INFORMATION OBLIGATION - FOR CUSTOMERS
In this section you will find answers to the following questions:
*for what purposes we process personal data
*on what legal basis
*what are the categories of recipients of personal data
*what is the retention period of personal data
*information on cross-border transfer
* categories of affected persons
*information on automated decision-making, including profiling, divided by individual information systems
What is the purpose of processing your personal data?
The purpose of processing personal data is the reason for which the operator processes the personal data of the affected persons in information systems on specifically determined legal bases. Each processing of personal data is based on a specific legal basis and for a specifically determined, authorized and explicitly stated purpose. In the interest of maintaining transparency and ensuring the clarity of the mentioned information, the individual legal bases and purposes of processing personal data are listed separately, at the end of these personal data protection principles ("DPA"), divided according to individual information systems.
In order to maximize the protection of your personal data, we as the Operator have taken appropriate personnel, organizational and technical measures. Our goal is to prevent as much as possible, or reduce the risk of leakage, misuse, disclosure or other use of your personal data. In the event that a fact occurs that is likely to lead to a high risk for the rights and freedoms of natural persons, you, as the person concerned, will be contacted without delay (Article 34 of the Regulation).
In order to maintain the principles of personal data processing established by the Regulation as well as the law, in particular the principles of personal data minimization, we require from you as the person concerned only those personal data that are a necessary legal or contractual requirement for the fulfillment of the purpose of their processing. Please note that failure to provide these mandatory data necessary for concluding the contract may result in not concluding the contractual relationship.
ECONOMIC AND ACCOUNTING AGENDA
What is the purpose of processing your personal data?
The purpose of processing personal data is to process orders, incoming invoices and customer invoicing, contact with the bank, managing the cash register, ensuring cash receipts and expenses, warehouse management, keeping single/double-entry bookkeeping of the organization.
On what legal basis are your personal data processed?
*Act no. 431/2002 Coll. on accounting, as amended,
*Act no. 222/2004 Coll. on value added tax, as amended,
*Act no. 18/2018 Coll. on personal data protection and amendments to certain laws,
*Act no. 145/1995 Coll. on administrative fees as amended,
*Act no. 40/1964 Coll. Civil Code, as amended,
*Act no. 152/1994 Coll. on the social fund and on amendments to Act no. 286/1992 Coll. on income taxes, as amended,
*Act no. 311/2001 Coll. Labor Code, as amended,
*Act no. 55/2017 Coll. on the civil service and on the amendment of certain laws, as amended,
*Act no. 513/1991 Coll. Commercial Code, as amended,
*Act no. 583/2004 Coll. on the budgetary rules of the territorial self-government and on the amendment of some laws.
What are the categories of recipients - to whom we provide or may provide your personal data?
*Competent tax authorities, the Financial Directorate and other public authorities according to relevant legal regulations
*intermediary for accounting processing
* authorized employees
*a lawyer
When will we delete your personal data?
Invoices - 10 years
Internal documents - 10 years
Cashier - 10 years
Debt collection - 5 years
Bank statements - 10 years
Financial statements - 10 years
What are the categories of affected persons?
natural persons,
legal entities,
What categories of personal data do we process about you?
*name, surname, title,
*permanent address,
*telephone number,
*E-mail adress
Is automated decision making including profiling taking place?
It's not happening.
CUSTOMERS OF THE INTERNET SHOP
What is the purpose of processing your personal data?
The operator operates an e-shop on the website: www.marianmanak.com and www.imed-sk.cz (hereinafter referred to as "e-shop") for the purpose of providing services and selling goods to the final consumer. In accordance with the General Terms and Conditions, the basic prerequisite for concluding a purchase contract is the sending of an order for a service or product via an electronic form filled in correctly and completely. By sending the order, the person concerned confirms that he has familiarized himself with the General Terms and Conditions and agrees with them in their entirety. After receiving the electronic form, the operator will deliver the requested service or goods to the customer. In other words - the purpose of processing the personal data of e-shop customers is to supply goods or services and perform actions associated with the purchase (e.g. securing the delivery/delivery of goods, issuing an accounting document, etc.)
