GDPR

TOMARK PROTON s. r. o.

pursuant to Art. 13 and Art. 14 et seq. of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

(hereinafter referred to as "Regulation")

The controller is TOMARK PROTON s. r. o., with registered office at Strojnícka 2078/5, Prešov 080 06, Company ID: 56 006 322, registered in the Commercial Register of the District Court Prešov, Section: Sro, Insert No.: 47249/P (hereinafter also referred to as "Controller").

1. Contact Details of the Controller

You can contact the Controller at the address TOMARK PROTON s. r. o., Strojnícka 2078/5, Prešov 080 06 or by e-mail at info@tomarkproton.eu.

General Information

The Controller processes your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "Regulation") and Act No. 18/2018 Coll. on personal data protection (hereinafter referred to as "Act").

The Controller obtains personal data directly from you as the data subject (hereinafter also referred to as "Data Subject") or from another person who provides us with your personal data. A situation may arise where the Controller obtains personal data from another person other than directly from you, therefore this document provides information to all Data Subjects both under Art. 13 and Art. 14 of the Regulation.

All personal data that the Controller processes about you as a Data Subject are processed only for justified purposes of personal data processing, for a limited period and using the maximum possible degree of security, for which the Controller simultaneously adopts a Personal Data Processing Directive as well as security measures specified in security documentation. The protection of your personal data is a fundamental priority of the Controller, and in this document, you will find information about what personal data we process about you, for what purpose, on what legal basis, to whom we may provide your personal data and especially what rights you have in connection with the processing of your personal data and more.

2. Purposes of Personal Data Processing

The Controller processes your personal data exclusively in accordance with the principle of lawfulness, for the following processing purposes:

Performance of contractual obligations

The Controller processes personal data when fulfilling a contract with the Data Subject, to the extent necessary to fulfill contractual obligations. Processing of personal data when fulfilling contractual obligations occurs, for example, when concluding a purchase contract, when concluding a work contract, etc., which is concluded between the Controller and the Data Subject.

Compliance with legal obligations

The Controller also processes your personal data when fulfilling legal obligations. These legal obligations are, for example, obligations arising from tax regulations, regulations concerning accounting, etc.

Legitimate interest of the Controller

The Controller also processes personal data based on its legitimate interest, exclusively in cases where processing is necessary to pursue the legitimate interests of the Controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of you as the Data Subject, such as personal data provided to the Controller through a contact form on the Controller's website, etc.

Consent granted by the Data Subject

The Controller may also process your personal data based on your granted consent.

In case personal data would not be provided to the Controller in some cases, it would not be possible to fulfill the Controller's obligations imposed by legal regulations and/or laws, or it would not be possible to conclude a contract and/or other contractual relationship between the Controller and the Data Subject.

3. Categories of Personal Data

The Controller processes personal data that are necessary for processing personal data in accordance with the minimization principle so that the Controller can fulfill its contractual and legal obligations, or process them based on its legitimate interest. The Controller processes mainly identification data of natural persons - name, surname, address, date of birth, identity card number, signature, e-mail address, telephone number, and possibly other necessary data.

For legal bases of personal data processing where the Controller fulfills contractual obligations or legal obligations, the personal data that the Controller processes are mainly specified in legal regulations. When processing personal data upon the legal basis of consent or legitimate interest, the Controller determines the categories of processed personal data separately for each processing purpose.

4. Personal Data Retention Period

The Controller processes personal data for a period determined based on various criteria:

The Controller determines the period of personal data processing in accordance with the principle of minimizing the retention period of personal data, whereby it processes personal data for the following determined periods:

a) during the period established by generally binding legal regulations, in case it processes personal data based on fulfilling the Controller's legal obligation,

b) during the duration of the contractual relationship, or the duration of pre-contractual measures, in case it processes personal data based on contract performance or pre-contractual measures,

c) during the duration of the Controller's legitimate interest, in case personal data processing by the Controller is performed on the legal basis of the Controller's legitimate interest,

d) during the period of granted consent for personal data processing, in case the Controller processes personal data based on the data subject's consent.

