GDPR

Politik der Informiertheit der betroffenen Person (DSGVO)
GDPR

The Operator - NECTEL, spol. s r. o. is responsible for the processing of personal data under Regulation (EC) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46 / EC (hereinafter GDPR), and Act no. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Acts (hereinafter "the Act"). Our data protection rules are in compliance with the applicable data protection law. This information policy shall explain in a transparent way the information under Articles 13 and 14 of the GDPR or the Art. 19 and 20 of the Act.

 

  1. Personal data administrator – the operator is the company that determines the purpose and means of processing personal data:

Business name: NECTEL, spol. s r.o.
Address: Hrachová 18D, 821 05 Bratislava
Company ID: 31 362 141
VAT ID: 2020319730
VAT Reg. no.: SK2020319730

 

  1. Persons concerned – natural persons, employees of the operator and their family members (spouses of employees of the operator, dependent children of employees, parents of dependent children of employees, close persons), job seekers, employees of buyers and suppliers, natural persons entering the building.  

 

  1. Personal data categories the operator processes: personal data - (name, date of birth, domicile - street, house number, postcode, town, phone number, email address, education details, number of children, photography, video) and a special category of personal data (data revealing trade union membership, health data).

 

  1. Purposes of the processing of personal data (personal data may not be further processed in a way incompatible with these purposes) and the legal basis for the provision of such data:
     
    Purpose of the processing of personal data Legal basis
    HR and wages - the purpose of processing contributions to a social insurance company Compliance with legal obligations (Article 6, par. 1, letter c) GDPR
    HR and wages – the purpose of processing contributions to a health insurance company Compliance with legal obligations (Article 6, par. 1, letter c) GDPR
    HR and wages – the purpose of fulfilling the obligation under Act no. 595/2003 Coll. on Income Tax, as amended Compliance with legal obligations (Article 6, par. 1, letter c) GDPR
    HR and wages – OSH and fire protection training of employees and the recording of accidents Compliance with legal obligations (Article 6, par. 1, letter c) GDPR
    HR and wages – the purpose of fulfilling the employer's employment-related obligations, similar relationships (e.g. on the basis of employment agreements), including pre-contractual relationships Compliance with legal obligations (Article 6, par. 1, letter c) GDPR
    Processing of accounting documents Compliance with legal obligations (Article 6, par. 1, letter c) GDPR
    Attendance system - record of attendance and overtime of employees and part time job employees Compliance with legal obligations (Article 6, par. 1, letter c) GDPR
    Attendance system (with biometric data, with chip card and photo) - unambiguous attendance system Art. 6, par. 1, letter a) GDPR (consent of the person concerned)
    Management of the paperwork of the members of the company’s bodies pursuant to Act No. 513/1991 Coll. The Commercial Code and Act no. 530/2003 Coll. on the Business Register Compliance with legal obligations (Article 6, par. 1, letter c) GDPR
    Paperwork on clients - recording and processing of business cases, contracts and related information Performance of the contract (Article 6, par. 1, letter b) GDPR)
    Paperwork on clients–recording and processing of assembly, service provision, supply of goods Performance of the contract (Article 6, par. 1, letter b) GDPR)
    Paperwork on suppliers - recording and processing of business cases, contracts and related information Performance of the contract (Article 6, par. 1, letter b) GDPR)
    Employees of suppliers - compliance with the obligations under Act no. 82/2005 Coll. on Illegal Labor and Illegal Employment, as amended Compliance with legal obligations (Article 6, par. 1, letter c) GDPR
    Administration of the registry Compliance with legal obligations (Article 6, par. 1, letter c) GDPR
    Paperwork on jobseekers - selection of new employees Consent (Article 6, par. 1, letter a) GDPR
    GPS recording - company property/ health protection of people using means of transport, detection of crime Protection of legitimate interests (Article 6, par. 1, letter f) GDPR
    Promotion of the organization (staff photos) Consent (Art. 6, par. 1, letter a) GDPR)
    Complaints records Compliance with legal obligations (Article 6, par. 1, letter c) GDPR
    External responsible person – meeting the obligation under GDPR to determine the responsible person (Art.37-39) Art. 37 – Art. 39 GDPR
    Camera system – space unavailable to the public - company property/ health protection of people staying at the monitored premises, detection of crime Article 6, par. 1, letter f) GDPR (legitimate interests)
    Camera system – space available to the public - company property/ health protection of people staying at the monitored premises, detection of crime Article 6, par. 1, letter f) GDPR (legitimate interests)
    Notification of anti-social activity - investigation of complaints under Act no. 307/2014 Coll. on certain measures relating to the notification of anti-social activities and on the amendment of certain laws Compliance with legal obligations (Article 6, par. 1, letter c) GDPR
    Presentation of the organization - promotion of the company's activities on the website Article 6, par. 1, letter a) GDPR (consent of the person concerned)
    Training and courses –  paperwork regarding training and courses, training participants Article 6, par. 1, letter a) GDPR (consent of the person concerned)
    Occupational health and safety at work paperwork - records of occupational safety, records of occupational injuries. Compliance with legal obligations (Article 6, par. 1, letter a) GDPR)

