Contact us

Privacy Policy

Information from the operator on the processing of personal data of data subjects – customers

pursuant to the provisions of Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter referred to as the “GDPR Regulation”) and Section 19 of Act No. 18/2018 Coll. on the protection of personal data (hereinafter referred to as the “Act”)

(hereinafter referred to as the “Information”)

Company:

Business name: Techno box services s.r.o. Registered office: Partizánska cesta 3, 974 01 Banská Bystrica
IČO: 54 126 428
Registration: in the Commercial Register of the District Court of Banská Bystrica, section Sro, file no. 42269/S
Statutory representative: Martin Kúšik, manager.
Contact details: info@tbsgroup.sk

(hereinafter referred to as the “Company” or “Operator”),

informs the Data Subjects about the protection of personal data (hereinafter referred to as the “PD”) pursuant to the provisions of Article 13 of the GDPR Regulation and Section 19 of the Act as follows:

  1. For the purposes of this Information, the Data Subject is understood to be a natural person (i) who orders services from the Operator (hereinafter referred to as the “Orderer”) or (ii) to whom the Operator provides services ordered by the Data Subject from a third party (hereinafter referred to as the “Recipient”) or (iii) to whom the Operator sends a newsletter or notifications regarding the order or (iv) who fills out and sends to the Operator a form on the basis of which he/she leaves feedback for the services provided, or a contact form on the Operator’s website www.technoboxservices.sk
  2. The Operator is in the legal position of the Operator in relation to the Data Subject pursuant to the GDPR Regulation and the Act, i.e. a person who alone or jointly with others defines the purpose and means of processing the Personal Data and processes the Personal Data on his/her own behalf.
  3. Legitimate interests of the Operator or a third party, if the PD is processed pursuant to Article 6(1)(f) of the GDPR and Article 13(1)(f) of the Act (Article 13(1)(d) of the GDPR and Article 19(1)(d) of the Act): The Operator processes the PD on the basis of a legitimate interest in the case of natural persons to whom the Operator has already provided a service and sends them advertising notices about its products and information leaflets about this activity. The data subject may at any time object to such addressing. Based on this statement, the Operator will not address this Data Subject.
  4. Identification of the recipient or category of recipient, if any (Article 13(1)(e) of the GDPR and Article 19(1)(e) of the Act):
    0. accounting software provider Pohoda – STORMWARE s.r.o., Company ID: 36244791, with its registered office at Matúšova 48, 811 04 Bratislava,
    1. external collaborator,
    2. external data storage provider – Google Drive software provider,
    3. external marketing service provider,
    4. external payment service provider,
  5. The Operator processes the following Personal Data of Clients, for the purposes, on the basis of the legal basis and for the period of processing as follows (Article 13, paragraph 1, letters c), e) and paragraph 2, letter e) of the GDPR Regulation and Section 19, paragraph 1, letters c), e) and paragraph 2, letter a) of the Act):
List of processed personal data Purpose of processing personal data
(Article 5(1) of the GDPR and Section 7 of the Act)		 Legal basis for processing personal data
(Art. 6 para. 1 GDPR and § 13 para. 1 of the Act)		 Legal/contractual requirement/requirement necessary for the conclusion of a contract/obligation of the data subject to provide personal data/possible consequences of failure to provide personal data
(Article 6(1) of the GDPR and Article 13(1) of the Act)
Personal data processing period (Article 5(1)(e) of the GDPR and Section 10 of the Act)
Personal data of the Data Subject, , in particular:

i. Identification data: title, first name, last name

ii. Contact details: phone number, email address

iii. Other necessary data

 Identification of the contracting party to the contract.

Fulfillment of the Operator’s legal and contractual obligations arising from generally binding legal regulations (especially accounting regulations) and from the contract

 The processing of personal data is necessary for the performance of a contract to which the Data Subject is a party, or to take steps prior to entering into a contract at the request of the Data Subject (Article 6(1)(b) of the GDPR and Article 13(1)(b) of the Act) in connection with specific regulations or international agreements to which the Slovak Republic is bound (Article 6(1)(c) of the GDPR and Article 13(1)(c) of the Act) The provision of personal data is a requirement necessary for the conclusion of a contract between the Data Subject and the Controller. Consequently, it is a contractual requirement in conjunction with the requirements arising from specific legal regulations.

Failure to provide personal data will make it impossible to identify the Data Subject, and therefore also impossible to conclude a contract establishing cooperation between the Data Subject and the Operator, and impossible to fulfill legal obligations.

