If you have any questions concerning how we process your personal data, you can contact us at firstname.lastname@example.org or by post using our registered seat address above. Being an EU-based company, we must comply with the EU general data protection regulation (the “GDPR“) when processing the personal data., specific provisions of Act no. 18/2018 on Coll. on the protection of personal data (mainly sec. 78 and sec. 79) and other legislation governing the issues of data protection or privacy.
Why do we process your personal data?
Generally, we need to process personal data in order to::
provide our services and products and for that purpose process personal data of our clients, suppliers, business partners, employees and other persons;
meet our legal and contractual obligations;
pursue our own legitimate interests and legitimate interests of our clients.
What are our purposes of processing of personal data?
Based on our relationship and position according to the GDPR (controller or processor) we process personal data for the following purposes:
Who are recipients of you personal data?
Your personal data are available to our recipients on need-to-know basis maintaining the confidentiality of the data recipients. Depending on the purpose of processing and particular circumstances typical recipients of your personal data are:
Accounting and payroll companies;
Postal companies and shipping companies;
Professional advisors (e.g. attorneys);
Providers of standard software (e.g. Microsoft and Google) or technical (IT) support;
Providers of cloud and hosting services;
Providers of marketing analytics tools (e.g. Analytics, Mouseflaw, Hotjar)
Providers of social media platforms;
Sponsors and business partners at the events;
We also use sub-contractors to support us in providing services who might process personal data for us. We ensure that selection of our sub-contractors and any processing of personal data by them is compliant with the GDPR. If we are requested by the public authorities to provide your personal data we examine the conditions laid down in the legislation to accept the request and to ensure that if conditions are not met, we do not adhere to the request.
What countries do we transfer your personal data to?
By default, we seek not to transfer your personal data outside the EU and/or European Economic Area where not necessary. However, some of our sub-contractors or the above-mentioned recipients of personal data might be based or their servers might be located in the United States of America (U.S.). As such, US is regarded a third party not ensuring adequate level of protection. However, companies certified under the EU-US Privacy Shield mechanism according to the Commission (EU) are regarded as ensuring adequate level of protection. Any transfer of personal data outside the European Economic Area is done by us only under strict compliance with the GDPR. We ensure the third-party recipients are either certified under the EU-US Privacy Shield, concluded EU model clauses with us or follow equivalent safeguards in place.
How long do we store your personal data?
We must not and we do not want to store your personal data for longer than necessary for the given purpose of processing. Due to this legal requirement but also due to technical and financial aspects of data storage we actively delete data where no longer necessary. Retention periods are either provisioned in respective laws or are set out by us in our internal policies.
General retention periods for the above purposes of processing are as follows:
The above retention periods only represents general periods of processing of personal data for the respective purposes. In fact we proceed to liquidation or anonymization of personal data before the expiration of these general periods if the personal data are deemed unnecessary in view of the above-mentioned processing purposes.
If you are interested in knowing whether we are currently processing your personal data for specific purposes, please contact us with a request to confirm whether we process personal information with reference to Art. 15 (1) of the GDPR.
How do we collect your personal data?
Generally, we collect your personal data directly from you. Provision of personal data by you is voluntary and does not present a requirement to enter into a contract or a contractual requirement . You can provide your personal data to us by different means e.g.:
communication with you (e.g. messaging via our web, e-mail or social media);
registration on our or partner website;
presence on conferences and events (purchasing a ticket);
activity on our profiles on social media;
in the process of concluding or negotiating the contract;
entering our premises or areas designated for photography (at conferences);
completing and submitting a contact form with your comments, queries or questions.
However, we may also obtain your personal information from your employer or from the company in relation to which we process your personal data. This is typically the case when we conclude or negotiate a contractual relationship with the company or its terms. If the collection of personal data relates to a contractual relationship it is often a contractual requirement or a requirement that is required for the conclusion of a contract. Failure to provide personal data (whether yours or your colleagues) may have negative consequences for the company you represent, as this may result in failure to conclude or performance of a contractual relationship. If you are a member of a statutory body of an organization that is a contracting party to us or with whom we are negotiating a contractual relationship, we may obtain your personal data from publicly available sources and registers. In any case we do not systematically process any random personal data obtained to any of the purposes for processing personal data.
The GDPR lays down general conditions for the exercise of your individual rights. However, their existence does not automatically mean that they will be accepted by us because in a particular case exception may apply. Some rights are linked to specific conditions that do not have to be met in every case. Your request for an enforcing specific right will always be dealt with and examined in terms of legal regulations and applicable exemptions.
Among others, you have:
Right to request access to your personal data according to Article 15 of the GDPR. This right includes the right to confirm whether we process personal data about you, the right to access to personal data and the right to obtain a copy of the personal data we process about you if it is technically feasible.
Right to rectification according to Article 16 of the GDPR, if we process incomplete or inaccurate personal data about you.
Right to erasure of personal data according to Article of the 17 GDPR, if one of the conditions for erasure is fulfilled and no exception applies.
Right to restriction of processing according to Article 18 GDPR, if one of the conditions for restriction is fulfilled.
The right to data portability according to Article 20 of the GDPR, the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1).
You have a right to lodge a complaint related to personal data to the relevant data protection supervisory authority or apply for judicial remedy. Please note that our competent data protection authority is the Office for Protection of Personal Data of the Slovak Republic. In any case we advise to primarily consult us with your questions or requests.
Do we process your personal data via automated means which produces legal effects concerning you?
We do not currently conduct processing operations that would lead to the decision which produces legal effects or similarly significantly affects concerning you based solely on automated processing of your personal data.
Please read relevant privacy policies to better understand processing of your personal data by providers of social media platforms. We only have a typical admin control over the personal data processed by us via our own company profile. We assume that by using these social media platforms, you understand that your personal data might be processed for other purposes and that your personal data might by transferred to other third countries and third parties by providers of social media platforms.
How we protect your personal data?
It is our obligation to protect your personal data in an appropriate manner and for this reason we focus on the questions related to protection of personal data. Our company has implemented generally accepted technical and organizational standards to preserve the security of the processed personal data, especially taking into account the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. In situations where special categories of data are processed we use encryption technologies e.g. during communication with the payment gateway. Your personal data are stored on our secure servers or servers of our web site providers located in data centers in the Slovak Republic and in the Czech Republic. If third-party analytics tools are used data are stored on third-party servers (see cookies).