Xolution – GDPR

The Controller is the entity responsible for the processing of personal data. It takes the protection of your privacy rights and private personal data very seriously. It collects, processes, and uses your personal data in accordance with the content of this privacy statement as well as the relevant data protection regulations. With this privacy statement, the Controller would like to inform you about the extent to which it collects, processes, protects, and uses them.

Who is the Controller

Xolution s.r.o.
Registered office: Štefánikova 20, 040 01 Košice
ID No. (IČO): 36 205 338
E-mail: jan.bulik@xolution.sk
Responsible person: Ján Bulík

Processing of personal information

The Controller stores your personal data on protected servers within the European Union. These are protected by technical and organizational measures against loss, as well as against access, modification, or distribution of your data by unauthorized persons. Access to your data is only possible for a few instructed and authorized persons who have signed a confidentiality agreement. Despite regular checks, however, complete protection against all threats is not possible.

How do we obtain personal data about you?

We most often obtain your personal data directly from you. In such a case, the provision of personal data is voluntary. You can provide personal data to our company in various ways, e.g.:

by registering on our website (as a job seeker)
in the process of concluding a business or employment contract with our company
by an order
by a claim/complaint
through communication with you
by participating in events organized by our company
by participating in our company's activities on social networks
by submitting a contact form with your comments, queries, or questions
from publicly available sources and registers
by sending a curriculum vitae (C.V.)

Categories of processing operations

According to its needs, the Controller performs the following processing operations with your personal data:

copying, obtaining, collecting, disseminating, recording, pseudonymization, viewing, organizing, reworking or changing, searching, browsing, regrouping, combining, moving, using, storing, blocking, disposal, cross-border transfer, providing, making available or publishing, ... etc.

All of these are necessary to fulfill the legal requirements and internal needs of the Controller within its business activities.

Authorized persons

Our employees and workers may have access to your personal data strictly on a 'need-to-know' basis; i.e., only authorized employees of the specific department related to the processing of personal data may have authorized access, whereby this access is typically limited by the position, function, and job description of the specific employee. Every such employee is instructed and authorized.

Categories of personal data

Person
- First Name
- Last Name
Contact details
- Contact - private email
- Contact - work email
- Contact - private phone
- Contact - work phone
Addresses
- Residential address
- Temporary residence
- Place of birth
Dates related to the person
- Date of birth
- Year of birth
- Date of joining
- Date of termination of employment
- Date of death
Sensitive personal data
- Doctor's stamp
Other data on the person, events
- Number of dependent children
- Signature
- Marital status
- Nationality
- Time worked
- Consent
- Employment details
- CV
- References
Bank
- Bank account number
- IBAN
- SWIFT
Birth certificate
- Scan of birth certificate
- Personal identification number (rodné číslo)
Work card (First Name, Last Name, Date of Birth, Chip Number, Card Number)
- Employee identification number
Other documents, document numbers
- Old-age pension savings number
- Health insurance company number
- Supplementary pension savings number
Financial data
- Average monthly earnings
- Loan - income amount
- Amount of debts/loans
- Loan - purpose
- Amount of execution/garnishment
- Wage amount
- Payslip
- Hourly wage amount
- Insurance contribution amount
- Contribution amount
- Deduction amount
Employment and data related to work performance
- Employment contract
- Amendment to the employment contract
- Authorization of Authorized Persons
- Length of employment
- Reason for termination of employment
- Type of work
- Workplace, place of work performance
- Department
- Department abbreviation
- Job classification, Position
- Work experience
- Position competencies
- License plate number (EČV) of assigned/private vehicle
Contracts with business partners
- Supplier contracts
- Customer contracts
- Intermediary - business
- Intermediary - DPA
Audio-visual records: photos, audio-visual recordings
- Employee photograph: on the employer's website
- Employee photograph: from the employer's social event
- Employee photograph: workplace accident
- Client photograph: from the employer's social event
- Client photograph: reference
- Client photograph: workplace accident
- Video: from social events
- Video: from training sessions
- Video: workplace accident
- Audio: from social events
- Audio: voice recording (training, presentations, ...)
- Audio: workplace accident
Monitoring of Data Subjects: employees, visitors, ...
- Personal camera
Other data about family members
- Certificate of school attendance of a child
- Marriage certificate
- Dependent persons: date of birth
- Dependent persons: Husband/Wife
- Dependent persons: Partner registered at UPSVR
- Dependent persons: number of children
- Dependent persons: photograph
- Dependent persons: birth certificates of children
- Legal representative - address
- Legal representative - date of birth
- Legal representative - email contact
- Legal representative - first name
- Legal representative - last name
- Legal representative - telephone contact
- Data about family members
System data for IT
- Username
- Role (role, authorization)
- Social network profile username
- User identifier
- Provided access password to HW
- Provided access password to IS (Linux, Windows, ...)
- Provided access password to application
- IP address
- Records of access rights
Marketing
- Newsletter (data subjects with a legal relationship) - existing customer
- Newsletter (data subjects without a legal relationship) - new (potential) customer
- Social networks FB, Instagram, and LI
- Cookies
- References

