For information system: IS Marketing (legitimate interest)
Information on personal data processing with regard to data subjects pursuant to § 19 and § 20 of Act No 18/2018 Coll., on the protection of personal data and amending certain acts (hereinafter referred to as the ‘Act’) and Articles 13 and 14 of Regulation (EC) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to personal data processing and on the free movement of such data (hereinafter referred to as the ‘GDPR’)
The purpose of this information is to provide you with information about which personal data we process, how we treat such personal data, for which purposes we use the data, to whom we can provide it, where you can obtain information concerning your personal data and exercise your rights within the personal data processing.
Identification and contact details:
The data controller processing your personal data is HIMEX PLUS s.r.o., Mudrochova 2, 835 27 Bratislava, Business ID No: 35 837 187, email: firstname.lastname@example.org (hereinafter referred to as the ‘Data Controller’).
The purpose of personal data processing and legal basis of processing
The purpose of personal data processing is: to perform marketing activities (informing concerning news, discounts and other marketing offers) related to the purchased or procured services or goods.
Personal data is processed on the basis of: the legitimate interest of the Data Controller in accordance with § 13(1)(f) of the Act and Article 6(1)(f) of the GDPR.
Legitimate interests of the Data Controller or third party
Personal data processing is carried out for the purpose of legitimate interests of the Data Controller or a third party – the performance of marketing activities.
Identification of the processed personal data of data subjects
The data subjects whose personal data is processed are: clients/customers.
Scope of processed personal data: degree, first name, surname, email address, telephone number
Identification of recipients, categories of recipients
The Data Controller may provide personal data to the authorised entities such as institutions and organisations, authorised by a specific law, or contractors (especially data processors) who have undertaken to accept reasonable guarantees to maintain processed personal data protection as follows:
Other authorised entity
general binding law in accordance with § 13(1)(c) of Act No 18/2018 Coll., on personal data protection and amending certain other acts
Personal data may be provided to other recipients with the data subject’s consent or by their order.
Transfer of personal data to a third country/an international organisation
Transfer to the third countries or to the international organisations is not carried out.
Identification of the source from which personal data was collected
Directly from the data subject (in person, by email, by telephone, via the Data Controller’s website).
Term of keeping the personal data
The Data Controller processes personal data for the time necessary to fulfil the purpose (however, no longer than 5 years from the data subject’s last request).
The Data Controller does not process personal data by profiling or similar manners based on automated individual decision-making.
The data subject’s rights
The data subject has the right to request access to the data processed data from the Data Controller, and also the right to personal data rectification, the right to erase or restrict personal data processing, the right to object to personal data processing, the right to ineffectiveness of automated individual decision-making, including profiling, the right to personal data portability, as well as the right to bring proceedings to the supervisory authority. If the Data Controller processes personal data with the data subject’s consent, the data subject has the right to withdraw their consent to personal data processing at any time. Withdrawal of the consent does not affect the lawfulness of personal data processing based on consent prior to its withdrawal. The data subject can exercise their rights by sending an email to email@example.com or in writing to the Data Controller’s address.
Obligation to provide personal data
The data subject provides their personal data voluntarily and can expect to be informed about various marketing activities (informing about news, discounts and other marketing offers) related to the purchased or procured services or goods in the future. If personal data is not provided, they will not be informed with regard to news, discounts or other marketing offers and they will not be provided with the services or goods procured.