Last updated: April 19th, 2023.
The Company has adopted this Personal Data Protection Policy (hereinafter referred to as the “Policy”) in order to set out and maintain an adequate level of personal data protection. This Policy applies to the processing of personal data collected by the Company from its employees, clients, and customers.
The Company respects the right of each natural person to privacy and therefore it applies all necessary measures and makes maximum efforts to secure protection of all information and personal data collected by the Company. The Company makes continuous efforts to ensure that its activities comply with the Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”) and Act No. 18/2018 on personal data protection, as amended by subsequent regulations (hereinafter referred to as the “Act”).
This Policy sets out procedures for the personal data processing carried out by the Company. Specific information and details concerning individual types of personal data processing are provided by the Company always when collecting personal data provided that the Regulation or the Act require it. Where the specific information or details differ from the information contained in this document, such specific information or details prevail over this Personal Data Protection Policy.
I. Basic provisions
- The Company´s contact data that you may use to contact the Company:
- Address: Pribinova 8, 811 09 Bratislava
- E-mail: email@example.com
- Phone number: +421902320555
- Personal data shall mean any information relating to an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, e.g. name, birth number, location data, network identifier or by a reference to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the natural person.
- The Company has not appointed a person responsible for personal data protection.
II. Sources and categories of the personal data subject to processing
- The Company may collect your personal data from various sources, including:
– the personal data disclosed to the Company directly by you;
– the personal data that the Company has collected online via electronic interactions, including web sites, mobile applications, text messages or third party social networks (e.g. LinkedIn profiles).
- The Company collects, for specific purposes, especially the following categories of personal data:
– the personal data enabling the Company to contact you personally, i.e. name and surname, mailing or e-mail address, and telephone number;
– demographic personal data including the date of birth, age, gender, location (e.g. post code, the country in which the data subject lives);
– payment information, i.e. the information concerning your bank account;
– information in relation to cooperation with (external) suppliers, i.e. biography and photo.
III. Purposes for which the Company processes personal data
- The Company collects and processes personal data only in necessary cases and to the extent necessary to fulfil the purposes for which the personal data is collected. For instance, the Company processes personal data for the following purposes:
– provision of services in accordance with our terms and conditions;
– your registration and keeping of your data within the Company´s internal database of potential candidates for business cooperation with the Company;
– cooperation between the Company and you based on a special agreement.
- The Company does not carry out automated individual decision-making under Sec. 28 of the Act.
IV. Who are the recipients of the personal data disclosed by the Company
- The Company will never disclose your personal data to any third party that intends to use such data for marketing purposes unless the Company informs you about it in advance and you provide the Company with your express consent to such disclosure. The Company may disclose your personal data to third parties only in expressly agreed cases.
- When processing your personal data, the Company may use its data processors, i.e. third parties, such as business companies or sole traders, who have been cooperating with the Company in a long run and have been processing your personal data on behalf of the Company based on special written personal data processing agreements. Such third parties are bound by the personal data processing agreements and pursuant to those agreements, they maintain confidentiality and security in respect of your personal data and shall process your personal data only based on the Company´s express instructions. Such third parties shall ensure the same level of security for your personal data as the level provided by the Company.
- The Company does not transfer your personal data to any third country (outside the EU).
V. Rights of data subjects
- As the data subject under the Regulation and the Act, you have the following rights:
- the right to withdraw the consent to personal data processing – after giving your consent to personal data processing, you have the right to withdraw the consent at any time during the period to which it applies and in the same manner in which it has been given;
- to request that the Company provide you with the access to your personal data and the right to receive the Company´s confirmation whether the Company processes your personal data – based on the right to access to personal data you are entitled to receive from the Company, at no charge, one copy of your personal data subject to processing by the Company. The Company may charge a reasonable fee corresponding to administrative expenses for any other copies that you may request. If you file a request via electronic means, the Company will provide you with relevant information in a commonly used electronic format unless you request another manner of information provision;
- the right to personal data rectification – you have the right to request that the Company rectify your inaccurate personal data without undue delay or complement your incomplete personal data;
- personal data erasure – you have the right to request that the Company delete your personal data without undue delay where (A) the personal data is no longer necessary for the purpose in respect of which the consent has been obtained or for which the personal data has been processed; (B) you revoke your consent based on which the Company processes your personal data; or (C) where the personal data has been processed unlawfully;
- right to restrict personal data processing – where (A) you contest the accuracy of your personal data, for the period of time enabling the Company to verify the accuracy of your personal data; (B) personal data processing based on the consent is unlawful and you oppose the erasure of your personal data and request restriction of the use of the data instead; (C) the Company does not need the personal data for the purpose under the consent but you need the data to prove, enforce or defend your legal claims. If the personal data processing is restricted, except for the processing through personal data saving, the Company may further process your personal data only based on your consent;
- the right to portability of personal data – you have the right to receive the personal data concerning you that you have provided to the Company, in a structured, commonly used and machine-readable format and you have the right to transmit the personal data to another controller without hindrance from the Company. You have the right to have your personal data transmitted by the Company directly to another data controller, where technically feasible;
- the right to object, based on grounds concerning a specific situation, to personal data processing – where the processing is carried out in order to perform a task carried out in the public interest or within the exercise of public authority vested in the Company or where such processing is necessary due to legitimate interests pursued by the Company or by a third party but your interests, rights and freedoms requiring personal data protection override such interests;
- the right to file a complaint with a supervisory authority – the Office for Personal Data Protection of the Slovak Republic in Bratislava if you believe that processing of your personal data is in contradiction with the relevant legal regulations of the Slovak Republic regulating personal data protection.
VI. Personal data protection
Pursuant to the Regulation and the Act, the Company shall implement appropriate technical and organizational measures to safeguard personal data protection and to demonstrate that personal data processing is carried out in compliance with the Regulation and the Act. The Company has introduced several technical and organizational measures, including:security measures within the operating environment in which the Company collects your personal data in a secure area and the access to which is permitted only to authorized persons such as the Company´s employees;mechanical security measures implemented within the premises where personal data is stored;access rights (i.e. implementation of passwords) to the storage media containing personal data;protection of data storage media containing personal data through application of anti-virus software, etc.;regular creation of back-ups of your personal data.The Company hereby declares that only the persons authorized by the Company have access to your personal data.
VII. Personal data retention
The Company will retain your personal data only for the period of time strictly necessary for specified purposes and in compliance with all legal regulations valid within the territory of the Slovak Republic.
© 2023 Fit&Co