 During the duration of the cooperation and according to the legal regulations of the Slovak Republic.
Title, first name, last name, e-mail address of the Data Subject for the purposes of sending the newsletter Sending general advertising notices about the Operator’s products and services

and information leaflets
about the activities of the Operator to persons who have requested it on the Operator’s website

 The consent of the data subject to the processing of his personal data for at least one specific purpose (Article 6(1)(a) of the GDPR
and Section 13(1)(a) of the Act)		 Voluntariness of providing data.

Failure to grant consent will result in commercial offers of products and services not being sent.

The data subject may withdraw the consent given at any time.

 For a period of 3 (three) years, or until the consent is withdrawn.
Title, name, surname, telephone number and e-mail address of the Data Subject for the purposes of sending the newsletter Sending advertising notices about the Operator’s products
and information leaflets about the Operator’s activities to persons to whom the Operator has provided services		 Legitimate interest of the Operator (Article 6(1)(f) of the GDPR Regulation and Section 13(1)(f) of the Act) Legal authorisation of the Operator

The data subject may unsubscribe from newsletters at any time.

 For a period of 3 (three) years, or until the time of receipt of the request

to cancel the newsletter
Personal data obtained via the form, in particular the email address
and possibly other Personal data specified in the text of the submitted form		 Collection of Personal Data via the form in order to prepare a response to the Data Subject for the feedback sent Consent of the Data Subject to the processing of his/her personal data for at least one specific purpose (Article 6(1)(a) of the GDPR
and Section 13(1)(a) of the Act)		 Voluntariness of providing data.

Failure to grant consent will result in the Personal Data of the Data Subject not being used for the intended purpose and the Operator not providing the requested response.

The data subject may withdraw the consent provided at any time.

 For the duration of the consent to which the data subject has expressed his/her consent (processing the complaint or compliment and sending a response to the data subject
  1. Information on whether the Controller intends to transfer personal data to a third country or an international organization, identification of the third country or international organization (Art. 13(1)(f) GDPR and Section 19(1)(f) of the Act):
    The Data Subject has the following rights in relation to the Controller regarding personal data:
    The Controller intends to make such a transfer only in the case of fulfilling a contract between the Controller and the customer in connection with the provision of services.
  2. The right of the Data Subject to request from the Controller access to personal data concerning the Data Subject, the right to rectification of personal data, the right to erasure of personal data, or the right to restriction of processing of personal data, the right to object to the processing of personal data, as well as the right to data portability (Art. 13(2)(b) GDPR and Section 19(2)(b) of the Act):
    The right to request access to personal data concerning the Data Subject: The Data Subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to such personal data and information about

    • the purposes of the processing of personal data,
    • the categories of processed personal data,
    • the period of storage of personal data; if this is not possible, information on the criteria used to determine that period,
    • the right to request from the Controller rectification or erasure of personal data concerning the Data Subject or restriction of their processing, or the right to object to such processing,
    • the right to lodge a petition for proceedings under Section 100 of the Act or to file a complaint with the supervisory authority under Art. 77 GDPR,
    • the source of the personal data, if the personal data have not been obtained from the Data Subject,
    • the existence of automated individual decision-making, including profiling under Art. 22(1) and (4) GDPR and Section 28(1) and (4) of the Act (in such cases the Controller shall provide the Data Subject with information in particular about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject).
    • The Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the Data Subject, the Controller may charge a reasonable fee based on administrative costs. If the Data Subject makes the request by electronic means, the information shall be provided in a commonly used electronic form, unless otherwise requested by the Data Subject.
    • The information must be provided without undue delay, at the latest within 1 month. The Controller has the right to extend the period for responding to the request by a further 2 months where requests are complex or frequent. However, the Controller must inform the Data Subject of the extension and the reasons for it within 1 month.
    • In the case of an unfounded or excessive request, the Controller has the right to charge a fee reasonable to the costs incurred or to refuse the request. The Controller must explain the reason for the refusal and inform the Data Subject of their right to lodge a complaint with the supervisory authority.
  3. Right to rectification of personal data: The Data Subject has the right to have the Controller rectify inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the Data Subject has the right to have incomplete personal data completed.
    The information must be provided without undue delay, at the latest within 1 month. The Controller has the right to extend the period for responding to the request by a further 2 months where requests are complex or frequent. However, the Controller must inform the Data Subject of the extension and the reasons for it within 1 month.
    In the case of an unfounded or excessive request, the Controller has the right to charge a fee reasonable to the costs incurred or to refuse the request. The Controller must explain the reason for the refusal and inform the Data Subject of their right to lodge a complaint with the supervisory authority.
  4. Right to erasure of personal data or the right to restriction of processing of personal data: The Data Subject has the right to have the Controller erase personal data concerning him or her without undue delay. The Controller is obliged to erase personal data without undue delay if the Data Subject exercises the right to erasure under the previous sentence, if
    • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
    • the Data Subject withdraws consent to the processing of personal data and there is no other legal basis for the processing,
    • the Data Subject objects to the processing of personal data and there are no overriding legitimate grounds for processing,
    • the personal data have been processed unlawfully,
    • the erasure is required to comply with GDPR, the Act, a special regulation, or an international treaty binding on the Slovak Republic, or
    • the personal data were collected in connection with the offer of information society services.

