PRIVACY POLICY
1. IDENTIFICATION OF THE CONTROLLER AND GENERAL INFORMATION
This personal data protection policy (hereinafter referred to as the "Policy") contains information about the processing of your personal data by PPCD s. r. o., with its registered office at Trieda KVP 1C, Košice - Sídlisko KVP 040 23, Company ID No.: 57 112 177, a company registered in the Commercial Register of the Municipal Court in Košice, Section: Sro, File No. 63023/V (hereinafter referred to as the "Controller") on the Controller's website www.ppcd.sk (hereinafter referred to as the "website"), on the Controller's social media profiles and in the course of the Controller's commercial and business activities.
Information on the processing of personal data outside the website or social networks is documented by the Controller in the relevant internal regulations and will be provided to you where relevant.
Through this Policy, the Controller provides you with information about why your personal data is processed, how it is processed, how long the Controller stores it, what your rights are in relation to the processing of your personal data, and other relevant information about the processing of your personal data. Through this Policy, the Controller fulfils its information obligation towards all data subjects, both in cases where the Controller has obtained personal data directly from you as the data subject and in cases where it has obtained your personal data from another source.
The Controller processes your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "Regulation"), relevant Slovak legislation (hereinafter referred to as the "Act") and other regulations on personal data protection (the Regulation, the Act and other regulations on personal data protection hereinafter collectively referred to as the "Personal Data Protection Regulations").
You can contact the Controller in matters relating to the processing and protection of personal data at PPCD s. r. o., with its registered office at Trieda KVP 1C, Košice - Sídlisko KVP 040 23, or by email atinfo@ppcd.sk .
2. INFORMATION ON PROCESSING OPERATIONS – LEGAL BASIS, PURPOSES OF PROCESSING, CATEGORIES OF PERSONAL DATA AND RETENTION PERIOD OF PERSONAL DATA
The controller processes your personal data only for legitimate purposes, for a limited period of time and with the maximum possible level of security. We process your personal data in accordance with the principle of lawfulness, i.e. only if there is an adequate legal basis for their processing in accordance with Article 6(1) of the Regulation, specifically on the following legal bases:
IN CONNECTION WITH THE OPERATION OF THE CONTROLLER'S WEBSITE:
Purpose of processing:
Responding to messages and handling enquiries/requests from messages sent to the controller via email or telephone
Legal basis:
Article 6(1)(f) of the Regulation - the processing of personal data is carried out on the basis of the legitimate interest of the Controller, which is to respond to messages received for the proper conduct of business communication, to improve the quality of services provided and to acquire new clients
Categories of personal data:
Name, surname, e-mail, telephone number, other data specified in the message
Retention period:
60 days from the date of receipt of the request or until it is processed (purpose fulfilled), whichever occurs first
Purpose of processing:
Processing of necessary (functional) cookies
Legal basis:
Article 6(1)(f) of the Regulation – personal data processing is carried out on the basis of the legitimate interest of the Controller, which is to maintain the functionality of the website
Categories of personal data:
Data on activity on the Controller's website, IP address of the device used, data on the web browser used
Retention period:
Depending on the specific file, but no longer than 3 months from visiting the website; for more information, visit COOKIE POLICY
IN CONNECTION WITH THE CONTROLLER'S BUSINESS ACTIVITIES:
Purpose of processing:
Processing of accounting documents
Legal basis:
Article 6(1)(c) of the Regulation – compliance with legal obligations: Act No. 431/2002 Coll. on Accounting, as amended, Act No. 595/2003 Coll. on Income Tax, as amended, Act No. 222/2004 Coll. on Value Added Tax, as amended, Act No. 311/2001 Coll. Labour Code, as amended
Categories of personal data:
Ordinary personal data necessary for the fulfilment of legal obligations (name, surname, address of residence/place or registered office, address for service delivery, contact details - telephone number, e-mail address, bank details), other personal data necessary for the processing of accounting records
Retention period:
10 years following the year to which they relate
Purpose of processing:
Record keeping, registration and handling of received and sent mail (including electronic communication with relevant institutions)
Legal basis:
Article 6(1)(c) of the Regulation – compliance with legal obligations: Act No. 395/2002 Coll. on archives and registries and on amendments to certain acts, as amended Act No. 305/2013 Coll. on the electronic form of the exercise of public authority powers and on amendments to certain acts (e-Government Act), as amended
Categories of personal data:
Ordinary personal data
Retention period:
Post - 5 years following the year to which they relate, other records forming the registry within the meaning of the relevant provisions of Act No. 395/2002 Coll. on archives and registries and on amendments to certain acts, as amended
Purpose of processing:
Fulfilment of the Controller's contractual obligations (based on contracts concluded with suppliers, customers of goods and services, other business partners and clients who are natural persons, and records of service orders), including the implementation of pre-contractual relationships (handling enquiries, accepting orders, making payments, etc.)
Legal basis:
Article 6(1)(b) of the Regulation - processing is necessary for the performance of a contract and the implementation of pre-contractual relationships
Categories of personal data:
Ordinary personal data (name, surname, date of birth, address of residence/registered office/place of business/billing address, affiliation/position in the company that is the customer, contact details – telephone number, email address)
Retention period:
During the term of the contractual relationship and after its termination until the complete settlement of contractual and other claims arising from the contractual relationship (usually until the expiry of the limitation periods) or until the termination of the status of a specific natural person as a representative of a legal entity; at the latest until the complete settlement of legal and other claims arising from the contractual relationship
Purpose of processing:
Keeping records of suppliers, other business partners and clients and their contact persons (in the case of business partners or clients - legal entities), concluded contracts and maintaining appropriate business communication
Legal basis:
Article 6(1)(f) of the Regulation - the processing of personal data is carried out on the basis of the legitimate interest of the Controller, which is the need to keep records of suppliers, business partners and clients of the Controller, or their contact persons in contractual relationships for the proper fulfilment of contractual obligations, the possible assertion of legal claims and the maintenance of appropriate business communication
Categories of personal data:
Ordinary personal data (name, surname, address of residence/registered office/place of business/billing address, affiliation/position in the company that is the customer, contact details – telephone number, email address)
Retention period:
During the term of the contractual relationship and after its termination until the complete settlement of contractual and other claims arising from the contractual relationship (usually until the expiry of the limitation periods) or until the termination of the status of a specific natural person as a representative of a legal entity; at the latest until the complete settlement of legal and other claims arising from the contractual relationship
Purpose of processing:
Handling of complaints
Legal basis:
Article 6(1)(c) of the Regulation – compliance with legal obligations: Act No. 513/1991 Coll. Commercial Code, Act No. 250/2007 Coll. on Consumer Protection and on Amendments to the Act of the Slovak National Council, Act No. 372/1990 Coll. on Offences, as amended, Act No. 40/1964 Coll. Civil Code, as amended
Categories of personal data:
Ordinary personal data necessary for the fulfilment of legal obligations
Retention period:
4 years following the date of filing the complaint, in the case of natural persons - non-entrepreneurs 3 years following the date of filing the complaint or, in both cases, until the complete settlement of claims arising from the complaint, or until the expiry of the limitation periods specified in the relevant legal regulations
Purpose of processing:
Conducting judicial and administrative proceedings
Legal basis:
Article 6(1)(c) of the Regulation – compliance with legal obligations: relevant legislation in the field of civil, criminal and administrative proceedings
Categories of personal data:
Ordinary personal data necessary for compliance with legal obligations
Retention period:
For the duration of the relevant proceedings and until the expiry of the limitation periods (unless otherwise provided for by the relevant legislation)
Purpose of processing:
Exercising the rights of data subjects
Legal basis:
Article 6(1)(c) of the Regulation – compliance with legal obligations: Act No. 18/2018 Coll. on the protection of personal data and on amendments to certain acts
Categories of personal data:
Ordinary personal data included in the application
Retention period:
Until the exercised rights are fulfilled
Purpose of processing:
Records of the rights exercised by data subjects and the way those rights were exercised
Legal basis:
Article 6(1)(f) of the Regulation – processing of personal data based on the legitimate interest of the Controller, which is the need to record the rights exercised by data subjects to demonstrate compliance with obligations under relevant personal data protection legislation
Categories of personal data:
Ordinary personal data included in the application
Retention period:
5 years from the date of exercising the right or other request submitted
IN RELATION TO JOB APPLICANTS:
Purpose of processing:
Conducting a selection process (ensuring the selection of new employees)
Legal basis:
Article 6(1)(b) of the Regulation – processing is necessary for the performance of a contract and the implementation of pre-contractual relations
Categories of personal data:
Name, surname, e-mail, work experience details, other personal data provided in the CV and/or cover letter
Retention period:
During the selection process, no later than 60 days from the date of receipt of the CV and/or cover letter, if no employment relationship or similar labour-law relationship is established
The Controller only processes personal data that is necessary for the processing operation (purpose of processing), always in accordance with the principle of minimisation, so that we fulfil contractual and legal requirements or process only personal data for which we have a legitimate interest, always to the extent necessary to fulfil the specified purpose of processing. This means that we do not require personal data from you that is not necessary for a specific processing purpose.
