Privacy policy

Information obligation of the controller

pursuant to Articles 13 and 14 of Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as "GDPR")

We would like to briefly inform you about the processing of your personal data. We process your personal data in accordance with the GDPR and the relevant provisions of Act No. 18/2018 Coll. on the protection of personal data and on amendment and supplementation of certain acts, as amended (hereinafter referred to as the "PDPA").

This information does not relate to the personal data of legal persons, including the name, legal form and contact details of the legal person, but on the other hand it relates to the contact details of the authorized representatives of these legal persons whose personal data are processed by the Data Controller. 

Controller within the meaning of the GDPR: the trading company Quality Assurance and Testing Services s.r.o., Mlynská 1119/5, Krompachy 05342 (hereinafter referred to as the "Company" / "Controller")

Contact details of the Controller: address for sending documents: Quality Assurance and Testing Services s.r.o., Mlynská 1119/5, Krompachy 05342 , email contact: office@qats.sk. 

We only process your personal data without your consent in cases where applicable law permits us to do so. You must provide us with the personal data you provide based on a contract, a specific regulation or based on a legitimate interest or public interest, otherwise we will not be able to fulfil your or our obligations for the purpose.

We may also process your Personal Data based on your consent, which we may ask you for whenever we do so. Providing consent is voluntary, i.e., it is your choice whether to provide us with your personal data. If you give us your consent, you may subsequently withdraw it at any time. 

We will delete your personal data immediately after the specified periods unless we have another legal basis for its further storage.

Purpose of processing of the personal data: Job applicants: registration of potential employees for a vacancy for the purpose of organizing, implementing and evaluating the selection procedure (registration for the purpose of the selection procedure).
Personal data processed: Title, first name, surname, title, date of birth, signature, nationality, place of residence, education data and other data provided in the CV and motivation letter, or communicated in the context of the selection procedure 
Persons concerned: jobseekers
Countries outside the EEC to which personal data is transferred: N/A 
Time limit for the erasure of personal data: 2 years 
Source of personal data: Job seeker. 
Legal basis: Art. Article 6(1)(b) GDPR - performance of pre-contractual relations 
Legitimate interest: N/A 
Existence of intra-company transfer if the Controller is part of a group of companies: N/A 
Existence of automated decision-making, including profiling: N/A

Purpose of the processing of the personal data.: Performance of the employer's obligations related to the employment relationship, similar relationship (e.g. based on agreements for work performed outside the employment relationship.
Personal data processed: Personal data necessary for the fulfilment of the employer's obligations under employment law may be as follows: first name, surname, maiden name and title, birth number, date and place of birth, signature, marital status, nationality, citizenship, permanent residence, temporary residence, sex, educational data, legal capacity, receipt of child benefits, wage, salary or salary ratios and other financial entitlements granted for employment activities, data on time worked, payment data, amounts affected by the enforcement of a decision ordered by a court or an administrative authority, financial penalties and fines, as well as compensation imposed on the employee by an enforceable decision of the competent authorities, amounts wrongly received in respect of social insurance benefits and old-age pensions or their advances, state social benefits, benefits in material need and contributions to the benefit in material need, cash contributions to compensate for the social consequences of severe disability, which the employee is obliged to return on the basis of an enforceable decision under a special regulation, the annual total of the pension paid, - data on incapacity for work, data on important personal obstacles to work, data on altered working capacity, data on employers, occupational classification and the date of commencement of work activity, data on family members in the scope of name, surname, address, date of birth, data on the spouse, children, parents of children in the scope of name, surname, date of birth, birth number, address, data from the employment certificate, data on the employee's keeping in the register of unemployed citizens, data on the use of maternity leave and parental leave, data on the award of a pension, on the type of pension, data from the employment contract of the supplementary pension insurance company, personal data processed on certificates, certificates of passed examinations and educational activities. 
Persons concerned: Employees, but also in some cases spouses of employees, dependent children of employees, parents of dependent children of employees, close relatives, or former employees, if relevant.
Countries outside the EEC to which personal data is transferred: N/A 
Time limit for the erasure of personal data: Within the HR and payroll agenda: - Personnel files of employees: 70 years - Attendance records (daily, weekly, monthly): 2 years - Sick leave records: 3 years - Entry, exit, termination records: 5 years - Occupational health and safety: 5 years after termination or cessation of duties Descriptions of work activities: 5 years - Records of retraining and qualification: 10 years - Agreements to perform work: 5 years - Benefits, sign-in, sign-out, shifts: 10 years - Sick leave - records, statistics: 5 years - Maternity leave and unpaid leave - records: 5 years - Payroll: 20 years - Pay slips: 10 years - Records of advance tax and payroll tax paid: 10 years - Sickness insurance benefit settlements: 10 years - Payroll tax declarations: 5 years - Payroll deductions: 5 years - Payroll supporting documents: 5 years Employee meals - provision: 5 years -Other statutory time limits. 
Source of personal data: Affected persons (employees), employees about their family members. In some cases, from other sources, due to legislation. This includes, in particular, enquiries concerning tax information relating to the relevant tax office, as well as information on periods of incapacity for work in the relevant health insurance. 
Legal basis: Art. 6(1)(c) GDPR - performance of the employer's legal obligations (e.g. also to the social insurance company, to the health insurance company, fulfilment of tax obligations, employer's wage policy, fulfilment of employer's health and safety obligations, etc.) - Act No. 311/2001 Coll., the Labor Code, as amended, - Act No. 580/2004 Coll., the Health Insurance Act, the Health Insurance Act, the Insurance Act, the Insurance Act, the Insurance Act, the Insurance Act, the Act No. 95/2002 Coll., the Health Insurance Act, and the Act on Amendments and Additions to Certain Acts, as amended, - Act No. 461/2003 Coll. on social insurance, as amended, - Act No 595/2003 Coll. on income tax, as amended, - Act No 43/2004 Coll. on old-age pension saving, as amended, - Act No 650/2004 Coll. on supplementary pension saving and on amendments and supplements to certain acts, as amended, - Act No 5/2004 Coll. on employment services and on amendments and supplements to certain acts, as amended, - Act No 462/2003 Coll. on employment services and on amendments and supplements to certain acts, as amended, - Act No 462/2003 Coll. Act No. 152/1994 Coll. on the Social Fund and on Amendments and Supplements to Act No. 286/1992 Coll. on Income Taxes, as amended, - Act No. 355/2007 Coll. on the Social Fund and on Amendments and Supplements to Act No. 286/1992 Coll. on Income Taxes, as amended, - Act No. Act No. 124/2006 Coll. on Occupational Safety and Health Protection and on Amendments and Additions to Certain Acts, as amended, - Act No. 124/2006 Coll. on Occupational Safety and Health Protection and on Amendments and Additions to Certain Acts, as amended, - other relevant legislation 
Eligible interest: N/A 
Existence of intra-company transfer if the Controller is part of a group of companies: N/A 
Existence of automated decision-making, including profiling: N/A

