pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)
Operator RUMAPEX s. r. o. considers compliance with the legal conditions for the processing of personal data of data subjects to be one of the priorities. All actions carried out at individual stages of the personal data processing process are carried out with maximum emphasis on the protection of the fundamental rights of data subjects, in particular the protection of personality and privacy and compliance with the principles of lawful processing of personal data.
RUMAPEX s. r. o. (hereinafter referred to as the "Controller") processes all personal data in accordance with applicable legislation, with particular emphasis on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) (hereinafter referred to as the "Regulation" or "GDPR") and Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Acts (hereinafter referred to as the "Act" or "Act No. 18/2018").
This document applies in particular to data subjects who are not employees of RUMAPEX s.r.o. The information contained in this document is information within the meaning of Article 13 of the Regulation.
DATA ABOUT THE CONTROLLER
Business Name: RUMAPEX s. r. o.
Headquarters: Kapitulská 454/12, 917 01 Trnava
Company ID: 51425041
Tax ID: 2120679616
The proper processing of personal data is supervised by an authorized person, contact details:
E-mail: martingalbavy@centrum.sk
Correspondence address: address of the company's registered office
This information is effective from 1.10.2024, and the operator is entitled to update it.
DEFINITIONS OF TERMS
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data of 27 April 2016.
Data subject – any person whose personal data is processed.
Personal data – any information relating to an identified natural person or an identifiable natural person.
Controller – is a natural or legal person who has determined the manner and defined the purpose of personal data processing.
PRINCIPLES OF PERSONAL DATA PROCESSING
Compliance with the principles of processing personal data of customers according to Article 5 of the Regulation.
- Lawfulness of processing – all processing must be lawful, so we have an appropriate legal basis.
- Minimization of the processing of the GT (necessity) – we process your personal data only to the extent necessary in relation to the purpose. We will always consider the scope of personal data processing.
- Minimization of the storage of personal data (disposal) – we store in a form that allows the identification of the DO for as long as it is necessary for the purposes. Your personal data is thoroughly disposed of after the purpose of processing has been fulfilled.
- Integrity and confidentiality (security) – the operator has taken technical, organizational and personnel measures against loss, destruction, damage to the OU.
WE COLLECT YOUR PERSONAL DATA
You provide us with your personal data most often:
- We receive primarily directly from you, for example from communicating with you via the contact form on our website.
- If you are in the position of our customer or interested in our goods or services.
WHAT IS THE PURPOSE OF PERSONAL DATA PROCESSING, THE LEGAL BASIS FOR THE PROCESSING ACTIVITY, FOR HOW LONG WE STORE YOUR PERSONAL DATA
The Controller processes your personal data in the following ways for the following purposes:
| Name of the processing operation | Purpose of personal data processing | Categories of personal data | Legal Title of Processing | Data storage period | Other beneficiaries |
| Economic – accounting agenda | is a method of recording economic activity by means of accounts | name, surname, address of residence, address of the place of business, identification number (ID number), VAT number, if the VAT payer. | obligation under the applicable legislation | 10 years | tax office, municipal and city offices, Slovak Post, other authorized entity |
| Records of business partners | Information about the company's business partners | Name, surname, e-mail, phone | legitimate interest of the controller of the person | stored in a form that allows the identification of the DO for as long as it is necessary for the purposes of the commercial transaction | contracting parties, partners in the implementation of project activities, state administration bodies, public authorities |
| Car rental | short-term rental of motor vehicles | Common personal data | Fulfilment of pre-contractual relations | 10 years after the end of the contractual relationship | accountants and tax advisors, legal advisers and lawyers, state and public authorities, insurance companies, the police in the event of theft |
| Renting a property | provision of real estate for temporary use | Common personal data | Fulfilment of pre-contractual relations | 10 years after the end of the contractual relationship | accountants and tax advisors, legal advisors and lawyers, state and public authorities, property managers, real estate agencies and agents, energy and other supply companies |
| GPS Monitoring | tracing the vehicle in case of theft | Location data | Fulfilment of pre-contractual relations | after the termination of the contractual relationship | law enforcement authorities in the event of a criminal offence, the tax office, the administrator of the GPS system |
| Records of claimed costs | is the application of costs incurred in the event of damage to the vehicle or real estate | Common personal data | Legal obligation of the controller | 5 years | Authorized body of the state, attorneys |
