Global
Head Quarters Site
Armenia
Azerbaijan
Bulgaria
Czech Republic
Denmark
Germany
Greece
Greece Athens
Greece HC
Hungary
Italy
Italy CS
Italy GM
Italy Rome
Moldova
Netherlands
Poland
Romania
Russia
Serbia
Slovakia
Spain
Ukraine
Georgia
India
Indonesia
Iraq
Iraq CCP
Jordan
Kazakhstan
Pakistan
Philippines
Singapore
Sri Lanka
Mexico
Peru Lima
Peru OCS
Egypt
Morocco
South Africa
Australia
Personal data protection
The following information concerns the processing of personal data of data subjects pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “Regulation”), which is carried out by QSCert, spol. s. r. o., E. P. Voljanského 1, 960 01 Zvolen, Company ID: 36 040 631, email contact: qscert@qscert.sk, telephone contact: +421 45 00 718 (hereinafter referred to as the “Controller”). The Controller has determined the purpose and means of the processing of personal data and has transparently determined its respective responsibilities for fulfilling the obligations under the Regulation, in particular with regard to the exercise of the rights of the data subject and its obligations to provide the information referred to in Articles 13 and 14 of the Regulation. The aim of this information is to provide data subjects with information about what personal data the Controller processes, how it handles them, for what purposes it uses them, to whom it may provide them, where data subjects can obtain information about personal data and how to exercise their rights in relation to the processing of personal data.
Article 1
Accounting documents
1. Purpose of processing personal data and legal basis for processing
The purpose of processing personal data is to process accounting documents of data subjects when establishing and fulfilling pre-contractual and contractual relationships.
Personal data are processed on the basis of Art. 6 para. 1 letter b) of the Regulation, the Civil Code, the Commercial Code, the Value Added Tax Act 222/2004 Coll. as amended (Section 74), Act No. 431/2002 Coll. on Accounting as amended.
Personal data are not processed for the purpose of the legitimate interests of the controller or a third party.
2. Identification of the processed personal data of data subjects
The data subjects whose personal data are processed are: clients/contractual partners of the controller.
Scope of processed personal data: name and surname of the taxable person or name of the taxable person, address of his registered office, place of business, establishment, residence or address of the place where he usually resides, and his tax identification number under which he supplied the goods or service, or name and surname of the recipient of the goods or service or name of the recipient of the goods or service, address of his registered office, place of business, establishment, residence or address of the place where he usually resides, and his tax identification number under which the goods were supplied to him or the service was supplied to him, IČO, IČ DPH for VAT payers, bank account number, signature.
3. Identification of recipients, categories of recipients
The operator may provide personal data to authorized entities such as institutions and organizations whose processing is permitted by a special legal regulation, or to contractual partners (in particular intermediaries) who have contractually undertaken to accept appropriate guarantees for maintaining the protection of the processed personal data, as follows:
| Tax office: | Act No. 595/2003 Coll. on income tax, as amended Act No. 222/2004 Coll. on value added tax, as amended Act No. 563/2009 Coll. on tax administration (tax code) and on amendments and supplements to certain acts, as amended |
| Other authorized entity: | Generally binding legal regulation pursuant to Art. 6 para. 1 letter a c) Regulations |
With the consent of the data subject or at his/her command, personal data may be provided to other recipients.
4. Transfer of personal data to a third country/international organization
Transfer to third countries or international organizations is not carried out.
5. Identification of the source from which the personal data were obtained
Directly from the data subject (in person, by email, by telephone, via the Operator's website)
6. Retention period of personal data
The Operator processes personal data for the period necessary to fulfill the purpose, but for a maximum period of 10 years.
7. Profiling
The Operator does not process personal data by profiling or in a similar manner based on automated individual decision-making.
8. Rights of the data subject
The data subject has the right to request from the controller access to personal data processed about him/her, the right to rectification of personal data, the right to erasure or restriction of processing of personal data, the right to object to the processing of personal data, the right to the ineffectiveness of automated individual decision-making, including profiling, the right to data portability, as well as the right to file a complaint with a supervisory authority. If the controller processes personal data based on the consent of the data subject, the data subject has the right to withdraw his/her consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of the processing of personal data based on consent before its withdrawal. The data subject may exercise his/her rights by sending an email to the address: qscert@qscert.sk, or in writing to the address of the controller.
