Information on personal data processing

Information on personal data processing with regard to data subjects pursuant to § 19 and § 20 of Act No 18/2018 Coll., on the protection of personal data and amending certain acts (hereinafter referred to as the ‘Act’) and Articles 13 and 14 of Regulation (EC) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to personal data processing and on the free movement of such data (hereinafter referred to as the ‘GDPR’)

The purpose of this information is to provide you with information about which personal data we process, how we treat such personal data, for which purposes we use the data, to whom we can provide it, where you can obtain information concerning your personal data and exercise your rights within the personal data processing.

Identification and contact details:

The data controller processing your personal data is HIMEX PLUS s.r.o., Mudrochova 2, 835 27 Bratislava, Business ID No: 35 837 187, email: (hereinafter referred to as the ‘Data Controller’).

  1. The purpose personal data processing and legal basis of processing

The purpose of personal data processing is: implementation and fulfillment of the contractual relationship between the contracting parties

Personal data is processed on the basis of: the legitimate interest of the Data Controller in accordance with § 13(1)(f) of the Act and Article 6(1)(b) of the GDPR.

Legitimate interests of the Data Controller or third party:

Personal data processing for the legitimate interests of the Data Controller or a third party is not exercised.

  1. Identification of the processed personal data of data subjects

The data subjects whose personal data is processed are: individuals – customers, sub-tenants and employees of legal entities (clients) of the operator or statutory body/person acting on behalf of a business partner/client of the operator.

Scope of processed personal data:  name, surname, given name, address of permanent or temporary residence, correspondence address, identity card/passport/residence permit number, telephone number, email address, date of birth.

  1. Identification of recipients, categories of recipients

The Data Controller may provide personal data to the authorised entities such as institutions and organisations, authorised by a specific law, or contractors (especially data processors) who have undertaken to accept reasonable guarantees to maintain processed personal data protection as follows:

Other authorised entity general binding law in accordance with § 13(1)(c) of Act No 18/2018 Coll., on personal data protection and amending certain other acts

Personal data may be provided to other recipients with the data subject’s consent or by their order.

  1. Transfer of personal data to a third country/an international organisation

Transfer to the third countries or to the international organisations is not carried out.

  1. Identification of the source from which personal data was collected

Directly from the data subject (in person, by email, by telephone).

  1. Term of keeping personal data

The Data Controller processes personal data for the time necessary to fulfil the purpose, but no longer than 10 years.

  1. Profiling

The Data Controller does not process personal data by profiling or similar manners based on automated individual decision-making.

  1. The data subject’s rights

The data subject has the right to request access to the data processed data from the Data Controller, and also the right to personal data rectification, the right to erase or restrict personal data processing, the right to object to personal data processing, the right to ineffectiveness of automated individual decision-making, including profiling, the right to personal data portability, as well as the right to bring proceedings to the supervisory authority. If the Data Controller processes personal data with the data subject’s consent, the data subject has the right to withdraw their consent to personal data processing at any time. Withdrawal of the consent does not affect the lawfulness of personal data processing based on consent prior to its withdrawal. The data subject can exercise their rights by sending an email to or in writing to the Data Controller’s address.

  1. Obligation to provide personal data

The provision of personal data is a legal requirement/contractual requirement, or a requirement that is necessary to conclude a contract. The affected person has the obligation to provide personal data, in case of failure to provide them; the operator will not provide the affected person with the service within the scope of the contract.