The processing of personal data of data subjects is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “the Regulation“) and Act No. 18/2018 Coll. on Protection of Personal Data and on Amendments and Supplements to Certain Acts (“Personal Data Protection Act“).
1. Controller
The purpose of this Policy is to explain how the Controller – the company Riseday Tech, s.r.o., with its registered office at Jaskový rad 115, 831 03 Bratislava – Nové Mesto city borough, company ID No.: 54 381 029, VAT ID No. SK2121659221, registered in the Commercial Register of the City Court Bratislava III, Section Sro, File No. 158719/B (hereinafter referred to as “Company” or “Controller“) processes personal data of the data subjects and what are their rights under the Regulation and the Data Protection Act.
Within the meaning of the Regulation and the Personal Data Protection Act, the Company shall act as a Controller in the processing of personal data, i.e. as a person who alone or jointly with others determines the purposes and means of processing of personal data of data subjects.
2. Collection of personal data, purpose, time and manner of processing
The Company obtains personal data in the following ways:
- directly from their customers at conclusion of a contract;
- from publicly available sources such as public registers and records;
- from persons who have voluntarily provided the Company with their personal data and have given their consent to its processing (by phone, email, via the Company’s website, etc.);
- from persons entering the Company’s premises (including footage from the Company’s CCTV system);
- from public authorities, service providers or others.
The Company collects and processes personal data only to the extent that is proportionate to the purpose of their processing. The Company places special emphasis on security and protection of personal data and the rights of data subjects.
The Company only processes personal data in order to provide services and customer care to the data subject, to comply with various legal requirements and also to protect its legitimate interests. The Company collects personal data about data subjects, including potential contractual partners, who are interested in the Company’s services or who have given their consent to the Company to do so.
In particular, the Company processes the following categories of personal data of data subjects:
- Basic identification data, including: first name, surname, date of birth, birth ID number, signature. If the data subject is doing business as a natural person – entrepreneur, this also includes the company ID No., tax ID No., and place of business.
- Contact details, including: permanent address, correspondence address, phone number, and email;
- Economic and financial data, including: bank account number (IBAN), details of the product or service ordered by the contractual partner, method of payment, and discount information.
- Information on use of products (in particular a type of products used, a way the products are used, information on the benefits provided under the contract).
- Other data necessary to comply with legal requirements, exercise and prove the Company’s legal claims.
- Data on use of the Company’s website and social media accounts.
Data relating to exercise of the data subject’s rights. The Company processes personal data on the basis of the following legal titles set up for by the Regulation and the Personal Data Protection Act:
- Legitimate Interest
The Company may process the personal data of data subjects if it is necessary for the purposes of legitimate interests of the Company or third parties, however, except for cases where such interests are overridden by interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such legitimate interests of the Company are in particular:
- protection of the rights and legitimate interests of the Company arising from generally binding legal regulations and contracts in relation to the contractual partners and other persons; for this purpose, the Company retains personal data for no longer than it is necessary to protect such rights and legitimate interests;
- recovery of receivables and other claims of the Company; for this purpose, the Company retains personal data for a maximum period of the relevant limitation periods;
- prevention of fraudulent conduct where the Company reasonably believes that there is a risk of such conduct; for this purpose, the Company shall retain personal data for no longer than the period prescribed by generally binding legal regulations;
- marketing activities of the Company; for this purpose the Company retains personal data maximum for the duration of the legitimate interest of the Company, in particular for the duration of the contractual relationship between the Company and the data subject and for a reasonable period of time after its termination;
- Performance of the Contract
The Company processes personal data of the data subjects for purposes related to performance of the contractual obligations of both parties, in particular the conclusion, modification and termination of the contract, invoicing, etc. A prerequisite for conclusion of the contract is provision of personal data by the data subject to the Company to the necessary extent. Failure to provide personal data may prevent the Company from delivering goods and services to the data subject.
The Company shall retain personal data for the purposes of performance of the contract for the duration of the contractual relationship between the Company and the data subject and for the necessary time after its termination. After termination of the contractual relationship and settlement of all obligations arising from or related to the contract, the Company retains personal data for the time strictly necessary, in particular for the limitation period of possible claims from termination of the contractual relationship and settlement of all obligations (including pending litigation), or for a longer period if the limitation period is interrupted.
- Fulfilment of Legal Obligation
The Company may process personal data, including disclosing it to state authorities and other persons, if such obligation arises from the law.
The Company processes the customer’s personal data for the purposes of payment, invoicing and bookkeeping, in accordance with the legal obligations arising from the applicable legal regulations.
The Company shall retain personal data for the purposes of compliance with a legal obligation for no longer than it is necessary to comply with the relevant legal obligation under generally binding legal regulations.
