Privacy policy
This privacy policy (hereinafter as “Privacy policy“) contains information on processing of personal data of data subjects by the company ShredCo j.s.a., registered office Grösslingová 2478/4, 811 09 Bratislava – district Staré Mesto, ID number: 51 963 922, registered company in the Business Register of the City Court Bratislava III, section: Sja, insert no. 266/B (hereinafter referred to as the “Operator“), which occurs via the website www.shredco.sk (hereinafter referred to as the “website“).
Policies, the Operator provides you with information about why your personal data is processed, how it is processed, how long the Operator keeps it, what your rights are in connection with the processing of your personal data and other relevant information about the processing of your personal data.
Your personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter as “Regulation“), Act No. 18/2018 Coll. On protection of personal data as (hereinafter as “Act“) and other respective legislation in relation to personal data protection (Regulation, Act and other personal data protection legislation hereinafter as “Personal data protection legislation“).
You can contact the operator in matters related to the processing and protection of personal data at the address ShredCo j.s.a., registered office Grösslingová 2478/4, 811 09 Bratislava – Staré Mesto district or by e-mail at the e-mail address gdpr@shredco.sk. The operator has not designated a responsible person in the area of personal data processing and protection.
Your personal data is obtained by the Operator through the website or profiles on social networks directly from you, if you provide them yourself (through a message or in another automated way). The provision of personal data for all processing purposes listed below is voluntary and not a legal and/or contractual requirement.
INFORMATION ON PROCESSING OPERATIONS (categories of personal data, purposes of processing, legal bases and retention periods)
The Operator processes your personal data exclusively in accordance with the principle of minimization, which means that the Operator does not require personal data from you that is not necessary for the specific and justified purpose of the processing. The operator processes personal data only if there is a legal basis for their processing, and thus they are processed in accordance with the principle of legality. The specific purposes, including the established legal basis and retention period, for which the Operator processes your personal data, can be found in the table below.
|
PROCESSING OF PERSONAL DATA ON THE WEBSITE (SPECIAL PURPOSES OF PROCESSING DURING THE OPERATION OF THE SHREDCO.SK WEBSITE) |
|
|
|
|
|
Purposes |
Processing of personal data for the purpose of measuring website traffic and targeting the operator’s advertising (via cookies) |
|
Legal Basis |
Art. 6 (1) letter a) of the Regulation – the data subject has given consent to the processing of his or her personal data for one or more specific purposes |
|
Categories of personal data |
IP address, data about activity on the website of the controller, data about preferences in the online environment, data about the type of browser and type of device used, data about the operating system of the device, data about the network and subnetwork used |
|
Retention period or criteria for its determination |
For a maximum of 2 years from the date of consent or until its revocation, whichever is the earlier |
|
GENERAL PURPOSES OF PROCESSING IN THE PERFORMANCE OF BUSINESS ACTIVITIES |
|
|
|
|
|
Purposes |
Fulfillment of the contractual obligations of the Operator in the course of business activity. |
|
Legal Basis |
Art. 6 par. 1 letter b) Regulations – processing of personal data is carried out in the performance of the contract or implementation of pre-contractual relations. |
|
Categories of personal data |
General personal data (PO name, ID number, place of business, invoicing address, contact data – phone number, e-mail address, bank account) |
|
Retention period or criteria for its determination |
During the duration of the contractual relationship and after its termination until full settlement of contractual and other claims arising from the contractual relationship |
|
|
|
|
Purposes |
Keeping records of customers and contact persons of customers – legal entities |
|
Legal Basis |
Article 6 par. 1 letter f) Regulations – the processing of personal data is carried out on the basis of the legitimate interest of the Operator, which consists in the necessity of keeping records of customers (contact persons of customers – legal entities) for the purposes of internal control, accounting and enforcement of legal and other claims arising from concluded contracts |
|
Categories of personal data |
Common personal data (name, surname, address of residence / place of business / billing address, affiliation / function in the company that is the customer, contact details – phone number, email) |
|
Retention period or criteria for its determination |
during the duration of the contractual relationship and after the termination of the contractual relationship until the legal and other claims arising from the contractual relationship are fully settled (until the statute of limitations expires) |
|
|
|
|
Purposes |
Dealing with the rights of affected persons |
|
Legal Basis |
Article 6 par. 1 letter c) Regulations, Act no. 18/2018 Coll. on the protection of personal data and on the amendment of certain laws – processing of personal data is carried out in the fulfillment of legal obligations |
|
Categories of personal data |
common personal data included in the application |
|
Retention period or criteria for its determination |
until the exercise of the claimed rights
|
|
|
|
|
Purposes |
Records of the exercised rights of the affected persons and the ways in which the exercised rights were handled |
|
Legal Basis |
Article no. 6 par. 1 letter f) Regulations, – processing of personal data on the basis of the legitimate interest of the operator, which is the need to record the exercised rights of the affected persons for the purpose of proving the fulfillment of obligations arising from the relevant legal regulations in the field of personal data protection |
|
Categories of personal data |
common personal data included in the application |
|
Retention period or criteria for its determination |
5 years from the date of disposal of the claimed right or other submitted application |
|
|
|
In relation to securing the personal data, the Controller has adopted internal documentation, in which adequate security measures are further specified. Security measures have been adopted in order to secure the processing of your personal data.
TO WHOM THE CONTROLLER PROVIDES YOUR PERSONAL DATA?
Your personal data may be in some cases provided to public authorities, which are entitled to process your personal data, e.g. to courts, law enforcement authorities or other inspection authorities.
The Controller provides your personal data also to its processors, i.e. external subjects which process your personal data on behalf of the Controller. Processors process personal data based on the agreement with the Controller, in which they committed to adopt adequate technical and organisational measures in order to secure the processing of your personal data. The Controller currently uses as a processor
- company providing administrative services,
- companies providing services in the field of web hosting services, including mail hosting,
- company providing services in the field of creating and editing a website and related IT services.
The recipients of your personal data also include Google Ireland Limited, which provides analytical and marketing services through the use of cookies, which are stored on your device by the website in the event that you grant the Operator your consent to the storage of these
TRANSFER TO THIRD COUNTRIES AND INTERNATIONAL ORGANISATIONS
If you consent to the storage of analytics and marketing cookies by the Data Controller, your personal data may be transferred to Google LLC and Meta Platforms, Inc. in the USA
The transfer of your personal data is secured by means of appropriate means of securing the transfer of personal data to third countries in accordance with the Data Protection Regulations, in particular through the use of standard contractual clauses that are part of the terms of use of the aforementioned services, as well as through additional transfer guarantees that the providers of the aforementioned services accept. Transfers may only take place exceptionally, on the basis of the relevant legislation in force in that third country (the USA) which applies to the above-mentioned service providers (FISA).
In all the above stated cases, the transfer of your personal data is ensured via standard contractual clauses, which,
in accordance with the terms of use of the above services, are part of the agreements on the commissioned processing of personal data concluded with the above-specified entities.
WHAT ARE OUR RIGHTS IN RELATION TO PERSONAL DATA PROCESSING?
As the data subject, your rights regarding the processing of your personal data are as follows:
|
Right of access – You have the right to obtain a copy of the personal data which we hold about you, as well as the information on how we use your personal data. In most cases, your personal data will be provided to you by electronic means of communication, unless otherwise requested by you |
Right to rectification – We take reasonable measures in order to ensure that the data which we hold about you are accurate, complete and up-to-date. In case the personal data we hold are inaccurate, incomplete or outdated, we will modify, update or complete such personal data on basis of your request. |
|
RIGHT TO OBJECT You have the right to object to processing of your personal data, for example if we process your personal data based on the legitimate interest or to processing in which profiling occurs. If you object to such personal data processing, we will not further process your personal data unless we demonstrate compelling legitimate grounds for such processing |
|
|
Right to erasure – Under certain circumstances, you have the right to ask us to erase your personal data, for example, if the personal data we have obtained about you, are no longer necessary to fulfil the original purpose of processing or if you withdraw your consent to the personal data processing. We assess exercising your right to erasure (right to be forgotten) on the basis of individual circumstances of each particular case of processing. However, your right has to be assessed in the light of all relevant circumstances. For example, there may be certain circumstances or cases arising for us from applicable legislation when your personal data cannot be erased. In such case, we will not be able to accept your request. |
Right to data portability – Under certain circumstances, you have right to transmit the personal data to another subject according to your choice. However, the right to portability applies only to personal data that we process under the contract to which you are one of the parties or on the basis of the consent which you have granted us. |
|
RIGHT TO WITHDRAW CONSENT If we process your personal data on the basis of your consent, you have the right to withdraw such consent for further processing of your personal data. You may withdraw your consent at any time in writing, by e-mail or orally (in person). |
|
|
Right to restriction of processing – You have also the right to ask us not to process your personal data. If you believe that the personal data we process about you are not accurate, that the processing is unlawful and you request the restriction of their processing, that we no longer need your personal data, but they are required by you as the Data subject for the exercise of legal claims or if you believe that we as the controller are not entitled to further process your personal data, we will not further process your personal data on the basis of your request. |
Right to lodge a complaint or request – If you believe that we breach Personal data protection legislation when processing your personal data or that we have not handled your request in accordance with such legislation, you can lodge a complaint with the supervisory authority which is for the EU Úrad na ochranu osobných údajov SR, Hraničná 12, 820 07 Bratislava 27, Slovak republic, website: dataprotection.gov.sk, tel. No.: 02 3231 3214; e-mail: statny.dozor@pdp.gov.sk. |
You may exercise your rights specified in the table above at the contact addresses of the Controller listed at the beginning of this document.
The Controller will provide you with the answer to the exercise of your rights free of charge. In the event of a repeated, unreasonable or inappropriate request for the exercise of your rights, the Controller is entitled to charge a reasonable fee for the provision of information. The Controller will provide you with an answer within 1 month from the day when you exercised your rights. In certain cases, the Controller is entitled to extend this period, in the case of a high number and complexity of applications of the data subjects, maximally by 2 months. The Controller will always inform you about the extension of the deadline in advance.
VALIDITY
An updated version of this Privacy policy is valid and effective as of 01.11.2024. As it is possible that an update of the information on personal data processing contained in this Privacy policy may be necessary in the future, the Controller is entitled to update this Privacy policy at any time. In such case, the Controller will inform you about it in an adequate manner in advance.