Categories of recipients

Category of recipients (name of institution, company, freelancer)	Contact details (ID or address)	Responsible representative (first name, last name)	Purpose
D.S.Group s.r.o.		Katarína Sabolová	OHS (BOZP) instructor
D.S.Group s.r.o.		Katarína Sabolová	Fire Protection (PO) instructor
Webhouse.sk			Web hosting
Proekon s.r.o.	Albertina 2, 040 01 Košice	Marta Kollárová	Accounting and HR management
Freelancer (Živnostník)			Corporate website creation
Microsoft Office 365			Email

Categories of Data Subjects

job candidates sending CVs
candidates at interviews
new employees
permanent employees
spouses of employees, their dependent children, parents of dependent children of employees, close persons
employees on contract (Dohoda)
students
part-time workers (brigádnici)
customers
suppliers of goods and services
agency employees
website visitors
social network visitors
visitors to the Controller
Newsletter recipients

Purposes of personal data processing	Legal basis
Obtaining personal data of candidates/applicants for a specific job position	Pre-contractual and contractual relationship - Art. 6(1)(b) GDPR, Section 13(1)(b) of the Act
Storing PD of an unsuccessful candidate for later potential use	Consent of the data subject - Art. 6(1)(a) GDPR, Section 13(1)(a) of the Act
Fulfilling the employer's obligations related to labor relations and similar relations (contributions, payroll agenda, payslips, processing of accounting documents, taxes, registration with insurance companies, records of hours worked, sick leave, entry to the premises, access data to IS, providing employees' PD during legal employment inspection, OHS (BOZP), Fire Protection (PO) and GDPR training, ensuring catering for employees, labor file, Travel orders, Records of issuance of work tools, records of workplace accidents and alcohol consumption testing)	Art. 6(1)(b), (c), (f) and Art. 13 of the GDPR, Act No. 311/2001 Coll. Labor Code, Act No. 55/2017 Coll. on Civil Service, Act No. 552/2003 Coll. on Work in the Public Interest, Act No. 5/2004 Coll. on Employment Services, Act No. 553/2003 Coll. on Remuneration of Certain Employees for Work in the Public Interest, Act No. 595/2003 Coll. on Income Tax, mandatory initial and regular training: Act No. 124/2006 Coll. on Safety and Health Protection at Work, creation of a workplace accident report, Act No. 355/2007 Coll. on the Protection, Promotion and Development of Public Health and ensuring (preventive) medical check-ups, registration with the Social Insurance Agency according to Act No. 461/2003 Coll. on Social Insurance, Act No. 43/2004 Coll. on Old-age Pension Savings, Act No. 650/2004 Coll. on Supplementary Pension Savings, Act No. 580/2004 Coll. on Health Insurance amending Act No. 95/2002 Coll. on Insurance, Act No. 431/2002 Coll. on Accounting, Act No. 222/2004 Coll. on Value Added Tax, Income Tax Act No. 595/2003 Coll. No. 286/1992 Coll., Act No. 152/1994 Coll. on the Social Fund, Act No. 125/2006 Coll. on Labor Inspection as amended, Act No. 82/2005 Coll. on Illegal Work and Illegal Employment, Act No. 145/1995 Coll. on Administrative Fees as amended, Act No. 40/1964 Coll. Civil Code
Legal advice and representation	Art. 6(1)(b), (f), Art. 13 of the GDPR
Participation in enforcement proceedings	Fulfillment of legal obligation/special regulation - Art. 6(1)(c) GDPR, Section 13(1)(b) of the Act, Act No. 233/1995 Coll. on Court Enforcers and Enforcement Activities (Enforcement Procedure)
Investigation of criminal activity	Fulfillment of legal obligation/special regulation - Art. 6(1)(c) GDPR, Section 13(1)(b) of the Act, Art. 13 of the GDPR, Act No. 99/1963 Coll. Civil Procedure Code as amended, Act No. 301/2005 Coll. Code of Criminal Procedure as amended, Act on Whistleblowing
