Personal data protection

 

 

 

 

    1. IDENTIFICATION OF THE CONTROLLER AND GENERAL INFORMATION

 

This privacy policy (hereinafter as “Policy“) contains information about processing of your personal data by the company Archiles, s. r. o., with its registered office at Černyševského 10, Bratislava mestská časť Petržalka 851 01, Identification No. (IČO): 46 864 369, registered with the Commercial Register of the District Court Bratislava I, Section: Sro, insert No. 98676/B (hereinafter as “Controller” or as “we” in a respective grammatic form), which occurs:

 

(i)                  during activities on the Controller’s website www.archiles.sk (hereinafter as “website“),  

(ii)                 via the Controller’s profile on the social networks Facebook, LinkedIn, Twitter, YouTube and

(iii)                by other means in the provision of the Controller’s services (in the performance of the Controller’s business activity as such),

 

whereas in the above cases, the personal data of the Controller’s customers, business partners and their contact persons (representatives)  if the business partners are legal entities and of visitors to the website of the Controller are processed

 

Through this Policy, the Controller provides you with information on why your personal data are processed, how they are processed, how long the Controller keeps them and what your rights in connection with the processing of your personal data are and other relevant information about the processing of your personal data. Through this Policy, the Controller fulfils the information obligation towards all data subjects both in case the Controller obtained personal data directly from you as the data subject, as well as in case that the Controller obtained your personal data from another source.

 

The Controller processes your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter as “Regulation“), relevant Slovak legal regulations, in particular Act No. 18/2018 Coll. on Personal Data Protection and amending and supplementing certain acts (hereinafter as “Act“) and other legislation in relation to personal data protection (the Regulation, the Act and other legislation in relation to personal data protection together hereinafter as “Personal data protection legislation“).

 

In matters related to personal data processing and protection, you can contact the Controller and data protection officer, if determined, personally or in writing at the address Archiles, s. r. o., Černyševského 10, Bratislava 851 01, or via e-mail to the e-mail address gdpr@archiles.sk

 

  1. CATEGORIES OF PERSONAL DATA PROCESSED, PURPOSES, LEGAL BASES FOR PROCESSING AND RETENTION PERIOD OF YOUR PERSONAL DATA

 

The Controller processes your personal data in accordance with the principle of minimization so that it can fulfil concluded contracts, legal obligations, process personal data for which it has a legitimate interest or to process your personal data for which you have given its consent. The Controller always requires from you only those personal data, the processing of which is necessary for the specific purpose of processing.

 

The Controller processes your personal data solely for the justified purposes, during limited period and by using the maximum possible level of security measures. The Controller processes the personal data only when relevant legal basis for the processing exists (in accordance with the principle of legality). The Controller always stores the personal data solely for the period during which it is necessary to store the personal data, which is either determined by the Controller in accordance with the principle of minimization or arises from the provisions of the relevant legal regulations). After such period elapses, the Controller erases the personal data, if not otherwise regulated by the respective legal regulations (e.g. in the area of archiving).

 

The Controller processes your personal data only if it is:

 

Necessary for the performance of the contract concluded with the Controller or for the implementation of measures before its conclusion (so-called pre-contractual relationships) (the legal basis is Article 6 (1) (b) of the Regulation). When fulfilling the contract, your personal data may be processed for the following purposes:  

 

     Fulfilment of contractual obligations (based on contracts with customers, suppliers of goods and services, other business partners as natural persons) and the implementation of pre-contractual relations. For this purpose, we process your personal data to the following extent: business name, place of business, Identification number (IČO) – in case of a natural person – entrepreneur; business name, registered office, Identification number (IČO), statutory body – in case of a legal person; tax number, VAT number, contact details (phone number, e-mail), bank details. Your personal data will be processed for this purpose during the contractual relationship until the end of the legal limitation periods for the exercise of rights and other claims arising from the contracts, at the latest until the full settlement of legal and other claims arising from the contractual relationship.

