
- Performance of a contract between you and the Controller pursuant to Article 6(1)(b) GDPR
- Processing is necessary for compliance with a legal obligation to which the Controller is subject pursuant to Article 6(1)(c) GDPR
The purpose of personal data processing is:
Processing your order and exercising rights and obligations arising from the contractual relationship between you and the Controller. When placing an order, personal data necessary for successful order processing are required pursuant to Article 6(1)(b) of the Regulation (this includes subsequent payment, delivery of goods, services, handling of complaints, etc.); processing of customer personal data takes place without customer consent, as the legal basis for processing their personal data for the purpose of contract performance is the specific order between the customer and the Controller.
When operating a profile on social networks (Facebook, Instagram, YouTube, LinkedIn, Twitter, TikTok), our interest is to raise awareness of the Controller in the online environment and communicate with customers.
Social Networks
Personal data that you publish on our social media pages, such as comments, likes, videos, images, etc., are published through the social network platform. We do not subsequently process personal data for any other purpose. Social network operators have their own adopted rules, service infrastructure, and their own personal data protection provisions. We have no influence over the transfer and use of your data by social network operators. We recommend that you familiarize yourself with the privacy terms of the social network platform provider:
Right to object: The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them. Objections can be sent by email to the Controller's contact address info@sofoservis.sk
Privacy terms of social networks:
- Facebook: facebook.com/policy.php
- Instagram: help.instagram.com/519522125107875
- YouTube: youtube.com privacy
- TikTok: tiktok.com/legal/new-privacy-policy
- Twitter: twitter.com/en/privacy
- LinkedIn: linkedin.com/legal/privacy-policy
In certain processing operations, we act with social network operators as joint controllers within the meaning of Article 26(4) GDPR.
Automated decision-making: The Controller does not carry out automated individual decision-making within the meaning of Article 22 GDPR.
Data Retention Period
The Controller retains personal data:
- For the period necessary for the exercise of rights and obligations arising from the contractual relationship between you and the Controller and the enforcement of claims arising from these contractual relationships.
- Until consent to the processing of personal data for marketing purposes is revoked.
- After the expiration of the personal data retention period arising from Act No. 395/2002 Coll. on Archives and Registries, the Controller shall delete the personal data.
Recipients of Personal Data
Who is a recipient?
A recipient is anyone to whom personal data is provided, regardless of whether they are a third party. A public authority that processes personal data on the basis of a special regulation is not considered a recipient.
These are persons involved in the delivery of goods, services, and the execution of payments on the basis of a contract.
Important: The Controller does not provide, publish, or make personal data available to third countries.
Personal Data Security Conditions
- The Controller declares that it has adopted appropriate personnel, technical, and organizational measures to ensure the protection of personal data.
- The Controller has adopted technical measures to secure data storage and personal data storage in paper form.
- The Controller declares that only persons authorized by the Controller have access to personal data.
Your Rights
Under the conditions set out in the GDPR, you have:
- The right of access to your personal data pursuant to Article 15 GDPR
- The right to rectification of personal data pursuant to Article 16 GDPR
- The right to restriction of processing
- The right to erasure pursuant to Article 17 GDPR
- The right to data portability pursuant to Article 20 GDPR
- The right to object to processing pursuant to Article 21 GDPR
- The right to withdraw consent at any time
- The right to lodge a complaint with the Office for Personal Data Protection
Final Provisions
By submitting an order through the online order form, you confirm that you have been informed of the terms of personal data protection and that you accept them in their entirety.
The Controller is entitled to change these conditions. The new version of the personal data protection conditions will be published on their website or sent directly to your email address.
These conditions are effective from 01.01.2024