Erasure of personal data/fulfillment of rights and obligations arising from the contract and the law	Fulfillment of legal obligation/special regulation - Art. 6(1)(c) GDPR, Section 13(1)(b) of the Act, Art. 5(1)(e), Art. 17 of the Regulation, Section 10, Section 23 of the Act on PD Protection
Archiving personal data	Fulfillment of legal obligation/special regulation - Art. 6(1)(c) GDPR, Section 13(1)(b) of the Act, Act No. 395/2002 Coll. on Archives and Registries
Recording of requests from Data Subjects for access to information	Act No. 211/2000 Coll. on Free Access to Information and on amendments to certain laws (Freedom of Information Act)
Minutes on the exercise of the Data Subject's right	Fulfillment of legal obligation/special regulation - Art. 6(1)(c) GDPR, Section 13(1)(b) of the Act
Receiving orders	Pre-contractual and contractual relationship - Art. 6(1)(b) GDPR, Section 13(1)(b) of the Act
Complaint procedure (Claims)	Fulfillment of legal obligation/special regulation - Art. 6(1)(c) GDPR, Section 13(1)(b) of the Act
Concluding commercial contracts	Pre-contractual and contractual relationship - Art. 6(1)(b) GDPR, Section 13(1)(b) of the Act
Publishing an employee's photo on the Controller's website	Consent of the data subject - Art. 6(1)(a) GDPR, Section 13(1)(a) of the Act
Maintaining a list of suppliers	Legitimate interest - Art. 6(1)(f) GDPR, Section 13(1)(f) of the Act
Obtaining and maintaining a list of customer PD	Legitimate interest - Art. 6(1)(f) GDPR, Section 13(1)(f) of the Act
Postal services (corporate mail)	Legitimate interest - Art. 6(1)(f) GDPR, Section 13(1)(f) of the Act
Hotel accommodation reservation for business trips	Legitimate interest - Art. 6(1)(f) GDPR, Section 13(1)(f) of the Act
Transport reservation (flight tickets, car rental)	Legitimate interest - Art. 6(1)(f) GDPR, Section 13(1)(f) of the Act
Voluntary and statutory training in Slovakia	Legitimate interest - Art. 6(1)(f) GDPR, Section 13(1)(f) of the Act, fulfillment of legal obligation/special regulation - Art. 6(1)(c) GDPR, Section 13(1)(b) of the Act
Voluntary training abroad	Legitimate interest - Art. 6(1)(f) GDPR, Section 13(1)(f) of the Act
Consultations and services in the field of IT	Pre-contractual and contractual relationship - Art. 6(1)(b) GDPR, Section 13(1)(b) of the Act
Web hosting, email, administration	Pre-contractual and contractual relationship - Art. 6(1)(b) GDPR, Section 13(1)(b) of the Act
Cloud storage	Pre-contractual and contractual relationship - Art. 6(1)(b) GDPR, Section 13(1)(b) of the Act
Processing of cookies on the website	Fulfillment of legal obligation/special regulation - Art. 6(1)(c) GDPR, Section 13(1)(b) of the Act, Act No. 452/2021 Coll. - Act on Electronic Communications
External HR administration, external employee recruitment, temporary employment agency (ADZ)	Pre-contractual and contractual relationship - Art. 6(1)(b) GDPR, Section 13(1)(b) of the Act, Act No. 431/2002 Coll. on Accounting, Act No. 595/2003 Coll. on Income Tax
Marketing services	Pre-contractual and contractual relationship - Art. 6(1)(b) GDPR, Section 13(1)(b) of the Act
Authorization of an Authorized Person	Fulfillment of legal obligation/special regulation - Art. 6(1)(c) GDPR, Section 13(1)(b) of the Act
Newsletter (data subjects with a legal relationship) - existing customer	Legitimate interest - Art. 6(1)(f) GDPR, Section 13(1)(f) of the Act
Newsletter (data subjects without a legal relationship) - potential customer	Consent of the data subject - Art. 6(1)(a) GDPR, Section 13(1)(a) of the Act
Social networks FB, Instagram, and LI	Consent of the data subject - Art. 6(1)(a) GDPR, Section 13(1)(a) of the Act
Occupational health service	Fulfillment of legal obligation/special regulation - Art. 6(1)(c) GDPR, Section 13(1)(b) of the Act, Act No. 576/2004 Coll. - Act on Healthcare, Services Related to the Provision of Healthcare, Act No. 581/2004 Coll. - Act on Health Insurance Companies, Healthcare Supervision