 

Necessary for the fulfilment of legal obligations of the Controller (the legal basis is Article 6 (1) (c) of the Regulation). When fulfilling legal obligations, your personal data may be processed for the following purposes:

 

     Processing of accounting documents. For this purpose, we process your personal data to the following extent: business name, place of business, Identification number (IČO) – in case of a natural person – entrepreneur; business name, registered office, Identification number (IČO), statutory body – in case of a legal person; tax number, VAT number, contact details (phone number, e-mail), bank details, data on completed purchases and other data stated on accounting documents. Your personal data will be processed for this purpose for a period of 10 years following the year to which they relate;

 

     Dealing with complaints and keeping records of filed complaints (dealing with claims arising from defects). For this purpose, we process your personal data to the extent of common personal data. Your personal data will be processed for this purpose within 4 years from the date of handling the complaint, if the complaint is made by a legal entity or a natural person – entrepreneur;

 

     Dealing with the exercised rights and requests of the data subjects under the Regulation (e.g. request for access, withdrawal of consent, etc.). For this purpose, we process your personal data to the following extent: common personal data specified in the request. For this purpose, your personal data will be processed until handling the rights exercised within the time periods set by the Regulation;

 

Necessary for the purposes of the legitimate interests of our company as the Controller (the legal basis is Article 6 (1) (f) of the Regulation). Based on this legal basis, your personal data are processed for the following purposes:

 

     Keeping records of suppliers, customers, representatives (contact persons) of suppliers, customers and other business partners in the position of legal entities, natural persons – entrepreneurs, business communication with representatives of business partners and fulfilment of other contractual obligations in cases of contracts concluded with legal entities. The legitimate interest of the Controller consists of the necessity of keeping records of representatives and contact persons of business partners in the position of legal entities for accounting purposes, ensuring internal control activities, fulfilment of contractual obligations towards legal entities and for enforcement of legal and other claims arising from concluded contracts. For this purpose, we process your personal data during the contractual relationship with the legal entity and after its termination until the expiration of the respective limitation periods (for the purpose of enforcing legal claims arising from concluded contracts) or until the termination of the status of a natural person as a representative or contact person of the partner – legal entity, if further processing of personal data after the termination of this status is not necessary for the intended purpose; 

 

     Keeping records of the exercised rights of the data subjects. The legitimate interest of the Controller consists of keeping records of the exercised rights of the data subjects in order to prove the fulfilment of obligations arising from legal regulations. For this purpose, we process your personal data for a period of 5 years from the date of handling the request and we process the personal data contained in your request;

 

     Responding to messages and handling inquiries / requests form messages delivered via the contact form, e-mail communication profiles on social networks. The legitimate interest of the Controller consists of providing answers to received messages and inquiries for the proper business communication and provision of information on the Controller’s activities. For this purpose, we process your personal data during 60 days from the date of delivery of the request or until the handling the request (fulfilment of the purpose), whichever occurs first.

 

        Concluding and fulfilling user contracts with legal entities and natural persons – entrepreneurs (registration on the portal, keeping profiles on the portal and providing other services on the basis of a concluded contract in accordance with the respective business conditions – publishing a profile, creating an offer, etc.). The legitimate interest of the Controller consists of the interest in the proper provision of portal services to users – legal entities, natural persons – entrepreneurs, through the implementation of appropriate communication and keeping records of the representatives of registered users – legal entities, natural persons – entrepreneurs. We process your personal data during the existence of the contractual relationship and after the termination of the contractual relationship until the end of the statutory limitation periods for the exercise of rights and other claims arising from the contract, at the latest until the full settlement of legal and other claims arising from the contractual relationship. 

Processing carried out with the explicit consent of the data subject (the legal basis is Article 6 (1) (a) of the Regulation). Based on your consent (if you grant it to us), we process your personal data for the following purposes:

 

     Website traffic and activity measurement and targeting the Controller’s online advertising (via an online tool – cookies). For this purpose, we process your personal data to the following extent: IP address, data on activity on the Controller’s website and data on preferences in the online environment, identification data of the used browser, device, network and subnetwork or data on the operating system of the device used. Your personal data will be processed for this purpose for a maximum 2 years from the date of granting the consent or until its withdrawal, whichever occurs first. All detailed information on the use of cookies can be found in the respective section of the website regarding cookies.