Purpose of processing of the personal data.: Social security contributions 
Personal data processed: Personal data necessary for the performance of the employer's obligations under employment law may be as follows: first name, surname, maiden name and title, birth number, date and place of birth, signature, marital status, nationality, citizenship, permanent residence, temporary residence, sex, educational data, legal capacity, receipt of child benefits, wage, salary or salary ratios and other financial entitlements granted in the course of employment, data on time worked, payment data, amounts affected by the enforcement of a decision ordered by a court or an administrative authority, financial penalties and fines, as well as compensation imposed on the employee by an enforceable decision of the competent authorities, amounts wrongly received in respect of social insurance benefits and old-age pensions or their advances, state social benefits, benefits in material need and contributions to the benefit in material need, cash contributions to compensate for the social consequences of severe disability, which the employee is obliged to return on the basis of an enforceable decision under a special regulation, the annual total of the pension paid, - data on incapacity for work, data on important personal obstacles to work, data on altered working capacity, data on employers, job classification and the date of commencement of work activity, data on family members in the scope of name, surname, address, date of birth, data on spouse, children, parents of children in the scope of name, surname, date of birth, birth number, address, data from the employment certificate, data on the employee's keeping in the register of unemployed citizens, data on the use of maternity leave and parental leave, data on the award of a pension, on the type of pension, data from the employment contract of the supplementary pension insurance company, personal data processed on certificates, certificates of passed examinations and educational activities. 
Persons concerned: Employees, but also in some cases spouses of employees, dependent children of employees, parents of dependent children of employees, close relatives, or former employees, if relevant.
Countries outside the EEC to which personal data is transferred: N/A 
Time limit for the erasure of personal data: Within the HR and payroll agenda: - Personnel files of employees: 70 years - Attendance records (daily, weekly, monthly): 2 years - Sick leave records: 3 years - Entry, exit, termination records: 5 years - Occupational health and safety: 5 years after termination or cessation of duties Descriptions of work activities: 5 years - Records of retraining and qualification: 10 years - Agreements to perform work: 5 years - Benefits, sign-in, sign-out, shifts: 10 years - Sick leave - records, statistics: 5 years - Maternity leave and unpaid leave - records: 5 years - Payroll: 20 years - Pay slips: 10 years - Records of advance tax and payroll tax paid: 10 years - Sickness insurance benefit settlements: 10 years - Payroll tax declarations: 5 years - Payroll deductions: 5 years - Payroll supporting documents: 5 years Employee meals - provision: 5 years -Other statutory time limits. 
Source of personal data: Affected persons (employees), employees about their family members. In some cases, from other sources, due to legislation. This includes, in particular, enquiries concerning tax information relating to the relevant tax office, as well as information on periods of incapacity for work in the relevant health insurance. 
Legal basis. Art. 6(1)(c) GDPR - performance of the employer's legal obligations (e.g. also towards the social insurance company, towards the health insurance company, fulfilment of tax obligations, employer's wage policy, fulfilment of employer's obligations in the field of health and safety,...) - Act No. 311/2001 Coll. on the Labor Code as amended, - Act No. 580/2004 Coll. on health insurance, on amendment and supplementation of Act No. 95/2002 Coll. on insurance and on amendment and supplementation of certain acts as amended, - Act No. 461/2003 Coll. on social insurance, as amended, - Act No. 595/2003 Coll. on income tax, as amended, - Act No. 43/2004 Coll. on old-age pension savings, as amended, - Act No. 650/2004 Coll. on supplementary pension savings and on amendment and supplementation of certain acts, as amended, - Act No. 5/2004 Coll. on Employment Services and on Amendments and Additions to Certain Acts, as amended - Act No. 462/2003 Coll. on Income Compensation for Temporary Disability of an Employee and on Amendments and Additions to Certain Acts, as amended - Act No. 152/1994 Coll. on the Social Fund and on Amendments and Additions to Act No. 286/1992 Coll. on the Social Fund and on Amendments and Additions to Act No. 286/1992 Coll. on the Social Fund and on Amendments and Additions to Act No. 286/1992 Coll. Act No. 355/2007 Coll. on the protection, promotion and development of public health and on the amendment and supplementation of certain acts, as amended, - Act No. 124/2006 Coll. on occupational safety and health protection and on the amendment and supplementation of certain acts, as amended, - other relevant legislation 
Eligible interest: N/A 
Existence of intra-company transfer if the Controller is part of a group of companies: N/A 
Existence of automated decision-making, including profiling: N/A