Processors

The Controller is entitled, within the framework of data protection regulations, to partially or fully entrust external service providers who act for the Controller as Processors according to Article 4, point 8 of the General Data Protection Regulation (GDPR) with the processing of your personal data.
External service providers help us, for example, with the technical operation and support of websites and applications, data management, preparation and provision of services, marketing, and analysis of websites and applications. However, the Controller remains responsible for the protection of the transferred data. Service providers authorized by the Controller process your data exclusively according to our instructions. This is ensured by strict contractual arrangements, technical and organizational measures, and our additional checks. Our processors are:

Third parties

The transfer of your data to third parties (mostly the state sector) occurs when we are bound by law to do so, when the provision of data is necessary to perform our legal and contractual obligations, or if you have previously explicitly consented to the provision of your data.

Transfer abroad

The Controller undertakes to respect the GDPR regulation, which allows transfers not only to third countries but also to a territory or a specified sector in a third country or to an international organization provided that an adequacy decision has been granted to them (list).
In the event that there is no adequacy decision, the Controller (or processor) uses at least one of the security measures, which include, for example:

Explicit consent of the data subject
A legally binding and enforceable instrument stored by public authorities
Binding corporate rules
Standard data protection clauses adopted by the Commission in accordance with the examination procedure under the GDPR. Standard data protection clauses adopted by a supervisory authority and approved by the Commission in accordance with the examination procedure under the GDPR
An approved code of conduct together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects' rights.
An approved certification mechanism together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects' rights.

Monitoring (CCTV)

The Controller has used this option and monitors its premises with a camera system for a legal purpose and on a legal basis within the meaning of the GDPR regulation and internal guidelines. The proportionality test performed assessed the risks and intensity of interference with the rights and freedoms of the data subject as negligible.

Website

The Controller processes personal data on its websites on the basis of your consent (use of all non-technically necessary cookies; opt-out extensions - see below; communication via form or e-mail newsletter), as well as for the purposes of fulfilling its legal obligations and to guarantee a secure purchase (online store) in the legitimate interest.

