Privacy – DE

PRINCIPLES OF PERSONAL DATA PROTECTION

INFORMATION PROVIDED BY THE CONTROLLER TO THE DATA SUBJECT WHEN OBTAINING PERSONAL DATA FROM THE DATA SUBJECT

prepared in accordance with Article 12 Regulation of the European Parliament and of the Council No. 2016/679 (GDPR)

Identification and contact details of the Controller:

CTR Multicenter Košice a.s. Štúrova 27, 040 01 Košice

ID: 31 718 132

company registered in the Commercial Register of the District Court of Košice I, section: Sa, insert No.: 1574/V

email: info@bck.sk

Phone No.: +421556804111

Purpose of the processing of personal data:

The Controller processes personal data that you have provided to the Controller by filling in the contact form for the purpose of marketing, business activities of the Controller, contacting the Data Subject back, statistical purposes, creating and sending offers of the Controller to the Data Subject.

Legal basis for the processing of personal data:

The consent of the data subject with the processing of personal data pursuant to Article 6 letter a) of the Regulation of the European Parliament and of the Council No. 2016/679 (GDPR).

Scope of personal data recipients:

By granting consent to the processing of personal data for the aforementioned purposes, you agree to the provision of your personal data to the suppliers of the Controller, stating that the Controller provides contact details of Data Subjects to IT service providers, including cloud storage or to marketing agencies for marketing and business purposes. When using cloud storage, these are always located within the EU. The Controller provides personal data to third parties, where the obligation to provide personal data is imposed on the Controller by a generally binding legal regulation. In the event that natural persons from supplier or service organizations come into contact with personal data, they are bound by confidentiality in accordance with Section 79 of Act No. 18/2018 Coll. on the Protection of Personal Data.

Third countries to which the transfer of personal data is assumed:

The Controller does nor transfer neither intends to transfer personal data to a third country or an international organization.

Retention period of personal data:

The Controller shall retain personal data for the time necessary to achieve the purposes set out above, but not more than 10 years from the date of their provision.

Withdrawing consent to the processing of personal data

You are entitled to withdraw the consent granted at any time by means of a contact form, by stating that you are withdrawing the consent granted to the processing of personal data into “Your question” field. Withdrawal of your consent to the processing of personal data will not affect the lawfulness of the processing of personal data based on the consent given before this withdrawal.

Information on the processing of personal data

The provision of personal data is a requirement necessary for the conclusion of the contract and the provision thereof is voluntary, you are not obliged to provide the personal data in question. If these personal data are not provided, it will have no consequences.

Automated decision-making

We hereby inform you that the personal data provided by you will not be used for decision-making on the basis of automated processing or profiling.

Information on the rights of the Data Subject:

  • The right to access personal data
    The Data Subject shall have the right to obtain confirmation from the Controller as to whether personal data concerning them are being processed. If the Controller processes such personal data, the Data Subject shall have the right to access such personal data and the information referred to in the paragraphs above.
  • The right to correct personal data
    The Data Subject has the right to have the Controller correct incorrect personal data concerning the Data Subject without undue delay. With regard to the purpose of the processing of personal data, the Data Subject has the right to supplement incomplete personal data.
  • The right to erase personal data

The Data Subject shall have the right to have the Controller erase personal data concerning the Data Subject without undue delay. The Controller is obliged to erase the personal data without undue delay, if the Data Subject has exercised their right to erasure, if:

a) the personal data are no longer required for the purpose for which they were obtained or otherwise processed;

b) the Data Subject withdraws their consent on the basis of which the processing of personal data is carried out and there is no other legal basis for the processing of personal data;

c) the Data Subject objects to the processing of personal data and there are no legitimate grounds for the processing of personal data;

d) the personal data are processed illegally.

The right to restrict the processing of personal data

The Data Subject has the right to have the Controller restrict the processing of the personal data if:

  1. the Data Subject objects to the accuracy of the personal data during a period allowing the Controller to verify the accuracy of the personal data;
  2. the processing of personal data is illegal and the Data Subject objects the erasure of the personal data and requests restrictions on their use instead;
  3. the Controller no longer needs personal data for the purpose of processing personal data, but the Data Subject does need them to exercise a legal claim, or
  4. the Data Subject objects to the processing of personal data, until it is verified whether legitimate reasons on the part of the Controller prevail over the legitimate reasons on the part of the Data Subject.

Right to portability of personal data

The Data Subject has the right to obtain personal data concerning them which they have provided to the Controller, in a structured, commonly used and machine-readable format, and has the right to transfer such personal data to another Controller, if technically possible.

The right to object to the processing of personal data

The Data Subject has the right to object to the processing of his or her personal data. In the case of the processing of personal data for marketing purposes, the Controller is obliged to stop processing the personal data of the Data Subject.

The right to file a complaint to the supervisory authority

The exercise of the above rights does not affect your right to file a complaint with the supervisory authority. You can exercise this right in particular if you believe that the Controller processes your personal data illegitimately or in violation of generally binding legal regulations. You can file a complaint against the processing of the personal data by the Controller at the Office for Personal Data Protection, at Hraničná street 12, 820 07 Bratislava.

The right to automated individual decision-making, including profiling

The Data Subject has the right not to be subject to a decision which is based exclusively on the automated processing of personal data, including profiling, and which has legal effects related to them or similarly significantly affecting them.

The Controller is obliged to notify the recipient of the correction of personal data, erasure of personal data or restrictions of the processing of personal data, if this does not prove impossible or does not require a disproportionate effort. The Controller shall inform the Data Subject of the recipients, if the Data Subject requests it.

In the event of a personal data breach, which is likely to lead to a high risk to the rights and freedoms of natural persons, the Controller shall, without undue delay, notify the Data Subject of the personal data breach.