| Registry management | is to ensure the recording, creation, storage, protection of registry records, access to them and ensuring their disposal | Common personal data | Legal obligation of the controller | 10 years after the end of registration | Ministry of the Interior of the Slovak Republic, other authorized entity |
| Registration of the rights of data subjects | handling requests from natural persons aimed at exercising their rights | title, name, surname, address and other personal data to which the right of the data subject relates | Legal obligation of the controller | 5 years from the date of processing the application | state administration, public authorities and public administration bodies in accordance with the relevant legal regulations |
| Handling of complaints from data subjects | The purpose of processing is a submission by a natural or legal person seeking the protection of their rights or legally protected interests that they believe have been violated | ordinary personal data, other data necessary for the verification of the complaint | Legal obligation of the controller | 5 years after termination or termination of the obligation | state administration, public authorities and public administration bodies in accordance with the relevant legal regulations |
| Replying to requests addressed to the controller | receiving and handling the application through a message sent via the contact form on the website or via social networks | Clients | Fulfilment of pre-contractual relations | 3 months from the date of delivery of the application or until the purpose is fulfilled, whichever occurs first, | are not |
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES AND AUTOMATED INDIVIDUAL DECISION-MAKING
The transfer of personal data to a third country or to an international organization does not take place. Personal data will not be used for automated individual decision-making, including profiling.
DISCLOSURE OF PERSONAL DATA
Personal data will not be published.
- Confidentiality
- We would like to assure you that our employees and co-workers who will process your personal data are obliged to maintain the confidentiality of personal data. This secrecy continues even after the end of the contractual relations with us.
SECURITY OF PERSONAL DATA
In accordance with Articles 24 and 32 of the GDPR, we take appropriate technical and organisational measures to ensure a level of protection of personal data that is proportionate to the risk, taking into account the latest knowledge, the costs of carrying out the measures and the nature, scope, circumstances and purposes of the processing, as well as risks with varying likelihood of occurrence and severity for the rights and freedoms of natural persons. Such measures include, in particular, the protection of the confidentiality, integrity and availability of data by controlling physical access to, access, input, disclosure, accessibility and segregation of personal data. We have also put in place procedures to ensure the exercise of data subject rights, delete personal data, and ensure a response to a personal data breach. In addition, we already take data protection into account in the development and selection of hardware, software and processes in accordance with the principle of data protection by means of technological design and by means of data-protection-friendly presets (Art. 25 GDPR).
- COOKIES ON OUR WEBSITE
We are entitled to collect and otherwise process data about visitors and users of our website through tools used for automated data collection, in particular cookies, protocols and other commonly used tools for obtaining information through the website.
A cookie can be understood as a small amount of data that is sent as a file to your computer (tablet, smartphone) from the website you are currently visiting. A data set is stored on your computer and each time you visit the same website, the computer sends information to our server.
Most websites, including ours, use cookies. The purpose of cookies is to make it easier and more pleasant for you to use our website. This is because the cookie will allow the website to recognize whether you have visited it before and which section you were interested in. At the same time, these are cookies that allow you to save your user settings such as language recognition or remembering your login name. With the help of cookies, we store data that we do not associate with your person and we do not identify the customer through the data obtained. The use of cookies is not dangerous for you, cookies cannot transmit viruses or read data from the device's hard drive.
This procedure follows from Section 109(8) of Act No. 452/2021 Coll. on Electronic Communications.
The use of cookies and their permission in the web browser is at the discretion of each user of the website. You are free to delete cookies or set your internet browser in advance to either refuse to accept cookies or to notify you when a server is trying to send you a cookie. However, it may then happen that websites that depend on cookies do not work as you would like or that parts of the site are not available to you. We use persistent cookies to help us identify your device when you visit the Website again and thus enable us to provide services in accordance with your expectations.
How can I change my cookie settings?
You can accept or decline cookies – including those used to track websites – by selecting the appropriate settings for your browser. You can set your browser to notify you when you receive a new cookie, or block them altogether.