The Controller has determined personal data processing periods during which the Controller is authorized to process personal data based on the above-established criteria, with personal data processing periods being established in the Controller's internal regulations. You as a Data subject may at any time contact the Controller with a request to specify the concrete period for processing your personal data.

After the expiration of the respective personal data processing period, the Controller may process personal data exclusively only for special purposes, such as archiving or statistics.

5. Rights of Data Subjects

The protection of your personal data as data subjects is governed by the provisions of the Regulation, with the rights of Data Subjects being regulated by the Regulation, the Act, as well as other legal regulations on personal data protection. Based on your request, you as a Data Subject have the right to request:

Right of access

You have the right to be provided with a copy of personal data that we have available about you, as well as information about how we use your personal data. In most cases, your personal data will be provided to you through electronic communication means, unless otherwise requested by you.

Right to rectification

We take reasonable measures to ensure the accuracy, completeness and currency of information we have available about you. In case the personal data we have are inaccurate, incomplete or outdated, we will correct, update or complete this personal data based on your initiative.

Right to erasure

Under certain circumstances, you have the right to request us to erase your personal data, for example, in case the personal data we have obtained about you are no longer necessary to fulfill the original purpose of processing or in case you withdraw your consent to personal data processing. However, your right needs to be assessed from the perspective of all relevant circumstances. For example, we may have certain obligations arising from applicable legal regulations, which means we will not be able to comply with your request.

Right to restriction of processing

You also have the right to request that we no longer process your personal data. In case you think that your personal data that we process are not correct, the processing is unlawful and you request restriction of processing, we do not need your personal data, but you need them as a Data Subject when asserting legal claims or when you think that the Controller does not have a legitimate reason to further process your personal data.

Right to data portability

Under certain circumstances, you have the right to transfer personal data to another entity of your choice. However, the right to portability applies only to personal data that we process based on a contract of which you are one of the contracting parties, based on consent you have granted us, or in case we process personal data by automated means.

Right to object

You have the right to object to personal data processing, for example, in case we process your personal data based on legitimate interest or during processing that involves profiling. If you object to such personal data processing, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for such processing.

Rights related to profiling or automated decision-making

In case we would process personal data by profiling or automated decision-making, you have the right to refuse automated individual decision-making, including profiling, which would result in legal or similarly significant consequences for you. However, the Controller does not use automated individual decision-making or profiling when processing personal data.

Right to lodge a complaint or submit a petition

You can submit a complaint to the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, with registered office at Hraničná 12, 820 07 Bratislava; website: dataprotection.gov.sk, tel. number: 02 3231 3214; E-mail: statny.dozor@pdp.gov.sk.

6. Exercising Your Rights

Your rights mentioned in the previous point of this Controller's information obligation can be exercised in writing or orally at the address TOMARK PROTON s. r. o., Strojnícka 2078/5, Prešov 080 06, by e-mail to the general e-mail address info@tomarkproton.eu.

We will provide you with a response within one month from the day you exercised your rights. In certain cases, we are authorized to extend the deadline for providing a response in case of a high number and complexity of Data Subject requests, by a maximum of two months. We will always inform you about the deadline extension.

7. Transfer to Third Countries and International Organizations

The Controller does not perform transfer of your personal data to third countries (countries outside the EU and EEA).

8. Recipients

Your personal data may be provided to recipients - mainly processors, and also to third parties.

Processors include companies we cooperate with - companies providing IT services, companies providing accounting and financial services, companies providing security and guard services, archival services, etc. The Controller uses exclusively processors who have adopted appropriate technical and security measures through which the requirements of Personal Data Protection Regulations for secure processing of your personal data are met. Third parties may include, for example, our subcontractors to whom we provide personal data for the purpose of proper performance of our business activity.

We also provide your personal data to entities authorized by law, which may include courts, criminal proceedings authorities, tax offices, health insurance companies, labor inspectorates, the Office for Personal Data Protection, other authorized entities, etc.

Personal data protection is not a one-time matter for us. The information we are obliged to provide you regarding our personal data processing may change or cease to be current. For this reason, we reserve the right to modify and change these personal data protection principles at any time and to any extent. In case we change these principles substantially, we will bring this change to your attention, e.g., by general notice on this website or by special notice via email.