Thank you for visiting this page and your interest in msg life Slovakia s.r.o. Protecting your personal data is as important to us as providing the best possible comprehensive service to our customers.
Thank you for visiting this page and your interest in msg life Slovakia s.r.o. Protecting your personal data is as important to us as providing the best possible comprehensive service to our customers.
The owner of the domain www.msgtester.sk is msg life Slovakia s.r.o., a subsidiary of msg life central europe gmbh, which is owned by msg life ag (“msg life”). This privacy policy details what activities msg life performs during your visit to the site, what information msg life may collect under applicable data protection laws and in what format it processes it.
Your personal data is processed in accordance with the EU General Data Protection Regulation (“GDPR”), which also regulates your rights as a data subject, the provisions of the Data Protection Act that apply to us (in particular Sections 78 and 79), the Advocacy Act (Section 18) as well as other regulations.
We also provide your data to msg life pursuant to Article 6, paragraph 1, letter b of the GDPR, if the processing is necessary for the performance of a contract to which you, as the data subject, are a party. This also applies to data processing that must be carried out before the conclusion of a contract. The data provided to msg life complies with Act no. 18/2018 Coll. on data protection and also in accordance with the Federal Data Protection Act of the Federal Republic of Germany (“BDSG”) and the Slovak Republic (“SR”).
We will post any amendments to this privacy policy on this page to inform you about the data that msg life processes. Below are the main categories of privacy information.
according to Art. 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”) and § 19 and § 20 of Act No. 18/2018 Coll. on the protection of personal data and on amendment and supplementation of certain acts (hereinafter referred to as the “PDP Act”).
The purpose of this information is to provide you with information about what personal data we process, how we handle it, for what purposes we use it, to whom we may disclose it, where you can obtain information about your personal data and exercise your rights in relation to the processing of your personal data.
The controller processing your personal data is msg life Slovakia, s. r. o., Hraničná 18, 821 05 Bratislava, ID No.: 35800780 (hereinafter referred to as the “Controller”).
Contact details of the person responsible for the supervision of the processing of personal data: email: dpo3@proenergy.sk.
If you send us a message via the web contact form, we may process your personal data in order to handle your electronic correspondence. Depending on the subject matter and content of your message, the processing may be carried out in the context of the performance of a contractual relationship or pre-contractual relationship with you (providing information about our products/services, negotiating a contract, fulfilling a contract, handling complaints, etc.), the performance of a legal obligation (e.g. notification of antisocial activities, handling requests from data subjects, registry management), or in the context of a legitimate interest (e.g. handling complaints, keeping records of business partners, processing unexpected/unsolicited communications).
The purpose of processing personal data is:
processing of electronic correspondence received via the web contact form
Personal data is processed on the basis of:
(1) Art. 6 para. 1 lit. (c) GDPR: compliance with a legal obligation,
(2) Art. 6 para. 1 lit. (b) GDPR: contractual, pre-contractual relations with the data subject, (3) Art. 6 para. 1 lit. (f) GDPR: legitimate interest.
Data subjects about whom we process personal data:
natural persons – senders of electronic correspondence.
The scope of the personal data we process:
personal data – identification and contact e.g. title, name, surname, e-mail address, job offer, details in the note, attachments.
Category of beneficiaries | Identification of beneficiaries |
(1) Institutions, organisations, contractors or other parties to whom access is permitted by specific legislation and/or the exercise of public authority (Article 6(1)(c) and (e) of the Regulation), e.g.: -other legislation (2) Processor under contract (Article 28 GDPR) (3) Another controller if you have given your consent (Article 6(1)(a) of the GDPR) (4) Contractual partner, in the performance of a contract between you and the controller (Article 6(1)(b) of the GDPR) (5) another party on the basis of legitimate interest (Article 6(1)(f) of the GDPR) |
(2) recruitis.io s.r.o., ID No.: 275 08 391 |
Transfer to a third country or international organisation does not take place.
Directly affected person.
Correspondence management 3 years.
It does not.
The provision of personal data is carried out voluntarily by the data subject, on his or her own initiative. Depending on the subject matter and content of the correspondence handled, the provision of personal data may be required (fulfilment of a legal obligation or requirements in the context of the performance of contractual or pre-contractual relations with the data subject). In the event of non-provision of personal data, the controller may not be able to ensure the handling of electronic correspondence.
The data subject has the right to request from the controller access to the personal data processed about him or her, the right to rectification of personal data, the right to erasure or restriction of the processing of personal data, the right to object to the processing of personal data, the right to the ineffectiveness of automated individual decision-making, including profiling, the right to the portability of personal data, as well as the right to submit a petition to the supervisory authority. The data subject may exercise his or her rights by sending an email to jobs.sk@msg-life.com or by writing to the controller.
pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”) and Act No. 18/2018 Coll. on the protection of personal data and on amendment and supplementation of certain acts (hereinafter referred to as the “PDP Act”).
The purpose of this overview is to provide you with basic information about the processing of your personal data if you are an employee of a temporary employment agency and you are performing agreed work with us.
The controller processing your personal data is msg life Slovakia, s. r. o., Hraničná 18, 821 05 Bratislava, ID No.: 35800780 (hereinafter referred to as the “Controller”).
In case of any doubts, questions regarding the processing of your personal data, suggestions or complaints, if you believe that we are processing your personal data unlawfully or unfairly, or in case of exercising any of your rights, you can contact us at any time by sending an email to: jobs.sk@msg-life.com, or in writing to the address of the controller. Contact details of the person responsible for the supervision of the processing of personal data: email: dpo3@proenergy.sk.
We may process your personal data in the following processing activities (IS):
We may process your personal data if you have made an anonymous report of possible anti-social activity or if you are the subject of, or a participant in, an investigation into possible anti-social activity pursuant to a specific legal provision.
We may process your photographs, video recordings, your reviews of us, and other information about you only to the extent and in the manner in which you have consented to the processing of your personal data. Where we have assessed that consent is not necessary (redundant, disproportionate effort, etc.) for the purpose, for example, you have attended or will attend events organised by the operator for a wide range of people, we may take and process photographs or other records within the scope of our legitimate interest. We may use the data collected for the purposes of positive promotion, documentation and presentation of the operator’s activities. It is in our interest to document the activities of the operator and to present/promote them in the context of building good internal relations as well as external relations towards the operator and to preserve our good name. If you do not want your photographs, video recordings or other related data to be used for documentary, presentation/promotional purposes, you can exercise your rights (to object to processing or withdraw consent) via the contacts listed at the beginning of this information.
If you are an employee of a temporary employment agency, we may process your personal data in connection with the performance of your contract of employment with the employer and in the performance of our legal obligation, in particular to keep records about you for the purposes of securing access to our premises, recording attendance, ensuring health and safety at work, training, social services, ensuring suitable working conditions and conditions of employment.
In order to maintain both your and our security (including your personal data), to demonstrate compliance with our legal obligation and to prove, exercise, defend our legal claims or claims of third parties, we may process records of your personal data. Depending on the need, this can be for example:
The processing is in the legitimate interest of the controller and is also an obligation under the GDPR. The records may be used to establish liability against you and as evidence to prove, assert or defend legal claims of the operator or a third party (in particular in connection with a threat to/breach of security, including the protection of human life and health, property, financial or property damage, business interruption, damage to reputation, leakage of know-how, etc.).