 

       Publishing client references regarding satisfaction with the Controller’s services on its website as part of presentation activities.  For this purpose,, we process your personal data to the following extent: name, surname, job position and other personal data listed in the reference. Your personal data will be processed for this purpose for a maximum of 3 years from the date of granting the consent or until its withdrawal, whichever occurs first.

 

     Direct marketing – sending a newsletter. For this purpose, we process your personal data to the following extent: name, surname, e-mail address. Your personal data will be processed for this purpose for a maximum 3 years from the date of granting the consent or until its withdrawal, whichever occurs first.

 

  1. SOURCE OF THE PERSONAL DATA

 

The Controller obtains your personal data directly from you as a data subject in case you provide the Controller with them yourself (when you send a message to the e-mail address stated on the website, when visiting the Controller’s website or when concluding the contractual relationship with the Controller). In certain cases, especially if the service is ordered from the Controller by a company or other entity of which you are a representative or a contact person, the source of your personal data is such entity.

 

If you did not provide your personal data to the Controller, the Controller would not be able to provide services or deliver goods to you, enter into a contract with you and fulfil its other legal and contractual obligations. 

 

  1. TO WHOM DOES THE CONTROLLER PROVIDE YOUR PERSONAL DATA?

 

In certain cases, the Controller is obliged to provide your personal data to public authorities that are authorized to process your personal data in accordance with the respective legal regulations as third parties designated by the respective legal regulations, e.g. courts, law enforcement authorities or competent supervisory authorities.

 

The Controller provides your personal data also to its processors, i.e. external subjects which process your personal data on behalf of the Controller. Processors process personal data based on the agreement concluded with the Controller, in which they committed to adopt adequate technical or security measures in order to secure the processing of your personal data. The Controller uses the following processors:

 

 

Other recipients of your personal data include the company Google Ireland Limited, which provides analytics and marketing services through cookies which the website stores on your device if you give the Controller consent to the storage of such files.

 

The recipients of your personal data also include the operators of social networks Facebook (the company Meta Platforms Ireland), Twitter (the company Twitter, Inc.), LinkedIn (the company LinkedIn Ireland Unlimited Company) if you contact the Controller via a message on the social networks, share the website or its content on social networks or if you give the Controller consent to publishing your photograph on the website and/or social network  as part of presentation activities. The said company acts in the processing of personal data in the position of a joint controller with the Controller and in such case, the processing of personal data is governed by the agreement of the joint controllers in accordance with Article 26 of the Regulation, according to which the Controller is the contact point.

 

  1. TRANSFER TO THIRD COUNTRIES AND INTERNATIONAL ORGANISATIONS AND PROFILING 

 

In certain cases, your personal data may be transferred to third countries, to the USA:

 

 

The transfer of your personal data is secured by appropriate means of ensuring the transfer of personal data to third countries in accordance with the Personal data protection legislation, in particular through the use of standard contractual clauses, which are part of the terms of use of the above services.

 

The Controller does not process your personal data by profiling or any form of automated individual decision-making, by which evaluation of your personal aspects would take place.

 

  1. WHAT ARE YOUR RIGHTS IN CONNECTION WITH PERSONAL DATA PROCESSING?

 

In connection with the processing of your personal data, you have the following rights as a data subject:

 

RIGHT OF ACCESS – As a data subject, you have the right to obtain a confirmation on whether the Controller processes your personal data and if so, you have the right to obtain access to such personal data and information pursuant to Article 15 of the Regulation. The Controller will provide you with a copy of the personal data being processed. If you file the request via electronic means, the Controller will provide you with the information by commonly used electronic means, unless otherwise requested by you.

 

RIGHT TO RECTIFICATION – The Controller has taken adequate measures to ensure that your personal data are accurate, complete and up-to-date. As a data subject, you have the right that the Controller corrects your incorrect personal data or completes your incomplete personal data without undue delay.

