The purpose of this information is to explain how Dan-Slovakia Agrar, a.s., with registered office in 932 01 Veľký Meder, Nový Dvor, Slovak Republic, Reg. NO.: 36 240 729, registered in the Commercial Register of the Trnava District Court, Section: Sa, File No.: 10177/T (hereinafter the “company”) processes data subjects’ personal data and what are their rights pursuant to Regulation and Act on Personal Data Protection.
The company acquires personal data in the following ways:
- directly from their clients, employees, business partners, job seekers when concluding a contract;
- from publicly available sources, such as public registers and records;
- from persons who voluntarily provided the company with their personal data and granted the company their consent to the processing (in person, in writing, over the phone, by e-mail, through the company website, etc.);
- from persons who enter the company objects (including the records from the company camera system).
The company acquires and processes personal data only to the extent that is adequate to the purpose of the processing thereof. The company pays particular attention to the security and protection of data subjects’ personal data.
The company processes personal data on the basis of the following titles established by Regulation and Act on Personal Data Protection.:
The company can process data subjects’ personal data if it is necessary for the purposes of the company’s or third parties’ legitimate interests, however, with the exception of cases, where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Such legitimate interests of the company are as follows:
- protection of rights arising for the company from generally binding legal regulations and contracts in relation to contractual partners and other persons; for this purpose, the company stores personal data not longer than for a period that is necessary for the protection of such rights and legitimate interests;
- protection of property, life and health; for this purpose, the company stores personal data of persons entering the company objects for a period that is necessary for the protection of such rights;
The performance of contract
The company processes data subjects’ personal data for purposes related to the fulfilment of contractual obligations of both contracting parties, primarily the conclusion, modification and termination of a contract. The provision of personal data by a data subject to the company to the extent necessary is a condition for the conclusion of the contract.
The company stores personal data for the purposes of the performance of the contract for the duration of contractual relationship between the company and the data subject and for a necessary period after the termination thereof.
The purpose of the processing of personal data in the field of business communication and business activity of a controller is to prepare and perform the controller’s business activities, within which the identification data of the controller’s business partners, suppliers and buyers is processed, including contact data of their statutory bodies, employees and other physical persons, as long as the processing of their personal data is necessary to achieve a defined purpose of the controller, and other information on the controller’s business partners, data on contractual relationships with business partners and data contained in communication between the controller and his business partners.
Legal basis of the processing of personal data consists in the controller’s legitimate interest pursued under Article 6 (1)(f) of the Regulation, and if the business partner is a physical person, then legal basis consists in the performance of a contract and the taking of measures before the contract is concluded within the controller’s business activity under Article 6 (1)(b) of the Regulation.
Compliance with legal obligation
The company can process personal data, including providing the data to public authorities and other persons, if such obligation arises for it from law. By virtue of legal obligation, the company can, for instance, provide personal data to health insurance companies, the Social Insurance Company, law enforcement authorities or other authorities or persons.
The company stores personal data for the purposes of compliance with legal obligation for a period that is necessary to comply with legal obligation defined in generally binding legal regulations.
Within the fulfilment of duties stipulated by legal regulations, we process personal data (including providing them to other entities) primarily for the following purposes:
- the processing of taxes and book keeping (Article 6 (1)(c) of the Regulation),
- personnel and payroll service (Article 6 (1)(c) of the Regulation),
- SHW (Article 6 (1)( c) of the Regulation),
- registry administration.
Consent granted by data subject
The company processes data subjects’ personal data on the basis of consent explicitly granted by the data subject.
The company stores personal data processed on the basis of the data subject’s consent for the duration of such consent or until it is revoked, depending on which situation occurs sooner.
The data subject is entitled to freely withdraw its consent to the processing of personal data any time. Withdrawal of the consent is without prejudice to the lawfulness of the processing arising from the consent before it was withdrawn.
The company can entrust third parties, so-called processors, with the processing of personal data. The company’s processors are, for instance, persons who render some services for the company, e.g. health insurance companies, supplementary pension savings banks, pension fund management companies, entity providing statistics, education agencies and trainers, entity providing occupational health service, entities providing postal services, provider of catering services on the server of which personal data are stored, employer’s suppliers, distrainors, external tax advisors, auditors, insurance companies, companies performing the administration and support of information technologies, law firms, providers of telecommunication services, providers of data storage, public authorities, courts and law enforcement authorities.
