1. Basic information
This document regulates the data protection principles of SHP Harmanec, a.s. 976 03 Harmanec, Slovak Republic, registered in the Commercial Register of the Bratislava I District Court, Section: Sa, File number: 7 / S, Company Identification Number: 00 153 052 (hereinafter referred to as the “Company” or “Operator”), in particular the rules for obtaining, collection, storage, dissemination, retention and security of personal data.
You may be the affected person in case you are:
- Client of the customer
- Employee of the Company and its close person
- User of the Company’s websites and social networks
- Participant of competitions
Questions, comments and requests for this document and the information contained in it are received by the operator at the email address email@example.com
2. Basic terms
In the beginning, we would like to introduce you to the basic terms that are presented in this document and which will help you better understand this document.
- Affected person – a natural person to whom the personal data relate.
- Cookies – small data files that are stored in the browser on the user’s computer and are inevitable for some functions of the website, such as logging in and they are often used to monitor users’ behaviour on the web, their use can be disabled in most internet browsers.
- GDPR Regulation – Regulation 2016/679 of the European Parliament and of the (EU) Council from 27 April 2016 on the protection of personal data with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46 / EC (General Data Protection Regulation).
- Special categories of personal data – sensitive personal data that are of specific character, such as health data or biometric data enabling the identification of a person.
- Personal data – any information concerning an identified or identifiable natural person, such as name, surname, date of birth, birth number, telephone number, email address, IP address, etc.
- Legitimate interest – the interest of the operator or other entity, which implies the need of processing personal data, if it prevails over the interests of data subjects, such as protection of the operator’s property by using camera systems, communication through the contact form on the website, etc.
- Operator – a natural person or legal entity that determines the purpose and means of personal data processing; the operator may entrust an intermediary for such processing.
- Recipient – a natural person, legal entity, public authority or other entity to which the personal data are provided.
- Product – goods that we offer and sell.
- Profiling – automatic processing of personal data of any character that is used in order to evaluate specific personal conditions, such as behaviour on the internet and remarketing.
- Service – services that we provide in connection with the sale of products.
- Processing of personal data – activity that the operator or intermediary performs with personal data such as their acquisition, browsing, storage, copying, etc.
- Intermediary – a natural or legal person, public authority, agency or other entity that processes personal data for the operator on its behalf.
- Purpose – the reason for the operator processes personal data.
- Personal Data Protection Act – Act no. 18/2018 Coll. on the protection of personal data and on the amendment of certain laws.
3. Rights of data subjects
The company emphasizes the respect for your rights. As an affected person, you have the following rights:
The right to information
You have the right to information about the processing of your personal data. For this purpose, appropriate measures are taken to ensure that this information is properly provided to you. The company fulfills its information obligation through this document, which will be permanently published on https://www.shpgroup.eu/protection-of-personal-data/.
Right to withdraw the granted consent
If you have granted us your consent to the processing of your personal data, you can revoke it at any time. Withdrawal of consent shall not affect the lawfulness of the processing resulting from the consent prior to its withdrawal. You may grant consent only for marketing purposes; all other processing activities are performed on a legal basis other than the contract, law or a legitimate interest.
Right of access to data
Upon request, the Company will issue you a confirmation of the processing of your personal data, as well as information on the purposes of their processing, categories of processed personal data, categories of recipients, period of data retaining, sources of personal data, unless personal data were obtained directly from you and of other your rights you can exercise. Upon request, the company will also provide you with a free copy of your personal data which it processes. We will charge a reasonable fee corresponding with the administrative costs for any additional copies. We will inform you about the amount of such fee in advance.
Right to correct
You have the right to process correct and up-to-date data. The company updates the data at your request, or after verifying this data in communication terms with your person.
Right of erasure (right to “be forgotten”)
Under certain conditions, you have the right to have your personal data erased, especially if the personal data are no longer needed for the purposes for which they were collected or otherwise processed; if you have withdrawn your consent on the basis of which the processing is carried out; if you object to a legitimate interest in the processing of data by the Company or in case personal data have been processed illegally. After considering the legal conditions of your request, we will comply with your request to delete personal data, or we will inform you why we cannot delete personal data.
