Pursuant to Articles (13) and (14) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (the “Regulation”) and related provisions, we hereby provide you, the data subject, with the following information on personal data processing:
Controller: VR Force, s.r.o.
registered office: Strojnícka 90/A, 821 05 Bratislava
Corporate ID: 44881908
(hereinafter also the “Controller” or the “Company”).
Contact details of the Controller: email: v.repko@vrforce.sk, mailing address: Strojnícka 90/A, 821 05 Bratislava, phone: 00421 905 544 044.
The legitimate interests of our Company include the proper performance of the contract and the provision of services, the protection of the rights and legally protected interests of the Company and third parties, the protection of the life, health and property, financial and other interests of the Company, concluding contracts with business partners, and the processing of contact details of contracting parties and responsible/contact/authorised persons, ensuring network security and safety under the condition that the Company’s legitimate interests are not outweighed by your interests and fundamental rights and freedoms. When processing personal data, we proceed in accordance with the provisions of the Regulation and the law to ensure the protection of the privacy and confidential information and personal data entrusted to us.
In the performance of activities related to the business activities of VR Force, s.r.o. and in the implementation of tasks and obligations, we collect personal data directly from you (the data subject), or in the course of fulfilling our obligations arising from special contracts or special regulations from third parties (e.g. your employer, business/contractual partner, etc.). If you are a member of a statutory body, we may collect your personal data from publicly available sources and registers.
The data subject provides the Company with personal data for the purpose of carrying out pre-contractual measures upon request and/or in cases where the processing of the data subject’s personal data by the Controller is necessary for the conclusion or performance of a contract between the Company and the data subject or a third party, in whose name or at whose account the data subject is acting. The data subject is not obliged to provide personal data; however, the failure to provide personal data would prevent the Company from entering into a contract or the Controller from providing performance, in addition to the related possible consequences for the rights of the data subject.
The provision of the data subject’s personal data is a legal requirement where the processing of the personal data is necessary for fulfilling a statutory obligation of the Controller. The data subject is obliged to provide the relevant personal data. The failure to provide the personal data could prevent the Controller from fulfilling the tasks and obligations arising from specific legal regulations, and could lead to related consequences for the rights of the data subject under the relevant legal regulations.
The processing of personal data that we collected in the fulfilment of tasks and obligations of third parties (we did not collect the data directly from you as data subjects), for the fulfilment of the obligation to transparently inform data subjects, is subject to certain exceptions under Article 14(5) of the Regulation.
VR Force, s.r.o. does not process personal data for the purposes of automated individual decision-making, including profiling, or for the purposes of direct marketing.
Recipients or categories of recipients of personal data
Personal data is not transferred to
third countries or international organisations.
In the event of the transfer of personal data to a
recipient in a third country or international organisation, this transfer will
be arranged individually with the data subject and in accordance with the
provisions of Chapter V of the Regulation.
Personal data storage period
The principle of minimisation is followed when handling personal data. As soon as the personal data storage period has expired, the personal data will be physically destroyed and deleted; in special cases, the personal data are transferred for archiving in accordance with special regulations. Personal data will be backed up in accordance with GDPR security requirements, and pursuant to special legal regulations. Special regulations (e.g. the Act on Archives and Registries, the Act on Accounting, etc.) apply to the storage of personal data that we process about you. In the event that personal data are processed on the basis of consent provided by the data subject, the personal data will be stored for the duration of the consent for the specific purpose, or until its revocation, unless a special regulation provides otherwise.
Legal basis, purposes of personal data processing, personal data storage period
For the purposes of implementing the accounting agenda, personal data processing is carried out pursuant to Article 6(1)(c) of the Regulation, which is the Controller’s statutory obligation. Economic and accounting operations are carried out in the framework of this agenda.
Personal data processing is carried out by the Company in accordance with special regulations imposing obligations in the field of accounting (e.g. the Accounting Act, the Income Tax Act).
Categories of data subjects include employees of the Controller (including former employees), contractual business partners and their employees (including former employees) and other data subjects whose personal data may be contained in accounting records.
We collect your personal data directly from you (in person, sent by post, in the form of electronic communication, business cards) or from third parties with whom you are engaged in an employment or other contractual legal relationship (e.g. employer), or from publicly accessible registers and records.
Personal data contained in accounting records may be collected for various purposes and information. The obligation of the data subject to provide the personal data, as well as the possible consequences of not providing such data are described in greater detail in the relevant sections of this document.
The period for storing personal data in accounting records is set in accordance with special regulations at 10 years (Accounting Act, Act on Archives and Registries), unless a special regulation or international binding on the Slovak Republic provides otherwise. Recipients include public authorities, other authorised entities (contractual/business partners, third parties).
For the purposes of exercising the rights of the data subject in the field of personal data protection, the legal basis pursuant to Article 6(1)(c) of the Regulation is the fulfilment of the Controller’s statutory obligation arising from special regulations (the Regulation and the Act).
We collect personal data for these purposes directly from the data subjects. For the purposes of exercising rights, the provision of personal data is a statutory requirement; the data subject is obliged to provide the personal data. In the event that the data is not provided, the exercise of rights in the field of personal data protection could be prevented or considerably impeded. The personal data storage period for achieving the given purpose is for the period of processing of the data subject’s request.
Recipients include the relevant public authority and other eligible entities, if necessary.
For the purposes of fulfilling statutory obligations pursuant to special regulations (e.g. the Commercial Code, the Act on the Commercial Register, Act No. 297/2008 Coll. on protection against money laundering and terrorist financing, Act No. 315/2016 Coll. on the register of public sector partners), the processing of personal data is carried out pursuant to Article 6(1)(c) of the Regulation, which is the fulfilment of a statutory obligation.