    The previous two sentences do not apply where the processing of personal data is necessary

    • for exercising the right to freedom of expression or the right to information,
    • for compliance with GDPR, the Act, a special regulation, or an international treaty binding on the Slovak Republic, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller,
    • for reasons of public interest in the area of public health,
    • for archiving purposes, scientific or historical research purposes, or statistical purposes, where the right is likely to render impossible or seriously impair the achievement of the objectives of such processing, or
    • for the establishment, exercise, or defense of legal claims.

    The Data Subject has the right to have the Controller restrict the processing of personal data where

    • the Data Subject contests the accuracy of the personal data, for a period enabling the Controller to verify the accuracy of the personal data,
    • the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead,
    • the Controller no longer needs the personal data for the purposes of processing, but they are required by the Data Subject for the establishment, exercise, or defense of legal claims, or
    • the Data Subject has objected to processing, pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.

    Where processing has been restricted, personal data may, with the exception of storage, only be processed with the consent of the Data Subject or for the establishment, exercise, or defense of legal claims, or for the protection of persons, or for reasons of public interest.

  5. Right to object to the processing of personal data: Where personal data are processed for direct marketing purposes, the Data Subject has the right to object at any time to the processing of his or her personal data, including profiling. Where the Data Subject objects to processing for direct marketing purposes, the Controller shall no longer process the personal data for such purposes.
  6. Right to data portability: The Data Subject has the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another controller. The right to data portability must not adversely affect the rights and freedoms of others. This right applies if
    0. the processing is based on consent or contract, and
    1. the processing is carried out by automated means.
    The Controller has a period of 1 month to transfer the data, which may be extended by 2 months if the transfer is complex. The Controller must inform the Data Subject of the extension and explain the reasons for it. If the Controller fails to carry out the transfer, it must inform the Data Subject of the reasons and of the Data Subject’s right to lodge a complaint with the supervisory authority.
  7. Right of the Data Subject to withdraw consent to the processing of personal data at any time (Art. 13(2)(c) GDPR and Section 19(2)(c) of the Act):
    The Data Subject has the right to withdraw consent to the processing of personal data concerning him or her at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The Data Subject may withdraw consent in the same manner in which it was given.
  8. Right of the Data Subject to file a petition to initiate proceedings under Section 100 of the Act or a complaint with the supervisory authority under Art. 77 GDPR (Art. 13(2)(d) GDPR and Section 19(2)(d) of the Act):
    Without prejudice to any other administrative or judicial remedy, the Data Subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work, or place of the alleged infringement, if the Data Subject considers that the processing of personal data concerning him or her infringes GDPR.
    The Data Subject has the right to file a petition with the Office for Personal Data Protection to initiate proceedings on personal data protection. The purpose of the proceedings is to determine whether the rights of natural persons in the processing of their personal data have been infringed, or whether GDPR, the Act, or a special regulation in the area of personal data protection has been breached, and, if deficiencies are identified, to impose corrective measures or a fine for the infringement, where justified and appropriate.
    A petition to initiate proceedings must include:

    1. name, surname, correspondence address, and signature of the petitioner,
    2. identification of the party against whom the petition is directed, including name, surname, permanent residence or name, registered office, and identification number, if assigned,
    3. the subject of the petition indicating the rights alleged to have been infringed in the processing of personal data,
    4. evidence supporting the claims stated in the petition,
    5. a copy of a document or other evidence showing the exercise of a right under the Act or a special regulation, if such a right was exercised by the Data Subject, or reasons of special consideration for not exercising the right if the petition is filed by the Data Subject.
    6. A sample petition for initiating proceedings will be published on the website of the Office for Personal Data Protection.
  9. Existence of automated individual decision-making, including profiling (Art. 13(2)(f) GDPR and Section 19(2)(f) of the Act):
    The Controller does not use automated individual decision-making or profiling.

In Banská Bystrica, on 1 April 2022

Martin Kúšik – Managing Director
Phone: +421 902 270 879
E-mail: martin.kusik@tbsgroup.sk
Martin Kúšik – CEO
Techno Box Services s.r.o.