Purpose of processing of the personal data: Contributions to the health insurance company 
Personal data processed: Personal data necessary for the fulfilment of the employer's obligations under employment law may be as follows: first name, surname, maiden name and title, birth number, date and place of birth, signature, marital status, nationality, citizenship, permanent residence, temporary residence, sex, educational data, legal capacity, receipt of child benefits, wage, salary or salary ratios and other financial entitlements granted in the course of employment, data on time worked, payment data, amounts affected by the enforcement of a decision ordered by a court or an administrative authority, financial penalties and fines, as well as compensation imposed on the employee by an enforceable decision of the competent authorities, amounts wrongly received in respect of social insurance benefits and old-age pensions or their advances, state social benefits, benefits in material need and contributions to the benefit in material need, cash contributions to compensate for the social consequences of severe disability, which the employee is obliged to return on the basis of an enforceable decision under a special regulation, the annual total of the pension paid, - data on incapacity for work, data on important personal obstacles to work, data on altered working capacity, data on employers, job classification and the date of commencement of work activity, data on family members in the scope of name, surname, address, date of birth, data on spouse, children, parents of children in the scope of name, surname, date of birth, birth number, address, data from the employment certificate, data on the employee's keeping in the register of unemployed citizens, data on the use of maternity leave and parental leave, data on the award of a pension, on the type of pension, data from the employment contract of the supplementary pension insurance company, personal data processed on certificates, certificates of passed examinations and educational activities. 
Persons concerned: Employees, but also in some cases spouses of employees, dependent children of employees, parents of dependent children of employees, close relatives, or former employees, if relevant.
Countries outside the EEC to which personal data is transferred: N/A 
Time limit for the erasure of personal data: Within the HR and payroll agenda: - Personnel files of employees: 70 years - Attendance records (daily, weekly, monthly): 2 years - Sick leave records: 3 years - Entry, exit, termination records: 5 years - Occupational health and safety: 5 years after termination or cessation of duties Descriptions of work activities: 5 years - Records of retraining and qualification: 10 years - Agreements to perform work: 5 years - Benefits, sign-in, sign-out, shifts: 10 years - Sick leave - records, statistics: 5 years - Maternity leave and unpaid leave - records: 5 years - Payroll: 20 years - Pay slips: 10 years - Records of advance tax and payroll tax paid: 10 years - Sickness insurance benefit settlements: 10 years - Payroll tax declarations: 5 years - Payroll deductions: 5 years - Payroll supporting documents: 5 years Employee meals - provision: 5 years -Other statutory time limits. 
Source of personal data: Affected persons (employees), employees about their family members. In some cases, from other sources, due to legislation. This includes, in particular, enquiries concerning tax information relating to the relevant tax office, as well as information on periods of incapacity for work in the relevant health insurance. 
Legal basis. Art. 6(1)(c) GDPR - performance of the employer's legal obligations (e.g. also towards the social insurance company, towards the health insurance company, fulfilment of tax obligations, employer's wage policy, fulfilment of employer's obligations in the field of health and safety,...) - Act No. 311/2001 Coll. on the Labor Code as amended, - Act No. 580/2004 Coll. on health insurance, on amendment and supplementation of Act No. 95/2002 Coll. on insurance and on amendment and supplementation of certain acts as amended, - Act No. 461/2003 Coll. on social insurance, as amended, - Act No. 595/2003 Coll. on income tax, as amended, - Act No. 43/2004 Coll. on old-age pension savings, as amended, - Act No. 650/2004 Coll. on supplementary pension savings and on amendment and supplementation of certain acts, as amended, - Act No. 5/2004 Coll. on Employment Services and on Amendments and Additions to Certain Acts, as amended - Act No. 462/2003 Coll. on Income Compensation for Temporary Disability of an Employee and on Amendments and Additions to Certain Acts, as amended - Act No. 152/1994 Coll. on the Social Fund and on Amendments and Additions to Act No. 286/1992 Coll. on the Social Fund and on Amendments and Additions to Act No. 286/1992 Coll. on the Social Fund and on Amendments and Additions to Act No. 286/1992 Coll. Act No. 355/2007 Coll. on the protection, promotion and development of public health and on the amendment and supplementation of certain acts, as amended, - Act No. 124/2006 Coll. on occupational safety and health protection and on the amendment and supplementation of certain acts, as amended, - other relevant legislation 
Eligible interest: N/A 
Existence of intra-company transfer if the Controller is part of a group of companies N/A 
Existence of automated decision-making, including profiling: N/A

