Information on the processing of personal data
- Who are we?
The company SEGRON, s.r.o. operates in the IT technology field. Its main activities include Test Automation for Telco and Finance.
- 1 Personal information
According to Act No. 18/2018 Z.z. on the protection of personal data on the amendment of certain laws data relating to an identified natural person or an identifiable natural person that can be identified directly or indirectly, in particular on the basis of a generic identifier, other identifier such as name, surname, identification number, location an online identifier, possibly based on one or more of the characteristics or features that constitute its physical, physiological, genetic, psychological, mental, economic, cultural or social identity.
- 2 Why is this information provided to you?
Protecting your privacy is very important to us. Transparency of the processing of personal data of data subjects is a key principle of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), which is directly implemented in Act no. 18/2018 Coll. on the protection of personal data (hereinafter referred to as the “Act”). Your personal data is processed in accordance with GDPR and the Act. Such processing includes collection, storage, use, alteration. This document applies to all data subjects whose personal data are collected in accordance with the requirements of Act No. 18/2018 Coll. on the protection of personal data and whose personal information we have received because of a contractual relationship between us and our customers.
- 3 Who is responsible for processing your personal data?
SEGRON, s.r.o., Drieňová 1/E, 821 01 Bratislava, Company ID: 46 626 131 (hereinafter referred to as the “Controller”) is the controller of personal data of data subjects processed in connection with the fulfillment of contractual obligations towards our customers.
Who can you contact in case of questions?
Our company is committed to ensuring that your personal data, that you entrust to us for the purpose of fulfilling contractual obligations towards our customers, including related communications, are protected to the greatest possible extent, and to be processed only to the extent necessary and for the necessary time. During this time, we prioritize you to always know why and for how long we process your personal data. Therefore, if you have any questions regarding the processing of your personal data, you can contact us at any time by e-mail at the following address: [email protected] – please always leave your phone number in the body of the e-mail so we can contact you. You may exercise your rights in relation to the processing of your personal data as described below.
- 4 What personal data in connection with the contractual relationships with the customer we process and why?
Our company processes about you, in particular, your contact information, including name, surname, job title, employer, telephone number and email address. Without this information, we would not be able to meet our contractual obligations or assert our contractual claims.
- 5 What is the legal basis for processing your personal data and how long do we process it?
We process your personal data on a legal basis of the contract.
We keep your personal data for the duration of the contract + 4 years. After the processing time has expired, we will anonymize the data.
If necessary, we may process your data on the basis of a legitimate interest in demonstrating, applying or defending legal claims. Against the processing of personal data on the basis of legitimate interest, you have the right to object (more information below in the right to object).
- 6 Who is processing your personal data besides us?
Your personal data is first processed by our company as a controller for the purposes stated here. In addition, your personal data may be provided to the state control authorities. Furthermore, your personal data is processed by our processors – entities that process your personal data on our behalf and on our instructions, as such processing is necessary for the proper performance of the services these processors perform for our company.
These processors are (e.g.) the following companies: HUBSPOT.
- 7 What are your rights?The right to request access to personal data processed
As a data subject (the person whose personal data is being processed), you have the right to require our company as a controller to confirm whether personal data relating to you are processed and, if so, you have the right to gain access to such personal data and also additional information within the meaning of GDPR (art. 15).
- Right to repair
As a data subject, you have the right to correct the incorrect personal data that you refer to as a controller without undue delay. With regard to processing purposes, you have the right to supplement incomplete personal data, including through the provision of a supplementary declaration.
- The right to limit processing
As a data subject, you have the right to have our company, as controller, restrict the processing of your personal data in one of the following cases: (a) the data subject contests the accuracy of the personal data during the period allowing the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject objects to the deletion of the personal data and asks instead to restrict their use; (c) the controller no longer needs personal data for the purposes of processing but needs the data subject to prove, assert or defend legal claims; (d) the person concerned has objected to the processing referred to in Article 21 (1) of the GDPR based on the legitimate interest of our company as a controller until it is verified that the legitimate reasons on the part of the controller outweigh the legitimate reasons of the data subject.
