This document describes the method and purpose of personal data processing by Bizzcom s.r.o., č.591, Bučany 919 28,, Org ID: 36814351 as the controller (“controller”), and provides all other legally required information, including information on the rights of data subjects and how to exercise such rights.

Regulation (EU2016/679  on personal data protection (“GDPR”) constitutes the legal regulation governing the protection of natural persons in the processing of personal data and on the free movement of such data and protects the basic rights and freedoms of natural persons, especially in relation to their personal data protection rights.

Under Article 4 (1) GDPR, the term “personal data” refers to any information concerning an identified or identifiable natural person (“data subject”).

Processing” is an operation or set of operations involving personal data or a set of personal data performed using automated or non-automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or other form of provisioning, alignment or combination, restriction, erasure or destruction thereof (Article 4(2) GDPR).

Under Article 12 et seq. GDPR, a data subject must be provided with relevant information on the processing activities conducted by the controller and their rights as a data subject.

Validity” given that updated information may be required in the future concerning the processing of personal data contained in this policy, the controller is authorised to update this policy at any time.This version of the policy was issued on 1 January 2021.

1. ON WHAT BASIS MAY WE PROCESS YOUR PERSONAL DATA?

Processing is only lawful when at least one of the following conditions is met in the required scope:

  • the data subject has expressed consent to the processing of their personal data for one or more specific purposes,
  • processing is necessary to fulfil an agreement to which the data subject is a party or to take measures prior to the conclusion of such agreement at the data subject’s request,
  • processing is necessary to comply with statutory obligations,
  • processing is necessary for the purposes of a legitimate interest being followed by the operator or a third party, except in such cases where the interests or basic rights and freedoms of the data subject seeking personal data protection take priority over these interests, especially if the data subject is a minor child.

2. WHAT HAPPENS IF PERSONAL DATA IS NOT PROVIDED?

If your personal data is processed within:

  • the provisioning of personal data to comply with a statutory or contractual requirement, the data subject is obliged to provide such personal data. Without providing personal data, it is impossible to fulfil an order or conclude an employment agreement
  • You provide any of your personal data voluntarily and you are obliged to consider the extent to which you provide personal data. We cannot respond to your suggestion or request without receiving some personal data.

3. YOUR PERSONAL DATA WE OBTAIN

You most often provide your personal data to us:

  • we obtain it directly from you, for example, from communication with you via the contact form on our website,
  • if you become our customer or are interested in our goods or services,
  • during the controller’s hiring process to fill an open position or in records of job candidates where no specific potential position is specified,
  • during the controller’s hiring process to fill an open position via the contact form on our website,

4. JOB APPLICATION

The controller processes the personal data of job candidates for the purposes of maintaining records in hiring processes to fill the controller’s open positions and to record the personal data of job candidates who have applied in general and not for a specific position. If the controller decides to conclude an employment agreement with any job candidate, or any other similar agreement outside of employment, i.e. the decision is made to hire a candidate, the personal data of such candidate will be processed by the controller to comply with its obligations when entering into an employment arrangement.

Legal basis: in accordance with the provisions of Article 6 (4) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”). Act 311/2001 Coll., the Labour Code, as amended.

Retention period: for a period of 1 year from the date of receipt of a CV, after which the data will be deleted.

5. WHY DO WE PROCESS PERSONAL DATA, WHAT PERSONAL DATA DO WE PROCESS, AND HOW LONG MAY WE RETAIN YOUR PERSONAL DATA?

Your personal data will be processed pursuant to specific regulations and for purposes defined by the controller:

INFORMATION ON THE PURPOSES OF PROCESSING PERSONAL DATA, LEGAL BASIS, RECIPIENTS AND RETENTION PERIODSCATEGORY OF RECIPIENTSYEARS
RETAINED
Hiring employeesAct No. 311/2001 Coll. the Labour Code, as
amended
Act No. 552/2003 Coll., on Public Service, as amended
Act No. 596/2003 Coll on State Administration i Education and Local Education Governance and on amendment of certain acts
Act No. 317/2009 Coll. on Pedagogical Employees and Professional Employees, and on amendment of certain acts
personal data provided in a CV, personal data provided in a criminal record, or proof of education1 year
Adaptation process (employee training)Act No. 311/2001 Coll. the Labour Code, as amended
Act No. 552/2003 Coll., on Public Service, as amended
Act No. 5/2004 Coll. on Employment Services and on amendment of certain acts, as amended
contractual arrangements
Act No. 596/2003 Coll on State Administration i Education and Local Education Governance and on amendment of certain acts
Act No. 317/2009 Coll. on Pedagogical Employees and Professional Employees, and on amendment of certain acts
Ministry of Interior of the Slovak Republic, other authorised state authorities, if data is provided based on regular statutory obligations5 years after termination or expiration of the relevant obligation
Fulfilment of the employer’s obligations under employment and similar arrangementsAct No. 311/2001 Coll. the Labour Code, as amended
Act No. 552/2003 Coll., on Public Service, as amended
Act No. 5/2004 Coll. on Employment Services and on amendment of certain acts, as amended
Act No. 553/2003 Coll. on Remuneration for Certain Employees Performing Public Service and on amendment of certain works, as amended
contractual arrangements,
Act No. 596/2003 Coll on State Administration i Education and Local Education Governance and on amendment of certain acts
Act No. 317/2009 Coll. on Pedagogical Employees and Professional Employees, and on amendment of certain acts
employees, employee representatives, other authorised state authorities, if data is provided based on regular statutory obligations70 years
Fulfilment of the employer’s obligations to the social insurance authorityAct No. 461/2003 Coll. on Social Insurance, as amended
Act No. 43/2004 Coll. on Old-Age Pension Savings, as amended
Act No. 650/2004 Coll. on Supplemental Pension Savings and on amendment of certain acts, as amended
Act No. 462/2003 Coll. on Income Compensation for Temporary Employee Sick Leave and on amendment of certain acts, as amended
social insurance authority10 years
Fulfilment of the employer’s obligations to health insurersAct No. 580/2004 Coll. on Health Insurance and on amendment of Act No. 95/2002 Coll. on Insurance and on amendments of certain acts, as amendedhealth insurers10 years
Occupational health service documentation, the information system used by the occupational health service conducting services for the controller based on a contract to maintain the required documentationAct No. 355/2007 Coll. on the Protection, Promotion and Development of Public Health and on amendment of certain acts, as amendedstate and public authorities responsible for audit and surveillance activities5 years after termination or expiration of the relevant obligation
occupational health and safety (OHS) documentation, the information system used to maintain the required OHS documentationstatutory obligation, public interest, Act No. 311/2001 Coll. the Labour Code, as amended, Act No. 124/2006 Coll. on Occupational Health and Safety, Act No. 42/1994 Coll. on Civil Defence, as amened, Act No. 355/2007 Coll. on the Protection, Promotion and Development of Public Health, Constitutional Act No. 227/2002 Coll. on State Security During War, State of War, Martial Law and State of Emergencyentity providing services under a specific act, the employer, Public Health Authority5 years after termination or expiration of the relevant obligation
Fulfilment of tax obligationsAct No. 595/2003 Coll. on Income Tax, as amendedtax authority10 years
Employer’s remuneration policyAct No. 311/2001 Coll. the Labour Code, as amended
Act No. 553/2003 Coll. on Remuneration for Certain Employees Performing Public Service and on amendment of certain works, as amended, Act No. 580/2004
Act No. 580/2004 Coll. on Health Insurance and on amendment of Act No. 95/2002 Coll. on Insurance and on amendments of certain acts, as amended, Act No. 461/2003 Coll. on Social Insurance, as amended, Act No. 595/2003 Coll. on Income Tax, as amended, Act No. 43/2004 Coll. on Old-Age Pension Savings, as amended, Act No. 650/2004 Coll. on Supplemental Pension Savings and on amendment of certain acts, as amended, Act No. 5/2004 Coll. on Employment Services and on amendment of certain acts, as amended, Act No. 462/2003 Coll. on Income Compensation for Temporary Employee Sick Leave and on amendment of certain acts, as amended, Act No. 152/1994 Coll. on the Social Fund and on amendment of Act No. 595/2003 Coll. on Income Tax, as amended
Health insurers, social insurance authority, tax authority, supplementary pension savings management firms,50 years
ExecutionAct No. 59/2018 Coll. on Court-Appointed Executors and Execution Activities (Execution Code), Article 6 (1)(c) GDPRpersons authorised under the relevant regulations, notaries10 years
Registry managementArticle 6 (1)(c) GDPR
Act No. 395/2002 Coll. on Archives and Registries and on amendment of other acts, as amended
Ministry of Interior of the Slovak Republic, other authorised entity,records are retained for 10 years after the termination of such records