- Consent granted by the Data Subject
The Company processes the personal data of data subjects on the basis of a consent expressly granted by the data subject, in case that none of other legal bases can be applied.
The Company retains personal data processed on the basis of the data subject’s consent for no longer than the duration of such consent or until its revocation, whichever is earlier. The data subject has the right to freely withdraw consent to the processing of personal data at any time. If consent is withdrawn, personal data may no longer be processed, provided that there is no other purpose for processing based on another legal basis. Withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.
The Company may entrust third parties, so-called processors, with the processing of personal data. Processors shall process personal data for the Company solely on the basis of a personal data processing contract, which must comply with the requirements set out in the Regulation and the Personal Data Protection Act, and the Company shall in such cases take strict care to protect the personal data it provides to the processors.
3. Your rights in relation to personal data
Data subjects have the right to:
- require from the Company:
- confirmation of whether or not their personal data is being processed, when they have the right to access their personal data, by which they can obtain information whether or not their personal data is being processed, for what purpose, what is the extent to which it is being processed and to whom, if any, this data has been disclosed, for how long and what rights they have (information on the right to request from the Controller the rectification/erasure of personal data or restriction of processing, the right to object to such processing, the right to bring an action for protection of personal data, the source of personal data and the existence of automated individual decision-making, including profiling); where the personal data has not been obtained from the data subject, the data subject may request provision of any available information as to their source (“right of access to personal data“);
- if their personal data are processed, to obtain access to personal data and other information and to receive a copy of the personal data processed by the Company (“right to be informed of processing“); the Company is entitled to charge the data subject a reasonable administrative fee in connection with the request for a copy of the personal data;
- rectification of incorrect/incomplete personal data processed by the Company (“right to rectification“);
- erasure of personal data where one of the grounds set out in the Regulation or the Personal Data Protection Act is met; in particular where the personal data is no longer necessary for the purposes for which the data was obtained or processed by the Company; if the data subject withdraws consent and the Company has no other legal basis for processing; if the data subject objects to the processing, or if the Company has processed the personal data in an unlawful manner; where official documents containing personal data are the subject of the processing, the data subject may request their return (“right to erasure“);
- restriction of the personal data processing if one of the grounds set out in the Regulation and the Personal Data Protection Act is met; for example, where the data subject objects to the accuracy of the personal data being processed for the period necessary to allow the Controller to verify the accuracy of the personal data, where the processing of the personal data is unlawful and the data subject objects to the erasure of the personal data and requests instead the restriction of its use, or where the Controller no longer needs the personal data for the purposes of processing but the data subject requires them for exercise of a legal claim, or where the data subject has objected to the processing, pending verification whether the legitimate grounds of the Controller outweigh the legitimate grounds of the data subject (“right to restriction“);
- obtain personal data concerning the data subject which they have provided to the Company in a structured, commonly used and machine-readable format; the data subject has the right to transfer such personal data to another controller if technically feasible and if the conditions set out in the Regulation and the Personal Data Protection Act are met (“the right to portability“);
- on grounds relating to a particular situation, object to the processing of personal data concerning the data subject which is necessary for performance of a task carried out in the public interest (“right to object“);
- withdraw consent to the processing of personal data given to the Company at any time with effect from the time of withdrawal of consent (“right to withdraw consent“);
- if the data subject suspects that his/her personal data is being unlawfully processed, to file a petition for initiation of personal data protection proceedings with the Office for Personal Data Protection of the Slovak Republic, with its registered office at the address Hraničná 4826/12, 820 07 Bratislava, Slovak Republic, phone number: + 421 2 3231 3220, dataprotection.gov.sk.
The data subject has the right to raise objections at any time and to object on grounds relating to his/her particular situation connected with processing of his/her personal data which is carried out on a legal basis and is in the legitimate interest of the Controller, including to object to profiling based on the aforementioned provisions.
The data subject has the right to object to the processing of personal data concerning him/her for the purpose of direct marketing, including profiling to the extent that it is related to such direct marketing. If the data subject objects to the processing of personal data for the purpose of direct marketing, the Controller may no longer process the personal data for the purpose of direct marketing.
The data subject may exercise his/her rights in the following ways:
- in person at the address of the Company’s registered office;
- by mail (usually the signature of data subject must be officially certified) sent to the address of the Company’s registered office;
- by email to the Company’s address info@risedaytech.net;
4. Final provisions
The text of this Policy is subject to change in order to remain current and therefore the Company reserves the right to unilaterally modify this Policy. Should this Policy change in any material way, we will notify you of this fact via the Company’s website.
In Bratislava, on 12th of February 2022