Privacy policy for DRS & TBS
PRIVACY NOTICE
of SENSONEO j. s. a. for DRS and TBS segment
(effective as of 31 January 2024)
- THE PURPOSE OF THIS NOTICE. THE DATA CONTROLLER
- What is the purpose of this privacy notice?
This privacy notice (the Notice) is intended to help business partners and other private individuals to understand how SENSONEO j. s. a., ID 50 746 057 (the Company) processes personal data of private individuals having dealings (directly or indirectly through their employers) with the Company.
The Notice is addressed to any private individual who has or (to the extent still applicable) had relationship established with the Company or whose personal data were provided to the Company by employer of such private individual. Whether you are our business partner or representative (or employee) of our business partner or whether you have been nominated by our business partner as the business partner’s contact person or whether you have only sent an email, mail or other form of communication to the Company, to the extent our encountering with you led to the Company having access to your personal data, this Notice is relevant to you.
The Notice shall be read carefully and in its entirety. The Company strived to ensure that the Notice contains complete and comprehensible information about the processing activities regarding your personal data. However, if you have any questions or if you are not sure about any aspects of processing of your personal data by the Company, please, do not hesitate to contact us at the following email address: security@sensoneo.com or phone number: +421 947 924 767
- Who is the data controller?
The data controller with respect to the personal data is the Company (i.e., SENSONEO j. s. a. with its registered seat at Kollárova 27, 841 06 Bratislava – Záhorská Bystrica, the Slovak Republic, ID 50 746 057).
The Company needs to process your personal data in order to fulfil its contractual and other legal obligations. At the same time, the Company may need to process your personal data to protect its legitimate interests, including operating its business activities in appropriate manner and to protect its legal rights and interests.
It is the objective of the Company to process all personal data in line with the applicable data protection laws, particularly (i) the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of Personal data and on the free movement of such data, and repealing Directive 95/46/EC, and (ii) Slovak Act No: 18/2018 Coll. on Protection of Personal Data and On Amendment and Supplement of Certain Acts (to the extent applicable). It is also the objective of the Company to ensure that all processing operations are conducted in a secure way only to the extent necessary for achieving purpose of the processing as described below.
- What could happen if personal data are not provided to the Company?
The Company has numerous contractual and legal obligations towards its business partners and towards the public authorities or other public bodies. In order to fulfil these obligations, but also in order to ensure protection of the Company’s interests it is necessary to process your personal data.
If your personal data are not provided to the Company, the Company may not be able to fulfil its obligations, which may result in the Company not being able to enter into or dully carry out contract with its business partner.
- PERSONAL DATA. PROCESSING OPERATIONS
- Where does your personal data come from?
The Company collects the personal data directly from you or from your employer who provided your personal data to the Company during the business relationship. The Company may also receive some of the personal data from public authorities in relation to their queries or investigations. It may be also the case that the Company will process personal data which are publicly available, particularly with respect to contact data which include also reference to a particular person. Please, also be aware that the Company may create other data about you, which could qualify as personal data and the Company will use and store also such personal data.
- What kind of personal data are processed by the Company?
Unless a particular situation requires otherwise, the personal data that the Company will be processing may include:
(a) identification and characteristic information: such as name, surname, details of your employer and your job position; and
(b) contact data: such as (business) address, (business) phone number, (business) e-mail address.
The Company will not seek any other personal data, but the Company may not exclude that other personal data will become available to the Company in the context of business relationship with its business partner. The Company will adopt measures to prevent processing of such additional personal data.
- What are the purposes for processing of your personal data by the Company?
The Company processes personal data of its business partners, representative(s) of business partners and/or business partner’s contact persons to fulfil its contractual obligations and statutory obligations (such as keeping of accounting, tax purposes and similar).
Such personal data may also be processed for purposes of legitimate interests of the Company aimed at ensuring effective and secure conducting of Company’s business activities and protecting the Company’s rights and legal interests.
- What is the legal base for the processing operations?
