Privacy police

This Privacy Policy was last updated on 28.09.2023

We respect the privacy of data subjects with whom we are in contact, regardless of whether we process personal data ourselves or by other entities. The purpose of the information below is to provide information regarding the processing of personal data by ADVISEC, s.r.o. in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR).

The Privacy Policy describes how we process your personal data when carrying out activities as a controller or processor. We may update this policy from time to time, even without notice to you. It is therefore advisable that you familiarise yourself with its wording on a regular basis.

Ensuring the protection of the personal data we process while providing our services is very important to ADVISEC s.r.o. and we have therefore taken appropriate technical and organisational measures to protect the personal data we process. ADVISEC s.r.o. carries out the processing of personal data in accordance with the requirements arising from the GDPR and Act No. 18/2018 Coll. on the Protection of Personal Data, as amended. 

Part 1. Basic information about the controller

1. Controller:

ADVISEC s. r. o.
Miletičova 78
821 09 Bratislava – Ružinov
Slovak republic

IČO: 45 852 642
Phone +421 904 569 888
e-mail: info@advisec.sk
Website: https://www.advisec.sk

2. Data privacy officer:

e-mail: info@advisec.sk
postal address:
ADVISEC s. r. o.
Miletičova 78
821 09 Bratislava – Ružinov
Slovak republic

3. Information on the rights of the data subject:

  1. Right of access to personal data
    You can request information about whether and how we process your personal data. If this is the case, you have the right to obtain information about the processing of your personal data to the extent set out in Article 15 of the GDPR. All such information is available in this Privacy Policy. At the same time, you have the right to obtain a copy of the personal data that we process about you.
  2. Right to rectification of personal data
    If you become aware that we are processing incorrect or incomplete personal data about you, you have the right to have it corrected or completed.
  3. Right to withdraw consent
    If you have given us consent to process your personal data, you have the right to withdraw your consent and we will subsequently cease our processing activities over your personal data that we carry out on this legal basis. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.
  4. Right to erasure of personal data
    You have the right to request the erasure of the personal data we process about you. The exercise of this right is subject to an assessment of your request. Your right will not be exercised if further processing of your personal data is necessary for one of the purposes listed in Article 17 GDPR, in particular to comply with a legal obligation, to fulfil a legitimate interest of the controller, for archiving purposes in the public interest or for the establishment, exercise or defence of legal claims.
  5. The right to restrict the processing of personal data
    You have the right to restrict the processing of your personal data that we process about you for the reasons set out in Article 18 of the GDPR. Our company may only process your personal data in accordance with your consent, where necessary in connection with legal claims, to protect someone else’s rights, or where there is an important public interest in the processing.
  6. Right to portability of personal data
    You may request that we provide you with your personal data that you have provided to us for processing on the basis of consent or for the performance of a contract in a structured, commonly used and machine-readable format. You also have the right to request the transfer of this data to another data controller.
  7. Right to object and automated individual decision-making
    If you believe that we do not have the right to process your personal data, you can object to our processing. In such cases, we can only continue processing if we can demonstrate compelling legitimate grounds that outweigh your interests, rights and freedoms. However, we may always process your personal data if it is necessary for the establishment, exercise or defence of legal claims.
  8. Right to lodge a complaint with a supervisory authority
    You can contact a supervisory authority with your complaint or complaint about the processing of your personal data:
    The Office for Personal Data Protection of the Slovak Republic

    Hraničná 12

    820 07 Bratislava
    IČO: 36 064 220
    Phone: +421 (2) 323 13 220
    Website: https://dataprotection.gov.sk/uoou/

4. Contact details for exercising the rights of the data subject

You can exercise the rights referred to in point 3. by sending an e-mail request to info@advisec.sk or by sending a written request to the address of the controller’s registered office.

All information and statements regarding the rights you exercise with us are provided free of charge and will be provided to you no later than 1 month after receipt of the request. This period may be extended by a further 2 months if necessary, depending on the complexity of the request and the number of requests. If the request is clearly unfounded or excessive, in particular because it is repetitive, we are entitled to charge a reasonable fee which takes into account the administrative costs involved in providing the information requested.

