I. INTRODUCTORY PROVISIONS
The information provided regulates the conditions of personal data protection in accordance with the Regulation of the European Parliament and of the Council of the European Union No. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive No. 95/46/EC (hereinafter referred to as the "Personal Data Protection Regulation") and Act No. 18/2018 Coll. on the protection of personal data and on the amendment and supplementation of certain laws (hereinafter referred to as the "Personal Data Protection Act"), valid from 25.05.2018, in connection with personal data provided by data subjects to the operator on its website.
Operator: MV transport Slovakia a.s., with registered office at Jazdecká 6, 080 01 Prešov, Company ID: 51 463 610, registered in the Commercial Register of the District Court Prešov, 10534/P.
Statutory body: PhDr. Martin Vaľko, Chairman of the Board
Phone: +421 905 881 525
Email: info@mvtransport.sk
Web: https://mvtransport.sk
II. DEFINITION OF TERMS
Personal data means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, surname, identification number, location data, or online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing of personal data means any operation or set of operations performed on personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, whether by automated means or not.
Data subject means any natural person whose personal data are processed.
Controller means the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data and processes personal data on their own behalf.
Processor means any natural or legal person who processes personal data on behalf of the controller.
Restriction of processing personal data means marking stored personal data with the aim of limiting their processing in the future based on the data subject's request under the conditions set out in this information.
III. PRINCIPLES OF PERSONAL DATA PROCESSING
Personal data are processed by the controller lawfully in accordance with the Personal Data Protection Regulation and the Personal Data Protection Act so as not to violate the fundamental rights of the data subject.
The controller collects personal data for a specific, legitimate and explicitly stated purpose and does not further process personal data in a way incompatible with that purpose.
Processing of personal data for archiving purposes, scientific purposes, historical research or statistical purposes is in accordance with a special regulation and adequate safeguards for the protection of the rights of the data subject are observed.
The processed personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The processed personal data must be accurate and, where necessary, kept up to date. Personal data that are inaccurate with regard to the purposes for which they are processed shall be erased or rectified without delay by the controller.
The controller stores personal data in a form that permits identification of the data subject no longer than necessary for the purposes for which the personal data are processed. Personal data may be stored longer if processed exclusively for archiving, scientific, historical research or statistical purposes under a special regulation and if adequate safeguards for the protection of the rights of the data subject are observed.
Personal data are processed by the controller in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organizational measures.
IV. INFORMATION FOR DATA SUBJECTS
The data subject has the following rights in connection with the processing of their personal data:
Right to request access to personal data from the controller
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed.
The controller is obliged to provide the data subject with the personal data it processes. For repeated provision of personal data requested by the data subject, the controller may charge a fee corresponding to the administrative costs related to handling the request.
The controller is obliged to provide personal data to the data subject in the manner requested by them.
Besides providing the personal data processed, the controller shall also provide the data subject with information about the purpose of processing, categories of personal data processed, identification of recipients or categories of recipients to whom personal data have been or will be disclosed, retention period of personal data, or if not possible, the criteria used to determine that period, the right to request correction, erasure or restriction of processing of personal data concerning the data subject, the right to object to processing, the right to lodge a complaint with the supervisory authority under Section 100 of the Personal Data Protection Act, the source of personal data if not obtained from the data subject, and the existence of automated decision-making including profiling.
Right to rectification of personal data
The data subject has the right to request the controller to rectify without undue delay any inaccurate personal data concerning them.
The data subject has the right to request the controller to complete incomplete personal data, taking into account the purposes of processing. Otherwise, the controller may refuse the completion.
Right to erasure of personal data
The data subject has the right to request the controller to erase personal data concerning them without undue delay under the conditions set out in these paragraphs.
The controller is obliged to erase personal data without undue delay upon request of the data subject if:
- the personal data are no longer necessary for the purpose for which they were collected or otherwise processed,
- the data subject withdraws consent on which the processing is based and there is no other legal ground for processing,
- the data subject objects to processing for direct marketing purposes including profiling to the extent related to direct marketing,
- the personal data have been unlawfully processed,
- erasure is necessary to comply with a legal obligation under the Personal Data Protection Act, a special regulation or an international agreement binding on the Slovak Republic.
