Pursuant to Articles 13 to 22 of the EP and EC Directive no. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, also known as GDPR) and the provisions of Section 19 and following of the Act no. 18/2018 on the Protection of Personal Data and on changes and amendments to some other acts (“Personal Data Protection Act”) .
Pursuant to Article 13 of the GDPR as well as provisions of Section 19 of the Personal Data Protection Act, the party responsible for operation of the website at https://woven.sk (henceforth referred to as the “Controller”) is obliged to provide the following information to a data subject in cases where it collects personal data of this data subject:
Personal data of the data subject is processed by the Controller for the following purposes:
For the above purpose, the Controller intentionally processes the following personal data of the data subject:
Personal data of the data subject, that the Controller processes unintentionally:
Personal data of the data subject shall be processed, collected, archived, and safely stored for the period which is necessary for the stated purposes of personal data processing and collection until the legal reason of their potential archiving ceases to exist or until the consent granted by the data subject for processing of the personal data expires. Upon the request of the data subject to erase the personal data, all personal data shall be irreversibly erased and all the related orders (if any) shall be anonymised.
Personal data of the data subject are most often collected directly from the data subject, e.g. by the data subject’s completion of the contact form. In this case, the data is obtained based on voluntary activity and does not entail any contractual or legal obligation. The operator of the website is obliged to record all the requests of the users in relation to downloading, rectification, or erasure of personal data of the data subject. When ensuring protection of the data subjects’ personal data, the Controller applies modern technological and safety mechanisms ensuring protection of the processed personal data preventing unauthorised access or transfer, loss, destruction or any other type of data abuse. The Controller does not transfer, nor does it intend to transfer any of the personal data of the data subject to a third country or to an international organisation.
General Data Protection Regulation and the Personal Data Protection Act provision general conditions for exercising the respective rights of the data subject. However, this does not mean that when exercising the respective rights, the Controller will comply automatically since any specific case exceptions may apply, or possibly, some rights are linked to specific conditions, which may not always be complied with or fulfilled. The Controller shall always deal with every request related to any specific right of the data subject and review this request in terms of the legal regulations and any applicable exceptions.
i. With consent granted by the data subject, the Controller may process also other personal data of the data subject for purposes different than those specified in Section II., or possibly other personal data than that which is necessary to achieve the specific purpose pursuant to Section III. As long as the processing of the personal data is linked to consent granted by the data subject, the data subject has the right to withdraw his or her consent with processing at any time. The data subject may or may not grant their consent with processing of personal data to the Controller – the decision not to grant consent shall not have any negative impact on the data subject. Withdrawing of the data subject’s consent with processing of personal data concerning him or her shall have no effect on the lawfulness of processing of personal data based on the consent given before withdrawal. The data subject may withdraw consent with processing using the same way as upon granting of the consent.
ii. The data subject has the right to request from the Controller the information whether his or her personal data is processed or not. The data subject has the right to request from the Controller access to personal data concerning him or her. Based on this request, the Controller shall issue a confirmation to the data subject that will contain information about processing of his/her personal data. The Controller is obliged to provide to the data subject all the personal data that it processes. The Controller may charge the data subject with an adequate fee corresponding to the administrative costs for a repeated provision of personal data requested by the data subject. The Controller is obliged to provide the data to the data subject using a way pursuant to the data subject’s request.
iii. The data subject has the right concerning his or her personal data that is processed to be correct, updated, and complete. Provided that the personal data of the data subject is not up-to-date, the data subject has the right to request the Controller for rectification or completion of the personal data. The data subject has the right to rectification of the incorrect personal data by the Controller related to the data subject without unnecessary delay. With respect to the purpose of personal data processing, the data subject has the right to completion of incomplete personal data.
The data subject has the right to object to processing of his/her personal data as well as the right to request the Controller to erase any personal data which is processed unlawfully exceeding the scope of the purpose for which it was provided or in case the data subject should decide to withdraw their consent.
iv. The data subject shall have the right to object to the processing of his personal data as well as the right to ask the controller to delete personal data which are processed illegally beyond the purpose for which they were provided or if the data subject withdraws his consent.
v. The data subject has the right to object to processing of personal data concerning him or her performed based on public interest or based on the legitimate interests of the Controller or a third party including profiling. The Controller must not further process personal data, unless it demonstrates necessary legitimate interests for processing of personal data, which prevail over the rights or interests of the data subject, or the reasons for enforcing a legal claim.
vi. The data subject has the right to object to processing of the personal data concerning him or her for the purposes of direct marketing including profiling in the extent to which it is related to direct marketing. Should the data subject object to processing of personal data for the purposes of direct marketing, the Controller must not continue in processing of personal data for the above purpose.
vii. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or that affects him or her with similar significance.
viii. The data subject shall have the right to request the Controller to erase personal data concerning him or her without undue delay. The data subject has the right to request the Controller to restrict processing of personal data concerning him or her. Should the data subject object to correctness of the personal data for a period enabling the controller to verify the accuracy of the personal data, processing of the personal data is unlawful and the data subject objects to erasure of the personal data and instead requests restriction of its use, the Controller does not need the personal data anymore for the purposes of processing, but the data subject needs the data to enforce his or her legal claim, or the data subject objects to personal data processing based on public interest or legitimate interests of the Controller or a third party until verification whether the legitimate interests of the Controller prevail over the legitimate interests of the data subject.
ix. Where the processing of personal data was restricted apart from storage, the Controller may only process personal data with the consent of the data subject or for the purposes of enforcing a legal claim, to protect other persons or due to public interest. The Controller is obliged to notify the data subject, processing of whose personal data shall be restricted before the restriction of processing of personal data is terminated.
x. The data subject has the right to request the Controller to provide his or her personal data in electronic form, which will enable transfer of personal data of the data subject to another organisation or to a third party. The data subject has the right to obtain personal data concerning him or her that the data subject provided to the Controller in a structured, commonly used, machine-readable format and has the right to transfer this personal data to another Controller if technically possible and if the personal data is processed by the Controller based on the data subject’s consent or based on contractual relationship.
xi. The data subject has the right to request initiation of proceeding on the protection of personal data with the purpose of determining whether the rights of natural persons were breached during processing of their personal data or there occurred a breach of act on personal data protection or a specific legal regulation and if any shortcomings are identified, should this be reasoned and justified, to impose remedies or possibly a penalty for violation of this act or specific legal regulation in the sphere of personal data protection. The proceeding is initiated based on a request by the data subject or the entity that claims that his or her rights provisioned by this act are directly violated. The requirements of this petition by the data subject or the entity that claims that his or her rights provisioned by this act are directly violated as well as the proceeding on the protection of personal data shall be provisioned in the Section 100 of the Act no. 18/2018 on the Protection of Personal Data.
xii. Information provided by the Controller based on the exercised right of the data subject shall be provided free-of-charge. Should the request of the data subject be clearly unjustified or inadequate mainly because of its repetitive nature, the Controller may charge a reasonable fee taking into account the administrative costs for the provision of information or the rejection to act based on the request.
With his or her request for exercising of the above-mentioned rights related to processing of his or her personal data, the data subject may contact the Controller in writing by post or email, while the Controller will deal with the petition of the data subject and shall inform the data subject via the same channel that was used to file the petition.
The Office for Personal Data Protection of the Slovak Republic
820 07, Bratislava 27