GDPR

in the sense of the regulation of the European Parliament and the Council (EU) 2016/679 ze dne 27. dubna 2016.

I. Introduction

This document (hereinafter referred to as the “Rules”) provides customers with suppliersa business partners (hereinafter referred to as "Data Subject") of URGELA, spol. s.r.o., with registered office Kuzmányho nábrežie 14, 960 01 Zvolen, ID number 46486577 (hereinafter referred to as the "Administrator") information o method of processing their personal data and about rights related to them, as he assumes čl. 12 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (hereinafter referred to as "GDPR").

Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be directly or indirectly identified, in particular by reference to a certain identifier, for example the name, identification number, location data, network identifier, etc. of this natural person.

The administrator has not appointed a personal data protection officer.

II. Personal data manager

The Administrator is entitled to transfer personal data to entities with whom it has concluded a contract for the processing of personal data and who will process personal data for the Administrator as its processors. Based on the above, the Administrator is authorized to transfer the personal data of the Data Subject to the following entities, or categories of subjects:

• companies or persons providing transport of goods,
• assembly groups,
• to persons ensuring the operation of the software and data storage (order creation).

Personal data of the Data Subject may be further transferred to the following recipients/categories of recipients:

• suppliers Administrator,
• employees of the Administrator,
• persons in a different contractual relationship with the Administrator (e.g. providers providing marketing and advertising services),
• financial institutions and insurance companies,
• state authorities within the framework of the fulfillment of the Administrator's legal obligations established by the relevant legal regulations.

III. Categories of processed personal data

The Administrator is authorized to process in particular the following personal data of the Data Subject:

• address and identification data used for unambiguous and unmistakable identification of the Data Subject (e.g. name, surname, title, address of permanent residence, business address, delivery address, ID number, VAT number) and contact data with the Data Subject (e.g. contact address, telephone number, e-mail address, etc.)
• descriptive data (e.g. bank details, order history),
• photos, preview images, banners and videos,
• data provided beyond the scope of relevant laws processed within the framework of consent granted by the Data Subject (e.g. use of personal data for the purpose of personnel management, use of personal data for the purpose of promotion, etc.),
• personal settings (preferences) including settings in the field of marketing and the use of cookies by the Data Subject,
• other data necessary for the performance of the contract,
• other personal data that the Data Subject has provided to the Controller.

IV. Purposes of personal data processing

The Administrator processes the personal data of the Data Subject for the purposes of:

• A) performance of the contract, on the basis of Article 6 paragraph 1 letter b) GDPR,
• B) compliance with the Administrator's legal obligations established by generally binding legislation, based on Article 6 paragraph 1 letter c) GDPR (e.g. the Administrator's obligation to keep accounting and tax documents),
• C) determination, exercise or defense of the Administrator's legal claims, on the basis of Article 6 paragraph 1 letter f) GDPR,
• D) sending business messages, on the basis of Article 6 paragraph 1 letter f) GDPR due to the existence of a legitimate interest of the Administrator consisting in direct marketing,
• E) other marketing purposes of the Administrator connected with the offer of products and services; sending information about news (products, technology, showrooms), company presentations (fairs, exhibitions), services, etc. (e.g. by sending newsletters, telemarketing); contacting you for market research and marketing surveys; contacting for the purpose of wishes for important national holidays and sending gift vouchers, etc., on the basis of Article 6 paragraph 1 letter a) GDPR.

V. Time of personal data processing

Personal data will only be processed for the time necessary for the purpose of their processing. In view of the above:

• for the purpose according to letter A) above, personal data will be processed until the termination of the obligations from the contract (this does not affect the Administrator's possibility to further process these personal data subsequently - to the extent necessary
• for the purpose according to letter B), C), D) and/or E) above,
• for the purpose according to letter B) above, personal data will be processed for the duration of the relevant legal obligation of the Controller,
• for the purpose according to letter C) above, personal data will be processed until the end of the 4th calendar year following the end of the warranty period according to the contract (if a quality guarantee was agreed in the contract), but at least until the end of the 5th calendar year following the termination of the obligations from the contract,
  in the event of the initiation and duration of judicial, administrative or other proceedings, in which the rights or obligations of the Administrator in relation to the relevant Data Subject are resolved, the period of processing of personal data for the purpose pursuant to letter C) above before the end of such proceedings,
• for the purpose of sending business messages according to letter D) above, personal data will be processed until the Data Subject expresses their disagreement with such processing,
• for purposes according to letter E) above, personal data will be processed for the period for which the Data Subject has given the Administrator consent according to the separately agreed consent to the processing of personal data. In this case, the data subject acknowledges that before this period expires, the Administrator may contact him for the purpose of renewing his consent.

By the end of the calendar quarter following the expiry of the above processing period at the latest, the relevant personal data, for which the purpose of their processing has expired, will be disposed of (by shredding or in another way that ensures that unauthorized persons will not be able to access the personal data) or anonymized.

VI. Method of personal data processing

The processing of personal data is carried out by the Administrator. The processing is carried out in the premises, branches and headquarters of the Administrator by authorized employees of the Administrator, or Processors. The processing takes place through computer technology, or also manually for personal data in paper form, subject to compliance with all security principles for the management and processing of personal data. For this purpose, the Administrator has taken technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, their change, destruction or loss, unauthorized transfers, their unauthorized processing, as well as other misuse of personal data data. All entities to which personal data may be made available respect the Data Subjects' right to privacy protection and are obliged to proceed in accordance with applicable legal regulations regarding the protection of personal data. Automated individual decision-making or profiling based on the data provided will not be carried out. Personal data of Data Subjects will not be transferred to third countries (i.e. countries outside the EU and EEA).

VII. Rights in connection with the processing of personal data

In connection with the processing of their personal data, Data Subjects have a number of rights, including the right to request from the Administrator:

• access to your personal data (under the terms of Article 15 GDPR),
• correction or deletion of personal data (under the conditions of Article 16 or Article 17 GDPR),
• restriction of personal data processing (under the terms of Article 18 GDPR),
• object to the processing of personal data (under the terms of Article 21 GDPR),
• the right to portability of personal data (under the terms of Article 20 GDPR),
• the right to withdraw consent to the processing of personal data in writing or electronically to the address or email of the Administrator specified in these Rules.

If the Data Subject discovers or believes that his personal data is being processed in violation of the protection of the Data Subject's private and personal life or in violation of legal regulations, he has the right to contact the Administrator with a request for an explanation and/or redress. The request must be submitted in writing by sending a letter or e-mail to the Administrator's contact details: info@hanak-urgela.sk.

If the Data Subject's request is found to be justified, the Administrator will immediately remove the objectionable condition. This does not affect the possibility of the Data Subject to contact the supervisory authority, the Office for the Protection of Personal Data, Plk. Sochora 27, 170 00 Prague 7, Czech Republic, +420 234 665 555, www.uoou.cz.

VIII. Conclusion

These rules apply in relation to Data Subjects, provided that no other agreement has been reached between the third party and the Controller. The administrator reserves the right in any way and at any time change these conditions for the protection and processing of personal data, while the current status will always be posted on the website www.hanak-urgela.sk/gdpr.