Data from some of the above processing operations may be used, where applicable and to the extent necessary, in the context of proving, exercising or defending our legal claims or the legal claims of a third party (e.g. disclosure of data to law enforcement authorities, bailiffs, lawyers, etc.), in judicial or extrajudicial proceedings, debt recovery, etc.
Some of the personal data obtained (e.g. certificates, records, other documents confirming a given fact, etc.) may be stored and used as “evidence” for the purposes of audits, third-party control activities, in the context of verifying the proper performance of the obligations of the controller in terms of legislative requirements or other requirements (contractual, sectoral, etc.).
As a data subject about whom we process personal data, you have rights under the GDPR and the DPA Act in relation to the processing of personal data, namely the right to request from the controller access to the personal data processed about you, the right to rectification (or, where applicable, the right to have your personal data rectified), the right to have your personal data rectified (or, where applicable, the right to have your personal data rectified). The right to object to the processing of personal data, the right to the ineffectiveness of automated individual decision-making, including profiling, the right to the portability of personal data, the right to withdraw consent to the processing of personal data.
If you decide to exercise any of your rights, you can do so using our application form, which is available in the complete information on the processing of your personal data. If you are not satisfied with our response, or if you believe that we have violated your rights or are processing your personal data unfairly, unlawfully, etc. you have the possibility to file a complaint – a petition to initiate proceedings with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic.
pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”) and Act no. 18/2018 Coll. on the protection of personal data and on amendment and supplementation of certain acts (hereinafter referred to as the “PDP Act”).
The purpose of this overview is to provide you with basic information about the processing of your personal data if you have expressed an interest in our services or are using our services.
The controller processing your personal data is msg life Slovakia, s. r. o., Hraničná 18, 821 05 Bratislava, ID No.: 35800780 (hereinafter referred to as the “Controller”).
In case of any doubts, questions regarding the processing of your personal data, suggestions or complaints, if you believe that we are processing your personal data unlawfully or unfairly, or in case of exercising any of your rights, you can contact us at any time by sending an email to: jobs.sk@msg-life.com, or in writing to the address of the controller. Contact details of the person responsible for the supervision of the processing of personal data: email: dpo3@proenergy.sk.
We may process your personal data in the following processing activities (IS):
We may process your personal data in connection with the performance of a contract with you in order to fulfil accounting and tax obligations under specific legislation.
We may process your personal data if you have made an anonymous report of possible anti-social activity or if you are the subject of, or a participant in, an investigation into possible anti-social activity pursuant to a specific legal provision.
If you browse the content of our website, we may process your personal data in order to provide and improve services, develop new services, protect users and ensure effective search and advertising. In the case of data that is not purely technical, we need your voluntary consent to the use of cookies for such processing.
In order to maintain both your and our security (including your personal data), to demonstrate compliance with our legal obligation and to prove, exercise, defend our legal claims or claims of third parties, we may process records of your personal data. Depending on the need, this can be for example:
The processing is in the legitimate interest of the controller and is also an obligation under the GDPR. The records may be used to establish liability against you and as evidence to prove, assert or defend legal claims of the operator or a third party (in particular in connection with a threat to/breach of security, including the protection of human life and health, property, financial or property damage, business interruption, damage to reputation, leakage of know-how, etc.).
Data from some of the above processing operations may be used, where applicable and to the extent necessary, in the context of proving, exercising or defending our legal claims or the legal claims of a third party (e.g. disclosure of data to law enforcement authorities, bailiffs, lawyers, etc.), in judicial or extrajudicial proceedings, debt recovery, etc.
Some of the personal data obtained (e.g. certificates, records, other documents confirming a given fact, etc.) may be stored and used as “evidence” for the purposes of audits, third-party control activities, in the context of verifying the proper performance of the obligations of the controller in terms of legislative requirements or other requirements (contractual, sectoral, etc.).
As a data subject about whom we process personal data, you have rights under the GDPR and the DPA Act in relation to the processing of personal data, namely the right to request from the controller access to the personal data processed about you, the right to rectification (or, where applicable, the right to have your personal data rectified), the right to have your personal data rectified (or, where applicable, the right to have your personal data rectified). The right to object to the processing of personal data, the right to the ineffectiveness of automated individual decision-making, including profiling, the right to the portability of personal data, the right to withdraw consent to the processing of personal data.
If you decide to exercise any of your rights, you can use our application form, which is available in the full information on the processing of your personal data. If you are not satisfied with our response, or if you believe that we have violated your rights or are processing your personal data unfairly, unlawfully, etc. you have the possibility to file a complaint – a petition to initiate proceedings with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic.
pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”) and Act no. 18/2018 Coll. on the protection of personal data and on amendment and supplementation of certain acts (hereinafter referred to as the “OOU Act”).
The purpose of this overview is to provide you with basic information about the processing of your personal data when you enter and move around our premises.
The controller processing your personal data is msg life Slovakia, s. r. o., Hraničná 18, 821 05 Bratislava, ID No.: 35800780 (hereinafter referred to as the “Controller”).
In case of any doubts, questions regarding the processing of your personal data, suggestions or complaints, if you believe that we are processing your personal data unlawfully or unfairly, or in case of exercising any of your rights, you can contact us at any time by sending an email to: jobs.sk@msg-life.com, or in writing to the address of the controller.
Contact details of the person responsible for the supervision of the processing of personal data: email: dpo3@proenergy.sk.
We may process your personal data in the following processing activities (IS):
We may process records of your personal data, in the exercise of technical and organisational measures taken by the controller to ensure an adequate level of security, to maintain compliance with the requirements of the GDPR and to prevent, where applicable. the elimination of adverse effects on data subjects and the controller. This can be, for example. o records of employee training, confidentiality of persons who come into contact with personal data, records of your consent to the processing of personal data, records related to the handling of your requests for the exercise of rights, records related to the resolution of security incidents and personal data breaches, records of control activities, audits of which you have been a part, records of the assignment/deassignment of assets, access rights, records related to the use of the assigned assets, etc. The processing is in the legitimate interest of the controller and is also an obligation under the GDPR. The records may be used to establish liability against you and as evidence to prove, assert or defend legal claims of the operator or a third party (in particular in connection with a threat to/breach of security, including the protection of human life and health, property, financial or property damage, business interruption, damage to reputation, leakage of know-how, etc.).
Data from some of the above processing operations may be used, where applicable and to the extent necessary, in the context of proving, exercising or defending our legal claims or the legal claims of a third party (e.g. disclosure of data to law enforcement authorities, bailiffs, lawyers, etc.), in judicial or extrajudicial proceedings, debt recovery, etc. Some of the personal data obtained (e.g. certificates, records, other documents confirming a given fact, etc.) may be stored and used as “evidence” for the purposes of audits, third-party control activities, in the context of verifying the proper performance of the obligations of the controller in terms of legislative requirements or other requirements (contractual, sectoral, etc.).
As a data subject about whom we process personal data, you have rights under the GDPR and the DPA Act in relation to the processing of personal data, namely the right to request from the controller access to the personal data processed about you, the right to rectification (or, where applicable, the right to have your personal data rectified), the right to have your personal data rectified (or, where applicable, the right to have your personal data rectified). The right to object to the processing of personal data, the right to the ineffectiveness of automated individual decision-making, including profiling, the right to the portability of personal data, the right to withdraw consent to the processing of personal data.
If you decide to exercise any of your rights, you can use our application form, which is available in the full information on the processing of your personal data. If you are not satisfied with our response, or if you believe that we have violated your rights or are processing your personal data unfairly, unlawfully, etc. you have the possibility to file a complaint – a petition to initiate proceedings with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic.
pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”) and Act No. 18/2018 Coll. on the protection of personal data and on amendment and supplementation of certain acts (hereinafter referred to as the “OOU Act”).