Records of received and sent mailArticle 6 (1)(c) GDPR, Act No. 369/1990 Coll. on Municipalities, as amended, Act No. 395/2002 Coll. on Archives and Registries and on amendment of other acts, as amended, Act No. 305/2013 Coll. on Electronic Form of the Exercise of the Powers of Public Authorities and amendment of certain acts (e-Government Act)data is not provided to any recipient3 years
Processing of accounting documentsAct No. 431/2002 Coll. on Accounting, as amended, Act No. 222/2004 Coll. on Value Added Tax, as amended, Act No. 145/1995 Coll. on Administrative Fees, as amended, Act No. 40/1964 Coll., the Civil Code, as amended, Act No. 152/1994 Coll. on the Social Fund and on amendment of certain acts, Act No. 595/2003 Coll. on Value Added Tax, as amended, Act No. 311/2001 Coll., the Labour Code, as amended, Act No. 583/2004 Coll on Local Government Budgetary Rules, as amendedtax authority10 years
Resolving complaintsArticle 6 (1)(c) and (e) GDPR
Act No. 9/2010 Coll. on Complaints as amended
Law enforcement
other authorised state authority
5 years after termination or expiration of the relevant obligation
Exercise of the rights of data subjectspersonal data processing is permitted under Article 6 (1)(c) in accordance with Article 15 to 22 and 34 GDPRstate administration bodies, public authorities and public administration under relevant legislation5 years from the date of processing the request
CCTV system used to protect the controller’s propertylegitimate interest under Article 6 (1)(f) GDPR. The primary legitimate interest is protecting the property and safety of the controller and data subjectsMembers of the Police Corps if necessary, the controller’s legal counsel6 days
Control mechanism for monitoring employeespursuant to §13 (4) of Act No. 311/2001 Coll., the Labour Code, as amendedMembers of the Police Corps if necessary, the controller’s legal counsel6 days
Disclosure of video recordings to law enforcementpursuant to Article 6 (1)(c) GDPRstate administration bodies, public authoritiesrecords may be used to demonstrate legal entitlement and the controller will process this data for the period necessary to demonstrate them
GPS monitoring of company and private trips (if employees may use a company vehicle for personal use as well), transparent accounting of fuel costs, automatic generation of trip logs, location of stolen vehiclesthe processing of personal data is permitted under §13 (4) of Act No. 311/2001 Coll. the Labour Code, as amended, Act No. 431/2002 Coll. on Accounting, as amended, Act No. 222/2004 Coll. on Value Added Tax, as amended, Act No. 595/2003 Coll. on Income Tax, as amended.
pursuant to Article 6 (1)(b) GDPR
law enforcement if a crime has been committed, tax authority, administrator of the GPS system10 years
Quotation form on the websitepursuant to Article 6 (1)(b) GDPRdata is not provided to any recipientuntil the complete settlement of legal and other entitlements under the contractual arrangement, a minimum of 1 year from the date of termination of the contractual arrangement
Preparation, conclusion and execution of business arrangements and agreements with suppliers, service providers and providers of human resources servicespursuant to Article 6 (1)(b) GDPRstate administration bodies, public authorities10 years
Publication of photos of employeespursuant to Article 6 (1)(a) GDPRthe controller’s websitewe will process your personal data for this purpose until you revoke consent, or for a maximum of 5 years
Records of visitors who enter the controller’s premisespursuant to Article 6 (1)(f) GDPRcourts, law enforcement, inspectors of the Personal Data Protection Office of the Slovak Republic, other authorised entity pursuant to the Personal Data Protection Act or other specific legislation1 year
Obtaining and providing the contact data of employees, the employees of service providers, state and public bodies with whom the controller is engaged in correspondence, and contact data for other persons with the controller’s lawful activitiesArticle 6 (1)(f) GDPR, processing is necessary to accomplish the controller’s legitimate interestscontracting parties, partners in the performance of design activities, state administration bodies, public authorities5 years
Investigation of complaints pursuant to Act No. 307/2014 Coll. and Act No. 54/2019 Coll. on Whistle-blower Protections and on amendment of certain actsArticle 6 (1)(c) and (e) GDPR, Act No. 307/2014 Coll. on Specific Measures Related to Whistle-blowing Activities and on amendment of certain acts, Act No. 54/2019 Coll. on Whistle-blower Protections and on amendment of certain actsparties to proceedings, the courts, law enforcement, inspectors of the Personal Data Protection Office of the Slovak Republic3 years
Network security and safety
Sharepoint – (practically a company-wide website, where employees can find everything they need for productive and efficient work)
Article 6 (1)(f) GDPR, processing is necessary to accomplish the controller’s legitimate interestscourts, law enforcement, inspectors of the Personal Data Protection Office of the Slovak Republic, other authorised entity pursuant to the Personal Data Protection Act or other specific legislation5 years
Resolution of customer complaintsAct No. 250/2007 Coll. on Consumer Protection, as amended, Act No. 372/1990 Coll. on Offences, as amended, and Act No. 18/2018 Coll. on Personal Data Protection, as amendedtrade inspection authorities in the context of consumer protection5 years

