GDPR

Processing and protection of personal data at OHSAS, s.r.o., VEMAL, s.r.o. and Ing. Lenka Pénzešová
Švecová – OHSAS (hereinafter referred to as “the operator”)

For the purpose of cooperation with your company and persons acting on its behalf, or cooperation directly with you as a natural person who is not an entrepreneur, we process the personal data provided by natural persons of individuals (i.e. for the purposes of the protection of personal data of “data subjects”).
When processing personal data, we act in accordance with the applicable legislation in the area of personal data protection (Articles 13 and 14 GDPR / Sections 19 and 20 of Act No. 18/2018 Coll. on the protection of personal data and on amending and supplementing certain acts (hereinafter referred to as the “Act”).

Collection of personal data
We obtain personal data either directly from you or indirectly from other entities (e.g. from an employer with whom we have a contractual relationship or from entities providing assistance, etc.). In the case of direct collection of personal data, we are obliged as the controller to inform you about the processing of your personal data at the latest at the time of collection (in a demonstrable, proportionate, simple, comprehensible manner). In the latter case, we proceed in accordance with Article 14 or Article 20 of Act No. 18/2018 Coll.

Purpose of processing personal data
We process personal data for the purpose of fulfilling contractual obligations, carrying out activities on the basis of a received order or on the basis of consent.

Legal basis for processing personal data
The personal data of the data subjects are processed on the basis of specific legal regulations and for the purposes specified by the controller in accordance with these regulations.

On the basis of the above, we process the following personal data:

• name, surname, title, date of birth, birth number, permanent address, email address, telephone, signature, medical fitness certificate, photograph, marital status, citizenship, nationality, number of dependent children, occupation, name of employer, etc.
• if you visit our website – IP address, web logs, cookies.

We process the personal data you provide to us for the following reasons (for the fulfilment of these purposes):

• the provision of services on the basis of a contractual relationship
• the implementation of OSH and OHS training
• marketing – sending information by email or post
• We use your personal data (name, e-mail and mailing address) for the purpose of direct marketing – sending you information about news in the field of OSH and OHS, trainings and ongoing events.
• If you are our client, we do so on the basis of the existence of a contractual relationship between us.

Recipients or categories of recipients of personal data
As a controller, we have a legal obligation to provide personal data in the course of audits, supervisory activities or at the request of authorised third parties if this is required by specific legislation (e.g. to law enforcement authorities, police, courts, supervisory and controlling authorities).
Furthermore, we provide personal data to you as data subjects in the exercise of your data subject rights.

Transfer of personal data to a third country or international organisation
Our company does not carry out such a transfer.

Retention of personal data

Your personal data is stored securely and only for as long as necessary to fulfil the purpose of processing. It is accessible only to authorised authorised persons of the controller who have been duly instructed and who process the personal data of the data subjects on the basis of the controller’s instructions, in accordance with the controller’s security policy.

The period of retention of personal data depends on the intended purpose of the processing and the need for archiving according to the company’s approved filing plan, which is also based on the intended purpose and legal basis for the processing of personal data.

Existence of rights asserted against the controller
As a data subject, you have rights that you can exercise against us at your discretion. These rights are:

• right of access – you can ask the controller for access to the personal data we process about you. The controller will also provide you with a copy of the personal data processed. In most cases, personal data will be provided to data subjects in written paper form, unless they request a different method of disclosure. If they request this information by electronic means, it will be provided electronically where technically feasible.
• the right to rectification – if you, as a data subject, believe that the data held by the controller are inaccurate, incomplete or out of date, you have the right to ask the controller to rectify, update or supplement them.
• Right to erasure – as a data subject, you have the right to request the erasure of your personal data. However, the right will be assessed by the controller in light of all relevant circumstances, e.g. the controller may have certain legal obligations which mean that it will not be able to comply with the request. You can request erasure of your personal data if one of the following situations occurs:
  (a) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  b) you have withdrawn the consent on the basis of which your personal data was processed and there is no further legal basis for processing it;
  c) you have objected to being the subject of decision-making based on automated processing of your personal data and there are no overriding legitimate grounds for such processing or you have objected to the processing of your personal data for direct marketing purposes;
  d) your personal data have been unlawfully processed;
  e) Your personal data must be erased to comply with a legal obligation under Union or Member State law to which the controller is subject;
  f) your personal data have been collected in connection with the offer of information society services.
• the right to restriction of processing – as a data subject, you are entitled to ask the controller to restrict the processing of your personal data in the following situations:
  (a) you have denied the accuracy of the personal data, for the time necessary to allow the controller to verify the accuracy of the personal data
  (b) the processing of your personal data is unlawful but you refuse to erase the data and instead request the restriction of their use
  (c) the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims
  (d) you object to the processing of your personal data pursuant to Article 21(1) of the Regulation until it has been verified that the legitimate grounds of the controller outweigh your legitimate grounds.
• the right to data portability – in certain circumstances, you as the data subject have the right to ask the controller to transfer your personal data to another third party of your choice. The right to data portability only applies to personal data that the controller has obtained on the basis of your consent or on the basis of a contract to which the data subject is a party.
• the right to withdraw consent – in cases where the personal data are processed by the controller on the basis of your consent, you have the right to withdraw this consent at any time. You can withdraw your consent in writing or in person. Withdrawal of consent does not affect the lawfulness of the processing of personal data processed by the controller on the basis of that consent about the data subjects.
• the right to object – as a data subject, you have the right to object to the processing of your personal data based on the legitimate interests of the controller. If the controller does not have a compelling legitimate ground for the processing and you object, the controller will no longer process your personal data.
• the right to lodge a complaint – if, as a data subject, you believe that your personal data are being processed unfairly or unlawfully by the controller, you may lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27;
  tel. no: +421 /2/ 3231 3214; mail: statny.dozor@pdp.gov.sk, www.dataprotection.gov.sk.

Obligation or possibility to provide personal data
If you choose to work with us, communicate with us or visit our website, you must provide us with personal data to the extent necessary. This does not apply to the processing of cookies, which you can change in your browser settings so that we do not process this data about you.

Existence of automated decision-making, including profiling
We do not use automated decision-making or profiling when processing personal data for the purposes set out above. We declare that, as the controller of your personal data, we comply with all legal obligations required by applicable legislation, in particular the Act on the Protection of Personal Data
Personal Data Protection Act and the GDPR, and therefore that:

• we will only process your personal data on the basis of a valid legal ground, in particular a legitimate interest, a contractual relationship or consent
• we hereby fulfil our information obligation under Article 13 of the GDPR prior to the processing of personal data
• we will enable and support you in exercising and fulfilling your rights under the Data Protection Act and the GDPR.

Security and protection of personal data
We protect your personal data to the maximum extent possible. We have adopted and maintain all possible technical and organisational measures to prevent the misuse, damage or destruction of your personal data.

Silence

Please be assured that we, as the controller, as well as our employees and associates who will process your personal data, are obliged to maintain confidentiality of personal data and security measures, the disclosure of which would compromise the security of your personal data. This confidentiality shall continue even after the termination of the contractual relationship with us. Your personal data will not be disclosed to a third party without your consent.

This Privacy Policy is effective as of May 25, 2018 and supersedes the previous Privacy Policy.

Other aspects of data protectionv
If you have any further questions regarding the processing of personal data in our company’s terms and conditions, please do not hesitate to contact us at +421 905 876 147 or by e-mail at ohsas@ohsas.sk.