Pursuant to applicable data protection laws, personal data may only be processed based on adequate legal base. The Company processes personal data based on the following legal bases:
(a) performance of a contract
Data processing by the Company is necessary for the Company to be able to fulfil its obligations deriving from the contract concluded with you or with your employer.
(b) fulfilment of legal obligation
Data processing by the Company is necessary for the Company to be able to comply with its obligations prescribed in law, including the transmission of data to authorities.
(c) legitimate interest of the Company, which (i) making of or defending against claims; and (ii) proving compliance with applicable laws (such as upon requests of supervisory authorities).
In cases where data processing by the Company is based on the legitimate interest of the Company, the Company has, upon thorough deliberation, arrived at the conclusion that your interests or fundamental rights and freedoms that require protection of personal data do not override the legitimate interest of the Company.
- For how long will your personal data be processed?
The Company will not store or process personal data for a period longer than necessary to fulfil the purpose of the processing or as prescribed or allowed by applicable laws. Accordingly, when the purpose has been fulfilled in relation to a specific type of personal data, the Company will stop using the personal data for that purpose and, if the same data is not relevant for any other purpose, delete the relevant personal data as soon as reasonably possible.
The basic rule is that the Company will store and process your personal data throughout the duration of the contract with the business partner and for a period of ten years after its termination unless the applicable laws provide for different period. To the extent possible, the Company will anonymize your personal data for their use for statistical purposes.
- YOUR RIGHTS
- What does the Company do to protect your personal data?
The Company ensures that the principles of protection of personal data laid down by the applicable data protection laws are strictly followed and adhered to. Particularly, the Company ensures that (i) only those personal data are processed which are necessary for the purpose of processing, (ii) personal data are processed only for purpose for which the data were collected or (to the extent permitted by the applicable data protection laws) for purpose, which is compatible with the original purpose, and (iii) the personal data are processed no longer than necessary.
The personal data will be stored and processed manually and also automatically with the help of electronic devices.
The Company has taken appropriate technical, administrative, physical and procedural protection measures for the protection of personal data in their use and possession in order to ensure that such personal data are protected against misuse, unauthorized access, publication, corruption, modification and destruction. Such measures include the following:
- What are your rights regarding processing of your personal data?
The applicable data protection laws confer on you several rights when it comes to processing of your personal data. Details of these rights are outlined below. Be aware that the rights below could be qualified in certain circumstances (e.g., in case of legal proceedings regarding you). Please, do not hesitate to contact the Company, if you have any questions regarding your rights.
Right to be informed
As a data subject you have a right to be informed about all important aspects of the processing operations regarding your personal data unless the applicable data protection laws provide otherwise. The Company fulfils its obligation to inform you, primarily, through this Notice. Though, from time to time, the Company may distribute further information or update this Notice to ensure that you have always correct and up to date information about the processing operations.
Right to access and rectification
You have the right to request access to the personal data relating to you. This includes the right to be informed whether personal data about you are processed, what personal data are processed, and the purpose of the processing. The Company does not have to provide your personal data, if this would adversely affect the rights and freedoms of others. You also have the right to rectify or add personal data if the personal data are inaccurate or incomplete.
Right to erasure (“right to be forgotten”)
You have the right to request that your personal data are erased in certain cases, e.g., if the personal data are no longer necessary for the purposes for which these were collected and no other legal bases exist for continuing to process such data, if the processing is unlawful, or the personal data have to be erased in order to enable the Company to comply with a legal requirement. Please note that the Company may reject your request if the processing is permitted or required according to law or any other relevant legal base.
Right to object and restriction of processing
You are also entitled to object to certain processing or request that the processing of the personal data is restricted such as if you believe the personal data may not be correct, if you believe the processing is unlawful, or if you believe that Company no longer needs the personal data for the purposes stated in this Notice.