On what legal basis are your personal data processed?
The processing of personal data of the e-shop customer is necessary for the fulfillment of the subject of the contractual relationship (a purchase contract concluded at a distance by sending an order and agreeing to the general terms and conditions), the party to which is the affected person - the customer.
What are the categories of beneficiaries?
*Intermediary for the economic and accounting agenda
*Recipient service technician,
*Web administrator
*Lawyer's office
When will we delete your personal data?
invoices, orders, complaints: 5 to 10 years
What categories of personal data do we process about you?
name, surname, title,
permanent address,
telephone number,
E-mail adress,
Is automated decision making including profiling taking place?
It's not happening.
Do we transfer your personal data outside the EU?
It's not happening.
REGISTERED CUSTOMERS OF THE INTERNET SHOP
What is the purpose of processing your personal data?
As an e-shop operator, I am interested in making your future shopping easier. For this purpose, the possibility of registration was introduced on the website. The registered customer does not need to fill in the mandatory fields in the case of another purchase, because we already have his personal data. For this purpose, we keep records of registered customers.
On what legal basis are your personal data processed?
The consent of the person concerned pursuant to Article 14, paragraph 3 of the Regulation and the Act on the Protection of Personal Data, while the person concerned has the right to withdraw his consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.
What are the categories of beneficiaries?
*Public authorities according to relevant legal regulations
*Intermediary for the economic and accounting agenda
*Lawyer's office
When will we delete your personal data?
5 years or within 30 days from the date of withdrawal of consent.
What are the categories of affected persons?
Registered customer, guests
What categories of personal data do we process about you?
name, surname, title,
telephone number,
E-mail adress,
Is automated decision making including profiling taking place?
It's not happening.
Do we transfer your personal data outside the EU?
It's not happening.
OPERATOR
Business name: IMED consulting, p. r. about.
Registered office: Sudoměřická 14, Skalica, 90901
ID: 362 689 09
Registered in ORSR Bratislava I., department: Sro, company no. 16741/T
The contact person responsible for supervising the protection of personal data, who can be contacted by any affected person whose personal data is processed in our company:
Name: Ing. Marian Maňák, manager
Phone number: +421903 239 664
Email: imed@atlas.sk
We take a responsible approach to the protection of your personal data and fully guarantee your right to information. When processing personal data, we follow the REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) 2018/1725 of October 23, 2018
on the protection of natural persons in the processing of personal data by the institutions, bodies, offices and agencies of the Union and on the free movement of such data, which repeals Regulation (EC) no. 45/2001 and decision no. 1247/2002/EC and Act 18/2018 Coll. on the protection of personal data and on changes and additions to certain regulations. When processing personal data, we follow the principles of legality and transparency, limitation of the purpose of processing, minimization of scope and storage. We apply information security management principles aimed at ensuring the confidentiality, availability and integrity of personal data.
Fundamentally, we process only the personal data of users that the users themselves provide and only for the purpose for which they were provided. Personal data will be processed only during the time necessary to fulfill the purpose of processing, which is given by the question or problem with which the user turns to our company. Provision of personal data is voluntary.
Information security
We realize that nowadays adequate protection must be devoted not only to human health and life, natural resources, but also to information, which is very valuable for every society. We understand information security as ensuring not only adequate confidentiality, but also availability and integrity. This process requires continuous monitoring and continuous improvement, which we strive for by developing an information security system based on an international standard. We are convinced that the fulfillment of all requirements of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons in the processing of personal data and on the free movement of such data by institutions, bodies, offices and agencies of the Union and on the free movement of such data , which repeals Regulation (EC) No. 45/2001 and decision no. 1247/2002/EC is one of the most important goals of the information security management system for us.
We process the collected data only for the purposes for which they were provided to us. When collecting such data, we comply with information obligations, especially when it comes to informing about how and for how long it will be processed and who is its recipient.
Thanks to this, you can be sure that:
*only authorized persons have access to confidential data,
*the necessary information is available to the relevant persons who need it,
*we care about the quality of the data used, its completeness and correctness, which ultimately allows us to minimize the risk of errors.