If you contact us through one of the above communication channels, we will use the information you provide (e.g. your email address, first name, last name or telephone number) to answer your questions or to process your request. We will restrict the processing of the data for a period of 5 years if it is no longer necessary for answering your questions or for processing your request/rights, in case we need to prove, exercise or defend related legal claims. If we have a reasonable doubt about your identity in relation to the exercise of individual rights, we may ask you to provide additional information to confirm your identity.

Part II Information on processing activities

1. Processing activity: Maintaining the accounting agenda
  1. Purpose of processing personal data:

    Keeping the accounting records necessary for the accounting of business cases, including invoicing and the execution of contracts, as well as the settlement of salaries and other benefits from an accounting perspective.

  2. Legal basis for processing personal data:
    The processing of personal data is a legal requirement. The processing of personal data is also necessary to comply with the following legal obligations
    • Act No. 431/2002 Coll. on Accounting,
    • Act No. 222/2004 Coll. on Value Added Tax,
    • Act No. 563/2009 Coll. on Tax Administration (Tax Code),
    • Act No 40/1964 Coll., the Civil Code,
    • Act No 513/1991 Coll., the Commercial Code,
    • Act No 595/2003 Coll. on Income Tax and related regulations.
  3. The personal data processed and the sources from which the personal data originate:
    Categories of personal data processed:
    ADVISEC s.r.o. contractors and employees:
    • title, first name, surname,
    • address of permanent residence (for legal entities, the address of the company’s registered office),
    • name of the company (only for legal entities),
    • contact details,
    • billing data,
    • date of birth (for legal entities, company ID number).

    Source from which the personal data is obtained:

    • data subject,
    • the data subject’s employer
    • contractual documentation
  4. Categories of recipients of personal data:
    Personal data is processed by the following processors:
    – company providing payroll and accounting processing.
    Personal data may be provided or disclosed in accordance with applicable legislation:
    • financial authorities,
    • ax authorities,
    • audit office.
  5. Transfer of personal data to a third country or international organisation:

    There is no transfer of personal data to third countries or international organisations.

  6. Existence of automated decision-making, including profiling:

    No automated decision-making or profiling is carried out with personal data.

2. Customer Relationship Management
  1. Purpose of processing personal data and legal basis:
    Interested parties for products and services and pre-contractual relationships
    In order to enter into and perform a contract with you or the company you represent, it is necessary to process your personal data. We may also process personal data about visitors to our website or physical locations, depending on how you choose to interact with us (e.g. our business premises, events, happenings).We only process your personal data if we have a legal basis to do so. This means that the processing must be necessary for the performance of a contract to which you or the company you represent is a party or to enable action to be taken at your request prior to entering into the contract. For this purpose, we have a contact form available on our website through which interested parties can contact us about our services. We process the contact data provided in this way in accordance with Article 6 (1) (b) of the GDPR, whereby the processing of personal data is lawful even without the data subject’s consent to carry out pre-contractual measures at the request of the data subject. We process the personal data provided via the web form for the purpose of contacting those interested in our services, sending, or presenting our offer and for the purpose of entering into a contractual relationship. If cooperation and the conclusion of a contractual relationship does not take place, your contact data will be deleted.


    Our website uses cookies. For more information about cookies, please refer to our  Cookie policy

    Existing customers – marketing communications
    We will use your personal data for the purpose of contacting you, creating and sending you an offer of our services. The purpose of this activity is to provide sales support, to send you information about news, products and services offered by ADVISEC s.r.o., or other information about product and service offers from partner companies.

    The legal basis for the processing of your personal data is the legitimate interest of our company to provide services to our customers and to meet our business objectives. When carrying out this activity, we take care that the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, are not harmed.

    Existing customers – contract management and customer care
    We process personal data of existing customers for the purposes of fulfilling contractual obligations, ensuring customer care, and improving and developing business activities in the provision of our services.
    The legal basis for the processing of personal data is the fulfilment of the legal obligation of the controller and the legitimate interest of ADVISEC s.r.o. The processing of personal data of customers is necessary for the fulfilment of contractual obligations and the protection or exercise of rights or the performance of activities aimed at the realisation of the legitimate interests of ADVISEC s.r.o. When carrying out processing activities, we always assess whether the legitimate interest of ADVISEC s.r.o. is not outweighed by the fundamental rights and freedoms of the data subject, which require protection of his or her personal data.

