Personal data protection
In accordance with Article 13 and the relevant recitals of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”) and Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments and Supplements to Certain Acts (hereinafter referred to as the “Personal Data Protection Act”).
1. Controller
| Company name: | E.I.C.Engineering inspection company s.r.o. |
| Registered office: | Volgogradská 8921/13, 080 01 Prešov |
| Company ID (IČO) | 36670901 |
| Commercial register entry: | OS v Prešove, oddiel Sro, vložka č. 17731/P |
2. Processor
In connection with the collection and processing of personal data, the controller may use processors.
If a processor engages third parties to collect and/or process personal data (or provides personal data to other controllers in this regard), it does so only based on a written contract with the processor and only after ensuring that the processor meets all technical, organizational, and personnel security requirements regarding the collection and processing of personal data.
The controller does not use processors to process personal data of its clients.
3. Purpose of Personal Data Processing
The purposes of processing personal data in relation to the client include:
- Newsletter subscription – informing the client about new products/services or changes to products/services;
- Direct marketing – contacting the client or the client’s authorized representative by the controller (or by processors on behalf of the controller) for direct marketing of the controller’s products and services through written communication, electronic means, phone calls, and facsimile messages;
- Event participation purchase – the client’s interest in attending a paid event organized by the controller or a third party, where the controller ensures the preparation and execution of the event;
- Pre-contractual and contractual relationships – the client’s interest in the controller’s services, such as requesting a price quote, analysis, service order, or fulfilling contractual obligations.
4. List or Scope of Personal Data
The controller collects and processes personal data within the scope specified by the relevant legal regulations, in documents related to transactions concluded between the client and the controller, and in the scope in which such personal data is provided to the controller through documents, forms, letters, notifications, phone calls, or electronic communication between the controller and the client.
Upon achieving the purpose of processing personal data, the controller ensures the immediate disposal of personal data after the expiration of the retention periods under Act No. 395/2002 on Archives and Registries.
5. Legal Basis for Personal Data Processing
The controller collects and processes personal data in accordance with Act No. 18/2018 Coll., primarily based on the data subject’s consent under § 14 of Act No. 18/2018 Coll.
The client provides personal data to the controller voluntarily, specifically:
Based on consent under the relevant contract concluded with the controller regarding the respective transaction;
By granting consent in the form of an audio, visual, or audiovisual recording;
By making a sworn declaration that they have provided personal data to the controller’s information system;
Through another demonstrable and verifiable method.
6. Disclosure, Provision, and Cross-Border Transfer of Personal Data
The controller does not provide or disclose personal data to third parties, except:
- To third parties who have a legal entitlement to such data under applicable laws;
- If provision or disclosure is contractually agreed upon between the client and the controller;
- If provision or disclosure is necessary for fulfilling a contract concluded between the controller and the client;
- To third parties providing web services for the controller, such as cloud solutions and accounts (e.g., Google Drive) and online web tools (e.g., Google Adwords, Google Analytics, Google Webmaster Tools).
- The controller does not publish the obtained personal data of data subjects (unless with prior consent).
7. Additional Conditions for Personal Data Processing and Data Subject Rights
Upon request, the data subject has the right to access their personal data, request correction, deletion, or restriction of processing, object to the processing of their personal data for direct marketing purposes (including profiling related to such marketing), as well as the right to data portability and the right to file a complaint with the Slovak Data Protection Authority.
As the controller of the information system, we have taken all reasonable personnel, organizational, and technical measures to ensure maximum protection of your personal data and minimize the risk of its misuse, leakage, or other unauthorized processing.
In accordance with our obligation under Article 34 of the Regulation, we notify you, as data subjects, that in the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will inform you of this without undue delay.
If you have any questions regarding the protection of your personal data, including exercising your rights under the Regulation and the Personal Data Protection Act, please contact us at our email address: eic@eic.sk.