The above does not apply if processing is necessary for exercising the right of freedom of expression or information, compliance with a legal obligation, performance of a task carried out in the public interest or in the exercise of official authority, archiving, scientific, historical research or statistical purposes under Section 78(8) of the Personal Data Protection Act, if it is likely that the right to erasure would render impossible or seriously impair the achievement of the objectives of such processing or for the establishment, exercise or defense of legal claims.
Right to restriction of processing personal data
The data subject has the right to request the controller to restrict processing of their personal data if:
- the accuracy of the personal data is contested by the data subject during the period enabling the controller to verify the accuracy,
- processing is unlawful and the data subject opposes erasure and requests restriction instead,
- the controller no longer needs the personal data for processing purposes but the data subject requires them for the establishment, exercise or defense of legal claims.
If processing has been restricted, the controller may process personal data only with the consent of the data subject or for the establishment, exercise or defense of legal claims, protection of the rights of others or for reasons of important public interest.
The controller shall inform the data subject before the restriction is lifted.
Right to data portability
The data subject has the right to receive the personal data concerning them, which they have provided to the controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller if technically feasible.
Exercising the right to data portability does not affect the right to erasure under the above conditions.
Right to notification of personal data breach if it may result in high risk to the rights of the data subject
The controller is obliged to notify the data subject without undue delay of a personal data breach, clearly and simply describing the nature of the breach, contact details of the responsible person or other contact point for more information, likely consequences of the breach, and measures taken or proposed to address the breach including mitigation of possible adverse effects, if necessary.
Notification is not required if:
- the controller has implemented appropriate technical and organizational protection measures such as encryption making the personal data unintelligible to unauthorized persons,
- the controller has taken subsequent measures to ensure high risk is no longer likely,
- notification would require disproportionate effort; in such case, the controller shall inform the public or take other measures to ensure the data subject is informed effectively.
Right to object to processing of personal data
The data subject has the right to object to processing of their personal data based on their particular situation if processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority, or for the purposes of legitimate interests pursued by the controller or a third party, except where overridden by the interests or fundamental rights and freedoms of the data subject requiring protection of personal data, especially if the data subject is a child, including profiling based on these grounds. The controller must stop processing unless it demonstrates compelling legitimate grounds overriding the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
The data subject has the right to object to processing for direct marketing purposes including profiling to the extent related to direct marketing. If the data subject objects, the controller must stop processing personal data for direct marketing.
Right to lodge a complaint with the Office for Personal Data Protection under Section 100 of the Personal Data Protection Act
The data subject has the right to lodge a complaint with the Office for Personal Data Protection under Section 100 of the Personal Data Protection Act.
The data subject has been explicitly informed that if the legal basis for processing personal data is consent for a specific purpose, the data subject has the right to withdraw consent at any time.
VI. BASIC INFORMATION ON PERSONAL DATA PROCESSING
The controller processes personal data only to the necessary extent and for a specific purpose in accordance with the legal basis.
The controller has implemented appropriate technical, security and personnel measures to ensure increased protection of processed personal data of data subjects and handles personal data sensitively in accordance with data protection principles.
Personal data processed by the controller come directly from the data subject or from publicly available sources.
The controller declares that personal data are not transferred to third countries outside the territory of the European Union or to international organizations and are not published.
The controller may perform automated decision-making including profiling for direct marketing purposes according to criteria set by the controller. If automated decision-making including profiling is performed, the controller will specify the basic criteria used.
VII. PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA:
A) Received and sent correspondence
For the purpose of fulfilling legal registry obligations, the controller records received and sent mail, processing the following personal data:
- identification data including name, surname, title,
- contact data including delivery address,
- data included in the communication of recipients and senders of correspondence.
These personal data are processed based on Act No. 395/2002 Coll. on archives and registries and amendments. Providing personal data is a legal obligation and failure to provide would prevent fulfillment of the controller's legal obligations.
The controller stores these personal data for 5 years from the first day of the calendar year in which the data were obtained for correspondence and 3 years for books of received and sent correspondence records.
B) "Contact Form"
For the purpose of contacting back and handling any request or order within the opening hours of the website visitor as a data subject, the controller processes the following personal data:
- identification data including name
- contact data including email and phone,
- data included in the message text.