Purpose of processing of the personal data: Employer's payroll policy 
Personal data processed: Personal data necessary for the fulfilment of the employer's employment obligations may be as follows: first name, surname, maiden name and title, birth number, date and place of birth, signature, marital status, nationality, citizenship, permanent residence, temporary residence, sex, educational data, legal capacity, receipt of child benefits, wage, salary or salary ratios and other financial entitlements granted in the course of employment, data on time worked, payment data, amounts affected by the enforcement of a decision ordered by a court or an administrative authority, financial penalties and fines, as well as compensation imposed on the employee by an enforceable decision of the competent authorities, amounts wrongly received in respect of social insurance benefits and old-age pensions or their advances, state social benefits, benefits in material need and contributions to the benefit in material need, cash contributions to compensate for the social consequences of severe disability, which the employee is obliged to return on the basis of an enforceable decision under a special regulation, the annual total of the pension paid, - data on incapacity for work, data on important personal obstacles to work, data on altered working capacity, data on employers, job classification and the date of commencement of work activity, data on family members in the scope of name, surname, address, date of birth, data on spouse, children, parents of children in the scope of name, surname, date of birth, birth number, address, data from the employment certificate, data on the employee's keeping in the register of unemployed citizens, data on the use of maternity leave and parental leave, data on the award of a pension, on the type of pension, data from the employment contract of the supplementary pension insurance company, personal data processed on certificates, certificates of passed examinations and educational activities. 
Persons concerned: Employees, but also in some cases spouses of employees, dependent children of employees, parents of dependent children of employees, close relatives, or former employees, if relevant.
Countries outside the EEC to which personal data is transferred: N/A 
Time limit for the erasure of personal data: Within the HR and payroll agenda: - Personnel files of employees: 70 years - Attendance records (daily, weekly, monthly): 2 years - Sick leave records: 3 years - Entry, exit, termination records: 5 years - Occupational health and safety: 5 years after termination or cessation of duties Descriptions of work activities: 5 years - Records of retraining and qualification: 10 years - Agreements to perform work: 5 years - Benefits, sign-in, sign-out, shifts: 10 years - Sick leave - records, statistics: 5 years - Maternity leave and unpaid leave - records: 5 years - Payroll: 20 years - Pay slips: 10 years - Records of advance tax and payroll tax paid: 10 years - Sickness insurance benefit settlements: 10 years - Payroll tax declarations: 5 years - Payroll deductions: 5 years - Payroll supporting documents: 5 years Employee meals - provision: 5 years -Other statutory time limits. 
Source of personal data: Affected persons (employees), employees about their family members. In some cases from other sources, due to legislation. This includes, in particular, enquiries concerning tax information relating to the relevant tax office, as well as information on periods of incapacity for work in the relevant health insurance. . 
Legal basis. Art. 6(1)(c) GDPR - performance of the employer's legal obligations (e.g. also towards the social insurance company, towards the health insurance company, fulfilment of tax obligations, employer's wage policy, fulfilment of employer's obligations in the field of health and safety,...) - Act No. 311/2001 Coll. on the Labor Code as amended, - Act No. 580/2004 Coll. on health insurance, on amendment and supplementation of Act No. 95/2002 Coll. on insurance and on amendment and supplementation of certain acts as amended, - Act No. 461/2003 Coll. on social insurance, as amended, - Act No. 595/2003 Coll. on income tax, as amended, - Act No. 43/2004 Coll. on old-age pension savings, as amended, - Act No. 650/2004 Coll. on supplementary pension savings and on amendment and supplementation of certain acts, as amended, - Act No. 5/2004 Coll. on Employment Services and on Amendments and Additions to Certain Acts, as amended - Act No. 462/2003 Coll. on Income Compensation for Temporary Disability of an Employee and on Amendments and Additions to Certain Acts, as amended - Act No. 152/1994 Coll. on the Social Fund and on Amendments and Additions to Act No. 286/1992 Coll. on the Social Fund and on Amendments and Additions to Act No. 286/1992 Coll. on the Social Fund and on Amendments and Additions to Act No. 286/1992 Coll. Act No. 355/2007 Coll. on the protection, promotion and development of public health and on the amendment and supplementation of certain acts, as amended, - Act No. 124/2006 Coll. on occupational safety and health protection and on the amendment and supplementation of certain acts, as amended, - other relevant legislation 
Eligible interest: N/A 
Existence of intra-company transfer if the Controller is part of a group of companies: N/A 
Existence of automated decision-making, including profiling: N/A

