Privacy Policy
P r i v a c y P o l i c y
pursuant to Articles 13 and 14 of Regulation (EU) No 2016/679 (hereinafter referred to as the "GDPR") and Act No 18/2018 on the Protection of Personal Data and on Amendments to Certain Acts, as subsequently amended
Introductory Provisions
We have prepared these Privacy Policy (hereinafter referred to as the "Policy") for the purpose of informing you how we process personal data within our company SOFTEC, spol. s r.o., with its registered office at Einsteinova 33, 851 01 Bratislava - Petržalka Municipal District, Slovak Republic (hereinafter referred to as the "Controller").
If you have any questions, you can contact us by email at [gdpr@softec.sk] or by post to our registered office address.
The term "Controller" or the pronoun "our", including all of its respective grammatical forms, as used in these Policy shall be deemed to refer to the term controller, i.e. our company.
The term "Data Subject" or the pronoun "your", including all of its respective grammatical forms, as used in these Policy shall be deemed to refer to the term data subject.
For the purposes of these Policy, the terms "data subject", "processor", "recipient" and "processing" shall have the meanings ascribed to such terms in the official wording of the GDPR.
1.1 Identity and contact details of the Controller:
SOFTEC, spol. s r.o., with registered office at Einsteinova 33, 851 01 Bratislava - Petržalka, Slovak Republic, Company Reg. No. (IČO): 00 683 540, registered in the Commercial Register of Bratislava I District Court, Section: Sro, Insert No.: 140/B;
1.2 Contact details of Data Protection Officer
E-mail: gdpr@softec.sk
Telephone: +421 2 4949 0000
1.3 Purposes, legal basis for processing personal data, categories of personal data concerned and type of data subject:
Purpose of processing
Provision of services, namely:
- IT consulting
- Management Consulting
- Customized IS development
- Testing
- Long-term maintenance
- Outsourcing of IT services
- Software as a Service
Legal basis for processing
Article 6(1)(b) of GDPR
(performance of the contract)
Category of personal data
general, special
Type of data subject
clients (parties to contracts)
Retention period
for the duration of the provision of the services, including the aftercare of the client, including the period for asserting the claims arising from the relevant contract, but for at least 10 years from the commencement of the contract and for not more than 10 years from the termination of the contractual relationship, unless a specific regulation provides otherwise
Purpose of processing
Social networks – Facebook, LinkedIn, Instagram
Legal basis for processing
Article 6(1)(f) of GDPR
(legitimate interests)
Legitimate interest: our company has a legitimate interest in processing the personal data of visitors to our Facebook, LinkedIn and Instagram profiles; the reactions, comments or messages are provided voluntarily by the data subject
Category of personal data
general
Type of data subject
visitors to your social network profile
Retention period
3 years from the date of the data subject's activity on the social network
Purpose of processing
Ensuring and controlling the proper fulfilment of all your and our obligations (internal control and record keeping, in particular record keeping of work aids allocated, record keeping of payments made, record keeping of services provided, record keeping and shift planning, inspection with respect to the performance of work tasks and other statutory or contractual obligations, etc.)
Legal basis for processing
Article 6(1)(f) of GDPR
(legitimate interests of the Controller)
Category of personal data
general, special
Type of person concerned
clients
Retention period
for the duration of the employment or other similar relationship
Purpose of processing
Purposes relating to the protection of legal or legitimate interests or claims ('protection of interests')
(so that we can defend our own legal claims or defend ourselves against claims asserted against us by others in judicial, extrajudicial or enforcement proceedings)
Legal basis for processing
Article 6(1)(f) of GDPR
(legitimate interests)
Legitimate interest: our company has a legitimate interest in processing personal data also if it is necessary for the purpose of protecting its legitimate interests, which may be different
Category of personal data
general, special
Type of person concerned
visitors to social network profile
different categories of data subjects
Retention period
one year after the expiry of the relevant limitation period or time-bar in the event of a possible legal claim against our company at the end of the limitation period or time-bar
Purpose of processing
Promotion and brand strengthening
Legal basis for processing
for clients: Article 6(1)(f) of GDPR (legitimate interest)
for potential clients: Article 6(1)(a) of GDPR (consent)
Category of personal data
general
Type of data subjects
clients, potential clients
Retention period
for clients: for the duration of the contractual or other similar relationship
for potential clients: 3 years
Purpose of processing
Accounting and tax purposes
Legal basis for processing
Article 6(1)(c) of GDPR
(compliance with legal obligations)
Category of personal data
general, special
Type of data subjects
clients
Retention period
for the period resulting from generally binding legal regulations
Purpose of processing
SOFTECON
Legal basis for processing
in the case of an order (filling in the form): Article 6(1)(b) of GDPR (performance of the contract)
in the case of an invitation: Article 6(1)(f) of GDPR (legitimate interest)
Category of personal data
general
Type of data subject
participants and potential participants in the event
Retention period
for 2 years
1.4. Recipients or categories of recipients of personal data:
We provide your personal data only in justified cases and to the extent necessary to the following recipients:
1.4.1. employees and persons performing work under agreements to work outside the scope of employment;
1.4.2. suppliers and service providers (including self-employed persons (persons providing services to the Controller or to the Controller's customers);
1.4.3. service providers (e.g. AWS, Google, Facebook, Microsoft, Zoom, LinkedIn);
1.4.4. administrator of our website and IT infrastructure;
1.4.5. provider of accounting and tax consulting, auditing services;
1.4.6. insurance service provider;
1.4.7. telecommunications service provider;
1.4.8. legal service providers;
1.4.9. provider of postal and courier services;
1.4.10. public authorities, law enforcement agencies and courts;
1.4.11. the opposing parties and other parties to the proceedings.
