Skip to Content

Information on the processing of personal data of the data subject

Pursuant to Art. 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)

 

The Controller D-GENERALY, spol. s r.o. considers compliance with the legal conditions for the processing of personal data of data subjects to be one of its priorities. All actions carried out at the individual stages of the personal data processing are performed with the utmost emphasis on the protection of the fundamental rights of data subjects, especially the protection of personality and privacy and compliance with the principles of lawful processing of personal data. 

D-GENERALY, spol. s r.o. (hereinafter also “the Controller”) processes all personal data in accordance with applicable legal regulations, with special emphasis on the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) (hereinafter also “the Regulation” or “GDPR”) and Act No. 18/2018 Coll. on Personal Data Protection and on amendments and supplements to certain acts (hereinafter also “the Act” or “Act No. 18/2018”). 

This document primarily concerns data subjects who are not employees of D-GENERALY, spol. s r.o. The information contained in this document is information within the meaning of Art. 13 of the Regulation. 


CONTROLLER'S DETAILS

  • Business Name: D-GENERALY, spol. s r.o.  

  • Registered Office: Novozámocká 222, 949 53 Nitra  

  • VAT number: SK2020150319  

The proper processing of personal data is overseen by a designated person, contact details:  

  • E-mail: info@d-generaly.sk  

  • Correspondence address: address of the company's registered office This information is effective from 1.3.2025, and the controller is entitled to update it. 

 

DEFINITIONS OF TERMS

  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.4. 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. 

  • Data Subject – any person whose personal data is processed. 

  • Personal Data – any information relating to an identified or identifiable natural person. 

  • Controller – is the natural or legal person who has determined the means and defined the purpose of the processing of personal data. 

 

PRINCIPLES OF PERSONAL DATA PROCESSING

Compliance with the principles of processing of customers' personal data according to Art. 5 of the Regulation. 

  1. Lawfulness of processing – every processing must be lawful, meaning we have an appropriate legal basis. 

  2. Minimisation of PD processing (necessity) – we only process your personal data to the extent necessary in relation to the purpose. We always consider the scope of personal data processing. 

  3. Minimisation of personal data storage (disposal) – we store it in a form which permits identification of the DS for no longer than is necessary for the purposes. Your personal data is thoroughly disposed of after the purpose of processing has been fulfilled. 

  4. Integrity and confidentiality (security) – the controller has adopted technical, organisational, and personnel measures against loss, destruction, damage of PD. 

 

NECESSITY OF PROVIDING PERSONAL DATA

We absolutely need your personal data because, if it is not provided, a contractual relationship between the supplier and the customer cannot be established, since in accordance with Act No. 513/1991 Coll. of the National Council of the Slovak Republic, the Commercial Code, as amended, your identification as a contracting party (or as a person designated by our customer – your employer to handle contractual matters) is one of the essential elements of the Contract. However, should you decide not to provide us with your telephone number or e-mail address, this does not prevent the establishment of a contractual relationship, but our mutual communication will not be as effective as if you had provided them. 

 

HOW WE OBTAIN YOUR PERSONAL DATA

You most often provide us with your personal data: 

  1. We obtain it primarily directly from you, for example, from communication with you through the contact form on our website. 

  2. If you are in the position of our customer, or a person interested in our goods or services. 

  3. During the selection process to fill a vacant position at the controller, or the keeping of records of job applicants without the intention of filling a specific position. 

 

WHAT IS THE PURPOSE OF PROCESSING PERSONAL DATA, THE LEGAL BASIS OF THE PROCESSING ACTIVITY, AND FOR HOW LONG WE STORE YOUR PERSONAL DATA

The Controller processes your personal data in the following manner for the following purposes: 

Name of the processing operation 

Purpose of personal data processing 

Category of personal data 

Legal basis for processing 

Data retention period 

Other recipients 

Economic – accounting agenda 

is a method of recording economic activity through accounts 

"name, surname, residential address, business address, identification number (IČO),IČ DPH, if a VAT payer." 

obligation under applicable law 

10 years 

"tax office, municipal and city offices, Slovak Post, other authorised entity" 

Register of business partners 

information about the company's business partners 

"name, surname, e-mail, telephone" 

legitimate interest of the controller 

"to be kept in a form which permits identification of the DS for as long as is necessary for the purposes of the business transaction" 

"contracting parties, partners in the implementation of project activities, state administration bodies, public authorities" 

Payroll and personnel agenda 

"complete information about employees required by law as well as information about salary, leave, health. status" 

"name, surname, title, residence, ID card number, attendance, information for salary calculation, information about family members" 

legal reason 

max. 70 years 

"in case of an audit Social Insurance Agency, FR SR, health insurance companies" 

