Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or "GDPR") took effect on 25 May 2018, we are therefore fulfilling our information obligation towards data subjects.
In accordance with the new modification in effect, we would like to inform you that we fully respect the right to the protection of personal data of our employees, business partners and clients, as well as all other persons who disclose their personal data to us, and we are committed to protecting them in accordance with the GDPR.
We are committed to protect the personal data of data subjects with the utmost care and to use the highest security standards for their protection.
We will always handle the personal data of data subjects within the limits of the GDPR, taking care to protect them from unauthorised misuse, damage, loss or disclosure to third parties when handling them.
In order to ensure the greatest possible protection of data subjects' personal data, our website is protected by state-of-the-art security systems to prevent (i) unauthorised access to the personal data of data subjects, (ii) unlawful data corruption, (iii) unauthorised alteration, (iv) incorrect use of the personal data of data subjects or (v) their misuse.
The purpose of this document is to explain how the personal data of data subjects are processed, for what purpose they are processed, and what are the rights of data subjects under the GDPR, stating the following:
The Controller is NEXINEO s.r.o., registered office: Pestovateľská 2, 821 04 Bratislava – Ružinov, company ID: 47 020 946, registered in the Commercial Register of the Bratislava I District Court, section: Sro, insert no.: 87516/B, which alone or jointly with others defines the purposes and means of processing of data subjects' personal data.
Data subjects are identified or identifiable natural persons whose personal data we process.
Personal data are any information relating to an identified or identifiable natural person, i.e. the data subject.
Processing of personal data is an operation or a set of operations with personal data or sets of personal data, such as obtaining, recording, organising, structuring, storing, processing or altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, rearranging or combining, restricting, erasing or destroying, whether or not by automated or non-automated means.
Please note that personal data may be transferred to other (third) parties – processors who are obliged to process the data for us on the basis of an agreement, e.g. IT services, processors.
Personal data processing principles
We process the personal data of data subjects on the basis of the following personal data processing principles:
- purposefulness of the processing of personal data
- minimisation of the processing of personal data
- correctness, completeness and accuracy of personal data
- minimisation of the retention of personal data
- legitimacy of the processing of personal data
Purposes of the processing of personal data
- Processing of employees' personal data
We process the personal data of our employees on the following legal bases:
- performance of a contract;
- legal obligation;
- consent to the processing of personal data.
We process employees' personal data on the legal basis of performing contractual and legal obligations under employment contracts and in accordance with employment law, social security, levy obligations, and to ensure occupational safety and health.
In the case of publication, storage and disclosure of employee photographs, and storage of private telephone numbers and email addresses, we require a separate explicit consent from employees.
- Processing of personal data of job applicants and their storage in the register
We process the personal data of job applicants who may be contacted again if they are unsuccessful in filling a vacancy, but only if the data subject has given his or her consent.
- consent to the processing of personal data.
- Processing of personal data of customers and business partners
The company processes personal data of its customers and business partners on the following legal bases:
- performance of a contract;
- legal obligation;
- legitimate interest.
We process the personal data of these data subjects in contracts, orders or other filing systems containing the contact details of companies or natural persons, as well as natural persons – entrepreneurs.
- Performing contracts for customers and business partners
We process the personal data of customers/data subjects on the basis of a purchase contract, intermediation contract, cooperation contract, work contract or an order. We only process customer personal data that are necessary for the fulfilment of the contract or order and for contacting the customer or business partner during the performance of the contract, if needed.
Personal data are processed during the period of contract performance and order execution.
- Legal obligation
We process personal data of customers/data subjects for the purpose of handling complaints in the scope of data on the goods complained about, providing service for computer equipment, and data provided by a customer when making a complaint, receiving service in connection with a purchased product.
The Commercial Code and the Civil Code, as amended, are applied.
Personal data are processed during the period of performance of a purchase contract, order or work contract, and during the warranty period for the purchased product.
- Legitimate interest
We also process personal data of customers and business partners to whom we send news.
We use marketing communication on the legal basis of legitimate interest with existing customers whose email address we have obtained in connection with the sale of similar services and goods. We consider the given processing of personal data for direct marketing purposes to be our legitimate interest. The customer or business partner may request to receive information when signing a contract or sending an order.
- Consent to data processing for the purpose of providing a reference
We process the personal data of data subjects for the purpose of providing a reference concerning the evaluation of the quality of the provided services by means of a video recording where the image of the data subject is displayed.
We process personal data on the legal basis provided for by the GDPR, namely the data subjects' granted consent.
Data subjects grant us consent to the management, processing and storage of personal data for the purpose of providing references and publicity for the company until the consent is withdrawn by the data subjects.
Granting consent is voluntary. The consent may be withdrawn at any time by the data subjects by means of a notice of withdrawal of consent in the form in which the consent was granted. The consent is granted until withdrawn by the data subjects.
- Consent to the processing of data for the purpose of registering for a webinar
The data subjects' personal data collected through the registration form for the Controller's webinar are processed for the following purposes: (i) fulfilment of the obligations of the Controller and the data subject arising from the data subject's registration for the educational event organised by the Controller, (ii) informing the data subject about the successful registration for the educational event, about possible changes in the organised educational event, or providing other more detailed information, (iii) exercising any further legal rights of the Controller and the data subject arising from the registration for the educational event organised by the Controller, (iv) occasionally informing the data subject about other educational events by sending a newsletter about products, services, ongoing sales and discounts, planned webinars, or other information about products and/or services provided within the scope of the Controller's activity.
The personal data of the data subject who has registered for a webinar organised by the Controller via the designated registration form are processed on the basis of Article 6(1)(b) of the GDPR, under which the processing of personal data is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to concluding the contract.
For the purposes of the processing of the data subject's personal data, the registration form is considered an order (contract) concluded between the webinar participant and the Controller via the designated form located on the website.
The data subject's personal data are processed for the period during which any claims of the data subject and/or the Controller relating to the fulfilment of the obligations arising from the registration for a webinar can be exercised. Personal data are thus stored in accordance with the general limitation periods defined in Act No. 40/1964 Coll., the Civil Code, as amended, for a maximum period of 1 year from the date of processing the data subject's registration for the educational event.
If the data subject registers for a webinar organised by the Controller via the registration form on the website, the Controller processes the following personal data: first and last name, email, name of the school or legal entity on behalf of which the person is registering, registered office, company ID, telephone.
If the data subject has filled in and sent the registration form for a webinar organised by the Controller, the personal data are also appropriately processed for the purposes and under the conditions specified in the following section on data processing for the purpose of sending newsletters of these personal data processing conditions.
- Consent to data processing for the purpose of sending newsletters – marketing communication
We process data subjects' personal data for the purpose of marketing communication concerning general information about news (general newsletter) via email in the scope of first and last name and email address.
We obtain consents to receive the newsletter via our website or forms, for example. It is possible to unsubscribe from the newsletter at any time by clicking "unsubscribe" at the bottom of the website.
We process personal data on the legal basis provided for by the GDPR, namely the data subjects' granted consent.
Data subjects grant us consent to the management, processing and storage of personal data for the purpose of direct marketing through the sending of newsletters.
Granting consent is voluntary. The consent may be withdrawn at any time by the data subjects by means of a notice of withdrawal of consent in the form in which the consent was granted. The consent is granted until withdrawn by the data subjects.
The Controller is entitled, in the imminent expiry of the period for which consent to the processing of personal data was granted, to contact the data subjects with a request to re-grant consent to the processing of personal data necessary for the sending of the newsletter.
If a website visitor registers via the website to a webinar and/or uses other services provided by the Controller, the Controller may send the newsletter on the basis of the Controller's legitimate interest [Article 6(1)(f) of the GDPR]. Before processing personal data on this legal basis, the Controller has carefully examined whether the processing of personal data on this legal basis does not constitute a disproportionate interference in the rights and freedoms of the data subject, and has carried out a proportionality test to that end.
The legitimate interest of the Controller in sending the newsletter stems from the Controller's desire to ensure a sufficient level of awareness of those data subjects who have previously attended a webinar organised by the Controller and/or used other services provided within the scope of the Controller's activity, and who are reasonably expected to have a continuing interest in attending other educational events organised by the Controller and/or using other services provided within the scope of the Controller's activity.
For the purpose of sending the newsletter, data subjects' personal data are processed
- for a period of 5 years from the date of consent to the processing of personal data in cases where the newsletter is sent on the basis of the visitor's consent to the processing of personal data, or
- for a period of 5 years from the last time a data subject has registered for a webinar organised by the Controller and/or used other services provided within the scope of the Controller's activity.
Transfer of personal data to third countries
Data subjects' personal data will not be transferred to third countries.
Automated decision-making, including profiling
We inform data subjects that we do not perform automated decision-making, including profiling of data subjects' personal data, which has legal effects concerning them or similarly significantly affects them.
Recipients of personal data
Personal data will not be disclosed to recipients of personal data.
Rights of data subjects
The granting of consent is without prejudice to the rights of data subjects.
On the basis of a written request to the address of the Controller's registered office or an electronic request to the following email address: accounting@nexineo.com, data subjects have the right to:
- request access to their personal data and to rectify, erase or restrict the processing of their personal data
- object to the processing of their personal data
- portability of their personal data
- lodge a complaint with the Office for Personal Data Protection of the Slovak Republic.
Right to be informed about processing
means the right to request confirmation as to whether or not personal data of the data subject are being processed.
Right to access personal data
means the right to gain access to personal data and other information, and to receive a copy of the personal data processed by the company.
Right to rectification
means the right of data subjects to request the rectification of incorrect/incomplete personal data processed by the company.
Right to erasure
means the right to erasure of personal data if one of the grounds set forth in the GDPR is met (in particular, if the personal data is no longer necessary for the purposes for which it was collected or processed by the company, if a data subject withdraws consent and the company has no other legal basis for the processing, if a data subject objects to the processing, or if the company processed the personal data unlawfully…).
Right to restriction
means the right to restrict the processing of personal data if one of the grounds set forth in the GDPR is met (e.g. if a data subject notifies the company that it is processing incorrect personal data about him or her, he or she may request the restriction of processing of personal data until it is corrected).
Right to data portability
means the right to obtain in a structured, commonly used and machine-readable format the personal data relating to him or her that he or she has provided to the company. Data subjects have the right to have this personal data transferred to another controller if technically feasible and if the conditions set forth in the GDPR are met.
Right to object
means the right to object, on grounds relating to a particular situation, to the processing of personal data concerning him or her that are necessary for the purposes of the legitimate interests pursued by the Controller, including the right to object to profiling which is based on the legitimate interests of the Controller. The right to object also means the right to object to nonconsensual processing of personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
Please be advised that the supervisory authority is the Office for Personal Data Protection of the Slovak Republic, registered office: Hraničná 4826/12, 820 07 Bratislava, Slovak Republic. If data subjects suspect that their personal data are being unlawfully processed, they may lodge a petition with the Office for the initiation of a personal data protection procedure.
Cookies
Simply put, cookies are small text files that your internet browser stores on your computer. They enable our systems to recognise your browser and thus to tailor our internet offer to your needs as closely as possible. If you are not interested in these cookies, you can set your browser to not accept new cookies, or to notify you of new cookies, or to disable these cookies. Cookies do not cause any damage to your computer and do not contain any viruses.