The purpose of this overview is to provide you with basic information about the processing of your personal data if you are our business partner.
The controller processing your personal data is msg life Slovakia, s. r. o., Hraničná 18, 821 05 Bratislava, ID No.: 35800780 (hereinafter referred to as the “Controller”).
In case of any doubts, questions regarding the processing of your personal data, suggestions or complaints, if you believe that we are processing your personal data unlawfully or unfairly, or in case of exercising any of your rights, you can contact us at any time by sending an email to: jobs.sk@msg-life.sk, or in writing to the address of the controller.
Contact details of the person responsible for the supervision of the processing of personal data: email: dpo3@proenergy.sk.
We may process your personal data in the following processing activities (IS):
We may process your personal data in connection with the performance of a contract with you in order to fulfil accounting and tax obligations under specific legislation.
we may process your personal data if you have made a non-anonymous report of possible anti-social activity or if you are the subject of, or a participant in, an investigation into possible anti-social activity under a specific legal provision.
We may process your identification and contact data if you are our business partner (or their designated contact person) and we need this data for the performance of our business relationship. The legal basis is a legitimate interest.
In order to maintain both your and our security (including your personal data), to demonstrate compliance with our legal obligation and to prove, exercise, defend our legal claims or claims of third parties, we may process records of your personal data. Depending on the need, this can be for example:
The processing is in the legitimate interest of the controller and is also an obligation under the GDPR. The records may be used to establish liability against you and as evidence to prove, assert or defend legal claims of the operator or a third party (in particular in connection with a threat to/breach of security, including the protection of human life and health, property, financial or property damage, business interruption, damage to reputation, leakage of know-how, etc.).
Data from some of the above processing operations may be used, where applicable and to the extent necessary, in the context of proving, exercising or defending our legal claims or the legal claims of a third party (e.g. disclosure of data to law enforcement authorities, bailiffs, lawyers, etc.), in judicial or extrajudicial proceedings, debt recovery, etc.
Some of the personal data obtained (e.g. certificates, records, other documents confirming a given fact, etc.) may be stored and used as “evidence” for the purposes of audits, third-party control activities, in the context of verifying the proper performance of the obligations of the controller in terms of legislative requirements or other requirements (contractual, sectoral, etc.).
As a data subject about whom we process personal data, you have rights under the GDPR and the DPA Act in relation to the processing of personal data, namely the right to request from the controller access to the personal data processed about you, the right to rectification (or, where applicable, the right to have your personal data rectified), the right to have your personal data rectified (or, where applicable, the right to have your personal data rectified). The right to object to the processing of personal data, the right to the ineffectiveness of automated individual decision-making, including profiling, the right to the portability of personal data, the right to withdraw consent to the processing of personal data.
If you decide to exercise any of your rights, you can do so using our application form, which is available in the complete information on the processing of your personal data. If you are not satisfied with our response, or if you believe that we have violated your rights or are processing your personal data unfairly, unlawfully, etc. you have the possibility to file a complaint – a petition to initiate proceedings with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic.
according to Art. 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”) and § 19 and § 20 of Act No. 18/2018 Coll. on the protection of personal data and on amendment and supplementation of certain acts (hereinafter referred to as the “PDP Act”).
The purpose of this information is to provide you with information about what personal data we process, how we handle it, for what purposes we use it, to whom we may disclose it, where you can obtain information about your personal data and exercise your rights in relation to the processing of your personal data.
The controller processing your personal data is msg life Slovakia, s. r. o., Hraničná 18, 35 800 780 (hereinafter referred to as the “Controller”).
Contact details of the person responsible for the supervision of the processing of personal data: email: dpo3@proenergy.sk.
If you have expressed an interest in working for us (e.g. by submitting a job application, sending your CV, etc.), we will process your personal data as follows:
The purpose of processing personal data is:
selection of suitable staff.
Personal data is processed on the basis of:
Data subjects about whom we process personal data:
jobseekers.
The scope of the personal data we process:
personal data provided in the CV and supporting documents and resulting from the assessment of the suitability of the job applicant.
These are in particular identification, contact details, data concerning habits, preferences stated in the CV or directly in the job interview, financial data – e.g. desired, offered salary.
Category of beneficiaries | Identification of beneficiaries |
(1) Institutions, organisations, contractors or other parties to whom access is permitted by specific legislation and/or the exercise of public authority (Article 6(1)(c) and (e) of the Regulation), e.g.: -Law no. 5/2004 Coll. Act on Employment Services and on Amendments and Additions to Certain Acts, -other legislation. (2) Processor under contract (Article 28 GDPR) (3) Another controller if you have given your consent (Article 6(1)(a) of the GDPR) (4) Contractual partner, in the performance of a contract between you and the controller (Article 6(1)(b) of the GDPR) (5) another party on the basis of legitimate interest (Article 6(1)(f) of the GDPR) |
(1) The Social Welfare and Family Labour Office (e.g. for the purpose of a job search certificate), another authorised entity. (5) msg systems ag, Robert-Buerkle-Strasse 1, 857 31 Ismaning/Munich, VAT: DE 129 420 400 |
No transfer to a third country or international organisation shall take place.
Directly by the data subject, with the consent of another person (referring employee).
3 years.
It does not.
Failure to provide the personal data necessary for the selection of a suitable candidate may result in the selection not being carried out and the candidate’s abilities and qualities not being assessed.
The provision of personal data from a referring employee is only possible with your voluntary consent. If you do not provide consent, CV or other data through the referring employee, you can provide personal data directly to us.
If you are interested in participating in future competitions, you must give us your voluntary consent. In the event that consent is not given, the controller will not process the personal data for longer than is necessary to assess the suitability of the job applicant for the job.
The provision of personal data processed under the Labour Code and special laws is a legal requirement / contractual requirement, respectively. a requirement that is necessary for the conclusion of the contract. The data subject is obliged to provide personal data, in the event of failure to provide them, the controller will not ensure the conclusion or performance of the contract to the data subject.
Rights of the data subject
The data subject has the right to request from the controller access to the personal data processed about him or her, the right to rectification of personal data, the right to erasure or restriction of the processing of personal data, the right to object to the processing of personal data, the right to the ineffectiveness of automated individual decision-making, including profiling, the right to the portability of personal data, as well as the right to submit a petition to the supervisory authority.
Where the controller processes personal data on the basis of the data subject’s consent, the data subject shall have the right to withdraw his or her consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of the processing of personal data based on consent prior to its withdrawal. The data subject may exercise his or her rights by sending an email to jobs.sk@msg-life.com or by writing to the controller.
If you voluntarily provide us with your consent to the processing of your personal data, we will retain evidence of your consent (within the scope of the consent) for 3 years from the end of its validity, in the context of our legitimate interest and in order to comply with our legal obligation.
We may store it as “evidence” for the purposes of audits, third-party control activities, in the context of verifying the proper performance of the controller’s obligations under legislative requirements or other requirements (contractual, sectoral, etc.), or use it for the purposes of proving, exercising or defending our legal claims (for example, the provision of data to law enforcement authorities, lawyers, etc.), in the context of judicial or extrajudicial proceedings, etc.
pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”) and Act no. 18/2018 Coll. on the protection of personal data and on amendment and supplementation of certain acts (hereinafter referred to as the “OOU Act”).