These data are processed based on the controller's legitimate interests. Providing personal data is neither a legal nor contractual obligation. Failure to provide would prevent contact back and handling of the request or order by the controller.
The controller stores these personal data until the request or order is handled, but no longer than 5 years from obtaining the personal data.
C) Online form
For the purpose of contacting back and handling any request of the website visitor as a data subject, the controller processes the following personal data:
- identification data including name
- contact data including email and phone
- data included in the message text
These data are processed based on the controller's legitimate interests, which are proper handling of the visitor's request. Providing personal data is neither a legal nor contractual obligation. Failure to provide would prevent contact back and handling of the request by the controller.
The controller stores these personal data until the request is handled, but no longer than 5 years from obtaining the personal data.
D) Order form
For the purpose of contacting back and handling any request of the website visitor as a data subject, the controller processes the following personal data:
- identification data including name
- contact data including email and phone
- data included in the message text
These data are processed based on the controller's legitimate interests, which are proper handling of the visitor's request. Providing personal data is neither a legal nor contractual obligation. Failure to provide would prevent contact back and handling of the request by the controller.
The controller stores these personal data until the request is handled, but no longer than 5 years from obtaining the personal data.
E) Online delivery
For the purpose of proper handling and delivery of the order of the website visitor as a data subject, the controller processes the following personal data:
- identification data of the orderer including name and surname,
- contact data of the orderer including email, phone, residence address, city, postal code, country,
- data included in the message text – note,
- identification data of the recipient including name and surname, possibly gender,
- contact data of the recipient including phone, residence address, city,
- data included in the message text – text for the recipient,
- data about purchased goods,
- data related to payment for goods (account number, amount paid, date of payment credited to the operator's account),
- data related to delivery of goods.
These data are processed by the controller for the purpose and in connection with the conclusion and performance of a purchase or other contract. Providing personal data is a legal and especially contractual obligation. Failure to provide would prevent conclusion of the purchase contract and thus delivery of the ordered goods.
The controller stores these personal data until the order is fulfilled or for the duration of the limitation period.
F) Customer complaints and claims
For the purpose of proper handling of customer complaints and claims, the controller processes the following personal data:
- identification data including name, surname, data stated in the complaint or claim
- contact data including address, phone number or email address
- data related to delivered goods (especially type of goods, delivery address, price paid, etc.)
These data are processed by the controller in connection with the conclusion and performance of a purchase or other contract. Providing personal data is a legal and especially contractual obligation. Failure to provide would prevent handling of the complaint or claim related to the concluded purchase contract.
G) Enforcement of claims by the controller
For the purpose of enforcing claims, the controller processes the following data:
- data stated in contracts with customers and suppliers to the extent necessary for enforcement of claims,
- data stated in complaints, data necessary for filing a proposal to initiate proceedings, data stated in proposals to initiate proceedings against the controller,
- data kept in accounting and other data necessary in connection with possible enforcement of claims or defense of the controller's interests.
These data are processed by the controller based on its legitimate interest, which is the effective protection of its property and other rights and enforcement of claims. Processing of personal data is necessary for the purposes of the legitimate interests of the controller.
Personal data are processed during the court dispute and during the limitation period during which claims may be asserted against the controller or the controller may assert its own claims.
H) Fulfillment of legal obligations by the controller
For the purpose of fulfilling legal obligations, the controller processes all personal data stated in Article VII, especially for fulfilling obligations arising from accounting law, VAT law, income tax law, consumer protection law, archives and registries law.
Processing of personal data by the controller is necessary for fulfilling legal obligations.
The controller processes these data for the period specified in the relevant legal regulations valid in the Slovak Republic.
I) Career
For the purpose of proper registration of a website visitor as a data subject interested in a job position, the controller processes the following personal data:
- identification data of the applicant including name, surname, date of birth, nationality,
- contact data including email, phone, permanent address, correspondence address,
- data about employment or field of study,
- data about IT knowledge,
- data about English language proficiency,
- data included in the note text
These data are processed by the controller based on its legitimate interests, which are proper registration of the website visitor interested in the educational course and for the purpose and in connection with the conclusion and performance of the contract. Providing personal data is a legal and especially contractual obligation. Failure to provide would prevent conclusion of the contract and thus securing the educational course for the applicant.
The controller stores these personal data until the end of the educational course or for the duration of the limitation period.
