Directive for the Protection of Personal Data according to Article 24 of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”), in accordance with Section 32 of Act No. 18/2018 Coll. on the Protection of Personal Data (hereinafter referred to as the “Act“).
(hereinafter referred to as the “Directive“)
I.
Basic Provisions
The subject of this Directive is the regulation of the protection and handling of personal data in activities carried out by authorized individuals of the data controller, which is:
Business Name: AB-COM s.r.o.
Responsible Person: Ing. Juraj Masaryk
Email: jmasaryk@abcom.sk
(hereinafter referred to as the “Controller“).
An authorized person, for the purposes of this Directive, is understood as a director and/or employee of the Controller who, in the performance of their work, comes into contact with and handles the personal data of data subjects (hereinafter referred to as the “Authorized Person“).
II.
General Obligations
- Personal data must be adequately secured in all cases when dealt with in the organization.
- An authorized person may handle personal data only if it is necessary for the performance of their work or based on the individual authorization of the Controller.
- An authorized person is obliged to maintain confidentiality regarding the personal data with which they come into contact in the performance of their work or activities arising from their authorization.
- The obligation of confidentiality continues after the termination of the employment relationship with the authorized person.
- An authorized person may handle only personal data that is necessary for the performance of their work or activities arising from the authorization.
- An authorized person may perform only those operations with personal data that are necessary for the performance of their work or activities arising from the authorization.
- An authorized person must not obtain information regarding personal data beyond the scope of their work or authorization.
- An authorized person is obliged to ensure that, in the performance of their work or activities arising from the authorization, there is no leakage of processed personal data or a breach of the security of processing operations.
III.
Personal Data
- The personal data of the controller is stored and backed up in the database of the website.
- Authorized personnel can access the database exclusively through FTP hosting access and secure login with a username and password.
- Each authorized person has their username and password required to access the website administration, and the database is accessible only to individuals who voluntarily provided their data and solely for use within the scope of the employee’s job.
- Written consent is granted by the Controller upon request, only to the extent necessary to fulfill the purpose of the authorized person.
- The authorized person then submits written consent to the head of the IT department, who provides personal data only to the extent of the consent granted by the Controller.
- The authorized person must not disclose acquired personal data to third parties or individuals.
- The authorized person must not provide their access to administration to any other individuals.
IV.
Protection of Personal Data
- All work computers of authorized persons must have password-protected access, and users must be logged out after completing work.
- Personal data must not be located in publicly accessible places and must be protected in lockable areas inaccessible to third parties.
- Security Breach
- In the event of a security breach of personal data, the authorized person is immediately obligated to inform all parties involved.
- The authorized person is obliged to suspend their activities and must not perform any actions that could increase the risk of personal data security.
- The authorized person is obliged to inform about the type and leak of personal information.
- The authorized person shall submit a record to the managing director of the company.
V.
Processing of Submissions by Data Subjects
- Requests and objections from data subjects are processed by the person responsible for it based on the nature of their job or authorization (hereinafter referred to as the “designated person”).
- After receiving a request, objection, or complaint from a data subject (hereinafter referred to as “submission”), the designated person informs the data subject of its receipt and the subsequent procedure.
- The designated person is obligated to assess the submission of the data subject no later than 30 days from the date of its delivery.
- If the evaluation of the submission requires more time, the designated person is obliged to contact the Controller and inform the data subjects appropriately.
- After evaluating the submission, the designated person is obligated to inform the data subjects within the specified period.
Controller’s Information Obligation
according to Article 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”), in accordance with Section 19 of Act No. 18/2018 Coll. on the Protection of Personal Data (hereinafter referred to as the “Act”).
Controller
Business Name: AB-COM s.r.o.
Responsible Person: Ing. Juraj Masaryk
Email: jmasaryk@abcom.sk
(hereinafter referred to as the “Controller“)
The Controller primarily engages in digital marketing and PPC promotions at https://homatics.sk/.
Personal data is processed for advertising and marketing purposes and also for the purpose of contract fulfillment, content realization, and product delivery.
The processing of personal data for record-keeping purposes (employee attendance, database of clients/business partners) is for the continuous improvement of the quality of services provided (complaints, feedback), archival reasons, and analytical purposes, in compliance with applicable legislative provisions.
The processing period for personal data for individual purposes is determined as follows:
- 10 years for processing personal data for marketing purposes
- 5 years from the date of contract closure
- Within the time frame necessary to achieve the processing purpose for the reasons specified in the relevant legislative provisions
- Processing of personal data according to section III letter b) is a legal requirement. Without consent, it is not possible to process personal data of participants.