You can find more information on how to manage the cookie policy by the most used browsers:
RIGHTS OF DATA SUBJECTS UNDER THE REGULATION AND THE PERSONAL DATA PROTECTION ACT
We consider it important that you understand that the personal data we process is your data and that there are rights associated with its processing. In addition to the right to withdraw consent to the processing of personal data , you also have other rights arising from the Regulation and the Personal Data Protection Act, namely:
Right of access – you have the right to be provided with a copy of the personal data we hold about you, as well as information about how we use your personal data. In most cases, your personal data will be provided to you in written paper form, unless otherwise requested by you. If you have requested this information by electronic means, it will be provided to you electronically, if technically feasible.
Right to redress - we take reasonable measures to ensure that the information we hold about you is accurate, complete and up-to-date. If you believe that the information we hold is inaccurate, incomplete or out of date, please do not hesitate to ask us to correct, update or supplement this information.
Right to erasure - in certain circumstances, you have the right to ask us to erase your personal data, for example if the personal data we have collected about you is no longer necessary to fulfil the original purpose of the processing or if you withdraw your consent to the processing. However, your right must be assessed in the light of all relevant circumstances. For example, we may have certain legal and regulatory obligations, which means that we will not be able to comply with your request.
Right to restriction of processing - in certain circumstances, you are entitled to ask us to stop using your personal data. This is the case, for example, if you think that the personal data we hold about you may be inaccurate or if you think that we no longer need to use your personal data.
Right to data portability – in certain circumstances, you have the right to ask us to transfer the personal data you have provided to us to another third party of your choice. However, the right to portability only applies to personal data that we have obtained from you on the basis of your consent or on the basis of a contract to which you are a party.
Right to object – you have the right to object to data processing that is based on our legitimate legitimate interests (for example, we process personal data for network and infrastructure security purposes). If we do not have a compelling legitimate reason for the processing and you object, we will no longer process your personal data.
Rights related to automated decision-making - you have the right to object to automated decision-making, including profiling, which results in a legal or similar significant consequence for you. The controller does not usually use automated decision-making or profiling in the context of employment.
Right to withdraw consent - in most cases, we do not process your personal data on the basis of your consent. However, it may happen that we ask for your consent in specific cases. Where we do so, you have the right to withdraw your consent to the further use of your personal data. (e.g. photography)
Right to lodge a complaint – if you wish to lodge a complaint about the manner in which your personal data is processed, including the exercise of the above rights, you may contact our Data Protection Officer (contact details are provided above). We will properly review all your suggestions and complaints.
If you are not satisfied with our response, or you believe that we process your personal data unfairly or illegally, you can file a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, https://dataprotection.gov.sk, Hraničná 12, 820 07 Bratislava 27; E-mail: statny.dozor@pdp.gov.sk. However, we will be happy if you resolve your objections with us first.
- HOW TO EXERCISE YOUR RIGHTS
You always exercise your rights with the person who processes your personal data, i.e. with a specific controller. If the controller has a data protection officer, you can also address your request to that person. The request can be oral, written, electronic or submitted by other means (the General Data Protection Regulation does not prescribe a specific form). We recommend using written or electronic form.
Prepare identification data on the basis of which the operator will be able to identify you in its environment and thus provide you with data that relate to you.
We will respond to your request free of charge within 30 days. In the event of complexity or a large number of requests, we are entitled to extend this period by a further 60 days. If this happens, we will inform you about it as well as the reasons. In the event of a repeated request, we are entitled to charge a reasonable administrative fee to cover the costs associated with the provision of this service.
The right of the data subject to object to automated decision-making cannot be exercised, because the described processing activity does not involve automated decision-making.
The right of the data subject to request information from the controller about the source of the personal data is irrelevant, because the controller processes personal data obtained from the data subject.
- CONCLUSION
If you have any questions about personal data protection, you can contact us at any time via e-mail or by post at the controller's headquarters. In the event that you are exercising any of the rights of a data subject under the data protection legislation with us and it is not possible to verify the identity of the applicant from your request, or in the event that we have reasonable doubts regarding the identity of the person making the request, we reserve the right to ask that person to provide additional information necessary to confirm the identity of the person making the request.