Personal data protection

• Principles of personal data processing

The company AG FOIL EUROPE s.r.o. with its registered office in Kopčianska 3756/10, 851 01 Bratislava, ID 36 239 887 (hereinafter referred to as the “Controller”) within the meaning of the GDPR Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”) and in accordance with the appropriate state law has security measures in place, which are regularly updated. They define the scope and manner of security measures necessary to eliminate and minimize threats and risks affecting the information system in order to ensure:

• Availability, integrity an reliability of the management systems byt the most modern information technologies, 
• protect personal data from loss, damage, theft, modification, destruction and maintain their confidentiality,
• identify potential problems and sources of disruption and prevent them.

Contact to the responsible person (Data Protection Officer - DPO): dpo@iosec.eu  

• Principles of personal data protection 

Your personal data will be stored securely, in accordance with the data retention policy and only for the time necessary to fulfill the purpose of the processing. Only persons authorized by the controller to process personal data, who process them on the basis of the controller's instructions, have access to personal data. Your personal data will be backed up in accordance with the controller's retention rules. Personal data stored in backup repositories is used to prevent security incidents that could arise in particular from breaches of security or damage to the integrity of processed data. 

• Definitions

1. “Personal Data” means any information relating to an identified or identifiable natural person (hereinafter reffered to as ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. “Processing operation” means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 
3. 'Processing restriction' means the retention of personal data with the aim of limiting their processing in the future;
4. „profiling“ is any form of automated processing of personal data which consists in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular analyzing or anticipating aspects of the natural person concerned related to work performance, assets, health, personal preferences, interests, reliability , behavior, position or movement;
5. „information system“ is any organized set of personal data that is accessible according to specified criteria, whether the system is centralized, decentralized or distributed on a functional or geographical basis;
6. „controller“ is a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are laid down in Union law, or

in the law of a Member State, the operator or the specific criteria for his designation may be determined in Union law or in the law of a Member State.;

1. „processor“ is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
2.  „third party“ is a natural or legal person, public authority, agency or entity other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are responsible for processing personal data;
3. „consent of the data subject“ is any freely given, specific, informed and unambiguous expression of the will of the data subject, by which he / she expresses his / her consent to the processing of personal data concerning him / her in the form of a declaration or unambiguous confirmatory act;
4. „personal data breach“ is a breach of security which leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data which are transmitted, stored or otherwise processed;
5. „relevant and substantiated objection“ is an objection to the draft regulation as to whether this regulation has been violated or whether the planned measure in relation to the controller or intermediary complies with this Regulation, which must clearly demonstrate the seriousness of the risks posed by the draft decision as regards the fundamental rights and freedoms of the persons concerned and, where applicable, the free movement of personal data within the Union.;

• Purposes of personal data processing

• Order of goods / services -> Contract of sale

Personal data that we process about our customers on the basis of a contract within the meaning of Article 6 para. 1 letter b) GDPR Regulation. Scope of personal data processed: title, name, surname, address, country, telephone and e-mail. Subsequently, they are stored in accordance with according state law.

• Direct marketing

Personal data that we process about our customers for marketing purposes on the basis of the legitimate interest of the controller within the meaning of Article 6 para. 1 letter f) of the Regulations. Scope of personal data processed: name, surname, telephone and e-mail. Subsequently, they are kept for the duration of the contract between the operator and the client.

• Newsletter

If you wish, you can subscribe to our newsletter, which is located on our website www agfoil.com. Personal data will only be processed to send newsletter messages to the e-mail address you entered. By subscribing to the newsletter, you agree with the processing of personal data. We process personal data in accordance with Article 6 para. 1 letter a) of the Regulation. Your email address will be processed until you unsubscribe. You can unsubscribe from the 'unsubscribe' link provided in each newsletter you receive from us. After unsubscribing, you will no longer receive any newsletter messages from us. Scope of personal data processed: e-mail address and name. 

• Requirement records

The personal data that we process through the contact forms and e-mails listed on our website are only processed to process your request. By completing and submitting the application, you agree to the processing of personal data. Scope of personal data processed: name, surname, address, telephone, e-mail. They are then stored for one year.

• Processing of accounting documents

Processing is necessary to fulfill the legal obligation of the controller within the meaning of Article 6 para. 1 letter c) of the Regulation. Scope of processed personal data: title, name, surname, address, account number, signature. c.

• Monitoring of premises for the protection of property

The monitoring of the premises shall be carried out in accordance with the legitimate interest of the operator within the meaning of Article 6 para. 1 letter f) regulations. Records from the monitored area are kept for 5 days.