Registry management 

"is the ensuring of the recording, creation, storage, protection of registry records, access to them and ensuring their disposal" 

common personal data 

legal obligation of the controller 

10 years after the end of the record-keeping 

"Ministry of the Interior of the SR, other authorised entity" 

Record of data subjects' rights 

handling requests from natural persons to exercise their rights 

"title, name, surname, address and other personal data to which the exercised right of the data subject relates" 

legal obligation of the controller 

5 years from the date the request was handled 

"state administration bodies, public authorities and public administration according to the relevant legal regulations" 

Handling of data subjects' complaints 

"the purpose of processing is a submission by a natural or legal person seeking protection of their rights or legally protected interests which they believe have been violated" 

"common personal data, other data necessary to verify the submission" 

legal obligation of the controller 

5 years after the termination or expiry of the obligation 

"state administration bodies, public authorities and public administration according to the relevant legal regulations" 

CCTV system 

protection of the controller's property 

natural persons moving in the monitored area 

legitimate interest of the controller 

72 hours 

"members of the Police Force if necessary, the controller's legal representative" 

Disclosure of video recordings to law enforcement authorities 

substantiating legal claims 

natural persons moving in the monitored area 

legal obligation of the controller 

"recordings may also be used to substantiate legal claims and the controller will process them for the period necessary to substantiate them" 

"state administration bodies, public authorities" 

Responding to requests addressed to the controller 

receiving and handling requests via a message sent through the contact form on the website or through social networks 

clients 

performance of pre-contractual relations 

"3 months from the date of delivery of the request or until the purpose is fulfilled, whichever occurs sooner," 

none 

 

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES AND AUTOMATED INDIVIDUAL DECISION-MAKING

The transfer of personal data to a third country or to an international organisation does not take place. Personal data will not be used for automated individual decision-making, including profiling. 

 

DISCLOSURE OF PERSONAL DATA

Personal data will not be disclosed. 

 

CONFIDENTIALITY

We would like to assure you that our employees and associates who will process your personal data are obliged to maintain confidentiality about personal data. This confidentiality persists even after the termination of contractual relationships with us. 

 

SECURITY OF PERSONAL DATA

In accordance with Articles 24 and 32 of the GDPR, we take appropriate technical and organisational measures to ensure a level of security of personal data appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons. Such measures include, in particular, the protection of confidentiality, integrity and availability of data by controlling physical access to personal data, as well as access to, input, disclosure, availability and separation of it. Furthermore, we have established procedures to ensure the exercise of data subject rights, erasure of personal data, and response to personal data breaches. In addition, we take into account the protection of personal data already in the development and selection of hardware, software and procedures in accordance with the principle of data protection by design and by default (Art. 25 GDPR). 

 

“COOKIES” FILES ON OUR WEBSITE

We are entitled to collect and otherwise process data about visitors and users of our website through tools for the automated collection of data, in particular cookies, logs and other commonly used tools for obtaining information via the website. A cookie can be thought of as a small amount of data that is sent as a file to your computer (tablet, smartphone) from the website you are currently visiting. The data file is stored on the computer and with each subsequent visit to the same website, the computer sends information to our server. Most websites, including ours, use cookies. The purpose of cookies is to make it easier and more pleasant for you to use our website. A cookie file allows the website to recognise whether you have visited it in the past and which section you were interested in. At the same time, it is thanks to cookies that you can save your user settings, such as language recognition or remembering your login name. Using cookies, we store data that we do not associate with your person and we do not identify the customer through the data obtained. The use of cookies is not dangerous for you; cookies cannot transmit viruses or read data from the device's hard drive. This procedure results from § 109(8) of Act No. 452/2021 Coll. on Electronic Communications. The use of cookies and their permission in the web browser is at the free will of each website user. You can freely delete cookies or pre-set your internet browser to either refuse to accept cookies or to notify you when a server tries to send you a cookie. However, it may then happen that websites that depend on cookie support will not work as you would expect, or that parts of the sites will not be available to you.We use persistent cookies that help us identify your device when you revisit the Websites and thus allow us to provide services in accordance with your expectations. 

