This privacy policy (hereinafter as “Policy“) contains information about processing of your personal data at the website www.bpsgroup.sk (hereinafter as“website“) and at a profile of the controller on social networks named “BPS Group“ (hereinafter as“social network profile“).
The controllers when processing your personal data are the companies BPS Audit, s.r.o., with its registered office atPlynárenská 1, 821 09 Bratislava – mestskáčasťRužinov, Identification No. (IČO): 51 985 373, registered with the Commercial Register of the District Court Bratislava I, Section: Sro, Insert No. 132084/B(hereinafter as“BPS Audit, s.r.o.“) andBPS Tax, s.r.o., with its registered officePlynárenská 1, 821 09 Bratislava – mestskáčasťRužinov, Identification No. (IČO): 51 98 397, registered with the Commercial Register of the District Court Bratislava I, Section: Sro, Insert No. 132135/B (hereinafter as“BPS Tax, s.r.o.“), who, in the processing of your personal data, act in the position of joint controllers jointly determining the purposes and means of processing of your personal data pursuant to Art. 26 Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter as “Regulation“) (BPS Audit, s.r.o. and BPS Tax, s.r.o. hereinafter together as “Controllers“ or as “we“ in a respective grammatic form).
Information on the processing of personal data which takes place outside the website or social network profiles of the Controllers is documented by each of the Controllers in the relevant internal regulations and privacy policies about which you will find more detailed information in art. 3 of this Policy.
The purpose of this Policy is to provide you with a clear answer as to why your personal data are processed, how they are processed, for how long they are stored by the Controllers, what your rights in connection with the processing of your personal data are and to provide you with other relevant information about the processing of your personal data. By this Policy, the Controllers fulfill their information obligation towards all data subjects both in case they obtain personal data directly from you as a data subject and in case they obtain your personal data from another source.
The Controllers process your personal data in accordance with the Regulation, relevant Slovak legal regulations, in particular Act No. 18/2018 Coll. on Personal Data Protection and amending and supplementing certain acts (hereinafter as “Act”) and other legislation in relation to personal data protection (the Regulation, the Act and other legislation in relation to personal data protection hereinafter as “Personal data protection legislation”).
The Controllers have determined mutual responsibilities for the fulfilment of obligations under the valid Personal data protection legislation in the agreement of joint controllers concluded pursuant to Art. 26 of the Regulation, according to which:
In matters related to personal data processing and protection, you can contact the Controllers at the address BPS Audit, s.r.o., Plynárenská 1, 821 09 Bratislava, orBPS Tax, s.r.o., Plynárenská 1, 821 09 Bratislavaor via e-mail to the e-mail address dpo@bpsgroup.sk.
The Controllers process your personal data in accordance with the principle of minimisation so that they can process personal data for which they have a legitimate interest or your personal data for which you have given your consent. The Controllers always process the personal data always to the extent that the intended purpose of the processing is met. This means that the Controllers do not request any personal data from you which are not necessary for the specific purpose.
The Controllers process your personal data to the extent of common personal data. The specific categories of the personal data processed by the Controllers about you for individual purposes of processing via the website or the social network profile are specified below in the table of purposes.
The Controllers process your personal data solely for the justified purposes, during limited period and by using the maximum possible level of security measures. The Controllers process the personal data only when relevant legal basis for the processing exists (in accordance with the principle of legality).You can find the specific purposes for which the Controllers process the personal data via the website or the social network profile in the table below.
|
Purposes of the processing |
Legal basis |
Categories of data subjects |
Categories of personal data |
Retention period |
| Responding to messages and handling inquiries / requests from messages delivered to the Controller via the contact form on the website or messages on the social network | Article 6 (1) f) of the Regulation – processing of the personal data is performed on the basis of the legitimate interest of the Controller which is responding to messages on the social networks and received in another form for the proper conduct of business communication and the quality of services | natural persons sending message / inquiry | name, surname, e-mail, telephone number, other data stated in the report | 30 days from the date of delivery of the request or until the processing of the request (fulfilment of the purpose), whichever occurs first |
| Making photographs of employees, members of the bodies of the Controller and other cooperating persons and their publishing on the communication channels of the controller (website, social networks) and at the premises of the company | Article 6 (1) a) of the Regulation – processing of personal data is performed on the basis of the consent of the data subject | natural persons – employees, members of the bodies, other cooperating persons who have granted their consent | photographs, in case of members of the bodies of the controller and cooperating persons also the title, name, surname and function | 5 years from the date of granting the consent |
In relation to securing the personal data, each of the Controllers has adopted internal documentation, in which adequate security measuresadopted by the Controller in order to secure your personal data are further specified (for example, SSL certificate implemented on the website).
You can find the information on processing of personal data by the company BPS Audit, s.r.o. as an individual controller, which is performed outside the website or the social network profile, in the privacy policy of BPS Audit, s.r.o.
You can find the information on processing of personal data by the company BPS Tax, s.r.o. as an individual controller, which is performed outside the website or the social network profile, in the privacy policy of BPS Tax, s.r.o.
The Controller obtains your personal data directly from you as a data subject in case you provide the Controller with them yourself (when you send a message via the contact form on the website, the message on the social network, when visiting the Controllers‘ website or when granting the consent to the processing of your personal data).