  2. The personal data processed and the sources from which the personal data originate:
    Categories of personal data processed:
    – ADVISEC s.r.o. contractors and employees:
    • title, first name, surname,
    • address of permanent residence (for legal entities, the address of the company’s registered office),
    • name of the company (only for legal entities),
    • contact details,
    • billing data,
    • date of birth (for legal entities, company ID number)
    • date and signature

    Source from which the personal data is obtained:
    – data subject,
    – the data subject’s employer.

    The personal data is obtained from the data filled in on the website of ADVISEC s.r.o., from the mutual communication with the customer and the potential customer and from the contracts concluded with the customer.

  3. Categories of recipients of personal data :
    • Authorised persons of ADVISEC s.r.o.
    • Authorised persons of contractors/suppliers
    • Personal Data Protection Authority
    • Tax Authority
    • Executor’s Office
    • Courts of the Slovak Republic
    • Public Prosecutor’s Office of the Slovak Republic
    • Police Force of the Slovak Republic
  4. Data retention period / Criteria for determining the data retention period:
    After the termination of the contractual relationship, the data shall be retained for the current year and the following 10 years.
  5. Transfer of personal data to recipients in third countries:
    There is no transfer of personal data to third countries or international organisations.
  6. Existence of automated decision-making, including profiling:
    No automated decision-making or profiling is carried out with personal data.
3. Processing activity: procurement of goods and services
  1. Purpose of processing of personal data:
    To procure goods and services and to ensure follow-up activities related to the performance of contractual obligations. Preservation and archiving of documentation in accordance with specific regulations.
  2. Legal basis for processing personal data:
    The processing of personal data is a legal requirement. The processing of personal data is necessary for the fulfilment of legal obligations arising from Act No. 513/1991 Coll., the Commercial Code, as amended, and Act No. 395/2002 Coll. Act on Archives and Registers and on the Amendment of Certain Acts. At the same time, personal data is also processed on the basis of legitimate interest, namely to ensure the verification of the personal capacity of suppliers of goods and services to fulfil contractual obligations.
  3. The personal data processed and the sources from which the personal data originate:
    Categories of personal data processed:
    – Contractors and representatives of the contractor:

    • title, first and last name,
    • contact details (address, e-mail, telephone number),
    • company,
    • billing data,
    • contractual data,
    • function/job title,
    • date and signature

    – Supplier’s employees involved in the performance process under the contract:

    • name and surname,
    • job title/function,
    • contact details (address, e-mail, telephone number),
    • details of education and professional experience,
    • professional CV,
    • details of projects carried out

    – Documents containing personal data arising in the course of performance under the contract which have permanent documentary value and must be kept in accordance with the specific rules.

    The source from which the personal data is obtained:

    • data subject,
    • the data subject’s employer.
  4. Retention period of personal data:
    Personal data is processed throughout the entire period of implementation of the procurement of goods and services and the provision of activities related to the fulfilment of contractual obligations, and are subsequently placed in pre-archival care in accordance with the requirements of Act No. 395/2002 Coll. on archives and registers and on the amendment of certain acts, as amended, and retained for a period of 10 years or for the period specified under special regulations.
  5. Categories of recipients of personal data:
    Personal data may be disclosed or made available in accordance with applicable legislation to the:

    • financial authorities,
    • tax authorities,
    • audit office,
    • executor’s office,
    • Police Force of the Slovak Republic, the Public Prosecutor’s Office of the Slovak Republic,
    • Courts of the Slovak Republic,
    • Social Insurance Company, Health Insurance Company,
    • Labour, Social Affairs and Family Office,
    • company providing payroll and accounting processing.
  6. Transfer of personal data to a third country or an international organisation:
    There is no transfer of personal data to third countries or international organisations.
  7. Existence of automated decision-making, including profiling:
    No automated decision-making or profiling is carried out with personal data.
4. Processing activity: provision of services to customers
  1. The personal data processed and the sources from which the personal data originate:
     Categories of personal data processed:
    • title, first name, surname,
    • employer,
    • contact details (e-mail address, telephone contact),
    • date of birth,
    • professional CV,
    • competences (certificates, background checks and certificates of completion of training and examinations),
    • data (e.g. ID card number, place of residence) necessary to ensure activities related to the fulfilment of contractual obligations for the customer (e.g. access to premises, access to customer’s systems).

