ADMINISTRATOR'S STATEMENT ON THE PROCESSING OF PERSONAL DATA

according to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in the processing of personal data and on the free movement of such data, which repeals Directive 95/46/EC (General Data Protection Regulation) in connection with processing personal data and instructing data subjects (hereinafter referred to as "GDPR")

  1. Personal data administrator

Personal data administrator

GAS Familia, s.r.o. Stará Ľubovňa

with registered office at Prešovská 8, 064 01 Stará Ľubovňa, ID number: 31 691 552,

registered in the Commercial Register of the District Court of Košice I, section Sro, insert number 1766/P email contact: noreply@gasfamilia.com (hereinafter referred to as "Administrator"):

hereby in accordance with Art. 12 and The GDPR informs data subjects about the processing of their personal data and about their rights.

  1. Scope of personal data processing

Osobné údaje sú spracované v rozsahu, v akom je príslušný subjekt údajov správcovi poskytnutý v súvislosti s uzavretím zmluvného alebo iného právneho vzťahu s správcom alebo správcom získal oprávnene od tretej osoby alebo oprávnene zhromaždil inak a spracuje ich v súlade s platnými právnymi predpismi alebo k plnením zákonných povinností správcu.

III. Sources of personal data

  • directly from data subjects (in particular, in the context of the conclusion of the respective contracts, on the basis of orders, registrations and purchases via e-shop, e-mail, telephone, chat, via the website, the contact form on the web, via social networks, by selling a business card, on the basis of consent obtained, obtaining audio or video recordings obtained via the technical equipment of the controller, etc.) - by a third party (in particular, by the contracting parties in the context of the performance of a specific contractual relationship) - from publicly available records,
  • other registers in the relevant labour regulations.
  1. Categories of personal data subject to processing by the controller

The controller processes (itself or through a processor) the following categories of personal data:

name and registered office

  • business company (for natural persons) - address, delivery address, - date of birth - birth number - e-mail address - telephone number - private, services - telephone - fax number - ID number - ID card number - passport number - VAT number - VAT ID number - bank connection - website - data box ID - password, login
  • photographs - video recording - audio (telephone) recording - IP address - location data (GPS, CCS) - insurance card number - contract number under which the subject is registered with the controller - staff number, employee number - education - income from employment (salary, pension income - personal data of children or spouses or partner - cookies - signature.
  1. Category of data subjects

The data subject is the natural person to whom the personal data relates, namely - an employee of the administrator (based on an employment contract, a performance agreement, agreements on work activities) - a job applicant at the administrator - an employee of the administrator's agency, - a contractual partner of the administrator (a natural person - entrepreneur, non-entrepreneur) - client - customer - buyer - - customer - customer - supplier - carrier, transporter - contractor - customer - lessee - lessor - lessor - lessee - beneficiary - obligor - creditor - debtor - user - future contracting state (on the basis of the conclusion of a future contract or measures taken before the conclusion of the contract at the request of the data subject) ,

  • an entity in a pre-contractual relationship with the administrator (ordering party prior to acceptance of the order, applicant, etc.)
  • party to the proceedings - ancillary party to the proceedings - person concerned, interested party - applicant - interviewer - payer - recipient - entitled - obliged - injured.
  1. Categories of processors and recipients of personal data
  • an external entity that provides services to the trustee, in particular: ¬ services in the field of occupational health and safety, fire protection ¬ carriers, hauliers

¬ sales representatives

¬ suppliers carrying out so-called direct deliveries of goods to the administrator's customers for the administrator ¬ accounting services, services of tax advisors and auditors

¬ IT services, cloud storage

¬ advertising and marketing services

¬ services in the field of training, education

¬ services consisting in the provision of subsidies and subsidies

  • Next:

¬ state administration bodies

¬ local authorities

¬ banking institutions

¬ insurance companies

VII. Purpose and grounds for processing personal data

The processing of personal data takes place at the controller:

  • on the basis of the data subject's consent
  • in the performance of a contract with a data subject
  • in the implementation of pre-contractual measures taken at the request of the data subject - for the fulfilment of legal obligations applicable to the controller
  • for reasons of legitimate interest of the controller or of a third party (including archiving on the basis of legitimate interest of the controller)
  • for reasons of protecting the vital interests of the data subject or other natural persons

VIII. Method of processing and protection of personal data

The processing of personal data is carried out by the controller. The processing is carried out at the premises, branches and headquarters of the controller by individual authorised employees of the controller or by the processor. The processing is carried out by means of computer technology or, where appropriate, manually in the form of personal data in paper form, in compliance with all the security principles for the management and processing of personal data. In these circumstances, unauthorised or improper access to, alteration, destruction or loss of, unauthorised transmission of, unauthorised processing of and other misuse of personal data shall not be prevented. Public entities to which personal data may be disclosed shall be properly vetted, contractually assured of their respect for the data subjects' data protection and privacy rights, and shall be required to comply with applicable data protection laws.

  1. Period of processing of personal data

In accordance with the time limits set out in the relevant contracts, in the controller's internal rules or in the relevant legislation, in all cases of processing of personal data, this is the period strictly necessary to ensure the rights and obligations arising both from the contracts of legitimate interests and from the relevant legislation.

  1. Lessons learned

The controller shall process the data with the data subject's consent, except in the cases provided for by law where the processing of personal data does not require the data subject's consent. In accordance with Article 4(6)(1) of the GDPR, the controller may process the data without the data subject's consent:

the data subject has given consent to one or more specific purposes, the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of measures taken prior to the conclusion of the contract at the request of the data subject , the processing is necessary for the purposes of safeguarding the legitimate interests of the controller concerned or of a third party, except where the interests or fundamental rights and freedoms of the data subject or of another natural person which require the protection of personal data override those interests.

  1. Rights of data subjects

In accordance with Article 12 of the GDPR, the controller informs the data subject of the right of access to personal data and to the following information:

  • the purpose of the processing,
  • the category of personal data concerned,
  • the recipient or categories of recipients whose personal data have been or will be disclosed,
  • the intended period for which the personal data will be stored,
  • all available information on the sources of personal data,
  • if no data is collected from the subject, whether automated decision-making, including profiling, takes place.

Any controller or processor carrying out processing of personal data which is contrary to the protection of the private and personal life of the data subject or contrary to the law, in particular where the personal data are inaccurate in relation to the purpose of their processing, may:

  • ask the administrator for an explanation.
  • request that the administrator remedy the situation. In particular, this may involve blocking, correcting, supplementing or deleting personal data.

If the data subject's request is legitimately detected, the controller shall rectify the defective condition without delay. If the controller does not comply with the data subject's request, the data subject shall have the right to apply directly to the supervisory authority, which is the Data Protection Authority. The data subject shall have the right to address his or her complaint directly to the supervisory authority without prior action. The controller shall have the right to request reasonable compensation for the provision of the information, which shall not exceed the costs necessary to provide the information.

XII. Final Provisions

If you have any questions concerning the processing of personal data of data subjects, you may contact the controller in writing or electronically using the following contact details: GAS Familia, s.r.o. Stará Ľubovňa, with registered office at Prešovská 8, 064 01 Stará Ľubovňa, ID No.: 31 691 552

e mail contact: noreply@gasfamilia.com (hereinafter referred to as the "Administrator"):

The declaration is publicly available on the Administrator's website www.gas-familia.sk This declaration was last updated on 23.5.2018

Start typing to see products you are looking for.