Processors process personal data for the company only on the basis of an agreement of the processing of personal data, which must fulfil requirements stipulated by Regulation and Act on Personal Data Protection, and in such cases the company strictly observes the protection of personal data that it provides to the processor.
Data subject is entitled to require from the company:
- a confirmation whether its personal data is or is not processed; if personal data was not acquired from the data subject, the data subject can require the provision of any available information on the source thereof (“the right of access to personal data”);
- if its personal data is being processed, to acquire access to personal data and further information and to obtain a copy of personal data processed by the company (“the right to be informed on the processing”); the company is entitled to charge the data subject a reasonable administrative fee in connection with a request for a copy of personal data;
- the correction of incorrect/incomplete personal data processed by the company (“the right of rectification”);
- the deletion of personal data if some of the reasons stated in Regulation or Act on Personal Data Protection is fulfilled; primarily, if personal data is not necessary any more for purposes for which the company has acquired it or processes it, if the data subject withdraws its consent and the company has no other legal basis for the processing, if the data subject objects the processing, or if the company was processing personal data unlawfully; if the processing relates to official documents containing personal data, the data subject can request the data to be returned to it (“the right to erasure”);
The right to erasure is applied as long as the processing is necessary to:
a) exercise the right to freedom of expression and information;
b) comply with a legal obligation that requires the processing under Union law or law of a member state which the controller is subject to, or to fulfil a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) on the grounds of public interest in the area of public health in compliance with Article 9 (2)(h) and (i) and Article 9 (3) of the Regulation;
d) for the purposes of archiving in the public interest, for the purposes of scientific or historical research or for statistical purposes pursuant to Article 89 (1) of the Regulation, as long as it is probable that the above-mentioned law shall render impossible or seriously impair the achievement of the objectives of that processing, or
e) for the establishment, exercise of defence of legal claims.
- restrict the processing of personal data if some of the reasons stated in the Regulation and Act on Personal Data Protection is fulfilled; for instance, if a data subject announces that the company processes incorrect data, it can require the personal data not to be processed until rectified (“the right of restriction”);
- acquire personal data that relates to it and that it provided to the company in a structured, commonly used and machine-read format; the data subject is entitled to the transfer of the personal data to other controller, if technically possible and if the terms and conditions stated in the Regulation and Act on Personal Data Protection are met (“the right to portability”);
- object, on grounds related to its specific situation, the processing of personal data that relates to it and that is necessary for the fulfilment of a task carried out in the public interest (“the right to object”);
- if legal basis of the processing of personal data consists in the data subject’s consent to any time withdraw its consent to the processing of personal data granted to the company with effects from the moment of withdrawal of the consent (“the right to withdraw consent”);
- if there is a suspicion of the unlawful processing of its data, to initiate proceedings on the protection of personal data at the Office of Personal Data Protection, Hraničná 4826/12, 820 07 Bratislava, Slovak Republic, telephone number: + 421 2 3231 3220, www.dataprotection.gov.sk.
If a data subject does not have a full legal capacity, the rights of the data subject, under the Regulation and Act on Personal Data Protection, can be exercised by a legal representative. The rights of a data subject, under the Regulation and Act on Personal Data Protection, that is not alive, can be exercised by a close relative.
A data subject can exercise its rights in writing, sending a notice to the controller (including a report sent by means of electronic mail), while the content of its request must show that it applies some of the above-mentioned rights; in such case the request is considered submitted pursuant to the Regulation.
If the data subject exercises some of the above-mentioned rights of the data subject pursuant to the Regulation and if based on the request submitted it is not possible to verify applicant’s identity, or if the controller has justified doubts about the identity of the data subject who is submitting its request, the controller reserves the right to ask the data subject to provide additional information that is necessary to confirm the identity of the data subject submitting the request.
The controller’s contact data, where it is possible to exercise the data subject’s rights is as follows:
- postal item (the data subject’s signature must be officially certified) sent to the company’s registered office address: 932 01 Veľký Meder, Nový Dvor;
- by e-mail to the company’s e-mail: firstname.lastname@example.org