- Processing of personal data according to section III letter c) is necessary for the conclusion of a contract. If the data subject does not provide their personal data, it is not possible to conclude a valid contract.
- The data subject has the right to access their data. Upon the data subject’s request, the Controller issues a confirmation of whether personal data concerning the data subject is being processed. If the Controller processes this data, a copy of this personal data concerning the data subject will be provided based on the request.
- The issuance of the first copy according to section VIII is free of charge. For any additional copies requested by the person, the Controller will charge a fee corresponding to administrative costs incurred with issuing the copy. If the person requests information electronically, it will be provided in a commonly used electronic format, such as email, unless another method is requested.
- The data subject has the right to rectify personal data if the Controller records incorrect personal data about them. At the same time, the data subject has the right to supplement incomplete personal data. The Controller will rectify or supplement personal data without undue delay after the data subject requests it.
- The data subject has the right to erasure of personal data concerning them if:
- personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- the data subject withdraws the consent on which the processing is based;
- the data subject objects to the processing pursuant to section XVIII;
- personal data have been processed unlawfully;
- erasure is required to fulfill a legal obligation under the law, a special regulation, or an international treaty to which the Slovak Republic is bound, or
- personal data were obtained in connection with the offer of information society services to a person under 16 years of age.
- The data subject will not have the right to erasure of personal data if their processing is necessary:
- for the exercise of the right to freedom of expression and information;
- to fulfill an obligation under the law, a special regulation, or
an international treaty to which the Slovak Republic is bound, or to fulfill a task carried out in the public interest or in the exercise of public authority entrusted to the Controller,
- for reasons of public interest in the field of public health,
- for archival purposes in the public interest, for scientific or
historical research purposes, or for statistical purposes, where erasure is likely to render impossible or seriously impair the achievement of the objectives of such processing, or
- for the establishment, exercise, or defense of legal claims.
XIII. The Controller will delete the personal data of data subjects based on a request as soon as it evaluates that the request of the data subject is reasonable.
XIV. The data subject has the right to restriction of processing of personal data if:
- the accuracy of personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of personal data;
- the processing is unlawful, and the data subject requests restriction of their use instead of erasure of personal data;
- the Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise, or defense of legal claims;
- the data subject has objected to processing of personal data based on the Controller’s legitimate interest, pending verification of whether the legitimate grounds of the Controller override those of the data subject.
- If the data subject requests a restriction of the processing of their personal data, the Controller will not carry out any processing operations with the data subject’s data, except for storage, without the consent of the data subject.
XVI. The data subject will be informed by the Controller when the restriction of processing of this data is lifted.
Internal Directive on the Protection of Personal Data
XVII. The data subject has the right to data portability, meaning the acquisition of personal data provided to the Controller, with the right to transfer this data to another Controller in a commonly used and machine-readable format, provided that the personal data were obtained based on the consent of the data subject or on a contract, and their processing is carried out by automated means.
XVIII. The data subject has the right to object at any time to the processing of their personal data for reasons related to their particular situation. The data subject may object to the processing of their personal data based on:
- the legal basis for the performance of tasks carried out in the public interest or in the exercise of public authority, or based on the legitimate interest of the Controller,
- the processing of personal data for direct marketing purposes,
- processing for scientific or historical research purposes, or for Statistical purposes.
XIX. If a data subject objects to the processing of personal data for direct marketing purposes under point XVIII letter b), the Controller cannot further process their personal data.
- The Controller will assess the received objection in a reasonable time. The Controller must not continue processing personal data unless it demonstrates necessary legitimate interests for processing personal data that outweigh the rights or interests of the data subject, or grounds for asserting a legal claim.
XXI. The data subject has the right to withdraw their consent to the processing of personal data at any time if the processing of personal data was based on this legal basis.
XXII. The data subject revokes their consent by contacting the responsible person with their request in any chosen way.
XXIII. The legality of processing personal data based on the granted consent is not affected by its revocation.
XXIV. The data subject has the right to file a complaint with the Office for Personal Data Protection of the Slovak Republic if they believe that their rights in the field of personal data protection have been violated.
The Controller declares that, in addition to the relevant legislative provisions, it adheres to good manners within the company’s culture and perceives the need for proper protection of personal data as one of the many pillars of functioning in its business area.
