Information on the processing of personal data
In connection with the provision of our services, we collect personal data of visitors to our website. We care that visitors have an overview of what personal data we use, what we do with it, to whom we share it, and also that they understand their rights through which they can exercise control over the processing of their personal data.
This document provides information on the conditions for the processing of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "GDPR") and Act No. 18/2018 Coll. on the protection of personal data and on amendments to certain laws.
1. Personal data controller
The company EIF, a.s., Galvaniho 15/C, 821 04 Bratislava, IČO: 54 047 951, registered in the Commercial Register of City Court Bratislava III, Section Sa, File No.: 7288/B (hereinafter referred to as the "EIF"), processes personal data of data subjects to the extent and under the conditions specified in this document and as the controller is responsible for their protection and processing. Unless otherwise provided by law, EIF is also responsible for the processing of personal data by the processors it has designated for this purpose.
2. Principles of personal data processing
Protecting personal data is not just about its security. We protect personal data and the rights of data subjects from the moment we propose the process of their collection and further use, including the introduction of measures to correct and update the data, the determination of storage conditions and destruction. We are aware of our responsibility and comply with the following principles under the GDPR:
Principle of lawfulness – processing of personal data lawfully, fairly and transparently in relation to the data subject.
Purpose limitation principle – personal data is collected for specified, explicit and legitimate purposes and may not be further processed in a way that is incompatible with those purposes.
Principle of data minimisation – the use of personal data is proportionate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
Principle of accuracy – personal data must be correct and, where necessary, updated. Incorrect personal data shall be erased or rectified without delay.
Principle of storage minimisation - storage in a form that allows the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Principle of integrity and confidentiality - processing in a way that guarantees adequate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, through appropriate technical or organisational measures.
3. Conditions for the processing of personal data
3.1 Categories of personal data
Depending on the specific purpose of the processing and the legal basis, we process the following categories of personal data:
- Identification data (name, surname);
- Contact details (phone number, email address);
- Message text.
3.2 Legal basis and purpose of use of personal data
In order to prepare a price offer, communicate about it or to settle complaints and other requests of data subjects, it is necessary to process the personal data referred to in point 3.1. We process personal data only to the extent necessary to fulfill a specific request of the data subject. The legal basis for such processing is Art. 6 (1) b) GDPR. Personal data obtained for the above purpose are not disclosed anywhere. The period of processing of personal data is defined by the period of negotiation of the conclusion of the contract, but not more than 1 year from the question asked, unless in a particular case there is a justified need to store the data for a longer period (e.g. conclusion of a contract, legitimate interest in asserting or proving legal claims), or if you give consent to further processing.
3.3 Source of personal data
We obtain personal data directly from data subjects in the form on our website.
3.4. Automated decision-making, profiling, cookies
Automated decision-making, profiling
The EIF does not carry out automated individual decision-making without human intervention, which would have legal effects or similarly significant impact on data subjects.
3.5 Transfer of personal data
The EIF does not transfer personal data to third countries (outside the EU/EEA).
4. Data recipients
We provide personal data of data subjects to processors whom we have authorized to process them on our behalf. These may be external companies managing our systems or other services ensuring the proper functioning of the company and the processing of personal data, e.g. IT service providers, printers, carriers and courier companies and other persons whose services we use in the performance of our activities.
We carefully select processors so that we can ensure legal requirements for the protection of personal data. We have concluded a contract with the above-mentioned processors on the processing of personal data and they are also bound to comply with strict rules for the protection of personal data, including compliance with confidentiality so as to comply with the highest possible standard of legal protection corresponding to the requirements of the applicable legislation in the Slovak Republic.
We also provide personal data of data subjects to state authorities and other entities within the scope of statutory obligations.
5. Rights of the data subject and their exercise
5.1 Rights of the data subject
Right to withdraw consent
The data subject has the right to withdraw consent to the processing of personal data at any time. Consent may be withdrawn electronically, in writing or in person at the company's registered office (see point 5.2). The withdrawal of consent does not affect the lawfulness of the processing of personal data that we have processed about the data subject on its basis.
Right of access to personal data
The data subject has the right to obtain from us confirmation as to whether we process personal data concerning him or her and, if so, has the right to obtain access to such personal data, information about the processing of personal data and a copy of such data. In most cases, we will provide personal data in written documentary form, unless the data subject requests another way of providing it. If it has requested this information by electronic means, we will provide it electronically if technically feasible.
Right to rectification
We take reasonable steps to ensure the accuracy, completeness and timeliness of the information we have about the data subject. If the data subject believes that the data in our possession is inaccurate, incomplete or outdated, the data subject may ask us to modify, update or supplement this information.
Right to erasure (right to be forgotten)
In some cases stipulated by law, the data subject has the right to ask us to delete the personal data we hold about the data subject, for example, if personal data that are no longer necessary to fulfil the original purpose of processing. However, any such request must be assessed in the light of all relevant circumstances. For example, as a controller, we may have certain legal and regulatory obligations or a legitimate interest (if it outweighs the interests of an authorized person) to retain personal data, which means that we will not be able to comply with the data subject's request.
Right to restriction of processing
The right to restriction of the processing of personal data means that if we do not resolve any disputed issues regarding the processing of your personal data, we must restrict the processing of your personal data so that we can only store the personal data of the data subject and not further process it.
Right to data portability
The data subject has the right to data portability, i.e. the right to receive the personal data he or she has provided to us in a structured, commonly used and machine-readable format, and has the right to transfer this data to another controller if the conditions set out in Article 20 of the GDPR are met. However, the right to portability applies only to personal data that we have obtained from the data subject on the basis of consent or on the basis of a contract to which the data subject is one of the parties.
The right to data portability does not include data created or derived by the controller on the basis of data provided by the data subject, such as the outcome of an assessment regarding the health of the user or a profile created in connection with risk management and financial regulations (e.g. credit score assignment or compliance with anti-money laundering rules). The right to data portability includes personal data relating to the activities of the data subject or resulting from the observation of the individual's behaviour, but does not include data resulting from the subsequent analysis of that behaviour.
Right to object and automated individual decision-making
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data which is carried out on the basis of a legitimate legitimate interest, including objecting to profiling.
The data subject shall have the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects concerning him or her or similarly significantly affects him or her.
Right to file a complaint or complaint with the Office for Personal Data Protection
The data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged breach, if he or she considers that the processing of personal data concerning him or her is in breach of the GDPR. For the territory of the Slovak Republic, the supervisory authority is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, tel.: +421 2 3231 3214, e-mail: firstname.lastname@example.org, https://dataprotection.gov.sk. In the case of filing an application in electronic form, it is necessary that it meets the requirements under § 19 par. 1 of Act No. 71/1967 Coll. on Administrative Procedure (Administrative Code).
5.2 Options for exercising rights
The rights of the data subject can be exercised in the following ways:
- by e-mail at: email@example.com,
- in person at: Galvaniho 15/C, 821 04 Bratislava,
- by postal mail sent to the address of the registered office of the company.
In order to accept an application for the exercise of rights, it is necessary to identify the applicant sufficiently and to specify the subject matter of the application in a comprehensible and clear manner. Otherwise, the application will be rejected.
We provide all notices and statements about your exercised rights free of charge. However, should the request be manifestly unfounded or disproportionate, in particular because it would be repeated, we are entitled to charge a reasonable fee taking into account the administrative costs associated with providing the requested information. In the event of a repeated request to provide copies of the processed personal data, we reserve the right to charge a reasonable fee for administrative costs for this reason.
6. Final provisions
This document is effective from Octobe 1st, 2021.