9. Obligation to provide personal data
Providing personal data is a legal/contractual requirement, or a requirement that is necessary for the conclusion of a contract. The data subject is obliged to provide personal data; if they are not provided, the operator does not guarantee the processing of accounting documents.
Article 2
Registration of business partners
1. Purpose of processing personal data and legal basis for processing
The purpose of processing personal data is to keep records of data subjects who are business partners/clients of the controller.
Personal data are processed on the basis of Article 6(1)(f) of the Regulation if the data subject is an employee of a business partner/client of the controller and on the basis of Article 6(1)(b) of the Regulation if the data subject is a statutory body or a person acting on behalf of a business partner/client of the controller.
The processing of personal data is carried out for the purpose of the legitimate interests of the controller or a third party.
2. Identification of the processed personal data of the data subjects
The data subjects whose personal data are processed are employees of the business partners/clients of the operator or a statutory body/person acting on behalf of the business partner/client of the operator.
Scope of processed personal data: title, name, surname, job title, service title, functional title, employee personal number or employee employee number, professional department, place of work, telephone number, fax number, workplace e-mail address and employer identification data.
3. Identification of recipients, categories of recipients
The operator may provide personal data to authorized entities such as institutions and organizations whose processing is permitted by a special legal regulation, or to contractual partners (in particular intermediaries) who have contractually undertaken to accept adequate guarantees for maintaining the protection of the processed personal data, as follows:
| Other authorized entity | Generally binding legal regulation pursuant to Article 6(1)(c) of the RegulationSo súhlasom dotknutej osoby, alebo na jeho/jej príkaz môžu byť osobné údaje poskytnuté ďalším príjemcom. |
4. Transfer of personal data to a third country/international organization
Transfer to third countries or international organizations is not carried out.
5. Identification of the source from which the personal data were obtained
Directly from the data subject or the data subject's employer.
6. Period of storage of personal data
The controller processes personal data for the period necessary to fulfill the purpose, but no longer than 1 year after its completion.
7. Profiling
The controller does not process personal data by profiling or in a similar manner based on automated individual decision-making.
8. Rights of the data subject
The data subject has the right to request from the controller access to personal data processed about him or her, the right to rectification of personal data, the right to erasure or restriction of processing of personal data, the right to object to the processing of personal data, the right to the ineffectiveness of automated individual decision-making, including profiling, the right to data portability, as well as the right to file a complaint with a supervisory authority. If the controller processes personal data based on the consent of the data subject, the data subject has the right to withdraw his or her consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of the processing of personal data based on consent before its withdrawal. The data subject may exercise his or her rights by sending an email to the address: qscert@qscert.sk, or in writing to the address of the controller.
9. Obligation to provide personal data
Providing personal data is a contractual requirement, the processing of personal data is necessary. In the event of failure to provide personal data, no contractual relationship will be concluded with the data subject or with the company he represents and acts on behalf of. The data subject is obliged to provide truthful personal data; failure to provide them violates the Regulation.
Article 3
Registry management
1. Purpose of personal data processing and legal basis for processing
The purpose of personal data processing is: registry management and management of the controller's communication with public authorities.
Personal data are processed on the basis of Act No. 395/2002 Coll. on archives and registries and on amending certain acts, as amended, and Act No. 305/2013 Coll. as amended.
Personal data are not processed for the purpose of the legitimate interests of the controller or a third party.
2. Identification of the processed personal data of the data subjects
The data subjects whose personal data are processed are the senders and recipients of correspondence.
Scope of processed personal data: title, first name, last name, signature, address, e-mail address, telephone number, scope of communication pursuant to Act No. 305/2013 Coll.