The purpose of this overview is to provide you with basic information about the processing of your personal data if you work for us on the basis of an employment relationship or a similar employment relationship.
The controller processing your personal data is msg life Slovakia, s. r. o., Hraničná 18, 821 05 Bratislava, ID No.: 35800780 (hereinafter referred to as the “Controller”).
In case of any doubts, questions regarding the processing of your personal data, suggestions or complaints, if you believe that we are processing your personal data unlawfully or unfairly, or in case of exercising any of your rights, you can contact us at any time by sending an email to: jobs.sk@msg-life.com, or in writing to the address of the controller.
Contact details of the person responsible for the supervision of the processing of personal data: email: dpo3@proenergy.sk.
We process your personal data for the purpose of maintaining personnel and payroll records, in the performance of the employer’s legal obligations and duties related to the employment relationship or similar employment relationship, including pre-contractual relationships, contract change negotiations, or with your voluntary consent, or in the pursuit of a legitimate interest of the controller or a third party in connection with/with:
We may process your personal data within the meaning of a legal obligation for the purposes of maintaining the administration of the registry, mail records. The processing of data from correspondence may be carried out in the context of the performance of a contractual relationship or a pre-contractual relationship (contract negotiation, contract performance, keeping accounting records, handling complaints, etc.), the performance of a legal obligation (e.g. notification of antisocial activity, handling requests from data subjects, registry management), or in the context of a legitimate interest (e.g. handling complaints, keeping records of business partners, processing unexpected/unsolicited communications).
We may process your personal data if you have made an anonymous report of possible anti-social activity or if you are the subject of, or a participant in, an investigation into possible anti-social activity pursuant to a specific legal provision.
We may process your photographs, video recordings, your reviews of us, and other information about you only to the extent and in the manner in which you have consented to the processing of your personal data. Where we have assessed that consent is not necessary (redundant, disproportionate effort, etc.) for the purpose, for example, you have attended or will attend events organised by the operator for a wide range of people, we may take and process photographs or other records within the scope of our legitimate interest. We may use the data collected for the purposes of positive promotion, documentation and presentation of the operator’s activities. It is in our interest to document the activities of the operator and to present/promote them in the context of building good internal relations as well as external relations towards the operator and to preserve our good name. If you do not want your photographs, video recordings or other related data to be used for documentary, presentation/promotional purposes, you can exercise your rights (to object to processing or withdraw consent) via the contacts listed at the beginning of this information.
In order to maintain both your and our security (including your personal data), to demonstrate compliance with our legal obligation and to prove, exercise, defend our legal claims or claims of third parties, we may process records of your personal data. Depending on the need, this can be for example:
The processing is in the legitimate interest of the controller and is also an obligation under the GDPR. The records may be used to establish liability against you and as evidence to prove, assert or defend legal claims of the operator or a third party (in particular in connection with a threat to/breach of security, including the protection of human life and health, property, financial or property damage, business interruption, damage to reputation, leakage of know-how, etc.).
Data from some of the above processing operations may be used, where applicable and to the extent necessary, in the context of proving, exercising or defending our legal claims or the legal claims of a third party (e.g. disclosure of data to law enforcement authorities, bailiffs, lawyers, etc.), in judicial or extrajudicial proceedings, debt recovery, etc.
Some of the personal data obtained (e.g. certificates, records, other documents confirming a given fact, etc.) may be stored and used as “evidence” for the purposes of audits, third-party control activities, in the context of verifying the proper performance of the obligations of the controller in terms of legislative requirements or other requirements (contractual, sectoral, etc.).
As a data subject about whom we process personal data, you have rights under the GDPR and the DPA Act in relation to the processing of personal data, namely the right to request from the controller access to the personal data processed about you, the right to rectification (or, where applicable, the right to have your personal data rectified), the right to have your personal data rectified (or, where applicable, the right to have your personal data rectified). The right to object to the processing of personal data, the right to the ineffectiveness of automated individual decision-making, including profiling, the right to the portability of personal data, the right to withdraw consent to the processing of personal data.
If you decide to exercise any of your rights, you can do so using our application form, which is available in the complete information on the processing of your personal data. If you are not satisfied with our response, or if you believe that we have violated your rights or are processing your personal data unfairly, unlawfully, etc. you have the possibility to file a complaint – a petition to initiate proceedings with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic.
according to Art. 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”) and § 19 and § 20 of Act No. 18/2018 Coll. on the protection of personal data and on amendment and supplementation of certain acts (hereinafter referred to as the “PDP Act”).
The purpose of this information is to provide you with information about what personal data we process, how we handle it, for what purposes we use it, to whom we may disclose it, where you can obtain information about your personal data and exercise your rights in relation to the processing of your personal data.
The controller processing your personal data is msg life Slovakia, s. r. o., Hraničná 18, 821 05 Bratislava (hereinafter referred to as the “Controller”).
In case of any doubts, questions regarding the processing of your personal data, suggestions or complaints, if you believe that we are processing your personal data unlawfully or unfairly, or in case of exercising any of your rights, you can contact us at any time by sending an email to: jobs.sk@msg-life.com, or in writing to the address of the controller. We will endeavour to deal with your correspondence as soon as possible, but we will reply within a maximum of 1 month from the date of receipt. In certain cases, we may need to supplement information to identify and verify your identity in order to process your request.
Questions received, suggestions, requests for your rights, etc. may be provided to our external data controller for processing, who provides independent oversight of the correct and secure processing of your personal data. If you are interested, you can also contact the responsible person directly: email: dpo3@proenergy.sk.
If you are aware or suspect that a security breach affecting personal data has occurred, the so-called. a data breach has occurred, please notify us immediately by sending an email to: jobs.sk@msg-life.com.
Version V1.0
Effective date From 1.5.2023
Reason for updating the original version –
We may process your personal data in the following processing activities (IS):
The processing is in the legitimate interest of the controller and is also an obligation under the GDPR.
The records may be used to establish liability against you and as evidence to prove, assert or defend legal claims of the operator or a third party (in particular in connection with a threat to/breach of security, including the protection of human life and health, property, financial or property damage, business interruption, damage to reputation, leakage of know-how, etc.).
Data from some of the above processing operations may be used, where applicable and to the extent necessary, in the context of proving, exercising or defending our legal claims or the legal claims of a third party (e.g. disclosure of data to law enforcement authorities, bailiffs, lawyers, etc.), in judicial or extrajudicial proceedings, debt recovery, etc.
Some of the personal data obtained (e.g. certificates, records, other documents confirming a given fact, etc.) may be stored and used as “evidence” for the purposes of audits, third-party control activities, in the context of verifying the proper performance of the obligations of the controller in terms of legislative requirements or other requirements (contractual, sectoral, etc.).
Some of the data collected may be used for the internal statistical purposes of the controller, to improve processes and services, but only to the extent necessary and where possible using security features of anonymisation or pseudonymisation and encryption.
We process your personal data in the context of the above processing activities in accordance with the principles of personal data processing so that we process your personal data to the extent necessary to achieve the intended lawful purpose and keep it for the period necessary in accordance with current legislation (in particular the Law on Archives and Registers). The individual time limits for erasure are set out in the ‘Details of processing activities’ section of this information. These periods may be extended in exceptional cases, in particular in the context of proving, exercising or defending legal claims.
We obtain your personal data primarily from you as the data subject (or from your legal representative), otherwise, if we obtain it from other sources, we will inform you transparently of this fact and make sure that this data is obtained lawfully (for example, with your consent) and is correct and up-to-date. In the event of any change to your personal data, we ask you to report this change.