Right to data portability
You are also entitled to request that personal data about you that you yourself have provided, if such personal data are being processed with your consent or in accordance with a contract between you and Company, are provided to you in a structured, commonly-used and machine-readable format and you may also request that such personal data are transmitted to another controller, if this is technically feasible.
- What should you do, if you want to exercise your rights or if you have a complaint?
To exercise your rights, you can (i) contact the Company using the above contact details, or (ii) contact the Company’s representative notified to you as the Company’s contact person. Be aware that you may be contacted to verify your identity so that your personal data are not disclosed or discussed with another person than you.
If you have a complaint regarding the processing of your personal data by the Company, please, contact the Company at the above contact details and submit to it your complaint. You can also submit your complaint directly to the supervisory authority, which is:
Name: Úrad na ochranu osobných údajov Slovenskej republiky (Office for Personal Data Protection of the Slovak Republic)
Address: Hraničná 12, 820 07, Bratislava 27, Slovak Republic
Phone/Fax: +421 2 323 132 14
E-mail: statny.dozor@pdp.gov.sk
Webpage: https://dataprotection.gov.sk/uoou/
You have undisputable right to submit your complaint directly to the supervisory authority or to use other remedies available to you under the applicable (data protection) laws. However, the Company believes that any request or complaint you may have may be dealt with between you and the Company, and therefore the Company encourages you to first submit your request or complaint to the Company before approaching the authorities. The Company assures you that any request or complaint will be handled in line with the applicable data protection laws.
- DATA RECIPIENTS. THIRD PARTIES. TRANSFERS
- Who has access to your personal data?
The Company processes your personal data through its employees or through external service providers.
Every employee having access to your personal data has been duly trained and informed about the rules and principles of handing your personal data. These employees only get access to your personal data in accordance with the principle of minimization, meaning that they will only have access to personal data that is strictly necessary for the purpose of the processing to perform their work.
In cases where your personal data are processed by a service provider engaged by the Company, the Company and the service provider concluded a data processing agreement in accordance with the applicable data protection laws. Such service providers may include (without limitation) IT service provider(s). Every person processing your personal data must follow the instructions of the Company.
The Company may also transfer your personal data to third parties, who process them for their own purposes. Such third parties include (without limitation) (i) public authorities or bodies (e.g., tax authority) particularly in connection with fulfilment of the Company’s obligations or in order to respond to queries the public authorities or bodies may have, and (ii) other third parties who may be engaged by the Company to provide specific services to the Company in relation to the relationship with you, but who will not process personal data in the name of and on behalf of the Company.
- To what countries will your personal data be transferred?
Your personal data are primarily processed within the European Union, European Economic Area and Switzerland where adequate level of protection of your personal data is secured.
It may be the case that from time to time the Company may transfer your personal data or other data derived from your personal data (such as statistical data) to recipients located in countries which offer a lower level of protection than applicable in the European Union, European Economic Area or Switzerland. This may occur mainly due to use of standardized products or technological solutions of third party services providers (e.g. Microsoft Azzure).
In such cases, the Company ensures that the transfer is made in accordance with the rules laid down by the applicable data protection laws, particularly (but without limitation) based on the Model Contractual Clauses adopted by the European Commission. For further details, please, contact the Company.
- MISCELLANEOUS
5.1. To ensure that the Company complies with the applicable data protection laws or to reflect any changes in the processing operations, this Notice may be changed by the Company at any time. You will be informed of any such changes made via the commonly used means and forms.
5.2. The Company encourages you to report any non-compliance with this Notice to the Company. The Company will thoroughly investigate any such allegations and will take steps and actions necessary to ensure compliance with the applicable data protection laws.
5.3. Please notify the human resources department of the Company of any changes to the personal data relating to you to enable the Company to process personal data accurately and securely.
5.4. Please, if you are our business partner, be sure to notify any of your employees whose personal data will be provided to the Company about this Notice and all relevant aspects of processing of their personal data. If you fail to do that, please inform the Company immediately so that the Company may comply with the information obligation and notify the affected data subjects directly.