Purpose of processing of the personal data: Fulfillment of the tax obligations 
Personal data processed: Personal data necessary for the fulfilment of the employer's obligations under employment law may be as follows: first name, surname, maiden name and title, birth number, date and place of birth, signature, marital status, nationality, citizenship, permanent residence, temporary residence, sex, educational data, legal capacity, receipt of child benefits, wage, salary or salary ratios and other financial entitlements granted in the course of employment, data on time worked, payment data, amounts affected by the enforcement of a decision ordered by a court or an administrative authority, financial penalties and fines, as well as compensation imposed on the employee by an enforceable decision of the competent authorities, amounts wrongly received in respect of social insurance benefits and old-age pensions or their advances, state social benefits, benefits in material need and contributions to the benefit in material need, cash contributions to compensate for the social consequences of severe disability, which the employee is obliged to return on the basis of an enforceable decision under a special regulation, the annual total of the pension paid, - data on incapacity for work, data on important personal obstacles to work, data on altered working capacity, data on employers, job classification and the date of commencement of work activity, data on family members in the scope of name, surname, address, date of birth, data on spouse, children, parents of children in the scope of name, surname, date of birth, birth number, address, data from the employment certificate, data on the employee's keeping in the register of unemployed citizens, data on the use of maternity leave and parental leave, data on the award of a pension, on the type of pension, data from the employment contract of the supplementary pension insurance company, personal data processed on certificates, certificates of passed examinations and educational activities. 
Persons concerned: Employees, but also in some cases spouses of employees, dependent children of employees, parents of dependent children of employees, close relatives or former employees, if relevant.
Countries outside the EEC to which personal data is transferred: N/A 
Time limit for the erasure of personal data: Within the HR and payroll agenda: - Personnel files of employees: 70 years - Attendance records (daily, weekly, monthly): 2 years - Sick leave records: 3 years - Entry, exit, termination records: 5 years - Occupational health and safety: 5 years after termination or cessation of duties Descriptions of work activities: 5 years - Records of retraining and qualification: 10 years - Agreements to perform work: 5 years - Benefits, sign-in, sign-out, shifts: 10 years - Sick leave - records, statistics: 5 years - Maternity leave and unpaid leave - records: 5 years - Payroll: 20 years - Pay slips: 10 years - Records of advance tax and payroll tax paid: 10 years - Sickness insurance benefit settlements: 10 years - Payroll tax declarations: 5 years - Payroll deductions: 5 years - Payroll supporting documents: 5 years Employee meals - provision: 5 years -Other statutory time limits. 
Source of personal data: Affected persons (employees), employees about their family members. In some cases, from other sources, due to legislation. This includes, in particular, enquiries concerning tax information relating to the relevant tax office, as well as information on periods of incapacity for work in the relevant health insurance. 
Legal basis. Art. 6(1)(c) GDPR - performance of the employer's legal obligations (e.g. also towards the social insurance company, towards the health insurance company, fulfilment of tax obligations, employer's wage policy, fulfilment of employer's obligations in the field of health and safety,...) - Act No. 311/2001 Coll. on the Labor Code as amended, - Act No. 580/2004 Coll. on health insurance, on amendment and supplementation of Act No. 95/2002 Coll. on insurance and on amendment and supplementation of certain acts as amended, - Act No. 461/2003 Coll. on social insurance, as amended, - Act No. 595/2003 Coll. on income tax, as amended, - Act No. 43/2004 Coll. on old-age pension savings, as amended, - Act No. 650/2004 Coll. on supplementary pension savings and on amendment and supplementation of certain acts, as amended, - Act No. 5/2004 Coll. on Employment Services and on Amendments and Additions to Certain Acts, as amended - Act No. 462/2003 Coll. on Income Compensation for Temporary Disability of an Employee and on Amendments and Additions to Certain Acts, as amended - Act No. 152/1994 Coll. on the Social Fund and on Amendments and Additions to Act No. 286/1992 Coll. on the Social Fund and on Amendments and Additions to Act No. 286/1992 Coll. on the Social Fund and on Amendments and Additions to Act No. 286/1992 Coll. Act No. 355/2007 Coll. on the protection, promotion and development of public health and on the amendment and supplementation of certain acts, as amended, - Act No. 124/2006 Coll. on occupational safety and health protection and on the amendment and supplementation of certain acts, as amended, - other relevant legislation 
Eligible interest: N/A 
Existence of intra-company transfer if the Controller is part of a group of companies: N/A 
Existence of automated decision-making, including profiling: N/A

Purpose of processing of the personal data: safety and health protection at work - fulfilment of the employer's obligations in the field of health and safety, registration of possible accidents at work
Personal data processed: Current personal data to the extent necessary to fulfil the employer's obligations under the Act on the Protection, Promotion and Development of Public Health and the Act on Occupational Health and Safety.
Persons concerned: Employees.
Countries outside the EEC to which personal data is transferred: N/A
Time limit for the erasure of personal data: In the framework of the personnel and payroll agenda: - Personnel files of employees: 70 years - Attendance records (daily, weekly, monthly): 2 years - Sick leave records: 3 years - Entry, exit, termination records: 5 years - Occupational health and safety: 5 years after termination or cessation of duties Descriptions of work activities: 5 years - Records of retraining and qualification: 10 years - Agreements to perform work: 5 years - Benefits, sign-in, sign-out, shifts: 10 years - Sick leave - records, statistics: 5 years - Maternity leave and unpaid leave - records: 5 years - Payroll: 20 years - Pay slips: 10 years - Records of advance tax and payroll tax paid: 10 years - Sickness insurance benefit settlements: 10 years - Payroll tax declarations: 5 years - Payroll deductions: 5 years - Payroll supporting documents: 5 years Employee meals - provision: 5 years -Other statutory time limits. Source of personal data: Employees. 
Legal basis: Fulfillment of legal obligations (Article 6(1)(c) GDPR) - Act No. 124/2006 Coll. on Occupational Health and Safety and on Amendments to Certain Acts, as amended, - Act No. 355/2007 Coll. on the Protection, Promotion and Development of Public Health and on Amendments to Certain Acts, as amended, 
Legitimate interest: N/A 
Existence of intra-company transfer if the Controller is part of a group of companies: N/A 
Existence of automated decision-making, including profiling: N/A