Where processing has been restricted, such personal data shall be processed only with the consent of you, or for the purpose of establishing, asserting or defending legal claims, or for the protection of the rights of another natural or legal person, or for important public interest of the Union or a Member State.
The controller shall inform the data subject who has reached the processing restriction before the processing restriction is cancelled.
- The right to transferability of personal data
As a data subject, you have the right to obtain personal data concerning you that you have provided to us as a controller in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without preventing the controller to whom such personal data have been provided if: (a) the processing is based on a contract; (b) processing by automated means. As a data subject, you have the right to transfer personal data directly from one controller to another when exercising your right to data portability, if technically possible. This right must not adversely affect the rights and freedoms of others.
- Right of be forgotten
As a data subject, you also have the right to reach us as an controller without undue delay the deletion of personal information relating to you, and the controller shall, without undue delay, delete the personal data if one of the following reasons is fulfilled: (a) Personal data are no longer necessary for the purposes for which they are acquired or otherwise processed; (b) The data subject objects to processing on the basis of the legitimate interest of the controller and does not consider any legitimate reasons for processing or the data subject objects to processing on the basis of legitimate interest for direct marketing purposes (if our company will in future process personal data for direct marketing purposes on the basis of legitimate interest); (c) Personal data have been processed illegally; (d) Personal data must be deleted in order to fulfil the legal obligation under Union law or the law of the Member State to which the controller is subject.
Where the controller has published personal data and is obliged to delete personal data, taking into account the available technology and the costs of implementing the measures, it shall take appropriate measures, including technical measures, to inform controllers who carry out the processing of personal data that the data subject requests them to delete all references to such personal data, their copy or replicas.
Requests for the performance of these rights as a data subject will be fulfilled free of charge. If your applications are manifestly unfounded or disproportionate to the data subject, in particular for their recurrent nature, the controller may either: (a) require a reasonable fee taking into account the administrative costs of supplying the information or for notifying or to take the requested action, or (b) refuse to act on application.
- The right to object to the processing of personal data
If the controller processes your personal data on the basis of a legitimate interest (see above in the table), you have the right to object to such processing and the controller may not continue to process your personal data on the basis of the legitimate interest unless it proves the necessary legitimate reasons for processing that prevail over your interests, rights and freedoms, or the reasons for demonstrating, applying or defending legal claims. If we will process your personal information in the future on the basis of legitimate interest for direct marketing purposes (you will be informed), you have the right to object and the controller may no longer process the personal data of the data subject for that purpose.
- The right to complain to the office
If you believe that your rights have been violated in connection with the processing of your personal data, you have the right to lodge a complaint with the Úrad na ochranu osobných údajov SR, Hraničná 12, 820 07 Bratislava, website: https://dataprotection.gov.sk/uoou/ or the Data protection authority in the Member State of your habitual residence or place of work (hereinafter referred to as “the supervisory authority“).
The supervisory authority to which the complaint is lodged shall inform you of the progress and outcome of the complaint, including the possibility of bringing a judicial remedy.
- The right to be represented
You also have the right to entrust a non-profit body, organisation or association which has been properly established in accordance with the law of a Member State whose objectives under the statutes are in the public interest and which are active in the protection of the rights and freedoms of data subjects in respect of the protection of their personal data in order to lodge a complaint on your behalf to apply the aforementioned rights to the supervisory authority in your name and to bring a judicial remedy and to exercise on your behalf the right to compensation for damages due to the violation of GDPR controller or any of its processors, if the law of a Member State so permits.
- 8 How do we respond to your request?
We will provide you with information on the measures taken because of your request, without undue delay and in any event within one month of receipt of the request. That period may, if necessary, be extended by a further two months, considering the complexity of the application and the number of applications. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the missed time limit. If you apply by electronic means, the information will be provided to you as far as possible by electronic means unless you request a different method.
- 9 How do you enforce your rights under the GDPR?
By sending an e-mail to the e-mail address [email protected]