6. WHO ARE THE RECIPIENTS OF YOUR PERSONAL DATA?

Categories of recipients: state and public administration bodies, local government, the administrator of the Company’s website, auditor, lawyer, information technology administration and support provider, the providers of information services in justified instances, the courts and law enforcement.

7. PUBLICATION OF PERSONAL DATA

Personal data is processed on the basis of a specific need and requirement. During events organised by the controller, data subjects may be involved in the controller’s promotional activities by having their photographs, a visual recording or an audio-visual recording published on the controller’s website.

8. AUTOMATED INDIVIDUALISED DECISION-MAKING

Personal data will not be used forautomated individualised decision-making, including profiling.

9. TRANSMISSION OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION

No personal data is transmitted to any third country or international organisation.

10. CONFIDENTIALITY

Please allow us to assure you that our employees and collaborators who will process your personal data are obliged to maintain confidentiality regarding personal data. Such confidentiality endures after termination of contractual arrangements with us.

11. SECURITY FOR PERSONAL DATA

Your personal data is safe with us. To prevent unauthorised access and misuse of your personal data, we have taken suitable measures of a technical and organisational nature. The security of your personal data is important to us. As such, we regularly check their security and continue to improve on security measures. We strive to employ security measures that provide an adequate level of security given with respect to the latest technology. The security measures that are deployed are updated on a regular basis.

12. DATA SUBJECTS  

They are primarily employees, clients, and any natural person whose personal data is processed.

13. RIGHTS OF DATA SUBJECTS

To revoke consent – in instances where we process your personal data based on your consent, you have the right to revoke such consent at any time. You may revoke consent electronically at the specified email address, in writing, or in person at the controller’s registered office. The revocation of consent has no impact on the lawfulness of the processing of your personal data processed on this basis. Regardless, you have the right to object to the processing of your personal data at any time.

Right to access – you have the right to be provided with a copy of your personal data that we have available and to informationabout how we use your personal data. In the majority of cases, your personal data will be provided in written paper form, unless otherwise required by you. If you request such information electronically, the information will be provided to you electronically if technically feasible.

Right to correction – we will take appropriate measures to ensure the accuracy, completeness and currency of all information that we have available about you. If you believe that the information we have available is inaccurate, incomplete or no longer current, please do not hesitate to request that we change, update or amend such information.

Right to deletion (to be forgotten) – you have the right to request that we delete your personal data, for instance if the personal data we received from you is no longer necessary to accomplish the original purpose of processing. However, your right must be considered from the aspect of all relevant circumstances. For example, we may have certain legal or regulatory obligations, which means that we may not comply with your request.

Right to restrict processing – under specific circumstances, you are authorised to request that we stop using your personal data. For instance, if you believe that the personal data we have about you is inaccurate or if you believe that we no longer need to use your personal data.

Right to transmit data – under specific circumstances, you have the right to request that we transmit the personal data you provided to use to a third party of your choosing. However, the right to transmit data only refers to personal data obtained from you based on your consent or based on a contract that you are a party to.

Right to object – you have the right to object to the processing of your personal data based on our legitimate interests. If we have no convincing legitimate reason for such processing and you object, we will no longer process your personal data.

Right to file a complaint

To file a complaint regarding the manner in which we process your personal data, including the exercise of any of the above rights, you may contact us electronically at gdpr@bizzcom.sk or use the contact details provided in the heading of this document. We will thoroughly review all your suggestions and complaints. You have the right to file a complaint with the supervising authority, the Personal Data Protection Office of the Slovak Republic.

We will respond to your request at no charge within 30 days. If your request is complex or you send a large number of requests, we may extend this term by an additional 60 days. We will inform you if such eventuality occurs. 

If you make a repeated request, we are authorised to charge a reasonable administrative fee to cover the costs associated with providing such services.