Purpose of processing of the personal data: occupational health service - fulfilment of the employer's obligations in connection with the assessment of the medical fitness of employees, and the provision of training in this area
Personal data processed: Ordinary personal data to the extent necessary to fulfil the employer's obligations under the Act on the Protection, Promotion and Development of Public Health.
Persons concerned: Employees.
Countries outside the EEC to which. Countries to which the P.O. is transferred: N/A
Time limit for the erasure of personal data: In the framework of the personnel and payroll agenda: - Personnel files of employees: 70 years - Attendance records (daily, weekly, monthly): 2 years - Sick leave records: 3 years - Entry, exit, termination records: 5 years - Occupational health and safety: 5 years after termination or cessation of duties Descriptions of work activities: 5 years - Records of retraining and qualification: 10 years - Agreements to perform work: 5 years - Benefits, sign-in, sign-out, shifts: 10 years - Sick leave - records, statistics: 5 years - Maternity leave and unpaid leave - records: 5 years - Payroll: 20 years - Pay slips: 10 years - Records of advance tax and payroll tax paid: 10 years - Sickness insurance benefit settlements: 10 years - Payroll tax declarations: 5 years - Payroll deductions: 5 years - Payroll supporting documents: 5 years Employee meals - provision: 5 years -Other statutory time limits. Source of personal data: Employees. 
Legal basis: Art. 6(1)(c) GDPR - fulfilment of the employer's legal obligations Act No. 355/2007 Coll., the Act on the Protection, Promotion and Development of Public Health and on Amendments and Additions to Certain Acts 
Legitimate interest: N/A 
Existence of intra-company transfer if the Controller is part of a group of companies: N/A 
Existence of automated decision-making, including profiling: N/A

Purpose of processing of the personal data: Attendance records
Personal data processed: Common personal data necessary for the recording of working time within the meaning of Section 99 of the Labour Code. Employees.
Countries outside the EEC to which personal data is transferred: N/A
Time limit for the erasure of personal data: In the framework of the personnel and payroll agenda: - Personnel files of employees: 70 years - Attendance records (daily, weekly, monthly): 2 years - Sick leave records: 3 years - Records of arrivals, departures, terminations: 5 years - Occupational health and safety: 5 years after termination or cessation of duties Descriptions of work activities: 5 years - Records of retraining and qualification: 10 years - Agreements to perform work: 5 years - Benefits, sign-in, sign-out, shifts: 10 years - Sick leave - records, statistics: 5 years - Maternity leave and unpaid leave - records: 5 years - Payroll: 20 years - Pay slips: 10 years - Records of advance tax and payroll tax paid: 10 years - Sickness insurance benefit settlements: 10 years - Payroll tax declarations: 5 years - Payroll deductions: 5 years - Payroll supporting documents: 5 years Employee meals - provision: 5 years - Other statutory time limits.
Source of personal data: Employees. 
Legal basis: Art. Article 6(1)(c) GDPR - fulfilment of the employer's legal obligations under Article 99 of Act No 311/2001 Coll. on the Labour Code as amended.
Legitimate interest: N/A 
Existence of intra-company transfer if the Controller is part of a group of companies: N/A
Existence of automated decision-making, including profiling: N/A

Purpose of processing of the personal data: Sending a newsletter offering similar goods/services purchased by the client from the Controller for the marketing and promotional purposes of the Controller.
Personal data processed: N/A
Persons concerned: clients or their authorized representatives.
Time limit for the erasure of personal data: 2 years 
Source of personal data: Client / Client's representative. 
Legal basis. 6(1)(f) - the pursuit of a legitimate interest in the processing of personal data of the Controller's clients, which newsletter may also reasonably be expected by 
the Legitimate Interest: Legitimate interest - direct marketing. 
Existence of automated decision-making, including profiling: no

Purpose of processing of the personal data: Sending a newsletter with an offer of goods/services for marketing and promotional purposes of the Controller.
Personal data processed: N/A
Persons concerned: Potential clients or their authorized representatives - i.e., persons who have requested to receive the newsletter.
Time limit for the erasure of personal data: 2 years
Source of personal data: Potential client/representative of a potential client.
Legal basis. Article6(1)(a) - consent of the person concerned.Legitimate interest: N/A 
Existence of automated decision-making, including profiling: no

Purpose of processing of the personal data: Marketing promotion of the Controller and personal presentation of the employee, including the publication of the employee's data in the course of the performance of the employee's job within the scope of the authorization pursuant to Article 78(3) of the PDPA. 
Personal data processed: Personal data within the scope of § 78 (3) of the PDPA. 
Persons concerned: Employees
Countries outside the EEC to which personal data is transferred: N/A 
Time limit for the erasure of personal data: Period until termination of the employment or other similar relationship 
Source of personal data: Employee. 
Legal basis: Art. 6(1)(f) GDPR - exercise of legitimate interest, in conjunction with Article 78(3) of Act No. 18/2018 Coll. on the Protection of Personal Data 
Legitimate interest: Marketing promotion and personal presentation of employees. 
Existence of intra-company transfer if the Controller is part of a group of companies: N/A 
Existence of automated decision-making, including profiling: N/A

Purpose of processing of the personal data: Marketing promotion of the Controller - making and publishing of employee data beyond the scope of the authorization pursuant to § 78 (3) of the PDPA. 
Personal data processed: Personal data beyond the scope of § 78 (3) of the PDPA - photograph and video recording. 
Persons concerned: Employees.
Countries outside the EEC to which personal data is transferred: N/A 
Time limit for the erasure of personal data: For an indefinite period of time - the period until the termination of the employment or other similar relationship
Source of personal data: Employee. 
Legal basis: Art. Article 6(1)(a) - consent 
Legitimate interest: N/A 
Existence of intra-company transfer if the Controller is part of a group of companies: N/A 
Existence of automated decision-making, including profiling: N/A