INFORMATION ABOUT THE USE OF COOKIES
In accordance with § 55 para. 5 of the Act of the National Council of the Slovak Republic No. 351/2011 Coll. on electronic communications as amended, we would like to inform you about the use of cookies and draw your attention to the possibility of changing the settings of your internet browser in case the current cookie usage setting does not suit you.
What are cookies?
Cookies are small text files that can be sent to your internet browser when you visit websites and stored on your device (computer or other device with internet access, such as a smartphone or tablet). Cookies are stored in the folder for files of your internet browser. Cookies usually contain the name of the website from which they originate and the date of their creation. When you revisit the website, the web browser reloads the cookies, and this information is sent back to the website that originally created the cookies. The cookies we use do not harm your computer.
Why do we use cookies?
We use cookies to optimally create and continually improve our services, tailor them to your interests and needs, and improve their structure and content. We distinguish between short-term, so-called “session cookies,” which are temporary and remain stored in the browser only until it is closed, and long-term, so-called “persistent cookies,” which remain stored on the device longer or until you manually delete them (the duration of leaving the cookie on your device depends on the setting of the cookie itself and the settings of your browser).
NECESSARY COOKIES ENABLE:
– remembering the content of your shopping list,
– remembering the location you reached in a specific sequence.
FUNCTIONAL COOKIES ENABLE:
– remembering your login details,
– ensuring security after logging in,
– ensuring the uniform operation of the entire website,
– support for “live chat.”
PERFORMANCE COOKIES ENABLE:
– support for the performance of the site by reducing the loading time of the pages you visit,
– increasing user satisfaction.
ANALYTICAL COOKIES ENABLE:
– primarily the Google Analytics tracking tool, for monitoring visits and optimizing content for users in connection with improving user interaction,
– increasing user satisfaction.
MARKETING COOKIES ENABLE:
– marketing and remarketing activities, i.e., Google remarketing tool, Google Tag Manager, and Facebook remarketing tools, for displaying relevant ads to users,
– increasing user satisfaction with displayed ads.
Using cookies
By using websites operated by Concinnity s.r.o., you express your consent to the use of cookies in accordance with the settings of your internet browser. If you visit our websites, have enabled the acceptance of cookies in your browser, do not change the settings of your internet browser, and continue to visit our websites, we consider it as acceptance of our conditions for using cookies.
How can you change cookie settings?
Instructions for changing or deleting cookies can be found in the “help” option of each browser. If you use different devices to access the site (e.g., computer, smartphone, tablet), we recommend adjusting the cookie preferences for each browser on each device.
YOU CAN FIND MORE INFORMATION ABOUT CHANGING YOUR BROWSER SETTINGS ON THESE PAGES:
Chrome
Safari
Mozilla Firefox
Internet Explorer
Edge
Why keep cookie settings?
The use of cookies and their permission in a web browser is your decision. However, in case of changing their settings, some of our websites may have limited functionality and reduced user comfort.
What cookies do we use on our website?
Cookie name | Marking | Duration | Character | Description |
cookielawinfo-checkbox-necessary | Necessary | 11 months | necessary | This cookie is set by the GDPR Cookie Consent plugin. Cookies are used to store the user’s consent to the storage of cookies in the “Necessary” category. |
cookielawinfo-checkbox-functional | functional | 11 months | necessary | The cookie is set based on GDPR cookie consent to record the user’s consent for cookies in the “Functional” category. |
cookielawinfo-checkbox-performance | Performance | 11 months | necessary | This cookie is set by the GDPR Cookie Consent plugin. The cookie is used to store the user’s consent for cookies in the “Performance” category. |
cookielawinfo-checkbox-analytics | Analytical | 11 months | necessary | This cookie is set by the GDPR Cookie Consent plugin. The cookie is used to store the user’s consent for cookies in the “Analytical” category. |
viewed_cookie_policy | Necessary | 11 months | necessary | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not the user has agreed to the use of cookies. It does not store any personal data. |
Title | Duration | Purpose |
---|---|---|
_ga | 2 years | Google Analytics – This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. |
_gid | 24 hours | Google Analytics – This cookie is used to distinguish users. |
_gat | 1 minute | Google Analytics – This cookie does not store any information about the user, it is only used to limit the number of requests that need to be made on the doubleclick.net service. |
_ don’t win | 2 years | Google Analytics – Keeps the number of visits for each unique visitor. First visit, last and penultimate. It is used, for example, to distinguish between new and returning visitors. |
cookieconsent_status | 1 year | Consent to the use of cookies |
If you want to anonymize your data sent to Google Analytics, you can use the Google Analytics Opt-Out option.