Access to your personal data is restricted to our authorised persons who have been properly trained on the rules and responsibilities for processing your personal data and have undertaken to maintain the confidentiality of your personal data with which they come into contact.
Your personal data may also be accessed by external recipients and other parties who are permitted or required to do so by specific legislation or by the exercise of public authority. These are mainly organisations and institutions (including state administration and public authorities for the exercise of control and supervision), but may also be contractual partners having the status of an independent controller within the meaning of a specific regulation, or other persons/entities regulated by law. Furthermore, we may share your personal data with processors that we have contracted to process your personal data and that have committed to take appropriate safeguards to maintain the protection of the personal data processed.
Personal data may in certain cases be shared within the msg life group of companies for internal administrative purposes or with another party for legitimate interest. If you have given us your voluntary consent or have instructed us to disclose your data, your personal data may also be disclosed to other recipients. Your personal data may also be shared with contractual partners for the performance of the contract between you and the controller. The specific list of recipients for each processing activity is set out in the ‘Details of processing activities’ section of this information.
We will notify you via this information of any transfer of personal data to third countries or international organisations. In the event of such a transfer, this fact is set out in the ‘details of processing activities’ section of this information, together with the safeguards for such a transfer, which may be, in particular (i) a decision by the Commission that the country or international organisation provides adequate safeguards, (ii) signed standard contractual clauses between the data importer and data exporter, (iii) adopted binding corporate rules, (iv) or one of the exceptions for specific situations applies (for example, your explicit consent), etc.
This and other specific information on the processing of your personal data is set out separately for each processing activity in the “Details of processing activities” section of this information.
As a data subject about whom we process personal data, you have rights under the GDPR and the DPA Act in relation to the processing of personal data. Below is an overview. If you decide to exercise any of your rights, you can do so by using our application form attached hereto, which you can send to the contact details at the beginning of this information. If you are unsure of your rights or need help completing your application, you can contact our external responsible person – contact details are available at the front of this information.
You can request information from us about how we process your personal data, including information about:
All of the above information is available in this information. If you request, we will provide you with a copy of the personal data we process about you. We may charge a reasonable fee for any additional copies you request, which will be in line with our administrative costs.
The right to obtain a copy shall not adversely affect the rights and freedoms of others. The controller will provide you with information about the option, the procedure used, the possible costs and further details about the provision of the copy after receiving your request. If you have made a request by electronic means, the information will be provided to you in a commonly used electronic format, unless you request otherwise.
Note: The right of access can be easily exercised by filling in the application form – point “D” in Annex 1 of this information.
You have the right to obtain from us your personal data that you have provided to us for processing on the basis of consent or for the performance of a contract, in a structured, commonly used and machine-readable format. You also have the right to request the transfer of this information to another controller.
Note: You can easily exercise your right to data transfer by filling in the application form – point “E” as per Annex 1 of this information.
It is important that we have correct and complete information about you to avoid mistakes, unpleasant situations and unwanted consequences. Not only do you have the right to have incorrect or incomplete personal data that we process about you corrected without delay, but we also ask you to immediately notify us of any changes or additions to your personal data, in particular if you have changed your identification/contact details, etc.
Note: The right to correct (or add) data can be easily exercised by filling in the application form – points “A or B” as per Annex 1 of this information.
You have the right to request the erasure of personal data relating to you. We will comply with such a request without delay if any of the following reasons are met:
For example, you can ask us to delete your personal data on the grounds that we are processing your personal data unlawfully, for example if we are processing your personal data for longer than necessary or without any reason.
However, in some cases we may not be able to comply with your request, e.g. where the processing of personal data is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation which requires processing under Union law or the law of a Member State to which the controller is subject, or for the performance of a task carried out in the public interest, for reasons of public interest in the field of public health, for archiving purposes in the public interest, or for the establishment, exercise or defence of legal claims.
Note: You can easily exercise your right to erasure by completing the application form – point “C” in Annex 1 of this information.
You have the right to have us restrict the processing of your personal data in one of the following cases:
Where processing has been restricted on the grounds set out above, we may only process such personal data (with the exception of storage) with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
We will inform you before the restriction on processing by the controller is lifted.
We also want to assure you that if you exercise your right to rectification, erasure or restriction of the processing of personal data by means of a request, we will immediately communicate this fact (rectification, erasure or restriction of processing) to each recipient to whom we have provided personal data, unless this proves impossible or requires disproportionate effort.
Note: You can easily exercise your right to restriction of data processing by filling in the application form – point “F” as per Annex 1 of this information.
If you believe that we do not have the right to process your personal data, you can object to our processing. These are situations where the processing is carried out on the basis of a legitimate interest pursued by us as a controller or a task carried out in the public interest, including objecting to profiling. In such cases, we can only continue processing if we can demonstrate compelling legitimate grounds that outweigh your interests, rights and freedoms. However, we may always process your personal data if this is necessary for the establishment, exercise or defence of legal claims. If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purposes of such marketing.
Note: You can easily exercise your right to object to data processing by filling in the application form – point “G” as per Annex 1 of this information.
If we carry out profiling, we will inform you in detail about this in the context of the specific processing activities. We also want to reassure you that if we state that such processing is not carried out, this means that your personal data is not and will not be used to evaluate or predict personal aspects of your job performance, wealth, health, personal preferences, interests, reliability, behaviour, location or movements.
Where we carry out such processing, you have the right to ask us not to include you in the profiling. However, in some cases we may not be able to comply with your request, e.g. where the decision is necessary for the conclusion or performance of a contract between the data subject and the controller, or where the decision is authorised by Union or Member State law and also provides for appropriate measures guaranteeing the protection of the rights and freedoms and legitimate interests of the data subject, or where the decision is based on the data subject’s explicit consent.
Note: You can easily exercise this right by filling in the application form – point “H” as per Annex 1 of this information.
If you have previously given us your consent to the processing of your personal data, you have the right to withdraw this voluntary consent at any time. We will respect your decision and ensure that your personal data is no longer processed for this purpose. At the same time, however, withdrawal of consent does not affect the lawfulness of the processing of personal data based on consent prior to its withdrawal (in practice, this may mean that if your data has been disclosed in accordance with the consent given, for example, in distributed promotional materials, the destruction of these sent materials will not be carried out, since the consent was valid at the time of distribution).
If you have given us consent electronically by technical means, you have the right to withdraw your consent by these means. Alternatively, simply write to us at the contact listed at the beginning of this information that you no longer wish us to process your data and withdraw your consent.
If you are not satisfied with our response, or if you believe that we have violated your rights or are processing your personal data unfairly, unlawfully, etc. you have the possibility to file a complaint – a petition to initiate proceedings with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic. Further information on the complaints procedure is available at www.dataprotection.gov.sk.
We would like to show you that we take the security of your personal data and the protection of your privacy seriously, so in this section of the information we provide you with at least some basic information about our practices for securing your personal data.
We ensure the security of information, including personal data, by selecting appropriate technical and organizational measures based on international standards for information security (in particular ISO/IEC 27001:2013, ISO/IEC 27002:2013).
We secure the premises where we process your personal data with an adequate level of physical protection by means of mechanical barriers, technical safeguards and organisational measures.
In processing and maintaining the security of personal data, we follow a set of regularly updated policies and procedures, with clearly defined and assigned responsibilities.