Purpose of processing of the personal data: Providing discounts, bonuses, and other loyalty benefits.
Personal data processed: name, surname.
Persons concerned: Customers / registered users.
Countries outside the EEC to which personal data is transferred: N/A 
Time limit for the erasure of personal data: Until termination of employment. 
Source of personal data: Loyal client. 
Legal basis: Art. Article 6(1)(a) - Consent 
Legitimate interest: N/A 
Existence of intra-company transfer if the Controller is part of a group of companies: N/A 
Existence of automated decision-making, including profiling: N/A

Purpose of processing of the personal data: Performance of rights and obligations arising from pre-contractual / contractual relationships with the Controller's customers.
Personal data processed: Name, surname, contact details, and other relevant data, in particular within the scope pursuant to § 78 (3) of the Personal Data Protection Act.
Persons concerned: The statutory bodies, employees and contractual representatives of the customer and the controller, or other relevant natural persons.
Countries outside the EEC to which personal data is transferred: N/A
Time limit for the erasure of personal data: After termination of the contractual relationship.
Source of personal data: The natural person, if a contracting party, or another natural person representing the contracting party.
Legal basis: Art. 6(1)(b) GDPR - performance of contractual and pre-contractual relations (if the contracting party is the natural person himself) Art. 6(1)(f) GDPR - the pursuit of the legitimate interest of the controller (where the contracting party is a legal person and other natural persons act on its behalf for the purpose of fulfilling contractual relations on the basis of a specific authorization or where the natural person who is a contracting party is represented by another natural person) to be able to perform contractual and pre-contractual relations, where the persons concerned can reasonably expect such processing to be carried out.
Legitimate interest: The legitimate interest of the Controller in the performance of rights and obligations arising from contractual, pre-contractual relationships. 
Existence of intra-company transfer if the Controller is part of a group of companies: N/A 
Existence of automated decision-making, including profiling: N/A

Purpose of processing of the personal data: Keeping records of received and sent correspondence, including electronic correspondence.
Personal data processed: Identification, contact details, subject of the content of the mail, and other relevant data contained in the correspondence, if applicable. 
Persons concerned: Senders and recipients of correspondence.
Countries outside the EEC to which personal data is transferred: N/A 
Time limit for the erasure of personal data: Registry regulations, legal archiving periods for important documents. 
Source of personal data: Recipient/sender of correspondence. 
Legal basis: Art. 6(1)(c) GDPR - fulfilment of a legal obligation (Act No 395/2002 Coll. on Archives and Registers and on the Amendment of Certain Acts, as amended) 
Legitimate interest: N/A 
Existence of intra-company transfer if the Controller is part of a group of companies: N/A 
Existence of automated decision-making, including profiling: N/A

Purpose of processing of the Personal data: Recording of personal data necessary for the purposes of fulfilling the obligations set out in the GDPR, in particular for the recording and handling of persons concerned rights and the recording of security incidents.
Personal data processed: Identification, contact details, and other personal data to which the asserted right of the persons concerned relates.Persons concerned: Natural persons exercising their rights as persons concerned.
Countries outside the EEC to which personal data is transferred: N/A 
Time limit for the erasure of personal data: 5 years objective time limit of the Office for Personal Data Protection. 
Source of personal data: The person exercising the rights of the persons concerned under the GDPR. 
Legal basis: Article 6(1)(f) GDPR - the exercise of the legitimate interest of the controller to comply with the obligations imposed by the GDPR and other relevant legislation in the field of personal data protection.
Legitimate interest: The legitimate interest of the Controller in fulfilling the Controller's obligations under the GDPR. 
Existence of intra-company transfer if the Controller is part of a group of companies: N/A 
Existence of automated decision-making, including profiling: N/A

Purpose of processing of the personal data: Ensuring the network security of the Controller for the protection of the processed data.
Personal data processed: Routine personal data collected from networks (IP address, logs, etc.) necessary to ensure the purpose.
Persons concerned: Persons relevant for ensuring the security of the controller.
Countries outside the EEC to which personal data is transferred: for the necessary period of time.
Time limit for the erasure of personal data: 5 years objective time limit of the Office for Personal Data Protection. 
Source of personal data: Persons concerned, information from networks. 
Legal basis: Art. Article 6(1)(f) GDPR - the exercise of the legitimate interest of the controller to comply with the obligations imposed by the GDPR and other relevant legislation in the field of personal data protection and information security.
Legitimate interest: Legitimate interest of the Controller in ensuring information security (rec. 49 GDPR). 
Existence of intra-company transfer if the Controller is part of a group of companies: N/A 
Existence of automated decision-making, including profiling: N/A

Purpose of processing of the personal data: Fulfillment of the obligations arising from the accounting regulations, keeping of the accounting agenda, management of accounting documents.
Personal data processed: Name, surname, title, permanent address, temporary address, telephone number, e-mail address, date of birth, type and number of identity document, signature, bank account number, amount of receivable/payable. 
Persons concerned: suppliers, customers, representatives of the controller, representatives of suppliers and customers, other relevant natural persons.
Countries outside the EEC to which personal data is transferred: N/A 
Time limit for the erasure of personal data: Legal time limits (10 years). 
Source of personal data: Persons concerned / his/her authorized representative. 
Legal basis: Art. 6(1)(c) GDPR - fulfilment of the legal obligation of the Controller (Act No. 431/2002 Coll. on Accounting, Act No. 222/2004 Coll. on Value Added Tax, Act No. 40/1964 Coll. on the Civil Code, Act No. 152/1994 Coll. on the Social Fund, Act No. 286/1992 Coll. on Income Taxes, Act No. 311/2001 Coll. on the Labor Code) 
Legitimate interest: N/A 
Existence of intra-company transfer if the Controller is part of a group of companies: N/A 
Existence of automated decision-making, including profiling: N/A