In case of any questions regarding the processing of personal data, please contact
WHAT ARE YOUR RIGHTS?
*The right to access the OU
*Right to repair
*Right to erasure
*Right to restriction of processing
*Right to portability
*Right to object
*The right to submit a proposal
A data subject is a natural person whose personal data we process, especially, but not exclusively, employees and clients. Such affected persons, whose personal data is processed in our information systems for specifically defined purposes, have rights that they can exercise in writing or electronically from the operator's contact person. The affected person is YOU.
As a data subject, you have the right to access information on: purposes of processing, category of personal data concerned, range of recipients, processing and storage period, procedure in each automatic processing, possibly consequences of such processing, etc. (§ 21 of the Regulation). As an operator, we have the right to use all reasonable measures to verify the identity of the data subject requesting access to data, in particular in relation to online services and identifiers. Based on the request of the person concerned, the operator will issue a confirmation of whether the personal data of the person concerned are being processed. If the operator processes this data, it will issue a copy of this personal data to the person concerned upon request.
Right to erasure
"forgetting" those personal data that concern him/the person concerned. However, due to its nature and seriousness, this right of the person concerned is limited by establishing additional prerequisites, i.e. the operator will delete personal data without undue delay after the data subject has exercised this right, if any of the following conditions are met: a) personal data are no longer needed for the purposes for which they were obtained or otherwise processed; b) the person concerned revokes the consent on the basis of which the processing is carried out; c) the person concerned objects to the processing of personal data; d) personal data were processed illegally; e) the reason for erasure is the fulfillment of an obligation of the law, a special regulation or an international treaty to which the Slovak Republic is bound, or f) personal data was obtained in connection with the offer of information society services to a person under the age of 16.
The affected person will not have the right to delete personal data, provided that their processing is necessary: a) to exercise the right to freedom of expression and information; b) to fulfill an obligation according to the law, a special regulation or an international treaty to which the Slovak Republic is bound, or to fulfill a task carried out in the public interest or in the exercise of public authority entrusted to the operator; c) for reasons of public interest in the field of public health; d) for the purposes of archiving in the public interest, for the purposes of scientific or historical research or for statistical purposes, if it is likely that the right to erasure will make it impossible or seriously difficult to achieve the goals of such processing, or e) for proving, exercising or defending legal claims.
The operator shall delete the personal data of the persons concerned upon request, without undue delay after evaluating that the request of the person concerned is justified.
Right to rectification
if the operator records incorrect personal data about it. At the same time, the person concerned has the right to supplement incomplete personal data. The operator will correct or supplement personal data without undue delay after the person concerned requests it.
Right to restriction of processing
can be applied if, as a data subject, you challenge the correctness of personal data and other details in accordance with Article 18, Recital 67 of the Regulation, in the form of temporary transfer of selected personal data to another processing system, prevention of user access to selected personal data or temporary removal of processing.
The right to portability of personal data
as a data subject, you have the right to have the personal data that you provided to the operator transferred to another operator in a commonly user-friendly and machine-readable format, provided that the personal data were obtained based on the consent of the data subject or on the basis of a contract and their processing takes place by automated means.
The right to object
The person concerned has the right to object to the processing of his personal data at any time for reasons related to his specific situation. He can object to the processing of his personal data on the basis of a) the legal title of the performance of tasks carried out in the public interest or in the exercise of public authority, or from the legal title of the legitimate interest of the operator; b) processing of personal data for direct marketing purposes; c) processing for the purposes of scientific or historical research or for statistical purposes. We will assess the received objection in a reasonable time. In this case, we may not further process personal data if we do not prove necessary legitimate interests for processing personal data that outweigh the rights or interests of the person concerned, or grounds for asserting a legal claim.
The right to file a motion to initiate proceedings
The affected person has the right to submit a proposal to initiate proceedings with the Office for the Protection of Personal Data of the Slovak Republic, if he believes that his rights in the field of personal data protection have been violated.