Privacy policy

Spoločnosť Harmanec - Kuvert, spol. s.r.o., so sídlom Padličkovo 3, 977 01 Brezno, IČO: 36 618 675, zapísanej v obchodnom registri Okresného súdu Banská Bystrica, oddiel Sro, vložka č. 8413/S

Personal data protection

On 25/05/2018 new legislation concerning the protection of personal data entered into force, therefore we bring you information on the processing of personal data based on Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons in the processing of personal data and on the free movement of such data (further “GDPR”) and Act No. 18/2018 Coll. on the protection of personal data and on the amendment of certain laws. Operator: Harmanec – Kuvert, spol. s r.o., Padličkovo 3, Brezno 977 01, ID: 36 618 675, e-mail: ochranaou@harmanec-kuvert.sk, in connection processes personal data for various purposes with its activities, in most cases the processing of personal data is necessary according to a special regulation or an international treaty to which the Slovak Republic is bound. The operator has appointed a responsible person to oversee the protection of personal data. The duties of the responsible person according to the GDPR are carried out by the external consulting company Top Privacy s.r.o. According to Article 38 par. 4 contact at the e-mail address: zodpovednaosoba@topprivacy.sk. We would also like to inform you about the way we handle your personal data, about your rights as well as about the legal basis for processing personal data.When familiarizing yourself with the information according to Article 13 of the GDPR, you may come across terms that are defined as follows:

Definition of basic concepts

  • with the consent of the person concerned, any serious and freely given, specific, informed and unambiguous expression of the will of the person concerned in the form of a statement or a clear affirmative act by which the person concerned expresses consent to the processing of his personal data,
  • genetic data personal data relating to inherited genetic characteristics of a natural person or acquired genetic characteristics of a natural person, which provide unique information about the physiology or health of this natural person and which result mainly from the analysis of the biological sample of the natural person in question,
  • biometric data personal data that are the result of special technical processing of personal data related to physical characteristics of a natural person, physiological characteristics of a natural person or behavioral characteristics of a natural person and which enable unique identification or confirm the unique identification of this natural person, such as in particular facial image or dactyloscopic data,
  • health-related data personal data related to the physical health or mental health of a natural person, including data on the provision of health care or services related to the provision of health care, which reveal information about his health condition,
  • processing of personal data means a processing operation or a set of processing operations with personal data or sets of personal data, in particular obtaining, recording, organizing, structuring, storing, changing, searching, browsing, using, providing by transmission, dissemination or in another way, rearranging or combining , restriction, erasure, whether by automated means or non-automated means,
  • profiling, any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal signs or characteristics relating to a natural person, in particular to analyze or predict the signs or characteristics of the person concerned related to his performance at work, financial conditions, health, personal preferences, interests, reliability, behavior, location or movement,
  • pseudonymisation processing of personal data in such a way that it cannot be assigned to a specific data subject without the use of additional information, if such additional information is stored separately and is subject to technical and organizational measures to ensure that personal data cannot be assigned of an identified natural person or an identifiable natural person,
  • a log record of the user’s activity in the automated information system,
  • online identifier means an identifier provided by an application, tool or protocol, in particular IP address, cookies, login data to online services, radio frequency identification, which can leave traces, which, especially in combination with unique identifiers or other information, can be used to create a profile of the person concerned and for its identification,
  • information system means any organized set of personal data that can be accessed according to specified criteria, regardless of whether the system is centralized, decentralized or distributed on a functional or geographic basis,
  • data subject is any natural person whose personal data is processed
  • the operator is anyone who, alone or together with others, defines the purpose and means of processing personal dataand processes personal data in his own name; the operator or specific requirements for its designation may be established in a special regulation or international agreement to which the Slovak Republic is bound, if this regulation or this agreement establishes the purpose and means of processing personal data,
  • the recipient is anyone to whom personal data is provided, regardless of whether it is a third party; a public authority that processes personal data on the basis of a special regulation or an international treaty to which the Slovak Republic is bound in accordance with the personal data protection rules applicable to the given purpose of personal data processing is not considered a recipient.
  • a third party is anyone who is not a data subject, an operator, an intermediary or another natural person who processes personal data on the authority of an operator or an intermediary,
  • responsible person is a person designated by the operator or intermediary who performs tasks according to the GDPR and Act No. 18/2018 Coll.,
  • representative is a natural person or legal entity with a registered office, place of business, organizational unit, place of business or permanent residence in a member state, authorized in writing by the operator or intermediary in accordance with Article 27 of the GDPR,
  • undertaking a natural person – an entrepreneur or a legal entity performing economic activity regardless of its legal form, including associations of natural persons or associations of legal persons that regularly perform economic activity,
  • a group of companies controlling the company and the companies controlled by it,
  • main establishment:

a)      place of central administration of the operator in the European Union, if it is an operator with establishments in more than one member state, except in the case when decisions on the purposes and means of personal data processing are taken in another establishment of the operator in the European Union and this other establishment has the authority enforce the implementation of such decisions, in which case the main establishment is considered to be the establishment that made such decisions, b)      place of central administration of the intermediary in the European Union, if it is an intermediary with establishments in more than one member state or if the intermediary does not have a central administration in the European Union, the establishment of the intermediary in the European Union, in which the main processing activities are carried out in the context of the activities of the establishment of the intermediary , to the extent that the intermediary is subject to special obligations under the GDPR and Act No. 18/2018 Coll.,

  • an international organization means an organization and its subordinate entities governed by public international law, or any other entity that was established by an agreement between two or more countries or on the basis of such an agreement,
  • a member state is a state that is a member state of the European Union or a contracting party to the Agreement on the European Economic Area,
  • a third country is a country that is not a member state.

In the next section, you will find the names of information systems, which are divided according to the purpose of processing personal data, each of them, when clicked, contains detailed information according to Article 13 GDPR, which will explain in detail why and how we process your personal data.

Purposes of personal data processing

About visitors to the website of the operator and people using the e-shop of Harmanec – Kuvert, spol. Ltd. the operator processes personal data in the following information systems:

  1. COOKIES,
  2. E-SHOP,
  3. MARKETING – súhlas dotknutej osoby,
  4. MARKETING – oprávnený záujem,
  5. SPRÁVA REGISTRATÚRY,
  6. ÚČTOVNÉ DOKLADY,
  7. AGENDA OCHRANY OSOBNÝCH ÚDAJOV.

The operator processes personal data about employees and persons in a similar employment relationship in the following information systems:

  1. MZDY A PERSONALISTIKA,
  2. SPRÁVA REGISTRATÚRY,
  3. ÚČTOVNÉ DOKLADY,
  4. OZNAMOVANIE PROTISPOLOČENSKEJ ČINNOSTI,
  5. KAMEROVÝ SYSTÉM,
  6. SÚDNE SPORY,
  7. AGENDA OCHRANY OSOBNÝCH ÚDAJOV,
  8. PROPAGÁCIA,
  9. CIVILNÁ OCHRANA,
  10. HOSPODÁRSKA MOBILIZÁCIA,
  11. KONEČNÝ UŽÍVATEĽ VÝHOD.

The operator processes personal data about visits and people moving around the company’s premises in the following information systems:

  1. EVIDENCIA NÁVŠTEV,
  2. KAMEROVÝ SYSTÉM,
  3. AGENDA OCHRANY OSOBNÝCH ÚDAJOV,

The operator processes personal data about business partners in the following information systems:

  1. SPRÁVA REGISTRATÚRY,
  2. ÚČTOVNÉ DOKLADY,
  3. EVIDENCIA OBCHODNÝCH PARTNEROV,
  4. AGENDA OCHRANY OSOBNÝCH ÚDAJOV.

Last but not least, we would like to inform you about your rights under the GDPR and Act No. 18/2018 Coll. on the protection of personal data and on amendments to certain laws. The person concerned has the right to access to their data. Based on the request of the person concerned, the operator will issue a confirmation on whether the personal data of the person concerned are being processed. If the operator processes this personal data, it will issue a copy of this personal data based on the request of the person concerned. If the person concerned requests information in the form of electronic means, it will be provided to him in a commonly used electronic form, namely by e-mail, unless he expressly requests another method of provision. The person concerned has the right to correction of personal data if the operator records incorrect personal data about him. At the same time, the person concerned has the right to completion of incomplete personal data. The operator will correct or supplement personal data without undue delay after the person concerned requests it. The data subject has the right to erasure (the right to be forgotten) of personal data concerning him, provided that:

  1. personal data are no longer necessary for the purposes for which they were obtained or otherwise processed;
  2. the person concerned revokes the consent on the basis of which the processing is carried out,
  3. the person concerned objects to the processing of personal data,
  4. personal data were processed illegally,
  5. the reason for the erasure is the fulfillment of an obligation of the law, a special regulation or an international treaty to which the Slovak Republic is bound, or
  6. personal data was obtained in connection with the offer of information society services to a person under the age of 16.