3. Identification of recipients, categories of recipients
The operator may provide personal data to authorized entities such as institutions and organizations whose processing is permitted by a special legal regulation, or to contractual partners (in particular intermediaries) who have contractually undertaken to accept appropriate guarantees to maintain the protection of the processed personal data, as follows:
| Ministry of the Interior of the Slovak Republic | Act No. 395/2002 Coll. on archives and registries and on amendments to certain acts, as amended |
| Other authorized entity | Generally binding legal regulation pursuant to Article 6(1)(c) of the RegulationSo súhlasom dotknutej osoby, alebo na jeho/jej príkaz môžu byť osobné údaje poskytnuté ďalším príjemcom. |
4. Transfer of personal data to a third country/international organization
Transfer to third countries or international organizations is not carried out.
5. Identification of the source from which the personal data were obtained
Directly from the data subject.
6. Period of storage of personal data
The operator processes personal data for the period necessary to fulfill the purpose, but for a maximum of 10 years.
7. Profiling
The operator does not process personal data by profiling or in a similar manner based on automated individual decision-making.
8. Rights of the data subject
The data subject has the right to request from the controller access to personal data processed concerning him or her, the right to rectification of personal data, the right to erasure or restriction of processing of personal data, the right to object to processing of personal data, the right to the ineffectiveness of automated individual decision-making, including profiling, the right to data portability, as well as the right to lodge a complaint with a supervisory authority. If the controller processes personal data based on the consent of the data subject, the data subject has the right to withdraw his or her consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of the processing of personal data based on consent before its withdrawal. The data subject may exercise his or her rights by sending an email to the address: qscert@qscert.sk, or in writing to the address of the controller.
9. Obligation to provide personal data
Providing personal data is a legal requirement, the processing of personal data is mandatory. The data subject is obliged to provide truthful personal data, failing which he or she violates the Regulation.
Article 4
Marketing
1. Purpose of processing personal data and legal basis for processing
The purpose of processing personal data is to carry out marketing activities (informing about news, discounts and other marketing offers) related to the purchased or procured service or goods.
Personal data is processed on the basis of Art. 6 para. 1 letter f) of the Regulation.
Personal data is processed for the purpose of the legitimate interests of the operator - carrying out marketing activities.
2. Identification of the processed personal data of the data subjects
The data subjects whose personal data are processed are: clients/customers/potential customers.
Scope of processed personal data: title, name, surname, email address, telephone number. job position.
3. Identification of recipients, categories of recipients
The operator may provide personal data to authorized entities such as institutions and organizations whose processing is permitted by a specific legal regulation, or to contractual partners (in particular intermediaries) who have contractually undertaken to accept appropriate guarantees to maintain the protection of the processed personal data, as follows:
| Other authorized entity | Generally binding legal regulation pursuant to Article 6(1)(c) of the RegulationSo súhlasom dotknutej osoby, alebo na jeho/jej príkaz môžu byť osobné údaje poskytnuté ďalším príjemcom. |
4. Transfer of personal data to a third country/international organization
Transfer to third countries or international organizations is not carried out.
5. Identification of the source from which the personal data were obtained
Directly from the data subject (in person, by email, by telephone, via the Controller's website).
6. Period of retention of personal data
The Controller processes personal data for the period necessary to fulfill the purpose (however, for a maximum of 5 years from the last request of the data subject).
7. Profiling
The Controller does not process personal data by profiling or in a similar manner based on automated individual decision-making.
8. Rights of the data subject
The data subject has the right to request from the controller access to personal data processed concerning him or her, the right to rectification of personal data, the right to erasure or restriction of processing of personal data, the right to object to processing of personal data, the right to the ineffectiveness of automated individual decision-making, including profiling, the right to data portability, as well as the right to lodge a complaint with a supervisory authority. If the controller processes personal data based on the consent of the data subject, the data subject has the right to withdraw his or her consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of the processing of personal data based on consent before its withdrawal. The data subject may exercise his or her rights by sending an email to the address: qscert@qscert.sk, or in writing to the address of the controller.
9. Obligation to provide personal data
The data subject provides his/her personal data voluntarily, and expects in the future to be informed about various marketing activities (information about news, discounts and other marketing offers) related to the purchased or procured service or goods. In the event of failure to provide them, the data subject will not be informed about news, discounts or other marketing offers, but at the same time he/she may not be provided with the service or goods he/she procures.