Privacy policy
1. IDENTIFICATION OF CONTROLLER AND GENERAL INFORMATION
This privacy policy (hereinafter as “Privacy policy“) and information on processing of personal data of data subjects regulate conditions for personal data processing by means of websites https://www.ledco.sk (hereinafter together as “websites”) and profile of a controller on the social network Facebook with name “LEDCO s.r.o.”.
The controller when processing your personal data is the company LEDCO s.r.o., with its registered office at T. Tekela 6, 917 01 Trnava, company number: 45 502 030, registered with the commercial register of the District Court Trnava, section: Sro, insert no. 25483/T (hereinafter as “Controller“ od “we” in a respective grammatic form).
Information on the personal data processing which occurs outside websites or profiles of the Controller on social networks are contained in the respective internal regulations and if necessary, the Controller will provide you with it.
The Controller is hereby (via this Privacy policy) informing you why your personal data are processed, how they are processed, for how long they are processed, what your rights regarding the processing of your personal data are and other relevant information on the processing of your personal data. Via this Privacy policy, the Controller is fulfilling his information obligation to all data subjects, whether the personal data are obtained directly from you as data subjects or from other source.
The Controller processes your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter as “Regulation“), with Act No. 502 of 23 May 2018 on supplementary provisions to the regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the Data Protection Act) (hereinafter as “Act“) and other legislation in relation to personal data protection (hereinafter as “Personal data protection legislation“).
In matters related to personal data processing and protection, you may contact the Controller at the address LEDCO s.r.o., T. Tekela 6, 917 01 Trnava, Slovak Republic or via e-mail to e-mail address dpo@ledco.sk.
2. CATEGORIES OF PERSONAL DATA
The Controller processes only such personal data which are necessary for the processing operation (purpose of the processing), always in accordance with the principle of minimisation, so that the Controller can process personal data for which you have consented to or for the purposes of legitimate interests pursued by the Controller. Therefore, the Controller does not process those categories of your personal data, which are not necessary for the specific purpose.
The Controller processes your personal data in the range of ordinary personal data. Particular categories of your personal data, which are processed by the Controller are specified below, in the table of purposes.
3. PURPOSES AND LEGAL BASES FOR PROCESSING
The Controller processes the personal data solely for the reasonable purposes, during limited period and by using the maximum possible level of security measures. The Controller processes your personal data only when relevant legal basis for the processing exists (in accordance with the principle of lawfulness).
You can find specific purposes, for which the Controller processes your personal data, in the table below.
| Purpose of the processing | Legal basis | Personal data or categories of personal data | Retention period |
|---|---|---|---|
| Publishing of the personal data of the clients together with the references about the services provided by the Controller on the websites | Art. 6 (1) letter a) of the Regulation – consent of the data subject | Name, surname, occupation, relation with organisation, place of realisation | 3 years following the day of granting the consent or until its withdrawal, depends on which of the conditions stated above occurs earlier |
| Publishing of the personal and contact data of the cooperating persons on the ledco.sk website | Art. 6 (1) letter a) of the Regulation – consent of the data subject | Name, surname, title, work position / function within the company, email, tel. no. | 5 years following the day of granting the consent or until its withdrawal, depends on which of the conditions stated above occurs earlier |
| Providing a response to the messages and handling with inquiries / requests from the messages delivered via contact form on the website or via profiles of the Controller on social networks | Art. 6 (1) letter f) of the Regulation – legitimate interest of the Controller, which lays in the interest of the Controller on responding to the messages in order to deal with the messages and inquiries for proper business communication with customers and quality of the provided services | Name, surname, e-mail address, tel. no., other personal data stated in the message | 3 months following the receipt of the request or until the handling with the request (fulfilment of the purpose), depends on which of the conditions stated above occurs earlier |