The provision of personal data is a statutory requirement, and the data subject is obliged to provide the personal data. The failure to provide personal data could prevent the Company from fulfilling its statutory obligations. Such failure could also represent a breach of statutory obligations and lead to the related consequences.
The personal data storage period is 10 years from the end of the function for its collection. Personal data stated in a company’s founding documents are kept for the duration of the company’s existence. Recipients include public authorities, courts, registers and other authorised subjects if necessary.
For the purposes of the administration of registry records and records of received and sent mail, the processing of personal data pursuant to Article 6(1)(c) of the Regulation is necessary for fulfilling the Company’s statutory obligations under the Act on Archives and Registries, as well as for ensuring the fulfilment of other obligations pursuant to special regulations. Personal data processing by the Company is carried out in accordance with special regulations.
Data subjects include employees of the Controller (including former employees), contractual/business partners and their employees (including former employees), potential contractual partners, including contact/responsible persons of these entities, and other data subjects whose personal data may be contained in registry records. We collect personal data directly from you as the data subject (in person, sent by post, in the form of electronic communication, business cards) or from third parties with whom you are engaged in an employment or other legal relationship, and from publicly accessible registers and records. Personal data contained in registry records may be collected for various purposes of processing defined by the Controller, and information as to whether the data subject is obliged to provide the personal data, as well as the possible consequences of not providing such data is given in greater detail in the relevant sections of this document.
The period for storing personal data in registry records is set according to the relevant provisions of legal regulations or a specific contract and depending on the processing purposes defined by the Controller. The recipients include public authorities and other authorised entities.
For the purposes of protecting the rights and legally protected interests of the Company or third parties, the processing of personal data is based on a special regulation (e.g. the Constitution of the Slovak Republic, the Civil Code, the Civil Dispute Code, the Criminal Code, the Criminal Procedure Code, the Administrative Procedure Code, the Commercial Code, the Enforcement Code) or a legitimate interest of the Company pursuant to Article 6(1)(f) of the Regulation under the condition that the Company’s legitimate interest is not outweighed by the data subject’s interests and fundamental rights and freedoms. Personal data for the purposes of protecting the rights and legally protected interests of the Company or a third party are collected for various purposes either directly from the data subject (e.g. in the framework of contractual/pre-contractual relations), from publicly accessible data and records, and in exceptional cases from third parties that are engaged in a contractual or other legal relationship with the data subject. Information on whether the data subject is obliged to provide the personal data, as well as the possible consequences of not providing such data is given in greater detail in the relevant sections of this document, broken down by the purposes and methods of collecting such data.
The period for storing personal data for achieving a given purpose is the duration of the legitimate interest, at most the limitation periods during which legal claims of our Company can be asserted or defended. In the event of proceedings initiated under special legal regulations (judicial, enforcement, arbitration, etc.), the period shall be for the duration of these proceedings, and until the expiry of the time limit for filing appeals or extraordinary remedies, and for the duration of these proceedings, but not longer than necessary.
Recipients include public authorities and other authorised entities (courts, insurance companies, law enforcement agencies, legal representatives, executors) and third parties.
The processing of personal data of data subjects for the purpose of concluding a contract is carried out pursuant to Article 6(1)(b) of the Regulation in the event that the data subject is a contracting party and the processing of personal data of responsible/contact persons of the Contracting Parties is carried out according to Article 6(1)(f) of the Regulation (legitimate interest of the Controller), and under the condition that the Company’s legitimate interests are not outweighed by the data subject’s interests and fundamental rights and freedoms. Data subjects may be employees of the Controller (including former employees), contractual/business partners and their employees (including former employees), potential contractual partners, including the contact/responsible persons of these entities. We collect personal data directly from you as the data subject (in person, sent by post, in the form of electronic communication, business cards) or from third parties with whom you are engaged in an employment or other legal relationship, from publicly accessible registers and records. The maximum personal data storage period is 10 years following the end of the contractual relationship to which the processing relates, unless a special regulation or special provisions of the contract provide for a different period. Recipients may include public authorities, contractual partners, other authorised entities.
A legitimate interest of the Company is the proper performance of a contract on the provision of a service, the registration of contact data of contractual parties/partners and responsible/contact persons, including the registration of contracts (commercial and legal agenda). For these purposes, the Controller processes the personal data of data subjects who are engaged in an employment or similar legal relationship with the contractual partner (e.g. responsible employees, members of the statutory board, accredited persons, etc.), and under the condition that the Company’s legitimate interests are not outweighed by the data subject’s interests and fundamental rights and freedoms. Data subjects may include contractual/business partners and their employees (including former employees), potential contractual partners, including the contact/responsible persons of these entities. We collect personal data directly from you as the data subject (in person, sent by post, in the form of electronic communication, business cards) or from third parties with whom you are engaged in an employment or other legal relationship (e.g. your employer), from publicly accessible registers and records. The maximum personal data storage period is years following the end of the contractual relationship to which the processing relates, or 10 years after the provision of the service or the end of contract performance, unless a special regulation or special provisions of the contract provide for a different period. Recipients may include public authorities, contractual partners, third parties and other authorised entities.
A legitimate interest of the Company is the proper provision of network security and safety, under the condition that the Company’s legitimate interest is not outweighed by the data subject’s interests and fundamental rights and freedoms.
Personal data are collected directly from you as the data subject (in person, sent by post, in the form of electronic communication, business cards), from third parties with which you are engaged in an employment or other legal relationship, or from publicly accessible registers and records. The maximum personal data storage period is 10 years following the end of the purpose for which the processing relates, unless a special regulation or special provisions of the contract provide for a different period. Recipients include contractual partners, employees of contractual partners providing system support, or entities authorised pursuant to special regulations.
Information about the rights of the person concerned
© 2019 VRForce, s.r.o.