PRINCIPLES OF PROCESSING PERSONAL DATA AND THE PERSONAL DATA PROTECTION SYSTEM UNDER THE GDPR REGULATION
The purpose of these principles is to demonstrate that the processing of personal data by operators is carried out in accordance with the currently valid legal regulation, in particular Act 18/2018 Coll. (EC) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, hereinafter referred to as the "GDPR Regulation" ). The new regulation obliges the operator to take appropriate technical and organizational measures to ensure and demonstrate that the processing of personal data is carried out according to the nature, scope and purpose of the processing of personal data and to the risks of varying likelihood and seriousness for the rights of a natural person with the new legislation. The above mentioned measures are updated by the operator.
This document is the result of an assessment of the processing of personal data by operators for the purposes of the legal provisions governing the protection of personal data. The introduction of standardized personal data protection based on the principles outlined below minimizes the risk of personal data breaches.
Business Name: Bluefin Century, s. r. o.
Address: Kremnická 3576/24, Bratislava 851 01, Slovak Republic
Legal Form: Limited Liability Company
ID: 46 019 138
Registration: company registered in the Commercial Register of the District Court Bratislava I., Section: Sro, Insert 70421 / B
Statutory authority: Roland Rozsi, Managing Director
(hereinafter referred to as the "Operator")
If you wish to contact us during processing of your personal information, you may contact us at:
Delivery Address: Kremnická 3576/24, Bratislava 851 01, Slovak Republic
Email Address: email@example.com
Phone Number: +421 220 633 178
LEGAL REASON FOR PERSONAL DATA PROCESSING:
The legal basis for the processing of personal data by the operator on the persons concerned in all categories is the following GDPR provisions, respectively. of the new ZOO Act:
- the processing of personal data is necessary for the performance of a contract to which the person concerned is a party or for a pre-contractual measure at the request of the person concerned, - pursuant to Article 13 (1) b) ZOOÚ, resp. Art. Article 6 b) GDPR.
(orders, registration ...)
- the processing of personal data is necessary under a special regulation or an international treaty binding the Slovak Republic, - pursuant to § 13 par. (1) c) ZOOÚ, resp. Art. Article 6 c) GDPR (Commercial Code ...)
- the processing of personal data is necessary for the purpose of the legitimate interests of the operator or of a third party, except where those interests prevail over the interests or rights of the data subject requiring the protection of personal data, in particular where the person concerned is a child; (1) f) ZOOÚ, resp. Art. Article 6 f) GDPR (marketing purposes)
- the further processing of personal data for the purposes of archiving, for scientific purposes, for the purpose of historical research or for statistical purposes, if it is in accordance with a specific regulation and if adequate safeguards are in place to protect the rights of the person concerned.
We declare that, as the operator of your personal data, we meet all statutory obligations required by applicable law, in particular the Privacy Act and the GDPR, and that:
- We will only process your personal data for the valid legal reason described above.
- We hereby comply with the obligation to inform the persons concerned in accordance with Article 13 of the GDPR.
- We will allow you and we will support you in exercising and enforcing your rights under the new ZOOÚ Act and the GDPR Regulation.
- Contract Partners
- Customers of the Operator
PURPOSES OF PROCESSING:
We process personal information you entrust to us for the following purposes:
The operator processes your personal data obtained in connection with business activities about their contractual and pre-contractual partners.
Your personal details - business name, postal address, billing details: VAT ID, e-mail address, telephone number, Skype name, contact person's name and surname are processed to:
- order processing, delivery of the ordered goods and all related items
- the processing of demand for goods and services, its takeover and all the related issues
- identification of the Contracting Party
- provision of an agreed service
The person concerned is required to provide true and up-to-date personal information. In the event of a change in personal data, the person concerned shall immediately notify the operator of the change.
WHAT WE WILL DO WITH YOUR PERSONAL DATA:
- Your personal data is stored for 10 years from the last order.