    – customer’s employees:

    • title, first name, surname,
    • company name,
    • contact details (e-mail address, telephone contact),
    • complaint, service complained about

    Source from which the personal data is obtained:

    • data subject,
    • data subject’s employer.
  2. Retention period of personal data:
    Personal data is processed throughout the entire period of preparation of the offer, during the duration of the tender procedure and during the provision of activities related to the performance of services, subsequently they are included in the pre-archival care in accordance with the requirements of Act No. 395/2002 Coll. on archives and registers and on the amendment of certain acts, as amended, and kept for the following period:

     

    • tenders and quotations for 3 years and then disposed of,
    • tender documents for 10 years and subsequently destroyed,
    • service outputs 10 years after the end of the contractual relationship and subsequently destroyed,
    • documents for the provision of activities related to the performance of contractual obligations for the duration of the employee’s participation in the performance of contractual obligations for the customer and subsequently destroyed,
    • documents for the resolution of complaints and complaints 4 years after the resolution of the complaint.
  3. Categories of recipients of personal data:
    Personal data is provided and disclosed in the context of the preparation of offers to business partners and in the context of tenders to potential customers and customers.
    Personal data may be provided or disclosed in accordance with applicable legislation to:
    • financial authorities,
    • tax authorities,
    • audit office,
    • Slovak Trade Inspection,
    • Personal Data Protection Office.

    Personal data is provided in the context of providing activities related to the performance of contractual obligations by the customer (e.g. securing access to the premises and systems of the customer).

  4. Transfer of personal data to a third country or international organisation:
    There is no transfer of personal data to third countries or international organisations.
  5. Existence of automated decision-making, including profiling:
    No automated decision-making or profiling is carried out with personal data.
5. Processing activity: Organisation of professional and social events
  1. Purpose of processing personal data:
    Ensuring the organisation of professional and social events (hereinafter referred to as “the event”), keeping a list of invited participants and documenting and recording attendance. Documenting (photo/video) the event in connection with the promotion of the activities of ADVISEC s.r.o., representation and strengthening of its reputation among employees, customers, suppliers and the public. Depending on the nature of the organised event, the data is also used for the purpose of providing insurance for the participants of the respective event.
  2. Legal basis for the processing of personal data:
    The processing of personal data is a legitimate interest of ADVISEC s.r.o. to support the development of the company’s business activities and to keep records of the events held. At the same time, we process personal data in accordance with the requirements of Act No. 147/2001 Coll. on Advertising and on Amendments and Additions to Certain Acts, as amended, Act No. 395/2002 Coll. Act on Archives and Registers and on the Amendment of Certain Acts, Act No. 40/1964 Coll. Civil Code, Act No.513/1991 Coll. Commercial Code, Act No.563/2009 z.z. Act on Tax Administration (Tax Code) and on Amendments and Additions to Certain Acts.
  3. The personal data processed and the sources from which the personal data originate:
    Categories of personal data processed:
    – customers:

     

    • name and surname, e-mail address, telephone number,
    • photo and expressions of a personal nature,
    • name of employer,
    • job title,
    • feedback on the course of the event in question,
    • data required for insurance,

    – employees:

    • name and surname, e-mail address, telephone number,
    • photo and expressions of a personal nature,
    • job title,

    – family members of the employee:

    • name and surname, age if a child (in order to ensure appropriate refreshments and programme at the event),
    • photo and expressions of a personal nature,

    Source from which the personal data is obtained:
    – data subject,
    – family member of the data subject.

  4. Retention period of personal data:
    Personal data is processed for the duration of a professional or social event, then they are placed in pre-archival care in accordance with the requirements of Act No. 395/2002 Coll. on Archives and Registers and on the Amendment of Certain Acts, as amended, and retained for the current year and the following 4 years. The records of the events held shall be kept during the existence of ADVISEC s.r.o.
  5. Categories of recipients of personal data:
    Personal data is processed by the following processors: advertising agencies or event agencies providing the organization, realization, or documentation (photo/video) of the course of the respective event, insurance companies providing insurance for the participants of the respective event, tax authorities and the courts of the Slovak Republic.
  6. Transfer of personal data to a third country or international organisation:
    There is no transfer of personal data to third countries or international organisations.
  7. Existence of automated decision-making, including profiling:
    No automated decision-making or profiling is carried out with personal data.
6. Policy of personal data processing from the website environment
For information about the processing of your personal data on our company’s website, please refer to thee Cookie Policy.