• Reclamations

In the case of complaints, personal data shall be processed in accordance with Article 6 para. 1 letter c) of the Regulation. Scope of personal data processed: title, name, surname, address, telephone,

e-mail. Subsequently, they are stored in accordance with according state law.

• Recovery of claims

In the case of recovery, personal data shall be processed in accordance with Article 6 para. 1 letter c) of the Regulation. Scope of personal data processed: title, name, surname, address, telephone, e-mail. Subsequently, they are stored in accordance with according state law.

• Execution

The processing of personal data is necessary to fulfill the legal obligation of the controller within the meaning of Article 6 para. 1 letter c) of the Regulation. Scope of personal data processed: title, name, surname, birth number, address. Subsequently, they are stored in accordance with according state law.

• Records of suppliers and customers representatives

The processing of personal data of suppliers and customers shall be carried out in accordance with the legitimate interests of the controller, in accordance with Article 6 para. 1 letter f) regulations. Scope of personal data processed: title, name, surname, working position, job classification, functional classification, personal number of the employee, professional department, place of work, telephone number, fax number, e-mail address of the workplace and identification data of the employer. Subsequently, they are stored in accordance with according state law.

• Register of job seeker

The processing of personal data of job seekers is carried out on the basis of the 'Consent' with the processing of personal data in the sense of Article 6 para. 1 letter a) of the Regulation provided by the applicant. The operator will only contact successful applicants.

The transfer of personal data to a third country does not take place. Personal data will not be used for automated individual decision-making, including profiling.

Personal data is stored for 12 months from the consent. You have the right at any time before the expiration of this period to withdraw your consent to the processing of personal data by sending a request to the email address: profesia@agfoil.com or by sending a request to the Controller's address stating the text 'GDPR revocation of consent' on the envelope. The controller declares that in the case of a written request of the data subject to terminate the processing of personal data before the specified period, these will be deleted within 30 days from the delivery of the revocation of consent.

• Rights of the data subject

1. Right to revoke consent - in cases where we process personal data on the basis of your consent, you have the right to revoke this consent at any time. You can revoke the consent electronically, by sending the revocation of the consent to the e-mail address of the responsible person dpo@iosec.eu, in writing or in person at the headquarters of our company. Withdrawal of consent does not affect the lawfulness of the processing up to this point.
2. Right to access - you have the right to provide a copy of the personal information we hold about you

available as well as information on how we use your personal data. In most cases, your personal data will be provided to you in writing, unless you require another method of providing it. If you have requested this information by electronic means, it will be provided to you electronically, if technically possible. 

1. Right to correction - we take appropriate measures to ensure accuracy, completeness

and the timeliness of the information we have about you. If you believe that the information, we hold is inaccurate, incomplete or out of date, please do not hesitate to ask us to modify, update or supplement this information.

1. Right to deletion - you have the right to ask us to delete your personal data, for example if the personal data we have obtained about you is no longer needed to fulfill the original purpose of the processing. However, your right must be assessed in the light of all the relevant circumstances. For example, we may have certain legal and regulatory obligations, which means that we will not be able to comply with your request.
2. Right to restrict processing - under certain circumstances, you may ask us to stop using your personal information. For example, when you think the personal information, we hold about you may be inaccurate, or when you think we no longer need to use your personal information.
3. Right to data portability - in certain circumstances, you have the right to ask us to transfer the personal data they have provided to the walls to another third party of your choice. However, the right to portability only applies to personal data that we have obtained from you with your consent or under a contract to which you are a party.
4. The right to object - you have the right to object to the processing of data which is based on our legitimate legitimate interests. If we do not have a compelling legitimate legitimate reason to process and you object, we will not further process your personal data.

If you believe that any personal information, we hold about you is incorrect or incomplete, please contact us.

If you wish to object to the way we process your personal data, please contact our authorized person (Data Protection Officer) by e-mail at: dpo@iosec.eu or in writing to the address: AG FOIL EUROPE s.r.o., Družstevná ulica 549/7, 922 10 Trebatice, Slova Republic. Our authorized person will review your objection and will cooperate with you to resolve the matter.

If you believe that your personal data is being processed unfairly or illegally, you can submit a complaint with the supervisory authority, which is Úrad na ochranu osobných údajov Slovenskej republiky, Hraničná 12, 820 07 Bratislava 27; tel. číslo: +421 /2/ 3231 3214; e-mail: statny.dozor@pdp.gov.sk, https://dataprotection.gov.sk.

Revised on 15.1.2021