- The operator ensures that the personal data provided by the person concerned in the contract in question or in any other way will be processed in the information systems in accordance with the principle of minimization of storage and, in case the processing purpose is lost, the operator is guaranteed to erase the personal data. In the event that such personal data are processed for a purpose other than that set forth in this Article, the person concerned will be informed of this purpose as well as the legal basis of such processing prior to such processing.
PROTECTION OF PERSONAL DATA:
We protect personal information to the fullest extent possible. We protect them as if they were our own. We have put in place all possible technical and organizational measures to prevent the misuse or destruction of your personal data.
We have taken appropriate technical and organizational measures to secure personal data, and only authorized persons have access to them. After the personal data retention period expires, these data are deleted.
SUBMISSION OF PERSONAL DATA TO THIRD PARTIES
Your personal data is accessed by authorized people, authorized by operators who are bound by confidentiality and training in the field of processing safety.
Most of the processing operations are handled by ourselves and we do not need to hand them over to a 3rd party.
In order to provide some specific processing operations that we can not provide ourselves with, we use the services of intermediaries who specialize in the processing and are bound by the broker agreement in accordance with the GDPR.
SUBMISSION OF DATA OUTSIDE THE EUROPEAN UNION:
We process data only in the European Union or in countries that provide protection under the European Commission's decision.
YOUR RELATIONS WITH PERSONAL DATA PROTECTION:
The rights of the person concerned are defined in Chapter 3 of the GDPR. It is, for example, on the right to require the operator to access personal data relating to the data subject, the right to rectify or erase or restrict the processing or the right to object to processing, as well as data portability rights and the right to lodge a complaint with the supervisor.
You have several rights in relation to the protection of personal data. If you wish to use any of these rights, please contact us via the above-mentioned email address.
You have the right to the information that is already covered by these privacy policies. - Information obligation
Thanks to the right of access, you can invite us at any time, and we will provide you with a 30-day notice that we will process your personal data.
If anything changes or any of your personal information is outdated or incomplete, you have the right to supplement and change personal information.
You may benefit from the right to limit the processing if you believe that we are processing your inaccurate data, you think we are processing illegally, but you do not want to delete all the data or if you object to the processing.
You can limit the scope of personal data or processing purposes.
Right to Deletion (Even Forgotten): Your next right is the right of erasure, in the absence of a legal basis that entitles us or, the legal obligation that instructs you to process your personal information. In this case, we will delete all your personal information from our system, including from the system of all partial processors and advances within the statutory time limit.
Privacy Statement Complaint: If you feel that we do not treat your data in accordance with the law, you have the right to appeal at any time to the Office for the Protection of Personal Data. We will be very pleased if you first inform us about this suspicion so that we can do something about it and correct any mistakes.
However, in the processing of personal data by the controller for the purpose defined in this Article of the Directive, the person concerned may only exercise those rights which have a defined purpose and the legal basis on the basis of which personal data relating to the person concerned are processed.
REQUIREMENTS FOR PROVIDING PERSONAL
Providing personal data that serves a defined purpose is both a legitimate and a contractual requirement. The data are necessary for the provision of the service, the delivery of the ordered goods, to fulfill the legitimate interests of the operator.
INFORMATION ON THE EXISTENCE OF AUTOMATED INDIVIDUAL DECISIONS INCLUDING PROFILING
The operator declares that, on the basis of the personal data provided by the persons concerned, the operator does not have an automated, individualized decision, including profiling.
We assure you that as an operator and also our employees, co-workers and intermediaries who will process your personal information are required to keep confidential personal data whose disclosure would jeopardize the security of your personal information. This discretion lasts even after our relations with us have ended. Without your consent, your personal information will not be disclosed to a third party.
EVALUATION OF THE AGREEMENT
The person concerned hereby honestly declares that it gives the operator its explicit and unconditional consent to process its personal data to the above-mentioned extent for the purpose and for the aforementioned period.
The person concerned has the right at any time to withdraw his / her consent. Revocation of consent does not affect the lawfulness of processing based on consent prior to its revocation.