Privacy

PRIVACY POLICY

according to which the controller informs the data subjects about the processing of their personal data

Controller:

KVANT LASERS, s.r.o.
Odborárska 23, 831 02 Bratislava, Slovakia
ID No: 51 196 620
registered in the Commercial Register of District Court Bratislava I, Section: Sro, File No: 123853/B

(hereinafter “Controller”)

Relevant contact data of the person designated with the protection of personal data:

In case the data subject has any questions regarding the processing of personal data, or if he/she wishes to assert any of his/her rights related to the processing of personal data by the Controller, the data subject may address his or her request to the following designated person:

e-mail: mazar@kvant.sk
tel. No: +421 918 632 033

(hereinafter “Designated person”)

The application has not a specific form and the data subject can submit it by e-mail, by post, by telephone, or personally.

1. Purpose

1. 1. The Controller hereby fulfills its obligation to provide information to persons (hereinafter “Data subjects”) concerning the processing of their personal data by the Controller (within the meaning of Article 13 of Regulation 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data free movement of such data [hereinafter “GDPR”]).

1. 2. The Data subjects have the opportunity to be informed about the processing of their personal data before the Controller starts processing them.

1.3. The Controller’s goal and effort is to ensure that the Data subject is informed in a simple manner about the processing of their personal data by the Controller and that they are aware of their rights in relation to the processing of personal data. If the Data subject has any questions related to the processing of his/her personal data, he/she may contact the above-mentioned Designated person who will provide the response in a clear and understandable way.

2. Information about the personal data of the Data subjects processed by the Controller

2.1. The Controller processes the following personal data of persons participating at the events organized or attended by the Controller for the following purpose and on the basis of the following legal basis:
 

Purpose Legal basis Categories of personal data
the promotion of the Controller, his events and the events he attended, through social networks
legitimate interest (public relations, marketing)
  • photo (video) of the attendant;
  • information of the event
the promotion of the Controller through his website
legitimate interest (public relations, marketing)
  • photo (video) of the attendant;
  • information of the event


2.2. The Controller processes the following personal data of his clients for the following purpose and on the basis of the following legal basis:
 

Purpose Legal basis Categories of personal data

fulfilment of legal obligations in the area of tax law and accounting

special statutes (Act on Income Tax, Act on Value Added Tax, Act on Accounting, etc.)

  • identification data of the Data subject (name, last name, address, ID No., Tax ID, VAT ID)
  • information on the delivered goods or provided services

fulfilment of contractual obligations (delivery of goods / provision of services)

contract between the Controller and the Data Subject

  • identification data of the Data subject (name, last name, address, ID No., Tax ID, VAT ID)
  • information on the delivered goods or provided services
  • telephone number
  • email address

record-keeping of mail

special statutes (Act on Archives and Registry, Act on E-government)

  • name, last name
  • address

sending of newsletters to clients (or former clients)

legitimate interest (direct marketing), consent

  • email address
  • information on the delivered goods or provided services

references of the customers on the webpage

consent

  • name, last name
  • reference

statistical evaluation of business relationships with clients

legitimate interest (analysis of business relations based on aggregate data – the Controller determines whether to approach the Data subject with a new proposal to buy goods or services)

  • identification data of the client or its representative (name, surname, ID No, address, tax ID, VAT ID);
  • information regarding the provided services/delivered goods

 

2.3. In case the Data subject is interested in information about specific personal data processed by the Controller, he/she may send his or her request to the Designated person.

 

3. Categories of recipients of personal data

3.1. The Controller provides personal data of the Data subjects (with respect to the processing specified in point 2.1) to the following categories of recipients:

  • webhosting provider;
  • provider of IT support;
  • social network providers.

3.2. The Controller provides personal data of the Data subjects (with respect to the processing specified in point 2.2) to the following categories of recipients:

  • accountant,
  • tax office,
  • court,
  • executor,
  • other public bodies (if required by special regulation).

3.3. If the Data subject is interested in knowing about the particular recipients and the extent of the personal data provided to that recipient, it may address his/her application to the Designated person.

4. Transfer of personal data to third countries

4.1. The Controller will not transfer the personal data of the Data subjects to a third country (outside the European Union). An exception is the case if the Controller uses a social network provider that is established in the United States of America. In such a case the social network provider must be registered and comply with the so-called Privacy Shield (which provides an adequate level of protection according to the decision of the European Commission).

5. Retention of personal data

5.1. Personal data of the data subjects will be kept for as long as required by the applicable special regulation. If such a special regulation does not exist, the retention period is determined by the Controller’s archiving order.

5.2. Where the processing of personal data is based on a contract, the Controller shall process the personal data of the Data subject for the duration of the contract and, in addition, for the expiry of the limitation period related to the last applicable claim of the Controller or the Data subject. Personal data obtained by filling in a contact form for the purpose of pre-contract relations is processed exclusively for a period of 1 year, and if the contact is not concluded, it will be deleted from the system.

5.3. Personal data for marketing purposes and purposes of the promotion of the Controller will be kept for a period of 3 years.

5.4. If the processing is based on consent, the Data subject has a right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

5.5. The Controller will provide to the Data subject, at his/her request, any additional information on the period during which the Controller keeps his or her personal data. The withdrawal can be exercised through the e-mail in the sent newsletter (unsubscribe) or by sending your request to the Designated person.

6. Cookies

6.1. The Controller uses cookies on his website. Further information can be obtained in the Cookies Policy published on the Controller’s website.

7. The rights of the Data subject in relation to the processing of personal data

7.1. The Data subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.

[Further details and information regarding the right of access can be obtained from the Designated person.]

7.2. The Data subject has the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the Data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

7.3. The Data subject has the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller has the obligation to erase personal data without undue delay where one of the following grounds applies: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) the Data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing; (c) the Data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR; (d) the personal data have been unlawfully processed; (e) the personal data have to be erased for compliance with a legal obligation in Union or Slovak law.

[Further details and information regarding the right of erasure can be obtained from the Designated person.]

7.4. The Data subject has the right to obtain from the Controller restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by the Data subject, for a period enabling the Controller to verify the accuracy of the personal data; (b) the processing is unlawful and the Data subject opposes the erasure of the personal data and requests the restriction of their use instead; (c) the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data subject for the establishment, exercise or defence of legal claims; (d) the Data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the Controller override those of the data subject.

[Further details and information regarding the right to restriction of processing can be obtained from the Designated person.]

7.5. The Data subject has the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller to which the personal data have been provided, where: (a) the processing is based on consent or on a contract; and (b) the processing is carried out by automated means.

[Further details and information regarding the right to data portability can be obtained from the Designated person.]

7.6. The Data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on legitimate interest of the Controller including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the Data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

[Further details and information regarding the right to object can be obtained from the Designated person.]

7.7. The Data subject has the right to lodge a complaint with the Data Protection Office if he/she considers that the processing of personal data concerning him/her is contrary to the applicable provisions. Further details and information on claiming the right to complain may be obtained from the Controller through the Designated person.

7.8. If the processing of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, the Data subject is obliged to provide such personal data, otherwise the contract cannot be concluded.

Further details and information regarding the exercise of the rights of the Data subject with regard to the processing of his/her personal data may be obtained from the Controller through the Designated person.

8. Miscellaneous

8.1. We may update this policy from time to time by publishing a new version on our website. You should check this page to ensure you are happy with any changes to this policy. We may notify you of changes to this policy by email.

8.2. Our website includes hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties.