Who is this document intended for? This document sets out the principles of data protection at the joint stock company Zberné suroviny Žilina a.s., Kragujevská 3, Žilina 010 01, registered in the Business Register of the District Court Žilina, Insert number: 10917/L, Company Registration Number: 50 634 518 (hereinafter referred to as "ZSZA" or the "Controller"), in particular the rules for the acquisition, collection, storage, dissemination, storage, and security of personal data.
You may be data subject if your relationship to the Controller is:
The Controller has a designated person for personal data protection. Enquiries, comments and requests regarding this document and the information contained therein shall be received by the designated person by email at firstname.lastname@example.org.
Key terms in this document Let us first introduce to you the key terms contained in this document to aid your comprehension.
Data subject – natural person to whom the personal data is related. Cookies – small data files that are stored in a special browser box on the user's computer and are required for some website functions, such as filling out forms, setting the language; their use can be disabled in most Internet browsers. Information system – an organised set of personal data that can be accessed according to specified criteria, e.g. human resource management, accounting, customer database, website, etc. GDPR Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of personal data with regard to the processing of personal data and on the free movement of such data, which repeals Directive 95/46/EC (General Data Protection Regulation). Special categories of personal data – sensitive personal data of specific nature, such as health data or biometric data enabling the identification of a person. Personal data – any information relating to an identified or identifiable natural person, such as name, surname, date of birth, social security number, telephone number, email address, IP address, signature, image, conduct on the Internet, etc. Legitimate interest – the interest of the controller or another entity, which results in the need to process personal data, provided it prevails over the interests of the person concerned, e.g., protection of the controller's property using camera systems. Controller – natural or legal person that determines the purpose and means of personal data processing; the controller may assign the processing to a processor. Recipient – natural person, legal person, public authority or other entity to whom personal data is provided (except for supervisory and control bodies). Profiling – any automatic processing of personal data that is used to examine specific personal aspects of a natural person, e.g. conduct on the Internet and remarketing. Personal data processing – an activity that the controller or intermediary performs with personal data, such as collecting, viewing, storing, copying, etc. Processor – a natural or legal person that processes personal data for and on behalf of the controller. Purpose – the reason why the controller processes personal data. Personal Data Protection Act – Act No 18/2018 Coll. on Personal Data Protection and on the amendment of certain Acts.
What are the rights of data subjects? ZSZA emphasises the respect of your rights. As a data subject, you have the following rights:
Right to information You have the right to information about your personal data processing. For this purpose, appropriate measures are taken to ensure that the information is properly provided to you. The Controller fulfils the information responsibility via this document that shall be permanently published at www.zsza.sk.
Right to withdraw the consent granted If you have given us your consent to process your personal data, you may withdraw it at any time. Withdrawal of consent does not affect the legality of processing based on consent prior to its withdrawal. Consent is granted e. g. when posting photos.
Right of access to data Upon request, the Controller shall issue a confirmation of the processing of your personal data, as well as information about the purposes of its processing, about the categories of personal data processed, the categories of recipients, the period of data storage, the source of the personal data unless the personal data were obtained directly from you, and about your other rights you may exercise. At your request, ZSZA shall also provide you with a copy of your personal data, which it processes, free of charge. We shall charge a reasonable administrative fee for any additional copies. We will inform you about the fee in advance.
Right to rectification You have the right for your correct and up-to-date data to be processed. ZSZA updates the data at your request, or after verifying the data as a part of communication with you.
Right to erasure (“right to be forgotten”) Under certain terms, you have the right to have your personal data erased, particularly if the personal data are no longer required for the purposes for which they were obtained or otherwise processed; if you have withdrawn your consent on the basis of which the processing is carried out; if you object to a legitimate interest in data processing by ZSZA, or if personal data was processed illegally. Upon consideration of the legal terms, we shall comply with your request to erase your personal data, or we shall inform you why we cannot delete the personal data.
Right to restriction of processing Under certain terms, you have the right to limit the processing of your personal data by ZSZA, particularly if you challenge the accuracy of personal data during the period allowing ZSZA to verify the accuracy of personal data; if the personal data processing is illegal and you object to the erasure of personal data and request a restriction of their processing instead; if ZSZA no longer requires the data for processing purposes, but you required them to establish, exercise or defend legal claims; if you objected to the legitimate interests of ZSZA, ZSZA shall limit its processing until the legitimate interests are substantiated. After review of the legal terms, we shall comply with your request to limit the personal data processing, or we shall inform you why we cannot comply with the request.
Right to data portability The right to transmit personal data to another controller shall be exercised by ZSZA exclusively at your request, in a structured, commonly used and machine-readable format, if the processing of personal data is based on your consent or on the fulfilment of a contract with ZSZA, and if such processing is carried out by automated means that enable such transmission.
The right to object Under certain terms, you have the right to object to the processing of your personal data carried out on the basis of the legitimate interest of ZSZA. ZSZA shall not further process the personal data, unless it demonstrates, in a specific case, the required legitimate reasons for the processing.
Automatic individual decision-making, including profiling ZSZA does not perform automated individual decision-making or profiling.
Right to an effective judicial remedy As data subject, you have the right to a judicial remedy if you believe that your rights have been violated as a result of personal data processing in violation of the GDPR Regulation or the Personal Data Protection Act. You may file a motion to initiate proceedings at the relevant court.
Right to lodge a plea or complaint with the Office for Personal Data Protection You have the right to contact the supervisory authority at any time with a plea or complaint regarding personal data processing, namely the Office for Personal Data Protection of the Slovak Republic, with headquarters at Hraničná 12, 820 07 Bratislava 27, Slovak Republic, Company Identification Number: 36 064 220, phone: +421/2/3231 3220, website: https://dataprotection.gov.sk/uoou/.
How may data subjects exercise their rights with the ZSZA? You may exercise your rights in writing:
by post to the address of the Controller: Zberné suroviny Žilina a.s., Kragujevská 3, Žilina 010 01,
Application for Exercise of the Rights of Data Subjects is available HERE.
We shall lodge and administer each request without undue delay, within one month at the latest. Within this period, we shall keep you informed you about the measures we will have taken based on your application. The above deadline may be extended, if necessary, by an additional period of two months, taking into account the complexity of the applications and their number. We shall inform you about the extension of the deadline within one month of the submission of the application, together with the reasoning for missing the deadline.
Notification of the method of processing the application shall be delivered in the same manner as the application was submitted, unless you request a different method. If the notification contains personal data of a specific category, we shall send the notification exclusively by post to our own hands.
We process your applications free of charge. Nonetheless, in the event the application is evidently unfounded or repeated, in the connection with the processing we may:
charge a reasonable fee taking into account administrative cost;
deny further action.
How are personal data protected at ZSZA? ZSZA consistently ensures personal data protection. We have therefore adopted appropriate technical, organisational and security measures taking into account imminent risk, the nature of the processing, cutting edge knowledge and the cost of adopting the measures.
ZSZA protects your personal data against misuse by appropriate and available means. In doing so, we primarily store personal data on the venue, in places, settings or systems to which access is limited to, pre-determined for and continuously controlled by a group of persons.
ZSZA carries out an annual review of the procedures for uploading and processing personal data. We make a brief record of the review, the so-called review report. If some procedures prove obsolete, redundant or fail the review, we apply an instant remedy.
ZSZA instantly solves every security incident related to personal data. If it is likely that the incident may entail a high risk for your rights and liberties, we shall always inform you about it and about the remedial measures we have applied. Each incident is more likely to be recorded. The ZSZA reports each serious incident to the Office for Personal Data Protection of the Slovak Republic.