1. The operator's website is connected to third-party plugins (applications) such as Facebook, Google Plus, YouTube, Twitter, AddThis, Pinterest, Tumblr, etc. These applications are stored and run on third-party servers. The operator has no influence on the protection of personal data when using third-party applications.
2. The operator's website uses third-party add-ons that allow users to share, comment, rate website content on social networks or register via a third-party account. In such cases, the browser creates a direct connection between the user and the third party, involving the use of cookies and transfer of user data between the website, user's browser, and third-party server. Data are usually not linked to personal data of the user. The operator uses reliable sources of plugins and add-ons but cannot guarantee their functionality or reliability.
3. In case of user activity on these websites via social plugins, these actions may be displayed on third-party sites depending on the user's account settings (e.g., Facebook Like, Google Plus, sharing on social networks, etc.).
VIII. RECIPIENTS OF PERSONAL DATA
The controller provides personal data to third parties exclusively based on a mediation contract in accordance with the purpose and legal basis stated above, as well as in accordance with the Personal Data Protection Act and the Personal Data Protection Regulation.
Recipients of personal data are mainly intermediaries providing accounting and personnel services, recruitment services, delivery-related services, maintenance services, legal services, debt collection services, technical and IT services, other consulting and advisory activities, etc.
Recipients of personal data also include employees of the controller who have been instructed in accordance with the law and are bound by confidentiality, only if disclosure to employees is necessary to achieve one of the purposes of personal data processing.
The controller will provide or disclose personal data to state administration authorities, public administration authorities or other state bodies and institutions if such provision or disclosure is in accordance with generally binding legal regulations valid in the Slovak Republic and if necessary to comply with the relevant legal regulation or enforceable request of a state administration authority, enforcement of contractual terms including their compliance control, prevention or investigation of fraud, technical and security incidents, enforcement of rights and claims in accordance with generally binding legal regulations valid in the Slovak Republic.
IX. USE OF COOKIES
To facilitate tracking users on our website, we use protocol files, so-called cookies (i.e., identifiers sent by the web server to the browser on your end device). Cookies are temporary files, meaning that after you finish browsing, cookies are automatically deleted from your device.
When visiting this website, protocol files with the following content are generated:
- IP address,
- page address,
- information about the browser and operating system used,
- website from which you opened our page,
- date, time of access and location.
The above information about web behavior is anonymized for maximum protection and cannot be assigned to a specific user.
Cookies do not harm the end device, do not contain viruses, trojans or other malicious software, and do not permanently store data on the data subject's device.
All cookies used are technical, functional or analytical cookies that serve to improve the functionality of the operator's website.
Each data subject can set their browser to refuse cookies or to accept only some. However, if cookies are not allowed, some functions may not work properly.
Cookie settings in the most commonly used browsers:
- Chrome - https://support.google.com/accounts/answer/61416?hl=cs
- Firefox - https://support.mozilla.org/cs/kb/vymazani-cookies
- Internet Explorer - https://support.microsoft.com/cs-cz/products/security.
Details on used cookies:
|
Type of cookies: |
Storage duration: |
Tracking codes: |
|
_ga - Google Analytics - from connecto.io |
2 years |
|
|
_gid - Google Analytics - from connecto.io |
1 day |
|
|
_gat - Google Analytics - from connecto.io |
10 minutes |
|
|
ci_session - session storage – user identification |
2 weeks |
|
|
c1mvtransport_lang - storage of language used on the site |
11 years |
|
X. SUPERVISORY AUTHORITY
The Office for Personal Data Protection is a state administration authority with nationwide competence, involved in protecting the fundamental rights of natural persons in the processing of personal data and supervising personal data protection. Any data subject may contact the Office if they believe their rights have been violated or are at risk.
Address of the Office for Personal Data Protection:
Hraničná 12
820 07 Bratislava 27
Slovak Republic
Company ID: 36064220
Web: https://dataprotection.gov.sk
Email: statny.dozor@pdp.gov.sk
Telephone consultations on personal data protection only on Tuesdays from 8:00 to 12:00: +421/2/3231 3220.
ATTACHMENTS FOR DOWNLOAD
- Request of the data subject for access to personal data
- Request of the data subject for correction/completion of personal data
- Request of the data subject for erasure of personal data