We would like to inform you that all personal data are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – the ‘GDPR’)
STATON, s. r. o. complies with applicable privacy laws and in accordance with the GDPR provides you with the following information:
Who processes your personal information?
The Controller that processes your personal information is STATON, s. r. o. through the registered office at Sadová 1148, postal code 038 53 Turany, Business ID: 36379221, Tax ID: 2020119640, VAT reg. no.: SK2020119640, (hereinafter referred to as “STATON, s. r. o. or the ‘Controller’).
What personal data do we process?
STATON, s. r. o. processes your personal data to the following extent: name, surname, phone number, e-mail address, IP address. . In addition to the above data, and in the case of natural and legal persons – entrepreneurs, we also process the company name, Business ID, Tax ID and VAT reg. no. if they are assigned to it.
On what legal basis do we process your personal information?
STATON, s. r. o. processes your personal data on the legal basis – consent, your legitimate interest, and the fulfillment of the statutory obligation. In the following section, we state on which legal basis we process your personal data for the specific purpose of the processing.
What is the purpose of processing your personal information?
We process your personal data for the following purposes:
a) the purpose of processing is the management and registration of business communication, the legal basis is a legitimate interest according to Article 6 (1) f) of the GDPR, a legitimate interest is to obtain all relevant information necessary to ensure the management and registration of business communication,
b) the purpose of personal data processing is managing bookkeeping and business agenda, the legal basis of processing is Article 6 1) c) of the GDPR – a statutory obligation, resulting from special regulations such as Act No. 431/2002 Coll. on Accounting Act No. 595/2003 Coll. on Income Tax, Act No. 222/2004 Coll. on Value Added Tax and other generally binding legislation. The provision of personal data is necessary for the purposes of specific regulations,
c) the purpose of processing is sending marketing communication (newsletters) and remarketing, the legal basis is a legitimate interest according to Article 6 1 (f) of the GDPR; the legitimate interest is to provide the necessary information and services to the persons concerned who have requested from STATON, s. r. o. prior to entering into a contractual relationship, the provision of the necessary information and the sending of the offer of goods or services,
d) the purpose of processing is the records management, the legal basis for the abovementioned purposes is Art. 6 (1) (c) of the GDPR (statutory obligation under Act No. 395/2002 Coll. on Archives and Registries and on the amendments of certain acts, Act No. 305/2013 Coll. on the Electronic Form of Governance Conducted by Public Authorities and on amendments and supplements to other acts (e-Government Act),
e) the purpose of the processing is the administration of any assets or other claims, their application and enforcement in judicial, extrajudicial or other proceedings, the legal basis is a legitimate interest according to Article 6 (1) (f) of the GDPR; the legitimate interest is to provide the information necessary to claim any assets or other claims.
What is the retention of your data?
Your personal data processed by the Controller on your consent will be retained until your consent is withdrawn. Your personal data processed by the Controller on the basis of a legitimate interest will be retained until the reason for their processing ceases. Your personal data processed by the Controller is kept for 5 years from the provision of the services. Your personal data processed by the Controller pursuant to the law shall be kept for at least 10 years in accordance with generally binding legal regulations.
What are your rights?
The GDPR grants the following rights:
(a) the right to require from the Controller access to personal data relating to you, Article 15 of the GDPR,
(b) the right to rectify personal data, Article 16 of the GDPR,
c) the right of cancellation (the right to forfeit), Article 17 of the GDPR (you cannot claim this right if we process your personal data on a legal basis – fulfillment of the statutory obligation),
d) the right to limit processing, Article 18 of the GDPR,
e) the right to data portability, Article 20 of the GDPR (you cannot claim this right if your personal data are processed on a legal basis – fulfillment of a statutory obligation or a legitimate interest);
f) the right to object, Article 21 of the GDPR (you cannot claim this right if we process your personal data on a legal basis – fulfillment of a statutory obligation, fulfillment of the contract or your consent);
g) the right to withdraw consent at any time, Article 7 (3) and 7(13) of GDPR, (if we process your personal data on a legal basis – consent),
h) the right to submit a complaint to the supervisory authority, Article 13 (2) of the GDPR.
The aforementioned rights can be claimed by STATON, s. r. o. by sending the application to the e-mail address email@example.com
The supervisory authority to which you can exercise your right to file a complaint is:
Office for Personal Data Protection of the Slovak Republic
820 07 Bratislava 27
Phone: +421 2 32 31 32 14
Who are the recipients of your personal information?
The recipients of your personal data include: companies providing management and support for information technologies, the company on the servers of which personal data are stored, companies dealing with online price comparison, marketing communications or remarketing providers, sales promoters, advertisers in the catalog of the Controller, bidders, telecommunication service providers, external auditors, external accountant, auditor, lawyer, public authorities to whom personal data are provided by law. Unless otherwise specified in the law, your personal information is provided to recipients on the basis of a written agreement or an addendum to an existing agreement between the Controller and the recipient.
Cross-border data transfer
The operator does not transfer your personal data to a third country or to an international organization. Your personal data is processed exclusively in the EU and the EEA.
Existence of automated decision making
A Controller does not make a decision that is based solely on automated processing, including profiling, and which has legal effects that concern you as a person or affect you significantly. (Article 22 of the GDPR).
Information regarding the Controller’s website.
Rights and obligations not governed by these Terms and Conditions are governed by GDPR.
In order to comply these Terms with the Conditions of applicable privacy laws, the Controller reserves the right to modify, supplement, or replace these Terms and Conditions at any time with a new Terms and Conditions.
These Terms apply from 25 May 2018.