The Controller always stores personal data in accordance with the principle of storage minimisation. This means that personal data is processed only for as long as it is necessary to store it. After this period, the Controller will delete the personal data, unless otherwise provided by law. The Controller has determined the retention period for your personal data in accordance with the relevant legal regulations, as specified above in the table of purposes.
3. SOURCE OF PERSONAL DATA
We obtain your personal data directly from you as the data subject if you provide it to us (when contacting us via the website, in business communications, when entering a contractual relationship with the Controller, when applying for a job). As a service provider, we also have personal data of employees, contractual partners and other persons provided to us by our clients. In such cases, we act as an processor and the controller (client/contractual partner) fulfils its obligations under the Regulation directly towards the data subjects.
If, in some cases, you did not provide us with your personal data as the Controller when processing personal data, we would not be able to provide you with a service as the Controller, respond to a message, include you among job applicants, etc.
4. TO WHOM DOES THE CONTROLLER PROVIDE YOUR PERSONAL DATA?
In certain cases, the Controller is obliged to provide your personal data to public authorities that are authorised to process your personal data, e.g. courts, law enforcement authorities, authorities supervising the operation of e-shops (e.g. the Slovak Trade Inspection).
The Controller also provides your personal data to its processors, i.e. external entities that process your personal data on behalf of the Controller. Processors process personal data on the basis of a contract concluded with the Controller, in which they undertake to take appropriate technical and security measures to ensure the secure processing of your personal data. The Controller's processors include, for example: a company providing hosting services (including mail hosting services).
5. TRANSFER TO THIRD COUNTRIES AND INTERNATIONAL ORGANISATIONS
Your personal data will not be transferred to third countries.
If your personal data is transferred, it is secured by appropriate means of securing the transfer of personal data to third countries in accordance with the Personal Data Protection Regulations, in particular using standard contractual clauses and additional transfer guarantees. Transfers may only take place in exceptional cases, based on the relevant legislation in force in the third country (FISA).
6. SECURITY OF PERSONAL DATA PROCESSING
In connection with the security of personal data, the Controller has adopted relevant internal documentation specifying the appropriate security measures taken by the Controller to secure your personal data (e.g. ESET Protect Advanced security software package, etc.).
The security measures adopted comply with information security standards. At the same time, we also take measures to ensure that personal data is secured at the organisational and personnel level, for which we have adopted internal processes and procedures.
7. WHAT ARE YOUR RIGHTS IN RELATION TO THE PROCESSING OF PERSONAL DATA?
In connection with the processing of your personal data, you have the following rights as a data subject:
RIGHT OF ACCESS:
As a data subject, you have the right to obtain confirmation from the Controller as to whether your personal data is being processed and, if so, you have the right to access this personal data and information in accordance with Article 15 of the Regulation. The Controller will provide you with a copy of the personal data being processed. If you submit your request electronically, the Controller will provide you with the information in a commonly used electronic form, unless you request otherwise.
RIGHT TO RECTIFICATION:
The Controller has taken appropriate measures to ensure the accuracy, completeness and timeliness of your personal data. As a data subject, you have the right to have the Controller rectify your inaccurate personal data or complete your incomplete personal data without undue delay.
RIGHT TO OBJECT:
You have the right to object to the processing of personal data, for example, if the Controller processes your personal data on the basis of a legitimate interest or while processing that involves profiling. If you object to such processing of personal data, the Controller will no longer process your personal data unless it can demonstrate compelling legitimate grounds for further processing of your personal data.