Right to limit processing
Under certain conditions, you have the right to limit the processing of your personal data by the Company, especially if you challenge the accuracy of your personal data, doing so in the period that allows the Company to verify the accuracy of your personal data; if the processing of personal data is illegal and you object to the deletion of the personal data and request limitation of their processing instead; if the Company no longer needs them for processing purposes, but you need them for purposes to prove, assert or defend legal claims; if you have objected to the legitimate interests of the Company, the Company will limit their processing until such legitimate interests have been verified. After considering the legal conditions, we will comply with your request for limitation of the processing of personal data, or we will inform you why we cannot comply with the request.
Right to data portability
The Company will exercise the right to transfer personal data to another operator exclusively at your request in a structured, commonly used and machine-readable format in case the processing of personal data is based on your consent or on the performance of a contract with the Company and if such processing is performed by automated means that enable such transmission.
The right to object
Under certain conditions, you have the right to object to the processing of your personal data carried out on the basis of a legitimate interest of the Company. The company will not further process this personal data unless it proves the necessary legitimate reasons for such processing in a specific case. You also have the right to object to profiling for direct marketing purposes. In this case, the Company will not further process your personal data for the purpose of direct marketing.
Automatic individual decision-making, including profiling
The company performs remarketing, i. e. profiling only for direct marketing purposes and does so only with your consent. You have the right to object to such processing at any time.
The right to appeal or lodge a complaint to the Office for Personal Data Protection
You have the right at any time to appeal or lodge a complaint regarding the processing of personal data with the supervisory authority, namely the Office for Personal Data Protection of the Slovak Republic, with its registered office at Hraničná 12, 820 07 Bratislava 27, Slovak Republic, registration number: 36 064 220, tel. no.: +421/2/3231 3220, website https://dataprotection.gov.sk/uoou/.
4. Procedure of applying the right
You may apply the request of your right in written form:
- by post, to the address of the operator
- by email, to the address of the operator
We will register and process each request without undue delay, at the latest within one month. We will inform you within this period about the measures we have taken on the basis of this request. That stated period may be extended by a further two months if necessary, taking into account the complexity of the application and the number of applications. We will inform you about the extension of the period within one month of its submission, together with the justification for the lateness.
The notification of the method of processing the application shall be submitted in the same way as the application was submitted, unless you request another method. If the notification contains personal data of a special category, we send the notification exclusively by post, specified as a personal letter.
We process your requests free of charge. However, if the request is clearly unfounded or repeated, we may request for its processing:
- an appropriate fee taking into account the administrative costs,
- refuse to act.
5. Access to personal data
In particular, the following providers may have access to personal data processed by the Company:
- legal and consulting services (lawyer, auditor);
- travel agencies and airlines;
- postal and transport services;
- sales of our products;
- personnel portals;
- camera system management;
- website administration and hosting;
- social networking platforms (Facebook, Instagram);
- advertising and PR articles;
- marketing services;
- mobile operators;
- law enforcement authorities;
- public authorities.
6. Protection of personal data
The company consistently ensures the protection of personal data. For this purpose, we have taken appropriate technical, organizational and security measures taking into account the risk involved, the nature of the processing, the latest knowledge and the costs of taking such measures.
The company protects your personal data against misuse by appropriate and available means. In particular, we store personal data in premises, places, environments or in a system to which access is possible for a limited, predetermined and at all times controlled circle of persons.
Once a year, the company evaluates the procedures for handling and processing personal data. We write a brief record of the evaluation, the so-called evaluation report. If any procedures are found to be outdated, unnecessary or unsuccessful, we will take immediate remedial action.
The company immediately handles any security incidents involving personal data. In the event that the incident is likely to result in a high risk to your rights and freedoms, we will always inform you and let you know what remedial action we have taken. Each incident is going to be recorded in written form. The Company informs the Personal Data Protection Office of the Slovak Republic about any serious incident.
7. Timeliness of the document
This document is timely by 1 February 2022.
Its validity and timeliness is reviewed at least once a year.