We have documented all processes relating to the processing of your personal data and update them regularly. Each new process is properly assessed and approved.
When processing personal data, we take into account the risk to you in the event of loss of confidentiality, availability or integrity, and processing operations with a higher risk are treated with more measures to guarantee greater protection.
We periodically conduct inspection/audit activities to ensure compliance with the established rules and assess compliance with privacy and security requirements and work diligently to remedy any deficiencies identified.
We use the services of an independent (impartial) external data controller who oversees the correct, lawful and secure processing of personal data by us.
Authorised persons who have access to your personal data within their job function/function are bound by confidentiality obligations in relation to personal data, are properly trained prior to the first processing and are subsequently retrained as necessary on the requirements and responsibilities when processing personal data.
We only use the services of verified intermediary suppliers who have contractually committed to take appropriate security measures when processing your personal data.
Access to your personal data by authorised persons is governed by the “need to know” and “need to use” rules. We have a security incident/ data breach management system in place and ensure business continuity.
We maintain an up-to-date register of both primary and supporting assets in connection with the processing of personal data, which is reflected by appropriate security measures, including secure deletion/destruction rules, backup, encryption, protection against malicious code, elements of appropriate authentication, pseudonymisation or anonymisation, rules on the use of assets, including their transfer, and many others.
The purpose of processing personal data is:
keeping and managing the registry, processing electronic and written correspondence.
Personal data is processed on the basis of:
(1) Art. 6 para. 1 lit. (c) of the GDPR:
– Act No. 395/2002 Coll. on archives and registers and on the amendment of certain laws, as amended,
– Act No. 305/2013 Coll. on the electronic form of exercising the powers of public authorities and on amendment and supplementation of certain acts (e-Government Act), as amended,
(2) Art. 6 para. 1 lit. (f) GDPR: legitimate interest.
Data subjects about whom we process personal data:
natural persons – controllers and processors, authorised persons of controllers and processors, data subjects, other natural persons in the capacity of parties to the proceedings.
The scope of the personal data we process:
personal data – identification data, e.g. title, name, surname, signature, address, e-mail address, telephone number, other data of different sensitivity within the scope of communication pursuant to Act No. 305/2013 Coll. or voluntarily provided within the scope of communication.
Category of beneficiaries | Identification of beneficiaries |
(1) Institutions, organisations, contractors or other parties to whom access is permitted by specific legislation and/or the exercise of public authority (Article 6(1)(c) and (e) of the Regulation), e.g.: -Law no. 395/2002 Coll. on archives and registers and on the amendment of certain acts, as amended -other legislation (2) Processor under contract (Article 28 GDPR) (3) Another controller if you have given your consent (Article 6(1)(a) of the GDPR) (4) Contractual partner, in the performance of a contract between you and the controller (Article 6(1)(b) of the GDPR) (5) another party on the basis of legitimate interest (Article 6(1)(f) of the GDPR) |
(1) The Ministry of the Interior of the Slovak Republic, another authorized entity, |
Transfer to a third country or international organisation does not take place.
Directly affected person.
– a maximum of 10 years (registry diary),
– keeping current and official correspondence for 5 years.
It does not.
If the provision of personal data is a legal requirement (registry management, mail registration, electronic communication with public authorities), the processing of personal data is mandatory. The person concerned has an obligation to provide personal data, in case of failure to provide it, he/she violates the law.
The provision of personal data processed under legitimate interest is voluntary – the person makes it on his/her own initiative. In the event of non-provision of data, the controller may not be able to ensure the handling of the communication.
The purpose of processing personal data is:
investigation of notifications pursuant to Act No. 54/2019 Z. z. on the protection of whistleblowers of antisocial activities and on the amendment and supplementation of certain laws.
Personal data is processed on the basis of:
(1) Art. 6 para. 1 lit. (c) of the GDPR:
– Act No. 54/2019 Z. z. on the protection of whistleblowers of antisocial activities and on the amendment and supplementation of certain laws,
(2) Art. 9 para. 2 lit. (g) GPPR Regulations: significant public interest based on Union or Member State law.
Data subjects about whom we process personal data:
natural persons who have made a notification of anti-social activity or a request for protection in the notification of serious anti-social activity (or their relatives for whom protection is requested) and natural persons who are being investigated on the basis of the notification.
The scope of the personal data we process:
the personal data contained in the notification and the data necessary for its examination (in particular, routine personal identification data on the notifier, the persons involved in the infringement, the details of the notification (which may contain data of varying sensitivity).
Presumed list of personal data: title, name, surname, date of birth and residence of the whistleblower, place of work, employer’s name, data on a close person if he/she is in an employment relationship with the same employer as the whistleblower or is in an employment relationship with an employer who is a dependent in relation to the whistleblower’s employer and the whistleblower also requests protection for this close person, and other data necessary to verify the notification.
Category of beneficiaries | Identification of beneficiaries |
(1) Institutions, organisations, contractors or other parties to whom access is permitted by specific legislation and/or the exercise of public authority (Article 6(1)(c) and (e) of the Regulation), e.g.: -Law no. 54/2019 Z. z. Act on the Protection of Whistleblowers of Anti-Social Activities and on Amendments to Certain Acts -Law no. 301/2005 Coll. Criminal Procedure Code -law no.171/1993 Coll. on the Police Force (in particular §76a) -other legislation (2) Processor under contract (Article 28 GDPR) (3) Another controller if you have given your consent (Article 6(1)(a) of the GDPR) (4) Contractual partner, in the performance of a contract between you and the controller (Article 6(1)(b) of the GDPR) (5) another party on the basis of legitimate interest (Article 6(1)(f) of the GDPR) |
(1) The Office for the Protection of Whistleblowers of Anti-Social Activity, the parties to the proceedings, another competent administrative authority, the Police Force of the Slovak Republic, the Public Prosecutor’s Office of the Slovak Republic, the courts of the Slovak Republic, another authorized entity. |
Transfer to a third country or international organisation does not take place.
Directly by the data subject (in person, in the mailbox, by email, by phone).
3 years (from the date of receipt of the notification).
It does not.
The data subject provides his/her personal data voluntarily, according to the law, in case of failure to provide it, it will not be possible to notify the data subject of the outcome of the investigation of the complaint/notification, nor to contact him/her for supplementing the information if necessary.
The purpose of processing personal data is:
keeping a register of shareholders for the fulfilment of the corporate obligations of the operator in relation to its shareholders.
Personal data is processed on the basis of:
(1) Art. 6 para. 1 lit. c) of the GDPR, in particular:
– Act No. 513/1991 Coll. Commercial Code as amended,
– Act No. 455/1991 Coll. on trade business (Trade Licensing Act), as amended,
– Act No. 40/1964 Coll. Civil Code as amended,
– Act No. 431/2002 Coll. on accounting, as amended,
– Act No. 563/2009 Coll. on tax administration (Tax Code) and on amendments and supplements to certain laws, as amended,
– Act No. 595/2003 Coll. on income tax, as amended,
– Act No. 530/2003 Coll. on the Commercial Register and on Amendments and Additions to Certain Acts, as amended,
(2) Art. 10: the processing of data relating to guilty pleas for criminal offences and misdemeanours is permitted by Union or Member State law.
Data subjects about whom we process personal data:
partners in the operator’s company.