RIGHT TO ERASURE (RIGHT TO BE FORGOTTEN):
You also have the right to obtain from the Controller the erasure of your personal data without undue delay if certain conditions are met, for example if the personal data are no longer necessary for the purposes for which the Controller obtained or processed them. However, this right must be assessed on a case-by-case basis, as there may be situations where other circumstances prevent the Controller from erasing personal data (e.g. the Controller's legal obligation). This means that in such cases, the Controller will not be able to comply with your request to erase your personal data.
RIGHT TO DATA PORTABILITY:
Under certain circumstances, you have the right to transfer your personal data to another Controller of your choice. However, the right to portability only applies to personal data that the Controller processes on the basis of your consent, on the basis of a contract to which you are a party, or where the Controller processes personal data by automated means.
RIGHT TO WITHDRAW CONSENT:
If the Controller processes your personal data on the basis of your consent, you have the right to withdraw your consent at any time in the same manner as you gave it. Withdrawal of consent does not affect the lawfulness of processing carried out before consent was withdrawn.
RIGHT TO RESTRICT PROCESSING:
You also have the right to have the Controller restrict the processing of your personal data. This will be the case, for example, if you contest the accuracy of the personal data or if the processing is unlawful and you request the restriction of processing, or if the Controller no longer needs your personal data for the purposes of processing, but you need it to prove, exercise or defend legal claims. The Controller will restrict the processing of your personal data if you request it.
RIGHT TO LODGE A COMPLAINT OR SUGGESTION:
If you feel that your personal data is being processed in violation of applicable law, you may lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, with its registered office at Námestie 1.mája 18 (Park One Building), 811 06 Bratislava; website: dataprotection.gov.sk, tel. number: 02 3231 3214; e-mail: statny.dozor@pdp.gov.sk
You may exercise your rights listed above by contacting the Controller at the contact addresses listed at the beginning of this document. The Controller will respond to your request to exercise your rights free of charge. In the event of repeated, unjustified or disproportionate requests to exercise your rights, the Controller is entitled to charge a reasonable fee for providing the information. The Controller will provide you with a response within one month of the date on which you exercised your rights. In certain cases, the Controller is entitled to extend this period, in the event of a high number and complexity of requests from data subjects, but by no more than 2 months. The Controller will always inform you of any extension of the period.
8. COOKIE POLICY
CONSENT:
This website uses cookies.
This website uses cookies to ensure its proper functioning and to improve the user experience of the website. Cookies are small text files that may in some cases be stored on your device when you visit the website and allow to recognise your device when you visit again. The use of some cookies is necessary for the technical functioning of the website, while other cookies are used only with your consent.
DETAILS:
The website Controller only uses necessary (functional) cookies, which help to create a usable website by enabling basic functions such as page navigation and access to protected areas of the website. The website cannot function properly without these cookies. These files are short-term session cookies, we do not provide the information obtained by them to third parties, and the Controller does not need to obtain consent to use them.
ABOUT COOKIES:
Cookies are small text files that can be used by a website to improve the user's experience when visiting the website. They serve to ensure the functionality of certain elements of the website or, for example, to enable the website to better record website traffic or personalise advertisements.
The Controller processing cookies is PPCD s. r. o., with its registered office at Trieda KVP 1C, Košice - mestská časť Sídlisko KVP 040 23, IČO: 57 112 177, a company registered in the Commercial Register of the Municipal Court in Košice, section: Sro, insert no. 63023/V (hereinafter referred to as the "Controller").
This website uses various types of cookies. Some of them may also be placed on your device through third-party tools used by our website.
The applicable legal regulations allow us, as the Controller, to store the necessary types of cookie files on your device without your consent. Other types of cookie files (e.g. analytical) may only be stored on your device if you give us your consent to use them. However, the Controller does not currently use such cookies, and if anything changes, it will inform you of this change in an appropriate and timely manner. You can change or withdraw your consent to the current settings for the use of cookies at any time on our website.
9. VALIDITY
This Policy is valid and effective from 22 January 2026. Given that the information on the processing of personal data contained in this Policy may need to be updated in the future, the Controller is entitled to update this Policy at any time. In such a case, however, the Controller will inform you in an appropriate manner.