     

  2. Retention period - your personal data is processed as long as necessary for the purposes for which personal data is being processed. Your personal data will most often stop being processing after:

a) the expiry of the retention period set by the registry plan for the registry records containing your personal data and after the approval of the disposal procedure;

b) the expiry of the maximum retention period for your personal data that are being processed for a specific purpose, as defined in the internal policy governing the retention period for your personal data processed for specific purposes;

c) the complete settlement of our mutual contractual obligations;

d) revocation of your consent to the processing of personal data.

More specific retention periods regarding personal data arise from our privacy policy (listed in the records of processing activities). In any case, we will not systematically process any accidentally obtained personal data for any purpose defined by the Operator and / or established by law. If possible, we inform the person concerned whose personal data we accidentally obtained and, according to the nature of the case, we will provide the person concerned with the necessary assistance to restore the control of his or her personal data. Immediately after carrying out these necessary actions aimed at solving the situation, all accidentally obtained personal data will be deleted in a safe manner.

 

  1. Intermediaries - our business partners who may have access to your personal data also comply with the privacy policy and have entered into a personal data processing agreement (the list of intermediaries is available on request at gdpr@nectel.sk).

The recipients of the personal data of the persons concerned are the different categories of subjects to whom we provide your personal data in the fulfillment of our statutory duties and / or our own employees with whom you come into contact. Public authorities, such as administrative authorities, courts or law enforcement bodies will only be able to get hold of your personal data to a legally authorized extent. Below is a list of categories of recipients of your personal data:

 

a) administrator IT services

b) software and technical support suppliers

c) consulting companies

d) postal services operators

e) lawyers, distrainer, notaries

f) accountants – auditors

g) the use of external personnel agencies to carry out the selection of suitable jobseekers and / or to participate in the selection of suitable jobseekers

 

  1. Data protection at the operator: we take technical and organizational security measures to protect your data from unwanted access to the greatest extent possible. Only the authorized persons of the operator who are instructed to process and protect such personal data have access to the relevant personal data. 

 

  1. The processing of personal data is carried out within the Member States of the European Union and the European Economic Area. The processing of personal data in the territory of a third country may be carried out only with the consent of the operator and subject to the specific conditions laid down in the GDPR.

 

  1. Personal data will not be used for automated individual decision making, including profiling.

 

  1. Proper processing of your personal data is important for NECTEL, spol. s r. o. You may exercise the following rights when we process your personal data:

a) Revoke consent – in cases where your personal data is processed based on your consent, you have the right to revoke your consent at any time. You can withdraw consent electronically, at the address of the person in charge, in writing, by notice of withdrawal of consent or in person at the office. Revocation of consent does not affect the lawfulness of the processing of personal data we have carried out prior to the consent revocation.

b) Right of access: he data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, where possible, the envisaged period for which the personal data will be stored, the right to lodge a complaint with a supervisory authority, the existence of automated decision-making, including profiling. You have the right to request copies of processed personal data unless this act has adverse effects on the rights of other natural persons.

c) Right to rectification: you shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you.

d) Right to erasure: you shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay in the event the requirements under GDPR are met (in particular if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, he personal data have been unlawfully processed. The right to erasure shall not apply, in particular, when the processing of personal data is necessary for the purposes of proving, applying or defending the legal rights of the operator or third parties).

e) Right to restriction of processing: you shall have the right to obtain from the controller restriction of processing if the accuracy of the personal data is contested by the data subject, the processing is unlawful, the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.

f) Right to data portability – you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. However, the right to portability concerns only personal data that we have obtained from you based on consent or under a contract to which you are one of the parties.

g) Right to object: you shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

 

  1. You have the right to file a complaint with the Office for the Protection of Personal Data of the Slovak Republic or with another competent supervisory authority, especially if it is assumed that there has been a breach in processing of personal data.

Contact for exercising the above rights: if you contact us by e-mail at gdpr@nectel.sk or by post at Nectel, spol. s r.o., Hrachova 18D, 821 05 Bratislava, we will store the data you have provided us (your e-mail address, your name, surname and your telephone number) to answer your questions. or to meet your request. Data will be erased if it is no longer necessary for the purpose of processing, or we will restrict its processing if there is a legal obligation to store it. We will provide you with the information on the measures taken regarding the adopted measures as soon as possible, but not later than within one month. If necessary, and given the complexity and number of requests, we are entitled to extend this period to two months. We will inform you on the possible extension of this period including the reasons for doing so.