When using our website for purely informative purposes, i.e., when you do not register or otherwise provide information, we only collect personal data sent by your browser. When visiting our website, we collect the following data, which are technically important for us to display the website to you and guarantee its stability and security: IP address and IP location, date and time of request, time zone difference from Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, each volume of data transferred, the website from which the request came, operating system and its interface, language and version of browser software, number, duration and time of start-ups, search engines and keywords you used, browser type, screen size and operating system. More about the use of cookies can be found below, in the 'Use of cookies' section.

Links to other websites

We also place links to other websites on our websites; this is for informational purposes only. We do not control these websites and therefore the provisions of this privacy statement do not apply to them. In case you trigger a link, the operator of that website may collect data about you, and these will be processed in accordance with its privacy statement, which may differ from our version.
Personal data, the transfer of which occurs from your browser only during informative use of our website and which the Controller collects ('log files'), are generally stored for a period of 3 months. Log files are stored in our systems for a longer period only for the purpose of investigating irregularities or in case of a security threat.
In general, the Controller stores your personal data only as long as it is necessary to fulfill the purpose for which they were obtained. In any case, the Controller stores your data for the duration of our contractual relationship. The Controller stores your personal data for a longer period for the purpose of fulfilling legal storage obligations (e.g., compliance with the 7-year archiving period according to the applicable provisions of tax laws and commercial law). If necessary, the Controller may also store your data until potential legal claims against the Controller are barred by statute; for some claims, the limitation period can be up to 30 years.
If there are no longer legitimate reasons for further storage of personal data, these data are deleted or anonymized.

Online store

To answer your questions, process your orders and assignments in the online store, we process the following personal data: first name, last name, title, e-mail address, password, date of birth, company name, contact person, registration number, VAT ID, phone number, fax number, delivery address and billing address, credit card data, account number. More about the use of cookies in the online store can be found below, in the 'Use of cookies' section.

Through the newsletter, the Controller informs about current topics, new developments, and offers. If a user wants to subscribe to the newsletter offered on the website, they need an e-mail address, as well as information that will allow verification whether the user is also the owner of the entered e-mail address, or whether the owner of the e-mail address also agrees to receive the newsletter. To subscribe to the newsletter, a valid e-mail address is required. When registering, the IP address and date of subscription are stored. This procedure increases security in the event that the e-mail address is misused by a third party and they subscribe to the newsletter without the knowledge of the authorized user. The Controller uses these data exclusively to send the requested information. To subscribe to the newsletter in the online store, both an e-mail address and first name, last name are required. After registration, the user receives an e-mail to confirm the subscription by clicking on a link ('double opt-in'). By ordering the newsletter, you agree that all provided data will be processed. You can cancel your consent to the storage of data, e-mail address, and its use for newsletter purposes at any time. You can cancel it by clicking on the link in the newsletter or by sending a message to the Controller.
However, if you are a client of the Controller and have a contractual relationship from the past, the Controller may not need your consent because it processes your personal data on the legal basis of Legitimate Interest. Even in this case, however, you can cancel the storage of your data, e-mail address, and its use for newsletter purposes at any time.

Contact form

The Controller stores the data you provided in the form for the purposes of processing the request and in case of further questions. Before submitting the form, you must express your consent to the electronic collection and processing of your data by an active action.

Use of cookies and applications by third-party providers

When using the website, 'cookies' are also stored in the visitor's access device. Cookies are small pieces of data that allow information related to the device to be stored on the access device (PC, smartphone, and others). On the one hand, they serve the user-friendly usability of websites and thus the user (e.g., storage of login data), and on the other hand, they serve the collection of statistical data when using the website and their analysis for the purpose of improving the offer. The user can influence the use of cookies. In most browsers, there is an option to limit the storage of cookies or prevent it completely. However, we point out that without cookies, the use and especially the comfort of use may be limited.
When using the online store, cookies are also stored on the visitor's computer so that it is possible to track movements in the online store, use the shopping cart, and allow recognition of visitors upon repeated visits to our website.
Our websites use the following types of cookies, the scope and functioning of which are explained in the following section:

