INFORMATION ON PERSONAL DATA PROCESSING

pursuant to Articles 12, 13 and 14 of the GDPR (hereinafter referred to as “Information”)

 

The information describes how the operator GOLD Invest Company s.r.o., with its registered seat: Fedinova 1114/12, Bratislava - mestská časť Petržalka 851 01, Identification number: 50 385 402, registered with the Commercial Register of the District Court Bratislava I, dept .: Sro, insert No.: 113719/B (hereinafter referred to as the "operator") processes personal data. If there is anything unclear or incomprehensible to you in this Information, we will be happy to explain any term or part to you. We process personal data in accordance with the requirements of the GDPR, Act no. 18/2018 Coll. on the protection of personal data and on the amendment of certain laws as amended and other generally binding legal regulations.

 

1.  BASIC TERMS

 a. Personal data – any information relating to an identified or identifiable natural person, for example first name, last name, date of birth, birth number, telephone number, e-mail address, IP address, etc.

 b. GDPR - Regulation (EU) 2016/679 of the European parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

 c. Data subject - the natural person to whom the personal data relate.

 d. Personal data processing - operation or set of operations which is performed on personal data by the controller.

 e. Controller - natural or legal person which determines the purposes and means of the processing of personal data.

 f. Purpose of personal data processing – in advance clearly defined or established intention to process personal data, which is linked to a certain activity.

 g. Legitimate interest - the interest of the controller or a third party which implies the need to process personal data if it does not outweigh the interests or fundamental rights and freedoms of the data subject.

 h. Recipient - a natural or legal person, public authority, agency or other body to which personal data are provided.

 

   2.  CONTROLLER

Controller of the personal data is:

Controller	GOLD Invest Company s.r.o.
Legal form	Limited liability company
Registered seat	Fedinova 1114/12, Bratislava - mestská časť Petržalka 851 01, Slovak republic
E-mail:	[email protected]
Phone number:	+421 940 736 390

3.  PURPOSES AND LEGAL BASIS OF PROCESSING

purpose	legal basis
Accounting	Article 6 par. 1 point c) GDPR – fulfillment of a legal obligation Article 6 par. 1 point b) GDPR – performance of the contract
Human resources and payroll	Article 6 par. 1 point c) GDPR – fulfillment of a legal obligation Article 6 par. 1 point b) GDPR – performance of the contract
GDPR agenda	Article 6 par. 1 point c) GDPR – fulfillment of a legal obligation
Network security and other security	Article 6 par. 1 point f) GDPR – legitimate interest
Supply and demands contracts	Article 6 par. 1 point f) GDPR – legitimate interest Article 6 par. 1 point b) GDPR – performance of the contract
Contact form	Article 6 par. 1 point f) GDPR – legitimate interest
Client experience (references)	Article 6 par. 1 point GDPR – consent of the data subject
Company profile on the social network Facebook	Article 6 par. 1 point f) GDPR – legitimate interest
Company profile on the social network Instagram	Article 6 par. 1 point f) GDPR – legitimate interest
Web site (cookies)	Article 6 par. 1 point GDPR consent of the data subject
Zoom	Article 6 par. 1 point f) GDPR – legitimate interest
Company profile on the social network Twitter	Article 6 par. 1 point f) GDPR – legitimate interest
Company profile on the social network LinkedIn	Article 6 par. 1 point f) GDPR – legitimate interest
Calendly	Article 6 par. 1 point f) GDPR – legitimate interest
Skype	Article 6 par. 1 point f) GDPR – legitimate interest
Amazon	Article 6 par. 1 point f) GDPR – legitimate interest
Kajabi	Article 6 par. 1 point f) GDPR – legitimate interest
Typeform	Article 6 par. 1 point f) GDPR – legitimate interest
Kajabi	Article 6 par. 1 point GDPR – consent of the data subject Article 6 par. 1 point f) GDPR – legitimate interest
WhatsApp	Article 6 par. 1 point f) GDPR – legitimate interest

 

4.  LEGAL INTERESTS OF THE OPERATOR OR A THIRD PARTY

legitimate interest	characteristics
Network security and other security	legitimate interest of the controller in ensuring security - the obligation under the GDPR to put in place appropriate security measures, including records of the activities of entities accessing the environment of the controller
Supply and demands contracts	legitimate interest of the controller as well as third parties - suppliers / customers in the performance of contracts
Contact form	the legitimate interest of the controller in the processing of personal data provided voluntarily by the data subject in order to establish mutual communication
Company profile on the social network Facebook	legitimate interest of the controller in raising awareness of the controller's activities
Company profile on the social network Instagram	legitimate interest of the controller in raising awareness of the controller's activities
Zoom	the legitimate interest of the controller in the processing of personal data provided voluntarily by the data subject in order to establish mutual communication
Company profile on the social network Twitter	legitimate interest of the controller in raising awareness of the controller's activities
Company profile on the social network LinkedIn	legitimate interest of the controller in raising awareness of the controller's activities
Calendly	legitimate interest of the controller in raising awareness of the controller's activities
Skype	the legitimate interest of the controller in the processing of personal data provided voluntarily by the data subject in order to establish mutual communication
Amazon	legitimate interest of the controller in raising awareness of the controller's activities
Kajabi	the legitimate interest of the controller to clearly record personal data provided voluntarily by the data subject
Typeform	the legitimate interest of the controller to clearly record personal data provided voluntarily by the data subject
Kajabi	legitimate interest of the controller in raising awareness of the controller's activities
WhatsApp	the legitimate interest of the controller in the processing of personal data provided voluntarily by the data subject in order to establish mutual communication

 

5.  RECIPIENTS

A recipient is any person to whom the controller makes personal data available, whether or not he is a third party. Depending on the individual processing purposes, the data that the controller processes shall be made available to the following recipients:

• persons who process personal data on the basis of a direct authorization from the controller (employees, persons working under agreements outside the employment relationship, etc.)
• processors (web hosting provider);
• statutory representatives;
• members of the company's bodies (partners);
• state authorities (tax office, Social Insurance Agency, Center for Labor, Social Affairs and Family, Office for Personal Data Protection, courts, law enforcement agencies, criminal authorities, etc.);
• health insurance companies, executors, supplementary pension savings banks, pension management companies, employee representatives;
• another eligible entity.

 

6.  TRANSFER TO THE THIRD COUNTRY AND INTERNATIONAL ORGANISATION

In principle, the controller does not transfer personal data to a country outside the EU (EEC), with the exception of data transfer, which takes place if the data subject visits / uses the controller's company profiles on social networks and other similar platforms: Facebook, Instagram, Twitter, LinkedIn, Amazon, Monday or in case the data subject communicates with the controller via communication platforms such as Zoom, Skype, WhatsApp, Calendly, Mailchimp. In this case, personal data may be transferred to the United States and personal data protection guarantees are provided by standard contractual clauses. More information can be obtained here: Facebook; Instagram; Twitter; Linkedin; Amazon; Kajabi, Zoom, Calendly, Skype, Typeform and WhatsApp.

 

7.  STORAGE PERIOD

We store personal data in a form that allows identification for as long as is necessary to achieve the purpose for which the personal data are processed. Retention periods / deletion periods or criteria for their determination are documented in the processing activity records that we provide to you upon your request.

 

8.  RIGHTS OF DATA SUBJECT

Data subjects has the following rights:

 a.  Information about the data processing

The information contains in particular the identity and contact details of the controller, the purposes of processing, the categories of personal data concerned, the recipient or categories of recipients of personal data, information on personal data transfers to third countries, storage period, authorized processors, list of your rights, possibility to contact the Office for Personal Data Protection of the Slovak Republic, source of processed personal data, information on whether and how automated decision-making and profiling occurs.

 b.  Right to access to personal data

You have the right to confirmation whether or not personal data are processed and, if so, you have the right to access information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients, the storage period, information about your rights regarding personal data processing, information about the right to submit complaint to the Office for Personal Data Protection of the Slovak Republic, information about the source of personal data, information on whether there is automated decision-making and profiling, information and guarantees in case of transfer of personal data to a third country or international organization. You have the right to be provided with the copy of the personal data processed.

 c.  Right to rectification

The data subject has the right to rectification of the incorrect personal data. With regard to the purpose of the processing, the data subject has the right to supplement incomplete personal data, including by providing a supplementary declaration.

 d.  Right to erasure (right to be forgotten)

In some cases stipulated by the law, we are obliged to delete the personal data of the data subject. However, each such request is subject to an individual assessment of whether the conditions are met, because as a controller we may be bound by a legal obligation or we may process personal data on the basis of a legitimate interest. If our legitimate interest (or the legitimate interest of a third party) outweighs the interests of the data subject, we are entitled to further processing of the personal data for the purpose in question.

 e.  Right to restriction of processing

The data subject may request the controller to restrict the processing of personal data if any of the following situations occurs:

• the data subject has denied the accuracy of the personal data - for the time necessary for the controller to verify the accuracy of the personal data;
• the processing of personal data is unlawful, but the data subject refuses to delete the data and instead requests restriction of their use;
• the controller no longer needs the personal data for the purposes of processing but data subject requests the data for the purpose to determine, enforce or defend legal claims;
• the data subject has objected to the processing of personal data in specific situations under the GDPR (public interest task, legitimate interest of the controller or profiling), until it is verified that the legitimate interests of the controller outweigh the legitimate interests of the data subject.

 f.  Right to data portability

If the data subject requests that we transfer their personal data to another controller, we transfer personal data in the appropriate format to the requested entity, if no legal or other significant obstacles prevent us from doing so.

 g.  The right to object and automated individual decision-making 

The data subject has the right at any time to object to the processing of personal data concerning him or her which is carried out on a legal basis in the public interest or a legitimate interest. The data subject may at any time object to the processing of personal data by the controller for the purposes of direct marketing, including profiling, to the extent that it relates to such direct marketing

 h.  Consent-based processing (right to withdraw consent)

Where processing is based on the consent of the data subject within the meaning of Article 6 par. 1, point a) of the GDPR or Article 9, par. 2, point a) of the GDPR, the data subject have the right to withdraw their consent at any time. Such withdrawal of consent shall not affect the lawfulness of the processing based on the consent given prior to its withdrawal.

 i.  The right to submit a proposal or complaint to the supervisory body

The data subjects may at any time address a proposal, initiative or complaint regarding the processing of personal data to the supervisory body, which is the Office for Personal Data Protection of the Slovak Republic, with its registered office at Hraničná 12, 820 07 Bratislava 27, Slovak Republic, telephone no .: +421/2/3231 3220, website: www.uoou.sk.

Response time

We will provide a statement and, if necessary, information on the actions taken as soon as possible, but no later than within one month. We are entitled to extend the deadline by two months if necessary and due to the complexity and number of applications. We will inform the data subject about the extension, including the reason.

Contact point

Rights of the data subject can be exercised with the controller, by e-mail: [email protected] or in writing to the correspondence address: Zuzana Jankajová, Štefánikova 1367/17, Michalovce 071 01, Slovak Republic. We provide all notices and statements about the exercised rights free of charge. However, if the request is evidently unfounded or disproportionate, in particular because it is repeated, we are entitled to charge a reasonable fee taking into account the administrative costs or to refuse to act on the request. In the event of a repeated request for copies of the personal data processed, we reserve the right to charge a reasonable fee for administrative costs.

 

9.  PROVISION OF THE PERSONAL DATA

 The provision of the personal data is voluntary, and therefore the provision of data to us as the controller, as we are a private entity, is not a legal requirement. If you are interested in concluding a contract with us, the provision of personal data may be necessary for the conclusion of a contract. In this case, the provision is a contractual requirement. The data subject is not obliged to provide his / her personal data, he / she provides them voluntarily. Refusal to provide personal data does not have negative consequences for the data subject.

 

10.  AUTOMATED DECISION-MAKING AND PROFILING

The controller does not use the so-called automated individual decision-making, including profiling.

 

11.  PROCESSING FOR ANOTHER PURPOSE

When processing, we respect the principle of limiting the purpose of processing, what means that we process data only on the basis of a specifically specified, explicitly stated and legitimate purpose, except in the case of processing for a compatible purpose. Processing for another purpose may also be based on the consent of the data subject, European Union law or law of the Slovak Republic. To find out whether another purpose is compatible with the purpose for which the personal data were originally obtained, we will perform a so-called compatibility test, in which we take into account:

• any link between the purposes for which the personal data were obtained and the purposes of the intended further processing;
• the circumstances in which the personal data were obtained, in particular as regards the relationship between the data subjects and the controller;
• the nature of the personal data, in particular whether specific categories of personal data are processed pursuant to Article 9 of the GDPR or personal data relating to the criminalization of criminal offenses and offenses pursuant to Article 10 of the GDPR;
• the possible consequences of the intended further processing for the data subject
• the existence of adequate safeguards, which may include encryption or pseudonymisation.

 

12.  OVERVIEW OF SELECTED LEGISLATION IN THE FIELD OF PERSONAL DATA PROTECTION 

• Charter of Fundamental Rights of the European Union (Article 8)
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46 / EC (General Data Protection Regulation)
• Directive 2002/58 / EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (consolidated version)
• Act no. 351/2011 Coll. on electronic communications, as amended
• Constitution of the Slovak Republic (published under No. 460/1992 Coll.)
• Act no. 18/2018 Coll. on the protection of personal data and on the amendment of certain laws as amended
• Decree no. 158/2018 Coll. Office for Personal Data Protection of the Slovak Republic on the procedure for assessing the impact on personal data protection

 

13.  USE OF COOKIES

The website www.zuzanajankajova.com uses cookies, which collect and store information while browsing. Cookies are used for various purposes, e.g. to record a selection made by the user while browsing the website or to record user activity while browsing the website. They can also be used to remember any information that the user has previously entered in the forms on the website. Their use can be disabled in most Internet browsers. According to the GDPR (rec. 30), cookies are defined as online identifiers that, in combination with unique identifiers and other information obtained from servers, can be used to create profiles of individuals and to identify them, and are therefore considered personal data according to the GDPR. The operator may use cookies only with the user's consent. The user can revoke the consent to cookies at any time. Each user can express their consent / disagreement with the use of cookies when visiting the website through the consent management tool (banner, CMP, bar). If the user does not agree to the use of cookies, they will not be activated on the website.

We use following cookies:

cookie name	provider	type	expiry	purpose
PHPSESSID	zuzanajankajova.com	HTTP necessary	session	Preserves user session state across page requests.
_ga	zuzanajankajova.com	HTTP statistics	2 years	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
_gat	zuzanajankajova.com	HTTP statistics	1 day	Used by Google Analytics to throttle request rate
_gid	zuzanajankajova.com	HTTP statistics	1 day	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
ads/ga-audiences	google.com	Pixel	session	Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor 's online behaviour across websites.

Necessary cookies: They are necessary for the usability of the site. They help create websites by providing basic features such as site navigation and access to protected areas of the website. The website cannot function fully without these cookies.

Statistical cookies: They help website owners to understand how to communicate with website visitors by collecting and reporting information anonymously.

Marketing cookies: They are used to track visitors to the website. Their purpose is to show ads that are relevant and engaging to specific users, and more importantly to third-party publishers and advertisers.

 

14.  CHANGES OF THE PERSONAL DATA PROCESSING RULES

We are entitled to change the wording of these rules on the processing of personal data, especially if necessary to incorporate legislative changes or changes in the purpose and means of processing. In the event that there are changes in the rules of personal data processing that would be capable of affecting the rights of the data subjects, we will notify them in good time in an appropriate manner.

This document is regularly updated.

Last update: 22.10. 2022