Personal data protection policy (GDPR).
(hereinafter referred to as "Politics" in the appropriate grammatical form)
valid from 1
December 2021
It is important for us that you feel safe when using our services and that is why the protection of your personal data is an important element of building the systems and procedures used in our company. This Policy explains how in codium, s.r.o. we process your personal data when providing our services.
We emphasize that our company is committed to constantly improve the policy, procedures and security system of personal data protection and for this purpose to adequately innovate and improve them. In an effort to ensure effective protection of personal data, we undertake to acquire and apply the latest knowledge in practice. At the same time, we are committed to build a corporate culture in the field of personal data security and to ensure and subsequently increase general awareness of this topic and its importance.
When processing personal data, we are primarily governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") and the provisions of Act No. 18/2018 Coll. on the protection of personal data and on amendments to certain laws (hereinafter referred to as "ZoOÚ") and other regulations.
The employees of our company and other persons participating in our activities are obliged to maintain the confidentiality of all information and documents that we have obtained during the performance of our activities, in particular according to Act no. 311/2001Z. from. the Labor Code (hereinafter referred to as the "Labor Code"), Act no. 492/2009 Coll. on payment services and on amendments to certain laws and Act no. 40/1964 Coll. Civil Code, and which are not publicly accessible, especially information about users of our products.
If you have any questions, you can contact us at the address of our headquarters: codium, Ltd., Kálov 356, 010 01 Žilina.
1. Basic provisions
1.1Personal data means any data on the basis of which we can identify you, either directly or indirectly. Personal data can be, for example, name, surname, date of birth or IP address.
1.2 The GDPR also recognizes a special category of personal data, which must be treated with extreme sensitivity. Special data are those data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or membership in trade unions, but also genetic data, biometric data such as fingerprints intended for your identification, or data related to health. Our company does not process special categories of personal data. If you have given us such data, please inform us about it via the above contacts and we will ensure that they are deleted from our databases.
1.3 A potential client is a legal entity or a natural person - an entrepreneur as an employer or a natural person who sent a message via the contact form on the website www.codium.sk.
1.4 Processing of personal data means any operation or set of operations with personal data, such as obtaining, organizing, storing, searching, viewing, using, disseminating, erasing or disposing of them, regardless of whether they are carried out by automated or non-automated means.
2. Why do we process personal data?
2.2 We process your personal data primarily so that we can provide you with answers to your questions and contact requests that you have entered via the web form on the website https://www.codium.sk.
2.3 In addition, we also process your personal data, if this is required by the applicable legal order of the Slovak Republic, the fulfillment of our contractual obligations or if we need to protect the legitimate interests of potential clients of our company or in justified cases also other persons.
3. For what purposes and on what legal bases do we process personal data?
We need your personal data to: | We process your personal data on the basis of: | The personal data that we process for this reason are mainly: |
Providing a response to your request, sent through the contact form | fulfillment of legal obligations according to Art. 6 (1) letter c) GDPR and fulfillment of contractual obligations (including fulfillment of pre-contractual obligations) according to Art. 6 (1) letter b) GDPR, which results to potential Clients | data of potential clients - in the scope of: first name, last name, telephone number, e-mail; |
direct marketing in form of e-mails |
on the basis of sec. § 62 (3) of Act no. 351/2011 Coll. about electronic communications, we can send you business announcements (newsletter) in the form of direct marketing to your email address, as long as we have obtained it in connection with providing our products. The purpose of sending newsletters is our interest in informing you about changes in legislation that are closely related to our products as well as to you and our new products. Of course, you can unsubscribe from these e-mails easily and free of charge at any time. This option is provided to you at the end of each email you receive from us. |
contact and identification data in the scope of e-mail address, title, name and surname; |
direct marketing by mail |
on the basis of legitimate interests according to no. 6 (1) letter f) GDPR of our company or you directly as the affected persons, while in these cases we always carefully consider whether the processing will not represent an unreasonable interference with your rights. The purpose of sending newsletters is our interest in informing you about changes in legislation that are closely related to our products, as well as informing you about our new products. In the event that you are not interested in sending newsletters, you have the right to object about sending them, via the above contact details. |
contact and identification data in the scope of title, first name, last name, address (headquarters/place of business); |
direct marketing in the form of telephone calls and Infocenter service |
on the basis of legitimate interests according to no. 6 (1) letter f) GDPR of our company or you directly as the affected persons, while in these cases we always carefully consider whether the processing will not represent an unreasonable interference with your rights. The purpose of these phone calls is our interest in informing you about the change in legislation that is closely related to our products as well as informing you about our new products. In the event that you are not interested in such telephone calls, you have the opportunity to object to them, directly to the person who contacted you or via the contact details mentioned above. The purpose of the Infocenter service is to improve the quality of our services. Potential clients are warned at the beginning of each phone call that phone calls are automatically recorded and stored mainly for the purpose of ensuring the quality of the services provided. If the Potential Client does not wish the telephone conversation to be recorded and kept, he should terminate the telephone connection after being notified of the recording of the call. If necessary, he has the opportunity to choose another form of communication with our company. Without making an audio recording, we cannot continue to communicate with the Potential Client in this way and therefore, if necessary, we cannot even fulfill his requests. |
contact and identification data in the range of telephone number, title, first and last name; |
statistical purposes, archival purposes in the public interest and historical and scientific research purposes | fulfillment of legal obligations according to Act no. 395/2002 Coll. on archives and registries and on amendments to some laws;; | data that is necessary for the purpose of fulfilling the obligation of archiving in the public interest, for the purposes of scientific or historical research or for statistical purposes; |
accounting and tax purposes | fulfillment of legal obligations based on legislation in the field of accounting and tax administration; | data of business partners in the scope: title, name, surname of business partners, who are natural persons or natural persons representing or acting for the benefit of legal persons and other information, if their provision for the purpose of carrying out activities is required by the valid legal order of the Slovak Republic; |
emergency situations | fulfillment of legal obligations on the basis of legislation caused by extraordinary situations, emergencies and other similar situations when there is a need to warn the population against threats to life, health and property | data of customers, clients, providers, contractual partners and our employees in the scope of: telephone number |
4. To whom do we disclose your personal data?
4.1 The company codium, Ltd. is aware of the importance of protecting your personal data. We make any personal data available only to those persons and to the extent necessary for the fulfillment of legal obligations and for the provision of our services. At the same time, we make sure that their recipients are reliable subjects complying with their legal obligations, while in order to protect your personal data, we conclude contracts with them containing these obligations and at the same time bind them to the obligation of confidentiality.
4.2 Furthermore, we make your personal data available exclusively to the necessary extent to intermediaries with whom we have a written contract for the purpose of personal data protection, such as our accounting advisor, our legal representative or the provider of software equipment or technical and security support of our company and business partners to the extent necessary for fulfillment of contractual obligations.
4.3 Even though we have a limited obligation to provide your personal data to public authorities due to confidentiality, we are obliged to prevent the commission of a crime or to report it, e.g. in the event of unauthorized or fraudulent activity, and we also have an obligation to report information in the field of preventing money laundering and terrorist financing. In such cases, the affected personal data may also be shared with law enforcement authorities and the National Bank of Slovakia.
5. To which countries do we transfer your personal data?
5.1 We do not transfer your personal data to third countries outside the European Economic Area and the European Union (Iceland, Norway and Liechtenstein). We use secure cloud services of a verified provider with servers located in the EU.
6. How long do we store your personal data?
6.1 We keep personal data for as long as it is necessary for the purposes for which it is processed, if the applicable legal order of the Slovak Republic does not impose an obligation on us to keep it longer, for example for handling and receiving complaints, resolving court disputes, archiving, obligations arising from the fight against illegal activity or accounting obligations.
6.2 If we process your personal data based on your consent, we will stop storing them if you withdraw your consent.
6.3 If we process your personal data on the basis of the law, we keep them for as long as required by the relevant legislation. If we process personal data on the basis of the law and this does not specify the period of their storage, we store your personal data for a period of 5 years, for the reason that it would be necessary to use them in case of clarification of disputes that have arisen.
6.4 In the event that we process your personal data on the basis of a contract and the applicable legal order of the Slovak Republic does not specify otherwise, we store them for a period of 5 years after its termination, if it is necessary to use them in the event of a court or other dispute.
6.5 If you are interested in more detailed information regarding the retention period of your personal data, you can request it from us via the above contact details.
7. How do we obtain your personal data?
7.1 We obtain your personal data when entering them into the contact form on the website www.codium.sk
8. How do we use your data?
8.1 As you can see from the table above, we only collect the data we need for providing quality services to you in accordance with the legal regulations. We protect your personal data and ensure that it is used exclusively for the purpose for which we obtained it. Our employees, who are authorized to work with your personal data are trained to ensure your protection. For this reason, if:
8.1.1 We obtained your personal data due to the fulfillment of legal obligations connected with our activity, we use and process them in the manner determined by such law;
8.1.2 We have your personal data thanks to the fact that you have given us consent, we process them for the purpose and in the manner stated therein, but only until you withdraw such consent.
8.2 We emphasize that our obligations also include cooperation with state institutions and if we are obliged to provide your personal data in case of their request or in case of proceedings before administrative or judicial authorities, we have the right to process your personal data for these purposes as well.
9. What rights do you have as a data subject?
9.1 Right to access data
9.1.1 You have the right to receive confirmation from us about whether and how we process your personal data and if so, what data and to whom we provide it. You also have the right to request access to this data in the form of a simple request sent to the contact details listed at the beginning of this Policy. Please do not forget to identify yourself in the application and provide us with contact information to which we can send a reply (e.g. e-mail address).
9.2 Right to Repair
9.2.1 If you feel that some of the personal data we process about you is incorrect, you can request us to correct it. You can also request to correct data that you consider to be incomplete. In such a case, please do not forget to state clearly and comprehensibly what, in your opinion, is the incorrectness or incompleteness of the personal data, information on how you wish to make the correction and, if necessary, also evidence of their incorrectness.
9.3 Right to erasure (right to be forgotten)
9.3.1 You have the right to request from us the deletion of personal data that we process about you, while in certain cases determined by law we are obliged to comply with this request. Please note, however, that in some cases the GDPR allows us to refuse your request for deletion, for example, if their processing is necessary for the purposes of archiving in the public interest, for the purposes of scientific research or for statistical purposes or for proving, exercising or defending legal claims.
9.4 Right to restriction of processing
9.5 You have the right to limit the extent to which we process your personal data if:
9.5.1 you challenged the correctness of the personal data, until we verify the correctness of the personal data;
9.5.2 the processing is unlawful and you object to the erasure of the personal data and request a restriction of its use instead;
9.5.3 we no longer need personal data, but you need it to prove, exercise or defend legal claims;
9.5.4 nyou object to the legitimacy of our interests in processing personal data, until we verify whether our legitimate reasons prevail over the legitimate reasons stated by you.
9.6 Right to Data Portability
9.6.1 You have the right to receive your personal data from us in a commonly used format and transfer this data to another operator or intermediary. However, this right only applies to data that you have given us your consent to process or that is processed on the basis of a contractual relationship with you and is processed by automated means. Also, this right can only be used to the extent that it does not have adverse consequences on the rights and freedoms of other persons.
9.7 Right to object
9.7.1 VIn some cases, you have the right to object to the processing of your personal data. This mainly concerns the processing that we carry out on the legal basis of our legitimate interests or, for example, when processing personal data for the purposes of scientific or historical research or for statistical purposes.
9.7.2 In practice, objections to processing usually occur if for some reason you do not agree with the way we process your personal data, for example according to this policy. In that case, it is necessary that you inform us about your objections. Please provide a clear and comprehensible description of the circumstances based on which you believe that the processing unreasonably interferes with your rights and freedoms.
9.8 Rights relating to automated individual decision-making, including profiling
9.8.1 Our company does not practice automated individual decision-making, i.e. decision making without human intervention. However, if it were to occur, you would have the right to request that such a decision not apply to you, if such a decision would have legal effects that would concern you or similarly significantly affect you.
9.9 Right to File a Complaint
9.9.1 If you have any questions or doubts regarding the processing of your personal data, do not hesitate to contact us at any time. Our company will always try to resolve any disputed matters to your satisfaction.
9.9.2 However, if you are not satisfied with our procedure, you have the right to file a complaint with the supervisory authority, which is the Personal Data Protection Office of the Slovak Republic, about which you can find more information viahttps://dataprotection.gov.sk/uoou/.
10. Safety measures
10.1 In accordance with the requirements of applicable legislation, we implement all necessary security, technical and organizational measures to protect your personal data using the latest technology, especially, but not exclusively, against loss, falsification, misuse or access by third parties.
10.2 For the transfer of highly sensitive personal data over the Internet, such as credit card data, we use exclusively encrypted transmission paths and comply with the Payment Card Security Standards (PCI DSS), which are a set of policies and procedures to optimize the security of credit, debit and payment card transactions and protect cardholders from misuse of their personal data. Once we receive your personal information, we use strict procedures and security features to prevent unauthorized access. Our internal processing takes place inside a VPN, which is protected from the open internet and inside which every communication is encrypted. Regarding the persons to whom we make your personal data available, more information can be found in section 4 of this Policy.
11. Analytical and advertising services
11.1 SWe cooperate with companies that provide us with analytical and advertising services. These allow us to better understand how users use our website, place our advertising on the Internet and measure its performance. Such companies may use cookies and similar technologies to collect data about your interactions with our Products.
11.2 Our website uses, for example, Google Analytics, which is a web analytics service provided by the third-party provider Google, Inc. ("Google"). The Google Analytics service is used to evaluate the use of our website, compile reports on website activity and other services related to website activity and internet usage. The information generated by cookies about your use of the website is usually transmitted and stored by Google on servers in the United States. This transfer is subject to Google Shield Privacy certification and a separate data processing agreement that we have concluded with Google: https://support.google.com/analytics/answer/6004245?hl=de&ref_topic=2919631 (information about Google Analytics and personal data protection).
12. Cookies and social media plugins
12.1 We use cookies on our website, which are small text files that are stored on your browser or mobile device while browsing the website. Cookies enable the server to uniquely identify the browser on each page. Cookies do not damage your computer and do not contain viruses.
12.2 We use the following categories of cookies on our website:
12.2.1 Necessary cookies, which are necessary for you to navigate on websites and use their functions. Without these cookies, it is not possible to provide the services you requested, such as remembering the login data or the data provided for the reservation.
12.2.2 Performance cookies that collect information about how people use our website. For example, we use Google Analytics cookies to help us understand how users come to our site, browse or use our site and to highlight areas where we can improve areas such as navigation, booking experience and marketing campaigns. The data stored by these files never show personal data from which your identity can be created.
12.2.3 Functional cookies that remember the choices you make, such as the country from which you visit our website, language parameters and search parameters. These can then be used to provide experiences that are more relevant to your choices and make visits more personalized and enjoyable.
12.2.4 Third-party cookies are set by a person other than the operator and are mainly used for marketing purposes. Third-party cookies help us provide our services and Products. We use e.g. external analytical services whose providers set cookies for us so that we can determine the popularity of individual functions. The website you visited may e.g. enable access to content embedded from YouTube, while these sites can set their own cookies.
12.3 Current versions of web browsers offer extended user controls regarding the location and duration of first- and third-party cookies. For more information about the cookie management features available, search for "cookies" in the "Help" section of your web browser. You can enable or disable cookies by adjusting the settings in your browser. You can also find out how to do this and find more information about cookies at www.allaboutcookies.org. However, if you choose to disable cookies in your browser, you may not be able to complete certain activities on our website or access certain parts correctly. If you would like to have more information about interest-based advertising, including how to opt-out of these cookies, please visit http://youronlinechoices.eu.
12.4 Our website uses the following social media plugins: Facebook, Google+, LinkedIn, Instagram. Plugins may be marked with social media buttons marked with the logo of the respective social network provider.
12.5 We have implemented these plugins using a so-called two-click solution. This means that when you navigate on our website, the providers of these social media plugins will not collect personal data. Only if you click on one of the add-ons, your personal data will be sent:
By activating the add-on, the data will be automatically transferred to the relevant add-on provider and stored (in the case of US providers, your personal data will be stored in the US). We have no influence on the collected data and data processing operations carried out by the providers, nor do we know the extent of data collection, purposes or retention periods.
12.6 For information on the purpose and scope of data collection and processing by add-on providers, please refer to the respective data protection policies of these providers, where you will also find additional information on your privacy rights and options.
12.6.1 Facebook Inc., 1601 S Kalifornia Ave, Palo Alto, Kalifornia 94304, USA: https://www.facebook.com/privacy/explanation.
12.6.2 Google Inc., 1600 Amphitheater Parkway, Mountainview, Kalifornia 94043, USA: https://www.google.com/policies/privacy.
12.6.3 Spoločnosť LinkedIn, 2029 Stierlin Court, Mountain View, Kalifornia 94043, USA: http://www.linkedin.com/legal/privacy-policy.
12.6.4 Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA: https://help.instagram.com/155833707900388.
12.7 If you are interested in more information regarding cookies or social media plugins, please do not hesitate to contact us in one of the ways listed above.
13. Changes to the Personal Data Protection Policy
13.1 Personal data protection is not a one-time issue for us. The information that we are obliged to provide you regarding our processing of personal data may change or cease to be up-to-date. For this reason, we reserve the right to modify and change this Policy to any extent at any time. In the event that we change this Policy in a significant way, we will notify you of this change on the website www.codium.sk or in a separate notification via email.