Mtcars Nitra, s.r.o., Petzwalova 5, 949 12 Nitra
Mtcars Nitra, s.r.o. (hereinafter referred to as the “Operator”) within the meaning of Regulation 2016/679 of the GDPR on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”) and Act no. 18/2018 Coll. on the protection of personal data and on the amendment of certain laws (hereinafter referred to as the “Act”) has security measures in place, which are regularly updated. They define the scope and method of security measures necessary to eliminate and minimize the threats and risks affecting the information system in order to ensure:
availability, integrity and reliability of state-of-the-art information technology management systems
protect personal data from loss, damage, theft, modification, destruction and maintain their confidentiality
identify potential problems and sources of disruption and prevent them.
Contact the authorized person: Martin Tóth – email@example.com
Your personal data will be stored securely, in accordance with the security policy of the operator and only for the time necessary to fulfill the purpose of processing. Access to your personal data will only be granted to persons authorized by the controller to process personal data, which process them on the instructions of the controller, in accordance with the security policy of the controller. Your personal data will be backed up, in accordance with the operator’s retention rules. Your personal data will be completely deleted from the backup storage as soon as possible in accordance with the backup rules. Personal data stored in back-up storage facilities serve to prevent security incidents, in particular data breaches due to a security incident.
Definitions of terms
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “the data subject”); an identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier, or by reference to one or more elements that are specific to physical, physiological, genetic, mental , the economic, cultural or social identity of that natural person
“Processing” means an operation or set of operations involving personal data or sets of personal data, such as the acquisition, recording, organization, structuring, storage, processing, processing or alteration, search, browsing, exploitation, transmission, dissemination or otherwise, regrouping or combining; restriction, erasure or destruction, whether carried out by automated or non-automated means
“Processing restriction” means the designation of retained personal data with a view to restricting their processing in the future;
“Profiling” means any form of automated processing of personal data which consists in using that personal data to evaluate certain personal aspects relating to a natural person, in particular analyzing or predicting aspects of the natural person concerned related to work performance, assets, health, personal preferences, interests , reliability, behavior, position or movement;
“Information system” means any structured set of personal data which is accessible according to specified criteria, whether centralized, decentralized or distributed on a functional or geographical basis;
“Controller” means a natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are laid down in Union law or in the law of a Member State, the controller or the specific criteria for its designation may be determined in Union law or in the law of a Member State;
“Intermediary” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
“Recipient” means a natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party. However, public authorities which may receive personal data in the context of a specific survey in accordance with Union or Member State law shall not be considered as recipients; the processing of that data by those public authorities is carried out in accordance with the applicable data protection rules, depending on the purposes of the processing;
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons directly entrusted with the processing of personal data by the controller or intermediary;
“Consent of the data subject” means any freely given, specific, informed and unambiguous expression of the will of the data subject by which he or she consents to the processing of personal data concerning him or her by means of a declaration or unequivocal confirmation;
“Personal data breach” means a breach of security which leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data which are transmitted, stored or otherwise processed;
“Supervisory authority” means an independent public authority established by a Member State pursuant to Article;
Legal basis for the processing of your personal data:
- Your personal data will be processed on the basis of special legal regulations and purposes, which are determined by the operator. These are listed individually in the Processing Purpose Information.
- The provision of personal data is a legal requirement for the purpose of fulfilling the obligations of the Operator as an employer under special legal regulations and therefore it will not be possible to fulfill the legal obligation without the provision of such personal data.
Provision of your data outside the European Union:
The transfer of personal data to a third country or international organization does not take place.
Use of your data used for automated individual decision-making:
Personal data will not be used for automated individual decision-making, including profiling.
Retention period of your personal data:
- Act no. Applies to the storage of personal data that we process about you. 395/2002 Z.z. on archives and registries in connection with the Operator’s Registration Plan.
For more detailed information on the purposes of processing your personal data, legal bases and retention period, please contact an authorized person.
We retain the personal data that we process about you on the basis of the granted “Consent” for the period for which you have given us your consent.
What are your rights?
- Revoke consent – in cases where we process your personal data on the basis of your consent, you have the right to revoke this consent at any time. You can revoke the consent electronically, at the address of the responsible person, in writing, by notification of revocation of the consent or in person at the office. Withdrawal of consent does not affect the lawfulness of the processing of personal data that we have processed about you on its basis.
- Right of access – you have the right to provide a copy of the personal data we have about you, as well as information about how we use your personal data. In most cases, your personal data will be provided to you in writing, unless you require another method of providing it. If you have requested this information by electronic means, it will be provided to you electronically, if technically possible.
- Right of rectification – we take reasonable steps to ensure the accuracy, completeness and timeliness of the information we have about you. If you believe that the information we hold is inaccurate, incomplete or out of date, please do not hesitate to ask us to modify, update or supplement this information
- Right of erasure (forgotten) – you have the right to ask us to erase your personal data, for example if the personal data we have obtained about you is no longer necessary to fulfill the original purpose of processing. However, your right must be assessed in the light of all the relevant circumstances. For example, we may have certain legal and regulatory obligations, which means that we will not be able to comply with your request.
- Right to restrict processing – in certain circumstances you are entitled to ask us to stop using your personal data. These are, for example, when you think the personal information we hold about you may be inaccurate or when you think we no longer need to use your personal information.
- Right of data transfer – in certain circumstances you have the right to request us to transfer the personal data you have provided to us to another third party of your choice. However, the right to portability only applies to personal data that we have obtained from you with your consent or under a contract to which you are a party.
- Right to object – you have the right to object to the processing of data which is based on our legitimate legitimate interests. If we do not have a compelling legitimate reason to process and you object, we will not process your personal data further.
- The right to file a personal data protection procedure – if you believe that your personal data has been processed unfairly or illegally, you can file a complaint with the supervisory body, which is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27; tel. number: +421 / 2/3231 3214; e-mail: firstname.lastname@example.org, https://dataprotection.gov.sk. In the case of submitting the proposal in electronic form, it is necessary that it meets the requirements of § 19 par. 1 of Act no. 71/1967 Coll. on Administrative Procedure (Administrative Procedure Code).