How can cookie settings be changed? Cookies can be accepted or rejected - including those used for website tracking - by selecting the appropriate settings for your browser. You can set your browser to notify you when you receive a new cookie, or block them completely. More information on how to manage the cookies policy of the most used browsers can be found at: 

  • Google Chrome https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en  

  • Apple Safari https://support.apple.com/en-gb/safari  

  • Mozilla Firefox https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences 

  • Microsoft Internet Explorer https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies  

  • Opera https://help.opera.com/cs/latest/  

  • Microsoft Edge https://support.microsoft.com/sk-sk/help/4468242/microsoft-edge-browsing-data-and-privacy-microsoft-privacy  

 

RIGHTS OF DATA SUBJECTS UNDER THE REGULATION AND THE PERSONAL DATA PROTECTION ACT

We consider it important that you understand that the personal data we process is your data and that rights are associated with its processing. In addition to the right to withdraw consent to the processing of personal data, you also have other rights arising from the Regulation and the Personal Data Protection Act, specifically:  

  • Right of access - you have the right to be provided with a copy of the personal data we hold about you, as well as information on how we use your personal data. In most cases, your personal data will be provided to you in written documentary form, unless you request otherwise. If you have requested this information by electronic means, it will be provided to you electronically, if technically possible. 

  • Right to rectification - we take reasonable steps to ensure the accuracy, completeness and timeliness of the information we hold about you. If you think that the data we hold is inaccurate, incomplete or out of date, please do not hesitate to ask us to correct, update or supplement this information. 

  • Right to erasure - under certain circumstances, you have the right to ask us to erase your personal data, for example, if the personal data we have collected about you is no longer necessary to fulfil the original purpose of the processing or if you withdraw your consent to the processing. However, your right must be assessed from the perspective of all relevant circumstances. For example, we may have certain legal and regulatory obligations, which means that we will not be able to comply with your request. 

  • Right to restriction of processing - under certain circumstances, you are entitled to ask us to stop using your personal data. These are, for example, cases where you think that the personal data we hold about you may be inaccurate or when you think that we no longer need to use your personal data. 

  • Right to data portability - under certain circumstances, you have the right to ask us to transfer the personal data you have provided to us to another third party of your choice. However, the right to portability only applies to personal data that we have obtained from you on the basis of consent or on the basis of a contract to which you are a party. 

  • Right to object - you have the right to object to the processing of data that is based on our legitimate interests (for example, we process personal data for the purpose of network and infrastructure security). If we do not have a compelling legitimate reason for processing and you object, we will no longer process your personal data. 

  • Rights related to automated decision-making - you have the right to refuse automated decision-making, including profiling, which produces legal or similarly significant effects for you. The Controller does not usually use automated decision-making or profiling in the context of employment. 

  • Right to withdraw consent - in most cases, we do not process your personal data on the basis of your consent. However, it may happen that we ask for your consent in specific cases. In cases where we do so, you have the right to withdraw your consent to the further use of your personal data. (e.g. Photograph)  

  • Right to lodge a complaint - if you wish to lodge a complaint about the way your personal data is processed, including the exercise of the above rights, you can contact our Responsible Person (contact details are listed above). We will duly investigate all your suggestions and complaints. If you are not satisfied with our response, or believe that we are processing your personal data unfairly or unlawfully, you can lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, https://dataprotection.gov.sk, Hraničná 12, 820 07 Bratislava 27; E-mail: statny.dozor@pdp.gov.sk. However, we would be pleased if you would first address your objections with us. 

 

HOW TO PROCEED WHEN EXERCISING YOUR RIGHTS

You always exercise your rights with the one who processes your personal data, i.e. with the specific controller .If the controller has a responsible person, you can also address your request to this person .The request can be oral, written, electronic or submitted by other means (the General Data Protection Regulation does not prescribe a specific form). We recommend using the written or electronic form in particular. Prepare the identification data on the basis of which the controller will be able to identify you in its environment and thus provide you with the data that concerns you. We will respond to your request free of charge within 30 days. In case of complexity or a large number of requests, we are entitled to extend this period by another 60 days. If this happens, we will inform you of this and the reasons. In the case of a repeated request, we are entitled to charge a reasonable administrative fee to cover the costs associated with providing this service. The data subject's right to object to automated decision-making cannot be exercised' because the described processing activity does not involve automated decision-making. 

 

WHERE AND HOW YOU CAN EXERCISE YOUR RIGHTS

The Controller has not appointed a responsible person, as this is not a legal necessity. If you have any questions regarding the processing of your personal data, or if you are interested in more detailed information, you can contact us by e-mail, or in writing to our address. 

 

CONCLUSION

If you have any questions about personal data protection, you can contact us at any time by e-mail, or by post to the controller's registered office. If you are exercising any of the rights of a data subject with us under the legal regulations governing personal data protection and the identity of the applicant cannot be verified from your request or if we have reasonable doubts as to the identity of the person submitting the request, we reserve the right to ask that person to provide additional information necessary to confirm the identity of the person making the request.