Purpose of processing of the personal data: Ensuring the efficient operation of company motor vehicles and related data recording (logbook, etc.).
Personal data processed: Name, surname, title, address, location data, photocopy of driving license, data for insurance and contract for the provision of a company car.
Persons concerned: employees.
Countries outside the EEC to which personal data is transferred: N/A
Time limit for the erasure of personal data: As soon as necessary.
Source of personal data: Employee / relevant facility.
Legal basis: Article 6(1)(f) - pursuit of a legitimate interest 
Legitimate interest: The legitimate interest of the Controller in the maintenance of the logbook, the protection of the life and health of the Controller 's employees, ensuring the economic use of official vehicles and the protection of the Controller 's property. 
Existence of intra-company transfer if the Controller is part of a group of companies: N/A 
Existence of automated decision-making, including profiling: N/A

Purpose of processing of the personal data: Measurement of traffic for statistical purposes of the Controller.
Personal data processed: Statistics based on personal data collected in connection with the visit or interaction of persons concerned with the corporate social network profile of the controller and its content. 
Persons concerned: Visitors to the company profile.
Countries outside the EEC to which personal data is transferred: USA 
Time limit for the erasure of personal data: 5 years 
Source of personal data: Visitor of the corporate profile. 
Legal basis: Art. 6(1)(f) GDPR - exercise of the controller's legitimate interest 
Legitimate interest: The legitimate interest of the controller in processing personal data in order to promote its activities and set up its marketing activities more effectively. 
Existence of intra-company transfer if the Controller is part of a group of companies: N/A 
Existence of automated decision-making, including profiling: N/A

Rights of the persons concerned shall have the following rights:

If we process your personal data on the basis of the exercise of our legitimate interest within the meaning of Article 6(1)(f) of the GDPR, you have:

• Right to object - you have the right to object at any time, on grounds relating to your particular situation, to processing which concerns you.

If we process your personal data on the basis of your consent within the meaning of Article 6(1)(a) of the GDPR or also Article 49(1)(a) of the GDPR, you have:

• the right to withdraw consent - you have the right to withdraw your consent to processing for the purpose for which you gave your consent at any time.

In addition, you also have the following rights:

• right of access - you can ask us for access to the personal data we process about you. The controller will also provide you with a copy of the personal data processed;
• the right to rectification - you can ask us to correct inaccurate or incomplete personal data we process about you;
• Right to erasure - you can ask us to erase your personal data if any of the following situations occur:
  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • Your personal data has been unlawfully processed;
  • Your personal data must be erased to comply with a legal obligation under Union or Member State law to which the Data Controller is subject;

• the right to restriction of processing - you can ask the Controller to restrict the processing of your personal data if any of the following situations occur:
  • you have denied the accuracy of the personal data for the time necessary for the Controller to verify the accuracy of the personal data;
  • the processing of your personal data is unlawful, but you refuse the erasure of this data and instead request a restriction on its use;
  • The controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
  • you have objected to the processing of your personal data pursuant to Article 21(1) of the GDPR until it is verified that the legitimate grounds of the Data Controller outweigh your legitimate grounds;

• the right to data portability - if we process your personal data on the basis of your consent or because it is necessary for the performance of a contract to which you are a party and it is also processing by automated means of processing, you have the right to obtain the personal data concerning you that you have provided to the Data Controller in a structured, commonly used and machine-readable format, provided that this right must not adversely affect the rights and freedoms of others;
• the right to withdraw consent - if the processing of your personal data is based on consent, you have the right to withdraw your consent to the processing of your personal data for the purpose for which you gave your consent at any time without affecting the lawfulness of the processing based on consent prior to its withdrawal;
• the right to object - you may object at any time to the processing of your personal data by the Controller for the purposes of direct marketing carried out on the basis of the Controller's legitimate interest and whenever we process your personal data on the basis of legitimate interest or public interest, including profiling.  
• the right to lodge a complaint - you have the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, www.uoou.sk. 

The persons concerned shall have the above-mentioned rights within the scope of Articles 15 to 21 and Article 77 of the GDPR. 

If you have any questions about the protection of your personal data, you can contact us at any time using the contact details below. 

The persons concerned may exercise his or her rights orally, in writing or electronically, using the contact details provided above. We will provide you without undue delay with information about the measures taken in response to your request, at the latest within one month of receipt of your request. The controller may request additional information necessary to confirm the identity of the persons concerned if it has reasonable doubts about the identity of the natural person who has exercised his or her rights by means of a persons concerned exercise request. If we need to extend this period in justified cases, we will inform you in due time. If the request for the exercise of the persons concerned right would be manifestly unfounded or disproportionate, in particular due to its repetitive nature, we may refuse to process your request or we may charge you a reasonable fee taking into account our administrative costs in processing it

Note: This text was created by Education, s.r.o. and Semančín & Partners advokátska kancelária. This text is written in Slovak and English. In the event of a difference of interpretation, the Slovak version shall prevail.