The affected person will not have the right to delete personal data, provided that their processing is necessary:

  1. to exercise the right to freedom of expression and information;
  2. to fulfill an obligation according to the law, a special regulation or an international treaty to which the Slovak Republic is bound, or to fulfill a task carried out in the public interest or in the exercise of public authority entrusted to the operator,
  3. for reasons of public interest in the field of public health,
  4. for the purposes of archiving in the public interest, for the purposes of scientific or historical research or for statistical purposes, if it is likely that the right to erasure will make it impossible or seriously difficult to achieve the goals of such processing, or
  5. to demonstrate, exercise or defend legal claims.

The operator shall delete the personal data of the persons concerned upon request, without undue delay after evaluating the request of the person concerned as reasonable. The data subject has the right to restrict the processing of personal data if:

  1. the correctness of personal data is challenged by an objection according to this article, during the period allowing the operator to verify the correctness of personal data;
  2. the processing is illegal and the person concerned requests the restriction of their use instead of erasure of personal data;
  3. the operator no longer needs personal data for the purposes of processing, but the data subject needs them to prove, exercise or defend legal claims;
  4. the person concerned has objected to the processing of personal data based on the legitimate claim of the operator, until it is verified whether the legitimate reasons on the part of the operator prevail over the legitimate reasons of the person concerned.

If the person concerned requests the restriction of the processing of his personal data, the operator will not carry out any processing operations with the affected data, except storage, without the consent of the person concerned.

The affected person will be informed by the operator if the restriction on the processing of this data is lifted.

The data subject has the right to data portability, which means obtaining the personal data that he has provided to the operator, while he has the right to transfer this data to another operator in a commonly user-readable and machine-readable format, provided that the personal data was obtained on the basis of with the consent of the person concerned or on the basis of a contract and their processing takes place in the form of automated means.

The person concerned has the right at any time to object to the processing of his personal data for reasons related to his specific situation. The person concerned may object to the processing of his personal data on the basis of:

  1. legal title of the performance of tasks carried out in the public interest or in the exercise of public authority, or from the legal title of the legitimate interest of the operator,
  2. processing of personal data for direct marketing purposes,
  3. processing for the purposes of scientific or historical research or for statistical purposes.

If the person concerned objects to the processing of personal data for the purposes of direct marketing, the operator cannot further process their personal data.

The operator will assess the received objection in a reasonable time. The operator may not continue to process personal data if he does not demonstrate the necessary legitimate interests in processing personal data that outweigh the rights or interests of the person concerned, or grounds for asserting a legal claim.

The person concerned has the right to the ineffectiveness of automated individual decision-making, including profiling, if the operator processes personal data by profiling or in a similar way based on automated individual decision-making.

The person concerned has the right at any time to revoke his consent to the processing of personal data, as long as the processing of personal data was based on this legal basis. The affected person revokes his consent in the manner indicated in the consent itself or in this information, if there is no such information, he revokes the consent by contacting the operatorwith his request in any chosen way. The operator’s contact details are listed above. The legality of the processing of personal data prior to the withdrawal of consent based on the consent granted is not affected by its withdrawal.

The affected person has the right to file a complaint / motion to initiate proceedings to the supervisory authority – the Office for the Protection of Personal Data of the Slovak Republic with registered office Hraničná 4826/12, 820 07 Bratislava – Ružinov tel. number: +421 /2/ 3231 3214; mail: statny.dozor@pdp.gov.sk, https://dataprotection.gov.sk, if it believes that its rights in the area of ​​personal data protection have been violated. In the case of submission of the proposal in electronic form, it is necessary that it fulfills the requirements according to § 19 par. 1 of Act no. 71/1967 Coll. on administrative procedure (correct order).

Dotknutá osoba sa môže so svojimi pripomienkami a žiadosťami týkajúcimi sa spracúvania osobných údajov obrátiť na prevádzkovateľa a to písomnou formou alebo elektronickými prostriedkami na kontaktných údajoch uvedených v úvode textu.