Temporary cookies

Temporary cookies are automatically deleted after closing the browser. These include, in particular, session cookies. These store a so-called session ID, by which various requests from your browser can be assigned to a common session. Thanks to this, we can recognize your computer when you return to our websites. These session cookies are deleted when you log out or close the browser. In order to use the shopping cart and checkout in the online store, session cookies must also be enabled. If a customer generally does not want to or cannot accept cookies, there is an option to order goods also via e-mail, fax, or telephone.

Persistent cookies:

Persistent cookies are deleted automatically after a certain time, which may differ depending on the cookie. However, you yourself can delete cookies at any time in your browser settings. They contribute to user-friendliness (among other things, to displaying content appropriate for the location) and serve for website analysis (see 'Google Analytics'). In addition, embedded plug-ins (see below) use cookies to provide their services.
In principle, the following cookies are used on the websites:

Automated profiling

We do not process your personal data for the purpose of making decisions that are based solely on automated processing, including profiling, and produce legal effects concerning you (Art. 22 GDPR).

Profiling

We do not process your personal data with the aim of making decisions based on profiling your personality.

Your rights

Right to erasure (right 'to be forgotten', Article 17 GDPR)

The data subject also has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

Right to restriction of processing (Article 18 GDPR)

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to notification obligation regarding rectification or erasure of personal data or restriction of processing (Article 19 GDPR)

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.

Right to data portability (Article 20 GDPR)

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
the processing is carried out by automated means.
In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

Right to object (Article 21 GDPR)

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. If you believe that the processing of your personal data violates the relevant legal regulations, especially the Regulation, you can contact the Office for Personal Data Protection of the Slovak Republic with your complaint.

Limitation of Data Subject rights

According to the provisions of GDPR Article 17(3), it also establishes grounds for which the data subject's right to be forgotten may not be executed. The right to erasure of personal data shall not apply to the extent that processing is necessary:

for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defense of legal claims.
the processing of personal data is determined by a special regulation
the data subject has exercised its right to rectification or liquidation of its incorrect, incomplete or outdated personal data that are subject to processing
the data subject has exercised its right to liquidation of personal data whose processing purpose has ended and the requested camera recording violates the rights of other Data Subjects
the Data Subject does not have full legal capacity and its legal representative does not do so on its behalf
the Data Subject is deceased and a close person does not do so on its behalf (Section 116 of the Civil Code)

The Controller is obliged to notify in writing without undue delay the limitation of rights (non-compliance with the request) to the data subject, their representative or close person, as well as to the office.

How you can exercise your rights

You can exercise individual rights with the Controller through any communication channel that you consider most suitable for yourself. You will also be answered through the same communication channel, or you will agree on another in the minutes. All notifications and expressions regarding your exercised rights are provided free of charge. However, if the request were clearly unfounded or excessive, especially because it would be repeated, the Controller is entitled to charge a fee reflecting the administrative costs associated with providing the requested information in the amount of €50.

How long can I expect a response

The Controller will provide you with a statement and, if applicable, information about the measures taken as soon as possible, but no later than within 1 month. The Controller is entitled, in case of need and taking into account the complexity and number of requests, to extend the period by 1 month. The Controller will inform you about the extension of the period, including the reason.

Questions and complaints

If you have questions or concerns regarding the processing of your personal data, or if you wish to exercise any of the rights resulting from this notice, you can contact the Contact Person mentioned above.

In case of domestic transfer of personal data, you can also contact for questions and complaints:

Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov SR)
Hraničná 12
820 07, Bratislava 27
Slovak Republic
E-mail general: statny.dozor@pdp.gov.sk

In case of cross-border transfer of personal data, you can also contact the data protection authority in the state where the controller or processor has its main establishment in the EU for questions and complaints.