| Providing the customers with current offers | Art. 6 (1) letter f) of the Regulation – legitimate interest of the Controller in informing customers about new offers of the Controller | e-mail address | 3 years from the conclusion of the contract |
| Sending newsletters | Art. 6 (1) letter a) of the Regulation – consent of the data subject | e-mail address | 3 years following the day of granting the consent or until its withdrawal, depends on which of the conditions stated above occurs earlier |
| Handling with the rights exercised by data subjects | Art. 6 (1) letter c) of the Regulation – compliance with a legal obligation | Ordinary personal data, which are part of the request | Until handling with the rights exercised |
| Keeping records of the executed rights of data subjects | Art. 6 (1) letter f) of the Regulation – legitimate interest of the Controller which lays in keeping records of the rights exercised by the data subjects for proving fulfilment of the obligations arising out of legal regulations | Ordinary personal data, which are part of the request | 5 years following the day of exercising the rights |
| Measuring website traffic and advertisement targeting (via analytical and retargeting cookies) | Art. 6 (1) letter a) of the Regulation – consent of the data subject | IP address and other data about activity of the visitor on the website and on preferences of the visitor of the website | Depending on the type of cookie used, maximum 2 years following the visit of the website or until the withdrawal of the consent, depends on which of the conditions stated above occurs earlier |
In relation to securing the personal data, the Controller has adopted internal documentation, in which adequate security measures are further specified. Security measures have been adopted in order to secure the processing of your personal data.
4. SOURCE OF THE PERSONAL DATA
The Controller obtains your personal data directly from you as a data subject, in case you provide the Controller with your personal data (when you subscribe to the newsletter, when you contact us via message sent through contact form on the websites, social network or when you visit one of the websites of the Controller).
If you do not provide the Controller with your personal data in some cases, the Controller would not be able to respond to your message or to provide you with newsletter.
5. TO WHOM THE CONTROLLER PROVIDES YOUR PERSONAL DATA?
Your personal data may be in some cases provided to public authorities, which are entitled to process your personal data, e.g. to courts, law enforcement authorities or other inspection authorities.
The Controller provides your personal data also to its processors, i.e. external subjects which process your personal data on behalf of the Controller. Processors process personal data based on the agreement with the Controller, in which they committed to adopt adequate technical and organisational measures in order to secure the processing of your personal data. The Controller currently uses as a processor company providing hosting (including mailhosting) services and cooperating business agents.
Among the recipients of your personal data belong also companies Google, LLC and Facebook, Inc., which provide analytical and marketing services via cookies being saved to your device by the websites.
Recipient of your personal data is the company Facebook, Inc. as a provider of social network Facebook also in case you contact the controller by means of a message on social network or in case you visit the website of the Controller
6. TRANSFER TO THIRD COUNTRIES AND INTERNATIONAL ORGANISATIONS
When using analytical or marketing cookies on the websites of the Controller, a transfer of your personal data to the USA, to companies Google, LLC and Facebook, Inc. may take place. Transfer of your personal data is secured by the certification of these companies in EU – US Privacy Shield programme, which guarantees the adequate level of protection of your personal data in accordance with Personal data protection legislation.
Your personal data are transferred to the USA, to company Facebook, Inc. also in case you contact the Controller via message on the social network or when you share website or its content on the social network. Transfer of your personal data is secured by certification of Facebook Inc in the EU-US Privacy Shield Programme also in such case.
7. HOW LONG DOES THE CONTROLLER STORE YOUR PERSONAL DATA?
The Controller always stores the personal data in accordance with the principle of storage limitation. It means that it processes the personal data solely for a period during which it is necessary to store the personal data. After such period elapses, the Controller erases the personal data, if not otherwise regulated by law.
The Controller set the retention period in accordance with the respective legislation as stated above, in the table of purposes.
8. DOES THE CONTROLLER USE PROFILING AND AUTOMATED DECISION-MAKING?
The Controller does not process your personal data by profiling or any form of automated individual decision-making, by which evaluation of your personal aspects would take place.