The scope of the personal data we process:
personal data necessary for the performance of corporate duties, in particular name, surname and title, birth number, date of birth, place of birth, signature, nationality, citizenship, permanent residence, temporary residence, telephone number, e-mail address, legal capacity, dividends and other financial matters, bank account details, data from proof of integrity, other personal data discovered or provided in the course of the shareholder’s participation in the company of the controller
Category of beneficiaries | Identification of beneficiaries |
(1) Institutions, organisations, contractors or other parties to whom access is permitted by specific legislation and/or the exercise of public authority (Article 6(1)(c) and (e) of the Regulation), e.g.: a-Law no. 586/2003 Coll. on advocacy and on amendment and supplementation of Act No. 455/1991 Coll. on trade business (Trade Licensing Act), as amended b-law no. 513/1991 Coll. Commercial Code as amended b-law no. 530/2003 Coll. on the Commercial Register and on Amendments and Supplements to Certain Acts, as amended c-law no. 595/2003 Coll. on income tax as amended by other legislation d-law no. 461/2003 Coll. on social insurance, as amended d-law no. 43/2004 Coll. on old-age pension savings and on amendment and supplementation of certain laws, as amended e-law no. 580/2004 Coll. on health insurance and on amendment and supplementation of Act No. 95/2002 Coll. on insurance and on amendment and supplementation of certain acts, as amended f-law no. 461/2003 Coll. on social insurance as amended f-law no. 43/2004 Coll. on old-age pension savings and on amendment and supplementation of certain laws, as amended g-other legislation (2) Processor under contract (Article 28 GDPR) (3) Another controller if you have given your consent (Article 6(1)(a) of the GDPR) (4) Contractual partner, in the performance of a contract between you and the controller (Article 6(1)(b) of the GDPR) (5) another party on the basis of legitimate interest (Article 6(1)(f) of the GDPR) |
(1a) Slovak Bar Association, (1b) Commercial register, (1c) the tax administrator, (1d) social insurance company, (1e) health insurance companies, (1f) pension management companies, (1g) another eligible entity. |
No transfer to a third country or international organisation shall take place.
Directly affected person.
after the end of the purpose within the meaning of the Archives and Registers Act.
It does not.
The provision of personal data is a legal requirement / contractual requirement, respectively. a requirement that is necessary for the conclusion of the contract. The data subject is obliged to provide personal data, in the event of failure to provide them, the controller will not ensure the fulfilment of corporate obligations in relation to the shareholders.
The purpose of processing personal data is:
positive promotion of the activities of the operator for documentation and presentation purposes (in particular, processing of identification data, photographs, other video/audio recordings with personal data, reviews).
Personal data is processed on the basis of:
(1) Art. 6 para. 1 lit. a) of the GDPR: consent of the data subject,
(2) Art. 6 para. 1 lit. (f) GDPR: legitimate interest.
Data subjects about whom we process personal data:
employees (including persons in a similar employment relationship) other natural persons.
The scope of the personal data we process:
Personal data of employees and persons in a similar employment relationship – title, name, surname, job title, photographs, audio, visual and audio-visual records.
Category of beneficiaries | Identification of beneficiaries |
(1) Institutions, organisations, contractors or other parties to whom access is permitted by specific legislation and/or the exercise of public authority (Article 6(1)(c) and (e) of the Regulation), e.g.: -other legislation (2) Processor under contract (Article 28 GDPR) (3) Another controller if you have given your consent (Article 6(1)(a) of the GDPR) (4) Contractual partner, in the performance of a contract between you and the controller (Article 6(1)(b) of the GDPR) (5) another party on the basis of legitimate interest (Article 6(1)(f) of the GDPR) |
(1) another eligible entity, |
Transfer to a third country or international organisation does not take place.
Directly by the data subject (or his/her legal representative) by participating in the photography/video recording or the event/activity being documented; by publishing his/her review.
Duration of the employment relationship or after the end of the purpose (5 years), does not apply to documents/records with permanent documentary value within the meaning of the Law on Archives and Registers.
It does not.
The data subject (or his/her legal representative) provides his/her data voluntarily, the provision is not a legal/contractual requirement. It is in the interest of the controller to process personal data on the basis of voluntary consent, however, where it appears impossible (or disproportionate) to obtain consent for objective reasons, the controller may carry out the processing in the context of its legitimate interest.
If the data subject decides not to grant or withdraw consent to the processing of personal data, or decides to object to the processing of his or her personal data, the controller shall respect his or her decision and ensure that the personal data of that data subject are not processed. At the same time, the withdrawal of consent shall not affect the lawfulness of the processing of personal data based on consent prior to its withdrawal.
The purpose of processing personal data is:
providing and improving services, developing new services, protecting users and ensuring effective search and advertising.
Personal data is processed on the basis of:
(1) Art. 6 para. 1 lit. a) of the GDPR: consent of the data subject,
(2) Art. 6 para. 1 lit. (f) GDPR: legitimate interest.
Data subjects about whom we process personal data:
users of the website of the operator.
The scope of the personal data we process:
– personal data (routine – directly or indirectly identifiable, location data).
Category of beneficiaries | Identification of beneficiaries |
(1) Institutions, organisations, contractors or other parties to whom access is permitted by specific legislation and/or the exercise of public authority (Article 6(1)(c) and (e) of the Regulation), e.g.: -other legislation (2) Processor under contract (Article 28 GDPR) (3) Another controller if you have given your consent (Article 6(1)(a) of the GDPR) (4) Contractual partner, in the performance of a contract between you and the controller (Article 6(1)(b) of the GDPR) (5) another party on the basis of legitimate interest (Article 6(1)(f) of the GDPR) |
(1) another eligible entity. |
The Data Controller transfers personal data to (third country USA to the international organisation Google Ireland Limited, the Data Controller has adopted appropriate safeguards in the form of standard data protection clauses adopted by the Commission pursuant to Article 46(2)(c) of the GDPR.
Directly by the data subject (through the use of the website of the controller).
After the consent period has expired (unless the data subject renews the consent).
Not performed
The data subject provides his/her personal data voluntarily, on the basis of consent (the provision is not a legal/contractual requirement), in the event of non-provision, the operator will not monitor and evaluate the behaviour of the website user to ensure the provision, improvement and development of new services, user protection and ensuring effective search and advertising.
The purpose of processing personal data is:
the performance of technical and organisational measures taken by the controller to ensure an adequate level of security and to maintain compliance with the requirements of the GDPR, which is in the legitimate interest of the controller and an obligation under the GDPR.
Personal data is processed on the basis of:
(1) Art. 6 para. 1 lit. (f) GDPR: legitimate interest,
(2) Art. 6 para. 1 lit. (c) of the GDPR:
– GDPR,
– Act No.18/2018 Coll. on the protection of personal data and on amendment and supplementation of certain laws.
Data subjects about whom we process personal data:
employees, responsible person, applicants for exercising rights, persons to whom the controller is fulfilling obligations under the GDPR, persons involved or dealt with in a security incident, intermediaries, other external entities (such as if persons were invited to the issue at hand – consultants, auditors, lawyers,) employees of authorities on the basis of specific legislation (e.g. employees of the supervisory authority in the context of consultation, control activities), etc.
The scope of the personal data we process:
identification and contact data, which may, however, be supplemented by other necessary data of a different nature depending on the nature of the matter at hand – e.g. login data, data relating to the user’s/offender’s behaviour (e.g. logs of logins, logouts, activities), data necessary to verify the identity of the person who has requested the exercise of a right, data which indicate a violation of internal regulations (e.g. circumvention of security settings, etc.), etc.