1.5. Information that the Controller intends to transfer the personal data to a third country or an international organisation:
Please note that your personal data is not primarily transferred to third countries, such transfers may only occur when using cookies, software and other solutions from providers located outside the European Economic Area (e.g. Google, Microsoft, etc.).
Your personal data may thus be transferred to a third country, which is the United States of America. The United States of America is not considered to be a third country that provides an adequate level of protection. The following reasonable safeguards are provided by the data controllers to whom the data is transferred:
- Google: Privacy Policy; Reasonable assurances under Article 46 of GDPR;
- Microsoft: Standard contractual clauses, supplementary arrangements, data centres located in European Union countries;
more info: Data location for the European Union;
- LinkedIN: Privacy Policy; DPA and Standard Contractual Clauses;
- Facebook Privacy Policy;
- Meta Privacy Policy;
- Instagram Data Use Policy.
Standard contractual clauses for the transfer of personal data to third countries were adopted by decision of the European Commission on 04.06.2021 with effect from 27.06.2021. More info: Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses.
1.6. Retention period of personal data (criteria for determining it):
We retain personal data for no longer than is necessary for the purposes for which the personal data is processed.
Please note that we have endeavoured to set out all relevant and appropriate retention periods for your personal data in the tabular section above in this document.
The following is only a demonstrative list of the possible retention periods of your personal data by our company:
1.6.1. for the duration of the contractual relationship with the data subject;
1.6.2. for the period necessary for the exercise of the rights and obligations arising from the contractual relationship with the data subject;
1.6.3. for the duration of the limitation period or time-bar with respect to to claims arising out of or in connection with the employment relationship, other similar relationship or arising out of another contractual relationship with data subject and one year after the expiry of the relevant limitation period or time-bar in the case of a possible legal claim against our company at the end of the limitation period or time-bar;
1.6.4. during the pendency of judicial, administrative or other proceedings to the extent necessary for the duration of such proceedings and for the remainder of the limitation period or time-bar thereafter;
1.6.5. for the purposes where we process personal data as part of our legal obligations, for the period of time required by the applicable law;
1.6.6. for purposes where we process personal data on the legal basis of your consent, until the consent to the processing of personal data is withdrawn, or for a period of time which is implied by the consent itself and of which the data subject was informed prior to giving consent;
1.7. Identification of the rights of the data subject:
1.7.1. the right to object to the processing of personal data of the data subject,
in particular, to object to processing carried out upon the legal basis of Article 6(1)(f) of GDPR (legitimate interests); in this case, we will no longer process your personal data for that purpose unless we have compelling legitimate grounds for continuing such processing;
1.7.2. the right of access to personal data relating to the data subject
you can ask us for access to the personal data we process about you; if your request is granted, we will provide you with a copy of the personal data we process about you;
1.7.3. the right to rectification of personal data of the data subject
you can ask us to rectify inaccurate or incomplete personal data we process about you;
1.7.4. the right to deletion of personal data of the data subject
you can ask us to delete your personal data if any of the following situations occur:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- you have previously given us your consent for processing, which you withdraw, and we are also not entitled to process such personal data without your consent;
- you object to processing carried out in specific situations under the GDPR (a task carried out in the public interest, a legitimate interest of the Controller or profiling) and your interests, rights and freedoms as a data subject are not overridden by any legitimate grounds for processing;
- you object to processing for direct marketing purposes;
- personal data have been unlawfully processed;
- the personal data must be deleted in order to comply with a legal obligation under European Union law or the law of a Member State which is binding on the data Controller;
- personal data was collected in connection with the offer of information society services under the GDPR;
1.7.5. the right to restrict the processing of personal data of the data subject
you can ask us to restrict the processing of your personal data if any of the following situations occur:
- you have denied the accuracy of the personal data for the time necessary for us to verify the accuracy of the personal data;
- the processing of your personal data is unlawful, but you refuse a deletion of such data and instead request a restriction on its use;
- we no longer need the personal data for processing purposes, but you need it to establish, exercise or defend legal claims;
- you have objected to the processing of your personal data in specific situations under the GDPR (a task carried out in the public interest, a legitimate interest of the Controller or profiling) until it is verified that our legitimate grounds outweigh your legitimate grounds;
1.7.6. the right to data portability of personal data of the data subject
if we process your personal data on the basis of:
- your consent or
- it is necessary for the performance of a contract to which you are a party and at the same time the processing is carried out by automated means,
you have the right to request the transfer of your personal data to another controller. This applies if you have provided us with personal data in a structured, commonly used and machine-readable format and this right does not adversely affect the rights and freedoms of others;
1.7.7. the right to lodge a complaint (petition to initiate proceedings) with the Personal Data Protection Office, Hraničná 12, 820 07 Bratislava 27, Slovak Republic; http://www.uoou.sk;
1.8. The existence of the right of the data subject to withdraw consent to the processing of personal data at any time
If you, as the data subject, provide us with consent to the processing of your personal data, you have the right to withdraw your consent to the processing of your personal data at any time, in writing to the address of our registered office or by e-mail to gdpr@softec.sk (unless another method of withdrawal of consent results from another agreement or declaration of the data subject). Withdrawal of consent shall be without prejudice to the lawfulness of the processing prior to withdrawal of consent.
1.9. Information on whether the provision of personal data is a legal or contractual requirement or a requirement necessary for the conclusion of a contract (including whether the data subject is obliged to provide personal data and the possible consequences of not doing so):
1.9.1. in the case of processing of personal data upon legal basis provided for in Article 6(1)(b) of GDPR (performance of a contract), the provision of personal data and their processing by the Controller is necessary for the performance of the contract (if the data subject did not provide the personal data, the Controller would not be able to perform the contract);
1.9.2. in the case of processing of personal data upon legal basis pursuant to Article 6(1)(c) of GDPR (compliance with a legal obligation), the processing of personal data of you by the Controller is necessary to comply with a legal obligation of the Controller arising from generally binding legal regulations;
1.9.3. in the case of processing of personal data upon legal basis provided for in Article 6(1)(f) of GDPR (legitimate interests), you are not obliged to provide your personal data and you are entitled to object to the processing of your personal data (in the event that you exercise your right to object to the processing of your personal data, we will no longer process your personal data in this case unless we have compelling legitimate grounds for continuing to do so);
1.9.4. in the case of processing of personal data upon legal basis pursuant to Article 6(1)(a) of GDPR (consent), you are not obliged to provide personal data and, if you have given your consent to the processing of your personal data, you are entitled to withdraw your consent at any time;
1.10. From what sources do we obtain personal data?
In most cases, we obtain personal data directly from the data subjects by providing it to us (e.g. in contractual documentation, email messages, etc.). This does not exclude that we also learn about the data subjects' personal data in other ways, e.g. by obtaining it from the client, obtaining it from publicly available sources (registers), etc.
1.11. Information about the existence of automated decision-making, including profiling:
The Controller does not carry out automated decision-making and profiling.
1.12. Use of cookies
Cookies and similar technologies collect and store information as you browse our website. They are small text files that can be used for a variety of purposes. If you visit our website, a drop-down box called "This website uses cookies" will appear at the top of your screen to tell you what cookies we use and for what purpose. Unless they are "Necessary" cookies, their use is only possible with your consent. You have the option to refuse cookies, allow a selection or allow all cookies. We regularly update information about what cookies we use so that you always have accurate and up-to-date information.
For more information about the terms and conditions of cookies, please see the Cookies Policy - Softec SK.
This information on the processing of personal data is regularly updated. Last update: [17.8.2023].