9. WHAT ARE OUR RIGHTS IN RELATION TO PERSONAL DATA PROCESSING?
As the data subject, your rights regarding the processing of your personal data are as follows:
| Your right | Description |
|---|---|
| Right of access | You have the right to obtain a copy of the personal data which we hold about you, as well as the information on how we use your personal data. In most cases, your personal data will be provided to you by electronic means of communication, unless otherwise requested by you. |
| Right to rectification | We take reasonable measures in order to ensure that the data which we hold about you are accurate, complete and up-to-date. In case the personal data we hold are inaccurate, incomplete or outdated, we will modify, update or complete such personal data on basis of your request. |
| Right to erasure | Under certain circumstances, you have the right to ask us to erase your personal data, for example, if the personal data we have obtained about you, are no longer necessary to fulfil the original purpose of processing or if you withdraw your consent to the personal data processing. We assess exercising your right to erasure (right to be forgotten) on the basis of individual circumstances of each particular case of processing. However, your right has to be assessed in the light of all relevant circumstances. For example, there may be certain circumstances or cases arising for us from applicable legislation when your personal data cannot be erased. In such case, we will not be able to accept your request. |
| Right to restriction of processing | You have also the right to ask us not to process your personal data. If you believe that the personal data we process about you are not accurate, that the processing is unlawful and you request the restriction of their processing, that we no longer need your personal data, but they are required by you as the Data subject for the exercise of legal claims or if you believe that we as the controller are not entitled to further process your personal data, we will not further process your personal data on the basis of your request. |
| Right to data portability | Under certain circumstances, you have right to transmit the personal data to another subject according to your choice. However, the right to portability applies only to personal data that we process under the contract to which you are one of the parties or on the basis of the consent which you have granted us. |
| RIGHT TO OBJECT | You have the right to object to processing of your personal data, for example if we process your personal data based on the legitimate interest or to processing in which profiling occurs. If you object to such personal data processing, we will not further process your personal data unless we demonstrate compelling legitimate grounds for such processing. |
| RIGHT TO WITHDRAW CONSENT | If we process your personal data on the basis of your consent, you have the right to withdraw such consent for further processing of your personal data. You may withdraw your consent at any time in writing, by e-mail or orally (in person). |
| Right to lodge a complaint or request | If you believe that we breach Personal data protection legislation when processing your personal data or that we have not handled your request in accordance with such legislation, you can lodge a complaint with the supervisory authority which is Datatilsynet – Danish Data Protection Agency, Borgergade 28,5, DK – 1300 Copenhagen K, Denmark, webpage: www.datatilsynet.dk, telephone number: +45 33 19 32 00; E-mail: dt@datatilsynet.dk. |
10. HOW CAN YOU OBTAIN FURTHER INFORMATION AND EXERCISE YOUR RIGHTS?
You may exercise your rights stated in the previous point of this Privacy policy:
- in writing, by sending request to the address LEDCO s.r.o., T. Tekela 6, 917 01 Trnava, Slovak Republic or
- electronically, via e-mail address dpo@ledco.sk.
We will provide you with a response to a request regarding exercise of your rights within one month from the day of exercise of your rights. In certain cases, we are entitled to prolong the period for providing the response, i.e. in case of high number and complexity of the requests submitted by the data subjects, maximum by 2 months. We will always inform you in advance about prolongation of the period. Response to a request regarding exercise of your rights will be provided to you free-of-charge. In case of repeated, unreasonable or disproportionate request to exercise your rights, we are entitled to charge a reasonable fee for providing the information.
11. VALIDITY
This Privacy policy is valid and effective as of 30 April 2020.
As it is possible that an update of the information on personal data processing contained in this Privacy policy may be necessary in the future, the Controller is entitled to update this Privacy policy at any time. However in such case, the Controller will inform you about it in an adequate manner, at least 14 days in advance.