Operator of the Information system - Provider: HEXEMPO, s.r.o. with its registered seat at M.R.Štefánika 873/204, 093 01 Vranov nad Topľou , Slovak Republic, Id. No.: 47 835 672, registered within the Business Register of the District Court Prešov, Section: Sro, Insert No. 30700/P
Data Subject - A User: natural person, whose Personal Data are regarded to, processed in connection with providing of the Services
Definition of Personal Data
Personal data shall mean any information relating to an identified or identifiable natural person, while such person is one who can be identified, directly or indirectly, in particular by reference to an identifier of general application or by reference to one or more characteristics or factors specific to his/her physical, physiological, psychic, mental, economic, cultural or social identity.
Consent with processing of Personal Data
1. A User - natural person provides his/her personal data voluntarily and is fully aware that his/her personal data may be made available to third parties in connection with the provision of Services.
2. A User grants consent with processing of his/her personal data by the Provider within the extent of completed registration form and/or order and/or Service offer in order to be provided with the Services. The consent shall be granted for the term of the Contract. Within the granted consent the Provider is also entitled to publish personal data and to personal data cross-border flow.
3. The consent with personal data processing is granted for the purpose to be provided with the Services in accordance with the Contract as well as marketing promotion of the Provider.
4. A User is entitled at any time to recall in writing a consent with processing of personal data.
Rights and Obligations of the User
The data subject shall be entitled to request upon a written application from the Provider
- confirmation whether his/her personal data are or are not being processed,
- information about the state of processing of his/her personal data in the filing system in a generally intelligible form and in the extent regarding identification data of the Provider, purpose of the personal data processing, list of personal data, and necessary additional information,
- exact information, in a generally intelligible form, about the source from which the Provider obtained his/her personal data for their processing,
- list of his/her personal data, in a generally intelligible form, which constitute the subject of the processing,
- rectification or erasure of his/her inaccurate, incomplete or not updated personal data, which constitute the subject of the processing,
- erasure of his/her personal data, if the purpose of their processing was fulfilled; if any official documents containing personal data constitute the subject of the processing, he may request their returning,
- erasure of his/her personal data which constitute the subject of processing if there was a violation in the law,
- blocking of his/her personal data due to the cancelation of the consent for personal data processing before its expiration if Provider processes personal data based on the consent of the data subject
The data subject shall be entitled to object to the Provider upon a written application, to the processing of his/her personal data, in respect of which he expects that they are or would be processed for the purposes of direct marketing without his consent and he shall be entitled to request for their erasure.
The Provider shall be obliged to satisfy the data subject’s request in writing and free of charge (unless stipulated by law otherwise) not later than in 30 days’ from the date of delivery of the request.
Rights and obligations of the Provider
The Provider shall be obliged mostly but not limited to:
- determine the purpose of personal data processing before commencement of the processing of personal data; the purpose of personal data processing has to be determined unambiguously and concretely and has to be in accordance with respective legal regulations,
- determine the conditions of the processing of personal data so that no harm comes to the data subject’s rights pursuant to law,
- obtain personal data solely for a defined or determined purpose; obtaining of personal data under the pretext of a different purpose or activity shall be inadmissible,
- ensure that only such personal data are processed, the extent and contents of which correspond with the purpose of their processing and are necessary for its achieving,
- ensure that personal data are processed and used solely in the manner adequate to the purpose for which they were collected; combining of personal data obtained for various purposes shall be inadmissible,
- process only accurate, complete and, where necessary, updated personal data in respect of the purpose of their processing; the Provider shall be obliged to block inaccurate and incomplete personal data and rectify or complete them without undue delay; inaccurate or incomplete personal data that cannot be rectified or completed in order to make them accurate and complete shall be clearly marked by the Provider and destroyed without undue delay,
- ensure that collected personal data are processed in the manner enabling identification of the data subjects only during a time period necessary for achieving the purpose of processing,
- destroy personal data whose purpose of processing terminated; personal data may be further processed also after the termination of the purpose of the processing only in the necessary extent for the historical research, scientific research or statistical purposes; in the course of personal data processing for the purposes pursuant to the first sentence, the Provider shall mark, anonymise them,
- process personal data in accordance with morality and act in a manner not contrary to law.
In connection with provision of Services the Provider will make every effort, which may be reasonably expected, to protect the rights and legitimate interests of the data subject with regard to the protection of personal data.
HEXEMPO s.r.o. - 30. july 2014.