Category of beneficiaries | Identification of beneficiaries |
(1) Institutions, organisations, contractors or other parties to whom access is permitted by specific legislation and/or the exercise of public authority (Article 6(1)(c) and (e) of the Regulation), e.g.: a -GDPR regulation, a-law no.18/2018 Coll. on the protection of personal data and on amendment and supplementation of certain laws, b-law no. 301/2005 Coll. Criminal Procedure Code, b-law no.171/1993 Coll. on the Police Force (in particular §76a), c-other legislation (2) Processor under contract (Article 28 GDPR) (3) Another controller if you have given your consent (Article 6(1)(a) of the GDPR) (4) Contractual partner, in the performance of a contract between you and the controller (Article 6(1)(b) of the GDPR) (5) another party on the basis of legitimate interest (Article 6(1)(f) of the GDPR) |
(1a,5) the responsible person, the Office for Personal Data Protection of the Slovak Republic,
(1b,5) Police, Prosecutor’s Office of the Slovak Republic, courts of the Slovak Republic, (1c) other authorised body. |
Transfer to a third country or international organisation does not take place.
Directly by the data subject or his/her legal representative.
According to the chapter “record keeping, archiving” of the Personal Data Protection Policy and the Personal Data Security Policy ( most records are kept for 3 years or less, records of deletion or containing contracts for 5 years, some records permanently-for example, relating to the resolution of security incidents, impact assessments, information of data subjects, etc.).
It does not.
Data provided voluntarily on the data subject’s own initiative – in particular, by submitting a request in connection with the exercise of his/her rights – are voluntarily provided by the data subject in the context of his/her legitimate interest (the provision is not a legal/contractual requirement), in the event of non-provision of personal data, it is possible that the controller will not be able to process his/her request.
The data subject is obliged to provide his or her personal data that the controller requires from him or her in connection with the performance of the technical and organisational measures of the controller (e.g. confirmation of familiarisation, training, allocation of accesses and assets, data on their correct use, etc.), which are in the legitimate interest and also a legal obligation of the controller. Failure to provide personal data may result in consequences for the data subject, e.g. refusal of access to personal data, resources or services of the controller, drawing consequences in the context of the employment relationship (for employees) or other relationship with the controller, in certain cases, the data subject may endanger the security, property, health, life, financial and other interests of the controller or third parties, which may also violate the law.
[] (header – title, name, surname, address of the applicant)
[] (name of operator)
[] (address)
[] (REGISTRATION NUMBER)
At [], on []
Request in relation to the exercise of rights in the processing of personal data
Dear [] (responsible person, company, operator),
in accordance with the relevant data protection legislation, you are hereby notified as a data subject
I request
[] (specify one or more of the options A-H below according to the type of your request, delete unnecessary)
(A) – to rectify personal data you process about me in connection with [] (specify the relationship with the controller or other circumstances in which personal data may be processed that will help the controller to identify you)
Application Details:
Due to the processing of incorrect personal data, I ask you to correct it as follows:
Incorrect personal data:
[] (provide incorrect personal data if known to you)
Correct personal data:
[] (enter correct – up-to-date personal details)
———————————————————————————————————————
(B) – to supplement the personal data you process about me in connection with [] (specify the relationship with the controller or other circumstances in which personal data may be processed that will help the controller to identify you)
Application Details:
Due to the processing of incomplete personal data, I ask you to complete it as follows:
Incomplete personal data:
[] (provide incomplete personal data if known to you)
Added personal data:
[] (provide additional personal data)
———————————————————————————————————————
(C) – for erasure of personal data that you process about me in connection with [] (specify the relationship with the controller or other circumstances in which personal data may be processed that will help the controller to identify you)
Application Details:
I request the deletion of my personal data for the following reason:
(tick one or more of the options to which your request relates)
☐
the personal data are no longer necessary for the purposes for which you collected and processed them
☐
withdrawal of my consent to the processing of personal data
☐
on the basis of my objection to the processing of personal data, it has been established that the controller’s legitimate grounds for processing do not override my interests, rights and freedoms
☐
my objection to the processing of my personal data for direct marketing purposes (including profiling)
☐
my personal data have been unlawfully processed
☐
personal data must be erased on the basis of a specific legal provision
☐
the personal data were collected in connection with the offer of information society services to the child
Justification:
[] (add a more detailed description of the situation)
———————————————————————————————————————
(D) – to provide you with a copy of the personal data you process about me in connection with [] (provide a specification of the relationship with the controller or other circumstances in which the personal data may be processed that will help the controller to identify you)
Application Details:
If you confirm that you hold personal data relating to me, I request access to that data by sending a copy to [] (indicate the form of disclosure of personal data requested, e.g. electronically to the email address/ hard copy to the address)
———————————————————————————————————————
(E) – to provide a copy of the personal data you process about me in connection with [] to another controller (specify the nature of the relationship with the controller or other circumstances in which the personal data may be processed that will help the controller to identify you)
Application Details:
Controller to whom the personal data will be transferred: [] (provide identification data of the controller)
Form and location of data provision: [] (specify in what form and to which location to deliver the transferred data, e.g. electronically to an email address/printed to an address)
———————————————————————————————————————
(F) – to restrict the processing of personal data that you process about me in connection with [] (provide a specification of the relationship with the controller or other circumstances in which personal data may be processed that will help the controller to identify you)
Application Details:
I request the restriction of processing for the following reason:
(tick one or more of the options to which your request relates)
☐
the personal data you are processing about me is incorrect and I request that you restrict the processing during the period of verification of the correctness of my personal data
☐
the processing of my personal data is unlawful, but I object to the erasure of my personal data and instead consider it sufficient to restrict its use
☐
I need my personal data to establish, exercise or defend legal claims
☐
on the basis of my objection to the processing of my personal data, I request the restriction of processing throughout the period of verification that the controller’s legitimate grounds for processing do not override my legitimate grounds
Justification:
[] (Add a more detailed description of the situation)
Required form of restriction of processing:
[] (indicate if you also have a request for a specific form of restriction, e.g. temporary transfer of personal data to another processing system/restriction of users’ access to personal data subject to restriction/temporary removal of personal data published on the controller’s website/other form)
Requested period of restriction of processing:
[] (indicate if you also have a request for a specific period of restriction, e.g. for the time necessary for the defence of my legal claims, which I will inform you of the end of/for the period of verification of the request specified above/other period)
———————————————————————————————————————
(G) – not to process my personal data (I object to the processing of personal data) that you process about me in connection with [] (specify the relationship with the controller or other circumstances in which personal data may be processed that will help the controller to identify you)
Application Details:
I object to the processing of my personal data carried out on the basis of:
(tick one or more of the options to which your request relates)
☐
public interest or in the exercise of public authority vested in the operator
☐
a legitimate interest of the controller or of a third party
Justification:
[] (add a more detailed description of the situation, e.g. I do not want you to process my personal data for direct marketing purposes (including profiling)
———————————————————————————————————————
(H) – not to be subject to a decision based solely on automated processing of personal data, including profiling, which you process about me in connection with [] (specify the nature of the relationship with the controller or other circumstances in which personal data may be processed which will help the controller to identify you)
Application Details:
[] (indicate the specific requirements and justification for the request, e.g. as the above processing may have adverse effects on me, such as [] I request processing of my data in a way other than purely automated)
———————————————————————————————————————
If you have any questions or concerns, please contact me at [] (include contact information such as email, phone number or address, etc.)
Thank you in advance for the processing of the request.
Regards,
___________________________
[] (name, surname and signature of the person concerned)