In certain cases, the Controller is obliged to provide your personal data to public authorities that are authorized to process your personal data, e.g. courts, law enforcement authorities or other supervising authorities.
The Controllers provide your personal data also to their processors, i.e. external subjects which process your personal data on behalf of the Controller. Processors process personal data based on the agreement concluded with the Controller, in which they committed to adopt adequate technical or organisational measures in order to secure the processing of your personal data. The Controller uses the following processors: the company providing website management (including social network management) and the company providing hosting services.
Other recipients of your personal data include the company Facebook, Inc., if you contact the Controllers via message on the social networks or if you visit the Controller’s profile on social networks.
Transfer of your personal data to the USA, to the company Facebook, Inc. occurs in case you contact the Controllers via message on the social networks or when you share website or its content on the social network, or if you put like to the website. The transfer of your personal data is secured by means of standard tools in accordance with the Personal data protection legislation.
The Controllers always store the personal data in accordance with the principle of storage limitation. It means that they process the personal data solely for the period during which it is necessary to store the personal data. After such period elapses, the Controllers erase the personal data, if not otherwise regulated by the law.
The retention period of your personal data has been set by the Controllers in accordance with the relevant legal regulations as specified above, in the table of purposes.
The Controllers do not process your personal data by profiling or any form of automated individual decision-making, by which evaluation of your personal aspects would take place.
In connection with the processing of your personal data, you have the following rights as a data subject:
|
Your right |
Description |
| Right of access | As a data subject, you have the right to obtain a confirmation on whether the Controller processes your personal data and if so, you have the right to obtain access to such personal data and information pursuant to Article 15 of the Regulation. The Controller will provide you with a copy of the personal data being processed. If you file the request via electronic means, the Controller will provide you with the information by commonly used electronic means, unless otherwise requested by you. |
| Right to rectification | The Controller has taken adequate measures to ensure that your personal data are accurate, complete and up-to-date. As a data subject, you have the right that the Controller corrects your incorrect personal data or completes your incomplete personal data without undue delay. |
| Right to erasure (“right to be forgotten“) | You have also the right that the Controller deletes your personal data without undue delay if certain conditions are met, for example if the personal data are no longer necessary for the purposes for which the Controller obtained or processed them. However, this right needs to be assessed individually, as there may be a situation when the Controller is prevented from the erasure of the personal data by other circumstances (for example, by legal obligation of the Controller). This means that in such a case, the Controller will not be able to comply with your request to delete the personal data. |
| Right to restriction of processing | You have also the right that the Controller limits the processing of your personal data, for example if you object the accuracy of the personal data or if the processing is illegal and you request restriction of the processing or if the Controller no longer needs your personal data for the purpose of processing, but you need them to prove, assert or defend legal claims. The Controller will restrict the processing of your personal data, if you request so. |
| Right to data portability | Under certain circumstances, you have the right to transmit the personal data to another controller which you determine. However, the right to portability applies only to personal data which the Controller processes on the basis of the consent you have given to the Controller, on the basis of the contract to which you are one of the contractual parties or in case the Controller processes the personal data by automated means. |
| RIGHT TO OBJECT | You have the right to object to processing of your personal data, for example if the Controller processes your personal data based on the legitimate interest or to processing in which profiling occurs. If you object to such personal data processing, the Controller will not further process your personal data unless it demonstrates necessary legitimate grounds for the further processing of your personal data. |
| RIGHT TO WITHDRAW CONSENT | If the Controller processes your personal data on the basis of your consent, you have the right to withdraw the consent at any time in the same way as you granted it. Withdrawal of the consent does not affect the lawfulness of the processing carried out before the withdrawal of the consent. |
| Right to lodge a complaint or request | If you believe that your personal data are being processed in breach of applicable legal regulations, you can lodge a complaint with the supervisory authority which is Office for Personal Data Protection of the Slovak Republic, with its office at Hraničná 12, 820 07 Bratislava 27; website: dataprotection.gov.sk, telephone number: 02 3231 3214; e-mail: statny.dozor@pdp.gov.sk. |
You can exercise your rights stated in the previous point of this Policy:
The Controllers will provide you with a response to a request regarding exercise of your rights within 1 months from the day of exercise of your rights. In certain cases, the Controllers are entitled to prolong such period, in case of high number and complexity of the requests submitted by the data subject, maximum by 2 months. The Controllers will always inform you in advance about prolongation of the period. Response to a request regarding exercise of your rights will be provided to you free-of-charge. In case of repeated, unreasonable or disproportionate request to exercise your rights, we are entitled to charge a reasonable fee for providing the information.
This Policy is valid and effective as of 24 August 2020.
Due to the fact that it may be required to update the information on the processing of personal data contained in this Policy in the future, the Controllers are entitled to update this Policy at any time. However, in such a case, the Controllers will notify you in an appropriate manner, at least 14days in advance.
Plynárenská 1
821 09 Bratislava
– mestská časť Ružinov
audit@bpsgroup.sk
Auditing Oversight Authority licence: 406
Plynárenská 1
821 09 Bratislava
– mestská časť Ružinov
tax@bpsgroup.sk
Licence number: 190/2019
Komenského 361
908 77 Borský Mikuláš
Adresa pobočky:
Plynárenská 1
821 09 Bratislava
- mestská časť Ružinov