 

RIGHT TO RESTRICTION OF PROCESSING – You have also the right that the Controller limits the processing of your personal data, for example if you object the accuracy of the personal data or if the processing is illegal and you request restriction of the processing or if the Controller no longer needs your personal data for the purpose of processing, but you need them to prove, assert or defend legal claims. The Controller will restrict the processing of your personal data if you request so.

 

RIGHT TO DATA PORTABILITY Under certain circumstances, you have the right to transmit the personal data to another controller which you determine. However, the right to portability applies only to personal data which the Controller processes on the basis of the consent you have given to the Controller, on the basis of the contract to which you are one of the contractual parties or in case the Controller processes the personal data by automated means.

 

RIGHT TO ERASURE (RIGHT “TO BE FORGOTTEN”)You have also the right that the Controller deletes your personal data without undue delay if certain conditions are met, for example if the personal data are no longer necessary for the purposes for which the Controller obtained or processed them. However, this right needs to be assessed individually, as there may be a situation when the Controller is prevented from the erasure of the personal data by other circumstances (for example, by legal obligation of the Controller). This means that in such a case, the Controller will not be able to comply with your request to delete the personal data.

 

RIGHT TO LODGE A COMPLAINT OR REQUESTIf you believe that your personal data are being processed in breach of applicable legal regulations, you can lodge a complaint with the supervisory authority which is Office for Personal Data Protection of the Slovak Republic, which its office at Hraničná 12, 820 07 Bratislava 27; website: dataprotection.gov.sk, telephone number 02 3231 3214, e-mail: statny.dozor@pdp.gov.sk.

 

RIGHT TO OBJECTYou have the right to object to processing of your personal data, for example if the Controller processes your personal data based on the legitimate interest or to processing in which profiling occurs. If you object to such personal data processing, the Controller will not further process your personal data unless it demonstrates necessary legitimate grounds for the further processing of your personal data.

 

RIGHT TO WITHDRAW CONSENTIf the Controller processes your personal data on the basis of your consent, you have the right to withdraw the consent at any time in the same way as you granted it. Withdrawal of the consent does not affect the lawfulness of the processing carried out before the withdrawal of the consent. After withdrawal of the consent, the Controller will stop processing your personal data.

 

You can exercise your rights stated above at the contact addresses of the Controller stated at the beginning of this document. Response to a request regarding exercise of your rights will be provided to you free-of-charge. In case of repeated, unreasonable or disproportionate request to exercise your rights, the Controller is entitled to charge a reasonable fee for providing the information. The Controller will provide you with a response to the request regarding exercise of your rights within 1 month from the day of exercise of your rights. In certain cases, the Controller is entitled to prolong such period, in case of high number and complexity of the requests submitted by the data subject, maximum by 2 months. The Controller will always inform you in advance about prolongation of the period.

 

  1. SOCIAL MEDIA AND LINKS TO OTHER WEBSITES

 

As part of marketing and advertising support, you will find links to various social networks on the Controller’s website, such as Facebook, Linkedin, Twitter a Youtube. The Controller would like to warn you that after clicking on the add-on on the website and going to the social network, the rules of personal data protection of the social network operator will apply, except when contacting the Controller via a message on the social network, participating in a competition for the public organized by the Controller on the social network or giving the Controller consent to publishing your photo on the social network (in which case the processing of your personal data is also governed by this Policy and your personal data processed by the Controller in accordance with the information above).

 

You can find more information about the processing of your personal data by social network operators at the following links:

 

(i)                   Facebook: https://sk-sk.facebook.com/policy.php.

 

(ii)                  LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy,

 

(iii)                YouTube: https://policies.google.com/privacy?hl=sk, a

 

(iv)                 Twitter: https://twitter.com/en/privacy.

 

  1. VALIDITY

 

This Policy is valid and effective as of 17 June 2021. Due to the fact that it may be required to update the information on the processing of personal data contained in this Policy in the future, the Controller is entitled to update this Policy at any time. However, in such a case, the Controller will notify you in an appropriate manner in advance.